Tp-Link T1600G-28PS V2 [5/771] Configuring lag

Содержание

• Configuration guide 1
• T1600g series switches 1
• About this guide 2
• Accessing the switch 2
• Command line interface access 11 2
• Contents 2
• Conventions 2
• Intended readers 2
• Managing system 2
• More information 2
• Overview 2
• System 22 2
• System info configurations 24 2
• Web interface access 2
• Access security configurations 55 3
• System tools configurations 45 3
• User management configurations 37 3
• Appendix default parameters 73 4
• Basic parameters configurations 78 4
• Configuration examples 97 4
• Loopback detection configuration 93 4
• Managing physical interfaces 4
• Physical interface 77 4
• Port isolation configurations 90 4
• Port mirror configuration 82 4
• Port security configuration 86 4
• Sdm template configuration 70 4
• Address configurations 33 5
• Appendix default parameters 05 5
• Appendix default parameters 23 5
• Appendix default parameters 29 5
• Configuration example 18 5
• Configuring lag 5
• Lag 08 5
• Lag configuration 09 5
• Mac address table 31 5
• Managing mac address table 5
• Monitoring traffic 5
• Traffic monitor 25 5
• Appendix default parameters 50 6
• Configuration example 59 6
• Configuring 802 q vlan 6
• Example for security configurations 47 6
• Overview 52 6
• Q vlan configuration 53 6
• Security configurations 41 6
• Appendix default parameters 64 7
• Appendix default parameters 79 7
• Configuration example 72 7
• Configuration example 88 7
• Configuring mac vlan 7
• Configuring protocol vlan 7
• Mac vlan configuration 67 7
• Overview 66 7
• Overview 81 7
• Protocol vlan configuration 82 7
• Appendix default parameters 98 8
• Configuring spanning tree 8
• Mstp configurations 18 8
• Spanning tree 00 8
• Stp rstp configurations 08 8
• Stp security configurations 38 8
• Appendix default parameters 63 9
• Configuration example for mstp 44 9
• Configuring layer 2 multicast 9
• Igmp snooping configurations 68 9
• Layer 2 multicast 66 9
• Configuring mld snooping 06 11
• Viewing multicast snooping configurations 41 12
• Appendix default parameters 73 13
• Configuration examples 45 13
• Configuring logical interfaces 13
• Logical interfaces configurations 78 13
• Overview 77 13
• Appendix default parameter 04 14
• Appendix default parameters 89 14
• Configuring dhcp 14
• Configuring static routing 14
• Dhcp 06 14
• Dhcp client configuration 09 14
• Dhcp relay configuration 12 14
• Example for static routing 00 14
• Ipv4 static routing configuration 92 14
• Ipv6 static routing configuration 94 14
• Overview 91 14
• Viewing routing table 97 14
• Appendix default parameters 25 15
• Arp configurations 28 15
• Bandwidth control configuration 48 15
• Configuration examples 21 15
• Configuring arp 15
• Configuring qos 15
• Diffserv configuration 35 15
• Overview 27 15
• Qos 34 15
• Appendix default parameters 59 16
• Appendix default parameters 86 16
• Configuration example 55 16
• Configuration example 71 16
• Configuring poe 16
• Configuring voice vlan 16
• Overview 62 16
• Poe 88 16
• Poe power management configurations 89 16
• Voice vlan configuration 64 16
• Acl 10 17
• Acl configurations 11 17
• Appendix default parameters 08 17
• Configuration example for acl 31 17
• Configuring acl 17
• Example for poe configurations 04 17
• Time range function configurations 97 17
• Appendix default parameters 38 18
• Arp inspection configurations 60 18
• Configuring network security 18
• Dhcp snooping configuration 52 18
• Dos defend configuration 67 18
• Ip mac binding configurations 45 18
• Network security 40 18
• X configuration 71 18
• Aaa configuration 85 19
• Configuration examples 04 19
• Appendix default parameters 23 20
• Configuration example 52 20
• Configuring lldp 20
• Lldp 28 20
• Lldp configurations 29 20
• Lldp med configurations 37 20
• Viewing lldp med settings 49 20
• Viewing lldp settings 44 20
• Appendix default parameters 71 21
• Configuring maintenance 21
• Diagnosing the device 84 21
• Diagnosing the network 86 21
• Maintenance 73 21
• Monitoring the system 74 21
• System log configurations 77 21
• Appendix default parameters 92 22
• Configuring snmp rmon 22
• Example for configuring remote log 90 22
• Notification configurations 09 22
• Rmon configurations 19 22
• Rmon overview 18 22
• Snmp configurations 95 22
• Snmp overview 94 22
• Appendix default parameters 42 23
• Configuration example 30 23
• About this guide 24
• Conventions 24
• Intended readers 24
• More information 25
• Accessing the switch 26
• Chapters 26
• Part 1 26
• Overview 27
• Web interface access 28
• Save config function 29
• Disable the web server 30
• Http config disable the http server and click apply 30
• You can shut down the http server or https server to block any access to the web interface 30
• Configure the switch s ip address and default gateway 31
• Check the routing table to verify the default gateway you configured the entry marked in red box displays the valid default gateway 33
• Click save config to save the settings 33
• Command line interface access 34
• Console login only for switch with console port 34
• Enter enable to enter the user exec mode to further configure the switch 35
• Telnet login 36
• Password authentication mode 37
• Ssh login 37
• Key authentication mode 38
• After the keys are successfully generated click save public key to save the public key to a tftp server click save private key to save the private key to the host pc 39
• After negotiation is completed enter the username to log in if you can log in without entering the password the key authentication completed successfully 41
• Disable telnet login 41
• Telnet config disable the telnet function and click apply 41
• Using the gui 41
• You can shut down the telnet function to block any telnet access to the cli interface 41
• Copy running config startup config 42
• Disable ssh login 42
• Change the switch s ip address and default gateway 43
• Chapters 44
• Managing system 44
• Part 2 44
• Access security 45
• Overview 45
• Supported features 45
• System 45
• System info 45
• System tools 45
• User management 45
• Sdm template 46
• System info configurations 47
• Using the gui 47
• Viewing the system summary 47
• Click a port to view the bandwidth utilization on this port 48
• Move the cursor to the port to view the detailed information of the port 48
• Setting the system time 49
• Specifying the device description 49
• Choose one method to set the system time and specify the information 50
• Click apply 50
• In the time config section follow these steps to configure the system time 50
• Choose one method to set the daylight saving time of the switch and specify the information 51
• Daylight saving time to load the following page 51
• Follow these steps to configure daylight saving time 51
• In the dst config section select enable to enable the daylight saving time function 51
• Setting the daylight saving time 51
• Click apply 52
• Gi1 0 1 linkdown n a n a n a disable copper 52
• Gi1 0 2 linkdown n a n a n a disable copper 52
• On privileged exec mode or any other configuration mode you can use the following command to view the system information of the switch 52
• Port status speed duplex flowctrl jumbo active medium 52
• Switch show interface status 52
• The following example shows how to view the interface status and the system information of the switch 52
• Using the cli 52
• Viewing the system summary 52
• Contact information www tp link com 53
• Follow these steps to specify the device description 53
• Gi1 0 3 linkup 1000m full disable disable copper 53
• Gi1 0 50 linkdown n a n a n a disable fiber 53
• Gi1 0 51 linkdown n a n a n a disable fiber 53
• Gi1 0 52 linkdown n a n a n a disable fiber 53
• Hardware version t1600g 52ts 2 53
• Running time 2 day 4 hour 55 min 36 sec 53
• Serial number 53
• Software version 2 build 20160923 rel 9814 s 53
• Specifying the device description 53
• Switch show system info 53
• System description jetstream 48 port gigabit l2 managed switch with 4 sfp slots 53
• System location shenzhen 53
• System name t1600g 52ts 53
• System time 2006 01 03 12 54 41 53
• Setting the system time 54
• Backup ntp server 139 8 00 63 57
• Follow these steps and choose one method to set the daylight saving time 57
• Last successful ntp server 133 00 57
• Prefered ntp server 133 00 57
• Setting the daylight saving time 57
• Switch config end 57
• Switch config show system time ntp 57
• Switch config system time ntp utc 08 00 133 00 139 8 00 63 11 57
• Switch configure 57
• Switch copy running config startup config 57
• The following example shows how to set the system time by get time from ntp server and set the time zone as utc 08 00 set the ntp server as 133 00 set the backup ntp server as 139 8 00 63 and set the update rate as 11 57
• Time zone utc 08 00 57
• Update rate 11 hour s 57
• Dst configuration is one off 59
• Dst ends at 01 00 00 on sep 1 2016 59
• Dst offset is 50 minutes 59
• Dst starts at 01 00 00 on aug 1 2016 59
• Switch config end 59
• Switch config show system time dst 59
• Switch config system time dst date aug 1 01 00 2016 sep 1 01 00 2016 50 59
• Switch configure 59
• Switch copy running config startup config 59
• The following example shows how to set the daylight saving time by date mode set the start time as 01 00 august 1st 2016 set the end time as 01 00 september 1st 2016 and set the offset as 50 59
• Creating admin accounts 60
• User management configurations 60
• Using the gui 60
• Click create 61
• Creating accounts of other types 61
• Creating an account 61
• Follow these steps to create an account of other types 61
• In the user info section select the access level from the drop down list and specify the user name and password 61
• User config to load the following page 61
• You can create accounts with the access level of operator power user and user here you also need to go to the aaa section to create an enable password for these accounts the enable password is used to change the users access level to admin 61
• Creating admin accounts 63
• Follow these steps to create an admin account 63
• Using the cli 63
• Creating accounts of other types 64
• Follow these steps to create an account of other type 64
• You can create accounts with the access level of operator power user and user here you also need to go to the aaa section to create an enable password for these accounts the enable password is used to change the users access level to admin 64
• The aaa function applies another method to manage the access users name and password for details refer to aaa configuration in configuring network security 66
• The logged in users can enter the enable password on this page to get the administrative privileges 66
• Configuring the boot file 68
• System tools configurations 68
• Using the gui 68
• Click apply 69
• Click import to import the configuration file 69
• Config restore to load the following page 69
• Follow these steps to restore the configuration of the switch 69
• In the config restore section select one unit and one configuration file 69
• Restoring the configuration of the switch 69
• Backing up the configuration file 70
• Upgrading the firmware 70
• Configuring the reboot schedule 71
• Rebooting the switch 71
• Configuring the boot file 72
• Follow these steps to configure the boot file 72
• In the system reset section select the desired unit and click reset 72
• Reseting the switch 72
• System reset to load the following page 72
• Using the cli 72
• Backup image image2 bin 73
• Boot config 73
• Current startup image image1 bin 73
• Follow these steps to restore the configuration of the switch 73
• Next startup image image1 bin 73
• Restoring the configuration of the switch 73
• Switch config boot application filename image1 startup 73
• Switch config boot application filename image2 backup 73
• Switch config end 73
• Switch config show boot 73
• Switch configure 73
• Switch copy running config startup config 73
• The following example shows how to set the next startup image as image 1 and set the backup image as image 2 73
• Backing up the configuration file 74
• Backup user config file ok 74
• Enable 74
• Follow these steps to back up the current configuration of the switch in a file 74
• Follow these steps to upgrade the firmware 74
• Operation ok now rebooting system 74
• Start to backup user config file 74
• Start to load user config file 74
• Switch copy startup config tftp ip address 192 68 00 filename file2 74
• Switch copy tftp startup config ip address 192 68 00 filename file1 74
• The following example shows how to backup the configuration file named file2 from tftp server with ip address 192 68 00 74
• The following example shows how to restore the configuration file named file1 from the tftp server with ip address 192 68 00 74
• Upgrading the firmware 74
• Configuring the reboot schedule 75
• Enable 75
• Follow these steps and choose one type to configure the reboot schedule 75
• Follow these steps to reboot the switch 75
• It will only upgrade the backup image continue y n y 75
• Operation ok 75
• Reboot with the backup image y n y 75
• Rebooting the switch 75
• Switch firmware upgrade ip address 192 68 00 filename file3 bin 75
• The following example shows how to upgrade the firmware using the configuration file named file3 bin the tftp server is 190 68 00 75
• Reboot schedule at 2016 01 15 12 00 in 17007 minutes 76
• Reboot schedule settings 76
• Reboot system at 15 01 2016 12 00 continue y n y 76
• Save before reboot yes 76
• Switch config end 76
• Switch config reboot schedule at 12 00 15 01 2016 save_before_reboot 76
• Switch configure 76
• Switch copy running config startup config 76
• The following example shows how to set the switch to reboot at 12 00 on 15 01 2016 76
• Follow these steps to reset the switch 77
• Reseting the switch 77
• Access security configurations 78
• Configuring the access control feature 78
• Using the gui 78
• Click apply 79
• When the ip based mode is selected the following section will display 79
• When the port based mode is selected the following section will display 79
• Configuring the http function 80
• Configuring the https function 81
• In the access user number section select enable and specify the parameters click apply 82
• In the certificate download and key download section download the certificate and key 82
• In the ciphersuite config section select the algorithm to be enabled and click apply 82
• In the session config section specify the session timeout and click apply 82
• Configuring the ssh feature 83
• In the global config section select enable to enable ssh function and specify other parameters 83
• Ssh config to load the following page 83
• Configuring the access control 84
• Enabling the telnet function 84
• Using the cli 84
• Switch config show user configuration 85
• Switch config user access control ip based 192 68 00 255 55 55 snmp telnet http https 85
• Switch configure 85
• The following example shows how to set the type of access control as ip based set the ip address as 192 68 00 set the subnet mask as 255 55 55 and make the switch support snmp telnet http and https 85
• 68 24 snmp telnet http https 86
• Configuring the http function 86
• Follow these steps to configure the http function 86
• Index ip address access interface 86
• Switch config end 86
• Switch configure 86
• Switch copy running config startup config 86
• The following example shows how to set the session timeout as 9 set the maximum admin number as 6 and set the maximum guest number as 5 86
• User authentication mode ip based 86
• Configuring the https function 87
• Follow these steps to configure the https function 87
• Http max admin users 6 87
• Http max guest users 5 87
• Http session timeout 9 87
• Http status enabled 87
• Http user limitation enabled 87
• Switch config end 87
• Switch config ip http max user 6 5 87
• Switch config ip http server 87
• Switch config ip http session timeout 9 87
• Switch config show ip http configuration 87
• Switch copy running config startup config 87
• Switch config ip http secure protocol ssl3 tls1 88
• Switch config ip http secure server 88
• Switch configure 88
• The following example shows how to configure the https function enable ssl3 and tls1 protocol enable the ciphersuite of 3des ede cbc sha set the session timeout time as 15 the admin number as 1 and the guest number as 2 download the certificate named ca crt and the key named ca key from the tftp server with the ip address 192 68 00 88
• Configuring the ssh feature 89
• Switch config ip ssh server 90
• Switch config ip ssh version v1 90
• The following example shows how to configure the ssh function set the version as ssh v1 and ssh v2 enable the aes128 cbc and cast128 cbc encryption algorithm enable the hmac md5 data integrity algorithm choose the key type as ssh 2 rsa dsa 90
• Enabling the telnet function 92
• Follow these steps enable the telnet function 92
• Switch config end 92
• Switch copy running config startup config 92
• In select options section select one template and click apply the setting will be effective after the reboot 93
• Sdm template configuration 93
• Sdm template function is used to configure system resources in the switch to optimize support for specific features the switch provides three templates and the hardware resources allocation is different users can choose one according to how the switch is used in the network 93
• Sdm template to load the following page 93
• Using the gui 93
• Follow these steps to configure the sdm template function 94
• The template table displays the resources allocation of each template 94
• Using the cli 94
• Appendix default parameters 96
• Default settings of system info are listed in the following tables 96
• Default settings of system tools are listed in the following table 96
• Default settings of user management are listed in the following table 96
• Default settings of access security are listed in the following tables 97
• Default settings of sdm template are listed in the following table 98
• Chapters 99
• Managing physical interfaces 99
• Part 3 99
• Basic parameters 100
• Loopback detection 100
• Overview 100
• Physical interface 100
• Port isolation 100
• Port mirror 100
• Port security 100
• Supported features 100
• Basic parameters configurations 101
• Follow these steps to set basic parameters for ports 101
• Port config to load the following page 101
• Select and configure your desired ports or lags then click apply 101
• Using the gui 101
• Follow these steps to set basic parameters for the ports 102
• Using the cli 102
• The following example shows how to implement the basic configurations of port1 0 1 including setting a description for the port making the port autonegotiate speed and duplex with the neighboring port and enabling the flow control and jumbo feature on t1600g 52ts 103
• Port mirror configuration 105
• Using the gui 105
• Follow these steps to configure port mirror 106
• In the destination port section specify a monitoring port for the mirror session and click apply 106
• In the source port section select one or multiple monitored ports for configuration then set the parameters and click apply 106
• Follow these steps to configure port mirror 107
• Monitor session 1 107
• Switch config monitor session 1 destination interface gigabitethernet 1 0 10 107
• Switch config monitor session 1 source interface gigabitethernet 1 0 1 3 both 107
• Switch config show monitor session 107
• Switch configure 107
• The following example shows how to copy the received and transmitted packets on port 1 0 1 2 3 to port 1 0 10 107
• Using the cli 107
• Follow these steps to configure port security 109
• Port security configuration 109
• Port security to load the following page 109
• Select one or multiple ports for security configuration 109
• Specify the maximum number of the mac addresses that can be learned on the port and then select the learn mode of the mac addresses 109
• Using the gui 109
• Click apply 110
• Follow these steps to configure port security 110
• Select the status of the port security feature 110
• Using the cli 110
• Gi1 0 1 30 0 permanent drop 111
• Port max learn current learn mode status 111
• Switch config if mac address table max mac count max number 30 mode permanent status drop 111
• Switch config if show mac address table max mac count interface gigabitethernet 1 0 1 111
• Switch config interface gigabitethernet 1 0 1 111
• Switch configure 111
• The following example shows how to set the maximum number of mac addresses that can be learned on port 1 0 1 as 30 and configure the mode as permanent and the status as drop 111
• Switch config if end 112
• Switch copy running config startup config 112
• Port isolation configurations 113
• Using the gui 113
• Click apply 114
• Follow these steps to configure port isolation 114
• In the forward portlist section select the forward ports or lags which the isolated ports can only communicate with it is multi optional 114
• In the port section select one or multiple ports to be isolated 114
• Using the cli 114
• Loopback detection configuration 116
• Using the gui 116
• Follow these steps to configure loopback detection 117
• In the port config section select one or multiple ports for configuration then set the parameters and click apply 117
• Using the cli 117
• View the loopback detection information on this page 117
• Switch configure 118
• The following example shows how to enable loopback detection globally keeping the default parameters 118
• Configuration examples 120
• Configuration scheme 120
• Example for port mirror 120
• Network requirements 120
• Using the gui 120
• As shown below three hosts and a server are connected to the switch and all belong to vlan 10 with the vlan configuration unchanged host a is not allowed to communicate with the other hosts except the server even if the mac address or ip address of host a is changed 122
• Destination port gi1 0 1 122
• Example for port isolation 122
• Monitor session 1 122
• Network requirements 122
• Source ports egress gi1 0 2 5 122
• Source ports ingress gi1 0 2 5 122
• Switch config end 122
• Switch config monitor session 1 destination interface gigabitethernet 1 0 1 122
• Switch config monitor session 1 source interface gigabitethernet 1 0 2 5 both 122
• Switch configure 122
• Switch copy running config startup config 122
• Switch show monitor session 1 122
• Using the cli 122
• Verify the configuration 122
• Configuration scheme 123
• Using the gui 123
• Using the cli 124
• Verify the configuration 124
• Configuration scheme 125
• Example for loopback detection 125
• Network requirements 125
• Using the gui 125
• Using the cli 126
• Verify the configuration 127
• Appendix default parameters 128
• Default settings of switching are listed in th following tables 128
• Chapters 130
• Configuring lag 130
• Part 4 130
• Overview 131
• Static lag 131
• Supported features 131
• Configuration guidelines 132
• Lag configuration 132
• Configuring load balancing algorithm 133
• In the global config section select the load balancing algorithm click apply 133
• Lag table to load the following page 133
• Load balancing algorithm is effective only for outgoing traffic if the data stream is not well shared by each link you can change the algorithm of the outgoing interface 133
• Please properly choose the load balancing algorithm to avoid data stream transferring only on one physical link for example switch a receives packets from several hosts and forwards them to the server with the fixed mac address and ip address then both dstmac and dst ip options are not recommended because all the received packets have the same destination mac addresses and ip addresses and will be transferred on the same physical link you can choose the other options as the load balancing algorithm 133
• Using the gui 133
• Configuring static lag or lacp 134
• Configuring lacp 135
• Follow these steps to configure lacp 135
• Lacp to load the following page 135
• Select member ports for the lag and configure the related parameters click apply 135
• Specify the system priority for the switch and click apply 135
• Configuring load balancing algorithm 136
• Follow these steps to configure the load balancing algorithm 136
• Using the cli 136
• Configuring static lag 137
• Configuring static lag or lacp 137
• Etherchannel load balancing addresses used per protocol 137
• Etherchannel load balancing configuration src dst mac 137
• Follow these steps to configure static lag 137
• Ipv4 source xor destination mac address 137
• Ipv6 source xor destination mac address 137
• Non ip source xor destination mac address 137
• Switch config end 137
• Switch config port channel load balance src dst mac 137
• Switch config show etherchannel load balance 137
• Switch configure 137
• Switch copy running config startup config 137
• The following example shows how to set the global load balancing mode as src dst mac 137
• You can choose only one lag mode for a port static lag or lacp and make sure both ends of a link use the same lag mode 137
• Configuration example 141
• Configuration scheme 141
• Network requirements 141
• Using the gui 142
• Using the cli 143
• Verify the configuration 144
• Appendix default parameters 146
• Default settings of switching are listed in the following tables 146
• Monitoring traffic 147
• Traffic monitor 148
• Using the gui 148
• Viewing the traffic summary 148
• Follow these steps to view the traffic statistics in detail 149
• To get the real time traffic statistics enable auto refresh in the auto refresh section or click refresh at the bottom of the page 149
• Traffic statistics to load the following page 149
• Viewing the traffic statistics in detail 149
• In port select select a port or lag and click select 150
• In the statistics section view the detailed information of the selected port or lag 150
• On privileged exec mode or any other configuration mode you can use the following command to view the traffic information of each port or lag 151
• Using the cli 151
• Appendix default parameters 152
• Chapters 153
• Managing mac address table 153
• Part 6 153
• Address configurations 154
• Mac address table 154
• Overview 154
• Supported features 154
• Security configurations 155
• Adding static mac address entries 156
• Address configurations 156
• Using the gui 156
• Click apply 158
• Dynamic address to load the following page 158
• Follow these steps to modify the aging time of dynamic address entries 158
• In the aging config section enable auto aging and enter your desired length of time 158
• Modifying the aging time of dynamic address entries 158
• Adding mac filtering address entries 159
• Viewing address table entries 159
• Adding static mac address entries 160
• Address table to load the following page 160
• Follow these steps to add static mac address entries 160
• Using the cli 160
• Modifying the aging time of dynamic address entries 161
• Adding mac filtering address entries 162
• Aging time is 500 sec 162
• Follow these steps to add mac filtering address entries 162
• Switch config end 162
• Switch config mac address table aging time 500 162
• Switch config show mac address table aging time 162
• Switch configure 162
• Switch copy running config startup config 162
• The following example shows how to modify the aging time to 500 seconds a dynamic entry remains in the mac address table for 500 seconds after the entry is used or updated 162
• Configuring mac notification traps 164
• Security configurations 164
• Using the gui 164
• Configure snmp and set a management host for detailed snmp configurations please refer to configuring snmp rmon 165
• Follow these steps to configure mac notification traps 165
• In the mac notification global config section enable this feature configure the relevant options and click apply 165
• In the mac notification port config section select your desired port and enable its notification traps you can enable these three types learned mode change exceed max learned and new mac learned click apply 165
• Choose the mode that the switch adopts when the maximum number of mac addresses in the specified vlan is exceeded 166
• Click create 166
• Enter the vlan id to limit the number of mac addresses that can be learned in the specified vlan 166
• Enter your desired value in max learned mac to set a threshold 166
• Follow these steps to limit the number of mac addresses in vlans 166
• Limiting the number of mac addresses in vlans 166
• Mac vlan security to load the following page 166
• Configuring mac notification traps 167
• Follow these steps to configure mac notification traps 167
• Using the cli 167
• Limiting the number of mac addresses in vlans 168
• 100 0 drop 169
• Switch config end 169
• Switch config mac address table security vid 10 max learn 100 drop 169
• Switch config show mac address table security vid 10 169
• Switch configure 169
• Switch copy running config startup config 169
• The following example shows how to limit the number of mac addresses to 100 in vlan 10 and configure the switch to drop packets of new source mac addresses when the limit is exceeded 169
• Vlanid max learn current learn status 169
• Configuration scheme 170
• Example for security configurations 170
• Network requirements 170
• Using the gui 171
• Using the cli 172
• Verify the configurations 172
• Appendix default parameters 173
• Default settings of the mac address table are listed in the following tables 173
• Chapters 174
• Configuring 802 q vlan 174
• Part 7 174
• Overview 175
• Configuring the pvid of the port 176
• Q vlan configuration 176
• Using the gui 176
• Configuring the vlan 177
• Enter a vlan id and a description for identification to create a vlan 177
• Follow these steps to configure vlan 177
• Select the untagged port s and the tagged port s respectively to add to the created vlan based on the network topology 177
• Vlan config and click create to load the following page 177
• Will forward untagged packets in the target vlan 177
• Click apply 178
• Creating a vlan 178
• Follow these steps to create a vlan 178
• Switch config vlan 2 178
• Switch config vlan name rd 178
• Switch config vlan show vlan id 2 178
• Switch configure 178
• The following example shows how to create vlan 2 and name it as rd 178
• Using the cli 178
• Configuring the pvid of the port 179
• Follow these steps to configure the port 179
• Link type general 179
• Member in lag n a 179
• Member in vlan 179
• Port gi1 0 5 179
• Pvid 2 179
• Rd active 179
• Switch config if show interface switchport gigabitethernet 1 0 5 179
• Switch config if switchport pvid 2 179
• Switch config interface gigabitethernet 1 0 5 179
• Switch config vlan end 179
• Switch configure 179
• Switch copy running config startup config 179
• The following example shows how to configure the pvid of port 1 0 5 as vlan 2 179
• Vlan name status ports 179
• Adding the port to the specified vlan 180
• Follow these steps to add the port to the specified vlan 180
• Member in lag n a 180
• Port gi1 0 5 180
• Pvid 2 180
• Switch config if end 180
• Switch config if show interface switchport gigabitethernet 1 0 5 180
• Switch config if switchport general allowed vlan 2 tagged 180
• Switch config interface gigabitethernet 1 0 5 180
• Switch configure 180
• Switch copy running config startup config 180
• System vlan untagged 180
• The following example shows how to add the port 1 0 5 to vlan 2 and specify its egress rule as tagged 180
• Vlan name egress rule 180
• Configuration example 182
• Configuration scheme 182
• Network requirements 182
• Network topology 183
• Using the gui 183
• Using the cli 185
• Verify the configurations 185
• Appendix default parameters 187
• Default settings of 802 q vlan are listed in the following table 187
• Chapters 188
• Configuring mac vlan 188
• Part 8 188
• Overview 189
• Ptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in to meet this requirement simply bind the mac addresses of the laptops to the corresponding vlans respectively in this way the mac address rather than the access port determines the vlan each laptop joins each laptop can access only the server in the vlan it joins 189
• The figure below shows a common application scenario of mac vlan 189
• Two departments share all the meeting rooms in the company but use different servers and l 189
• Vlan is generally divided by ports this way of division is simple but isn t suitable for those networks that require frequent topology changes with the popularity of mobile office a terminal device may access the switch via different ports for example a terminal device that accessed the switch via port 1 last time may change to port 2 this time if port 1 and port 2 belong to different vlans the user has to re configure the switch to access the original vlan using mac vlan can free the user from such a problem it divides vlans based on the mac addresses of terminal devices in this way terminal devices always belong to their original vlans even when their access ports change 189
• Configuring 802 q vlan 190
• Mac vlan configuration 190
• Using the gui 190
• Binding the mac address to the vlan 191
• By default mac vlan is disabled on all ports you need to enable mac vlan for your desired ports manually 191
• Click create to create the mac vlan 191
• Enabling mac vlan for the port 191
• Enter the mac address of the device give it a description and enter the vlan id to bind it to the vlan 191
• Follow these steps to bind the mac address to the vlan 191
• Mac vlan to load the following page 191
• Before configuring mac vlan create an 802 q vlan and set the port type according to network requirements for details refer to configuring 802 q vlan 192
• Binding the mac address to the vlan 192
• Configuring 802 q vlan 192
• Follow these steps to bind the mac address to the vlan 192
• Follow these steps to enable mac vlan for the port 192
• Port enable to load the following page 192
• Select your desired ports to enable mac vlan and click apply 192
• Using the cli 192
• 19 56 8a 4c 71 dept a 10 193
• Enabling mac vlan for the port 193
• Follow these steps to enable mac vlan for the port 193
• Mac addr name vlan id 193
• Switch config end 193
• Switch config mac vlan mac address 00 19 56 8a 4c 71 vlan 10 description dept a 193
• Switch config show mac vlan vlan 10 193
• Switch configure 193
• Switch copy running config startup config 193
• The following example shows how to bind the mac address 00 19 56 8a 4c 71 to vlan 10 with the address description as dept a 193
• Configuration example 195
• Configuration scheme 195
• Create vlan 10 and vlan 20 on each of the three switches set different port types and add the ports to the vlans based on the network topology note for the ports connecting the laptops set the link type as general and set the egress rule as 195
• Network requirements 195
• Two departments share all the meeting rooms in the company but use different servers and laptops department a uses server a and laptop a while department b uses server b and laptop b server a is in vlan 10 while server b is in vlan 20 it is required that laptop a can only access server a and laptop b can only access server b no matter which meeting room the laptops are being used in the figure below shows the network topology 195
• You can configure mac vlan to meet this requirement on switch 1 and switch 2 bind the mac addresses of the laptops to the corresponding vlans respectively in this way each laptop can access only the server in the vlan it joins no matter which meeting room the laptops are being used in the overview of the configuration is as follows 195
• Using the gui 196
• Using the cli 199
• Verify the configurations 201
• Appendix default parameters 202
• Default settings of mac vlan are listed in the following table 202
• Chapters 203
• Configuring protocol vlan 203
• Part 9 203
• Overview 204
• Protocol vlan is a technology that divides vlans based on the network layer protocol with the protocol vlan rule configured on the basis of the existing 802 q vlan the switch can analyze special fields of received packets encapsulate the packets in specific formats and forward the packets of different protocols to the corresponding vlans since different applications and services use different protocols network administrators can use protocol vlan to manage the network based on specific applications and services of network users 204
• The figure below shows a common application scenario of protocol vlan with protocol vlan configured switch 2 can forward ipv4 and ipv6 packets from different vlans to the ipv4 and ipv6 networks respectively 204
• Configuring 802 q vlan 205
• Protocol vlan configuration 205
• Using the gui 205
• Check whether your desired template already exists in the protocol template table section if not create it in the create protocol template section 206
• Click create to create the protocol template 206
• Creating protocol template 206
• Follow these steps to create a protocol template 206
• Protocol template to load the following page 206
• Configuring 802 q vlan 207
• Configuring protocol vlan 207
• Using the cli 207
• Creating a protocol template 208
• Follow these steps to create a protocol template 208
• Index protocol name protocol type 208
• Ip ethernetii ether type 0800 208
• Switch config protocol vlan template name ipv6 frame ether_2 ether type 86dd 208
• Switch config show protocol vlan template 208
• Switch configure 208
• The following example shows how to create an ipv6 protocol template on t1600g 52ts 208
• Arp ethernetii ether type 0806 209
• At snap ether type 809b 209
• Configuring protocol vlan 209
• Follow these steps to configure protocol vlan 209
• Ipv6 ethernetii ether type 86dd 209
• Ipx snap ether type 8137 209
• Rarp ethernetii ether type 8035 209
• Switch config end 209
• Switch copy running config startup config 209
• A company uses both ipv4 and ipv6 hosts and these hosts access the ipv4 network and ipv6 network respectively via different routers it is required that ipv4 packets are forwarded to the ipv4 network ipv6 packets are forwarded to the ipv6 network and other packets are dropped 211
• Configuration example 211
• Configuration scheme 211
• Network requirements 211
• The figure below shows the network topology the ipv4 host belongs to vlan 10 the ipv6 host belongs to vlan 20 and these hosts access the network via switch 1 switch 2 is connected to two routers to access the ipv4 network and ipv6 network respectively the routers belong to vlan 10 and vlan 20 respectively 211
• You can configure protocol vlan on port 1 0 1 of switch 2 to meet this requirement when this port receives packets switch 2 will forward them to the corresponding vlans according to their protocol types the overview of the configuration on switch 2 is as follows 211
• Using the gui 212
• Using the cli 217
• Verify the configurations 220
• Appendix default parameters 221
• Default settings of protocol vlan are listed in the following table 221
• Chapters 222
• Configuring spanning tree 222
• Part 10 222
• Basic concepts 223
• Overview 223
• Spanning tree 223
• Stp rstp concepts 223
• Bridge id 224
• Port role 224
• Root bridge 224
• Port status 225
• Path cost 226
• Root path cost 226
• Mst instance 227
• Mst region 227
• Mstp concepts 227
• Stp security 228
• Vlan instance mapping 228
• Configuring stp rstp parameters on ports 231
• Stp rstp configurations 231
• Using the gui 231
• Click apply 233
• Configuring stp rstp globally 233
• Stp config to load the following page 233
• Follow these steps to configure stp rstp globally 234
• In the global config section enable spanning tree function choose the stp mode as stp rstp and click apply 234
• In the parameters config section configure the global parameters of stp rstp and click apply 234
• Stp summary to load the following page 235
• The stp summary section shows the summary information of spanning tree 235
• Verify the stp rstp information of your switch after all the configurations are finished 235
• Verifying the stp rstp configurations 235
• Configuring stp rstp parameters on ports 236
• Follow these steps to configure stp rstp parameters on ports 236
• Using the cli 236
• Switch config if show spanning tree interface gigabitethernet 1 0 3 237
• Switch config if spanning tree 237
• Switch config if spanning tree common config port priority 32 237
• Switch config interface gigabitethernet 1 0 3 237
• Switch configure 237
• The following example shows how to enable spanning tree function on port 1 0 3 and configure the port priority as 32 237
• Configuring global stp rstp parameters 238
• Follow these steps to configure global stp rstp parameters of the switch 238
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 238
• Interface state prio ext cost int cost edge p2p mode role status 238
• Switch config if end 238
• Switch copy running config startup config 238
• Enable rstp 36864 2 12 20 5 20 239
• Enabling stp rstp globally 239
• Follow these steps to configure the spanning tree mode as stp rstp and enable spanning tree function globally 239
• State mode priority hello time fwd time max age hold count max hops 239
• Switch config end 239
• Switch config show spanning tree bridge 239
• Switch config spanning tree priority 36864 239
• Switch config spanning tree timer forward time 12 239
• Switch configure 239
• Switch copy running config startup config 239
• This example shows how to configure the priority of the switch as 36864 the forward delay as 12 seconds 239
• Configuring parameters on ports in cist 241
• Mstp configurations 241
• Using the gui 241
• Besides configure the priority of the switch the priority and path cost of ports in the desired instance 243
• Click apply 243
• Configure the region name revision level vlan instance mapping of the switch the switches with the same region name the same revision level and the same vlan instance mapping are considered as in the same region 243
• Configuring the mstp region 243
• Configuring the region name and revision level 243
• Region config to load the following page 243
• Configuring mstp globally 248
• Follow these steps to configure mstp globally 248
• In the parameters config section configure the global parameters of mstp and click apply 248
• Stp config to load the following page 248
• In the global config section enable spanning tree function and choose the stp mode as mstp and click apply 249
• Stp summary to load the following page 250
• The stp summary section shows the summary information of cist 250
• Verifying the mstp configurations 250
• Configuring parameters on ports in cist 251
• Follow these steps to configure the parameters of the port in cist 251
• The mstp summary section shows the information in mst instances 251
• Using the cli 251
• Switch configure 252
• This example shows how to enable spanning tree function for port 1 0 3 and configure the port priority as 32 252
• Configuring the mst region 253
• Configuring the mstp region 253
• Follow these steps to configure the mst region and the priority of the switch in the instance 253
• Gi1 0 3 144 200 n a lnkdwn 253
• Gi1 0 3 enable 32 auto auto no no auto n a n a lnkdwn 253
• Interface prio cost role status 253
• Interface state prio ext cost int cost edge p2p mode role status 253
• Mst instance 0 cist 253
• Mst instance 5 253
• Switch config if end 253
• Switch config if show spanning tree interface gigabitethernet 1 0 3 253
• Switch config if spanning tree 253
• Switch config if spanning tree common config port priority 32 253
• Switch config interface gigabitethernet 1 0 3 253
• Switch copy running config startup config 253
• Region name r1 254
• Revision 100 254
• Switch config mst instance 5 vlan 2 6 254
• Switch config mst name r1 254
• Switch config mst revision 100 254
• Switch config mst show spanning tree mst configuration 254
• Switch config spanning tree mst configuration 254
• Switch configure 254
• This example shows how to create an mst region of which the region name is r1 the revision level is 100 and vlan 2 vlan 6 are mapped to instance 5 254
• 7 4094 255
• Configuring the parameters on ports in instance 255
• Follow these steps to configure the priority and path cost of ports in the specified instance 255
• Mst instance vlans mapped 255
• Switch config mst end 255
• Switch copy running config startup config 255
• Configuring global mstp parameters 256
• Switch config if spanning tree timer forward time 12 257
• Switch config spanning tree priority 36864 257
• Switch configure 257
• This example shows how to configure the cist priority as 36864 the forward delay as 12 seconds the hold count as 8 and the max hop as 25 257
• Enable mstp 36864 2 12 20 8 25 258
• Enabling spanning tree globally 258
• Follow these steps to configure the spanning tree mode as mstp and enable spanning tree function globally 258
• Spanning tree is enabled 258
• State mode priority hello time fwd time max age hold count max hops 258
• Switch config if end 258
• Switch config if show spanning tree bridge 258
• Switch config if spanning tree hold count 8 258
• Switch config if spanning tree max hops 25 258
• Switch config show spanning tree active 258
• Switch config spanning tree 258
• Switch config spanning tree mode mstp 258
• Switch configure 258
• Switch copy running config startup config 258
• This example shows how to configure the spanning tree mode as mstp and enable spanning tree function globally 258
• Configuring the stp security 261
• Stp security configurations 261
• Using the gui 261
• Configure the port protect features for the selected ports and click apply 262
• Configuring the threshold and cycle of tc protect 262
• T1600g 18ts does not support configuring the threshold and cycle of tc protect 262
• Configure the parameters of tc protect feature and click apply 263
• Configuring the stp security 263
• Featur 263
• Follow these steps to configure the root protect feature bpdu protect feature and bpdu filter feature for ports 263
• Tc protect to load the following page 263
• Using the cli 263
• When you enable tc protect function on ports set the tc threshold and tc protect cycle here if the number of the received tc bpdus exceeds the maximum number you set in the tc threshold field the switch will not remove mac address entries in the tc protect cycle 263
• Switch config if show spanning tree interface security gigabitethernet 1 0 3 264
• Switch config if spanning tree bpdufilter 264
• Switch config if spanning tree bpduguard 264
• Switch config if spanning tree guard loop 264
• Switch config if spanning tree guard root 264
• Switch config interface gigabitethernet 1 0 3 264
• Switch configure 264
• This example shows how to enable loop protect root protect bpdu filter and bpdu protect functions on port 1 0 3 264
• Configuring the tc protect 265
• Follow these steps to configure tc protect feature for ports 265
• Gi1 0 3 enable enable enable enable disable 265
• Interface bpdu filter bpdu guard loop protect root protect tc protect 265
• Switch config if end 265
• Switch configure 265
• Switch copy running config startup config 265
• This example shows how to enable the tc protect function on port 1 0 3 with the tc threshold is 25 and the tc protect cycle is 8 demonstrated with t1600g 52ts 265
• As shown in figure 5 1 the network consists of three switches traffic in vlan 101 vlan 106 is transmitted in this network the link speed between the switches is 100mb s the default path cost of the port is 200000 267
• Configuration example for mstp 267
• Configuration scheme 267
• Here we configure two instances to meet the requirement as is shown below 267
• It is required that traffic in vlan 101 vlan 103 and traffic in vlan 104 vlan 106 should be transmitted along different paths 267
• Mstp backwards compatible with stp and rstp can map vlans to instances to enable load balancing thus providing a more flexible method in network management here we take the mstp configuration as an example 267
• Network requirements 267
• To meet this requirement you are suggested to configure mstp function on the switches map the vlans to different instances to ensure traffic can be transmitted along the respective instance 267
• Using the gui 268
• Instance port config to load the following page set the path cost of port 1 0 1 in instance 1 as 400000 270
• Instance port config to load the following page set the path cost of port 1 0 2 in instance 2 as 400000 274
• Using the cli 279
• Verify the configurations 281
• Appendix default parameters 286
• Default settings of the spanning tree feature are listed in the following table 286
• Chapters 288
• Configuring layer 2 multicast 288
• Part 11 288
• Layer 2 multicast 289
• Overview 289
• Configuration guide 267 290
• Configuring layer 2 multicast layer 2 multicast 290
• Demonstrated as below 290
• Figure 1 1 igmp snooping 290
• Layer 2 multicast protocol for ipv4 igmp snooping 290
• Layer 2 multicast protocol for ipv6 mld snooping 290
• On the layer 2 device igmp snooping transmits data on demand on data link layer by analyzing igmp packets between layer 3 devices and users to build and maintain layer 2 multicast forwarding table 290
• On the layer 2 device mld snooping multicast listener discovery snooping transmits data on demand on data link layer by analyzing igmp packets between layer 3 devices and users to build and maintain layer 2 multicast forwarding table 290
• Supported layer 2 multicast protocols 290
• Configuring igmp snooping globally 291
• Igmp snooping configurations 291
• Using the gui 291
• Click apply 292
• Configure unknown multicast as forward or discard 292
• Configuring router port time and member port time 292
• Enable or disable report message suppression globally 292
• Enabling report message suppression can reduce the number of packets in the network 292
• Follow these steps to configure report message suppression 292
• Follow these steps to configure the aging time of the router ports and the member ports 292
• Follow these steps to configure unknown multicast 292
• Optional configuring report message suppression 292
• Snooping config page at the same time 292
• Specify the aging time of the member ports 292
• Specify the aging time of the router ports 292
• Click apply 293
• Configure the last listener query interval and last listener query count when the switch receives an igmp leave message if specified count of multicast address specific queries masqs are sent and no report message is received the switch will delete the multicast address from the multicast forwarding table 293
• Configuring igmp snooping last listener query 293
• Follow these steps to configure last listener query interval and last listener query count in the global config section 293
• Igmp snooping status table displays vlans and ports with igmp snooping enabled 293
• Specify the interval between masqs 293
• Specify the number of masqs to be sent 293
• Verifying igmp snooping status 293
• Configuring the port s basic igmp snooping features 294
• Enabling igmp snooping on the port 294
• Optional configuring fast leave 294
• Configuring igmp snooping globally in the vlan 295
• Configuring igmp snooping in the vlan 295
• Click create 296
• Configure the forbidden router ports in the designate vlan 296
• Configure the router ports in the designate vlan 296
• Configuring the multicast vlan 296
• Follow these steps to configure static router ports in the designate vlan 296
• Follow these steps to forbid the selected ports to be the router ports in the designate vlan 296
• In old multicast transmission mode when users in different vlans apply for data from the same multicast group the layer 3 device will duplicate this multicast data and deliver copies to the layer 2 devices 296
• Optional configuring the forbidden router ports in the vlan 296
• Optional configuring the static router ports in the vlan 296
• With multicast vlan configured all multicast group members will be added to a vlan layer 3 device only need to send one piece of multicast data to a layer 2 device and the layer 2 device will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth and reduces network load of layer 3 devices 296
• Creating multicast vlan and configuring basic settings 297
• Enable multicast vlan configure the specific vlan to be the multicast vlan and configure the router port time and member port time 297
• In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic settings 297
• Multicast vlan to load the following page 297
• Set up the vlan that the router ports and the member ports are in for details please refer to configuring 802 q vlan 297
• Click apply 298
• Configure the new multicast source ip 298
• Configure the router ports in the designate vlan 298
• Configure the router ports in the multicast vlan 298
• Follow these steps to configure static router ports in the multicast vlan 298
• Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 298
• Optional configuring the forbidden router ports 298
• Optional configuring the static router ports 298
• Optional creating replace source ip 298
• This function allows you to use a new ip instead of the source ip to send data to multicast group members in the multicast vlan section follow these steps to configure replace source ip 298
• This table displays all the dynamic router ports in the multicast vlan 298
• Viewing dynamic router ports in the multicast vlan 298
• Click add 299
• Configuring the querier 299
• Follow these steps to configure the querier 299
• Optional configuring the querier 299
• Querier config to load the following page 299
• Specify a vlan and configure the querier on this vlan 299
• The igmp snooping querier table displays all the related settings of the igmp querier 299
• Viewing settings of igmp querier 299
• You can edit the settings in the igmp snooping querier table 299
• Click create 300
• Configuring igmp profile 300
• Create a profile and configure its filtering mode 300
• Creating profile 300
• Enter the search condition in the search option field to search the profile in the igmp profile info table 300
• Follow these steps to create a profile and configure its filtering mode 300
• Profile config to load the following page 300
• Searching profile 300
• Binding profile and member ports 301
• Click edit in the igmp profile info table edit its ip range and click add to save the settings 301
• Click submit to save the settings click back to go back to the previous page 301
• Editing ip range of the profile 301
• Follow these steps to edit profile mode and its ip range 301
• In the ip range table you can select an ip range and click delete to delete an ip range 301
• Profile binding to load the following page 301
• Binding profile and member ports 302
• Click apply 302
• Configuring max groups a port can join 302
• Follow these steps to bind the profile to the port 302
• Follow these steps to configure the maximum groups a port can join and overflow action 302
• Select a port to configure its max group and overflow action 302
• Select the port to be bound and enter the profile id in the profile id column 302
• Click apply 303
• Configuring auto refresh 303
• Enable or disable auto refresh 303
• Follow these steps to configure auto refresh 303
• Packet statistic to load the following page 303
• Viewing igmp statistics on each port 303
• Click apply 304
• Enabling igmp accounting and authentication 304
• Igmp authentication to load the following 304
• T1600g 18ts does not support this feature 304
• The igmp statistics table displays all kinds of igmp statistics of all the ports 304
• Viewing igmp statistics 304
• Configuring igmp accounting globally 305
• Configuring igmp authentication on the port 305
• Configuring static member port 305
• Click create 306
• Configuring static member port 306
• Enter the multicast ip and vlan id specify the static member port 306
• Follow these steps to configure static member port 306
• Static multicast ip table displays details of all igmp static multicast groups 306
• Viewing igmp static multicast groups 306
• You can search igmp static multicast entries by using multicast ip vlan id or forward port as the search option 306
• Enabling igmp snooping globally 307
• Enabling igmp snooping on the port 307
• Switch config ip igmp snooping 307
• Switch configure 307
• The following example shows how to enable igmp snooping globally and enable igmp snooping on port 1 0 3 307
• Using the cli 307
• Configuring igmp snooping parameters globally 308
• Configuring report message suppression 308
• Enable port gi1 0 3 308
• Enable vlan 308
• Global authentication accounting disable 308
• Global member age time 260 308
• Global report suppression disable 308
• Global router age time 300 308
• Igmp snooping enable 308
• Last query interval 1 308
• Last query times 2 308
• Switch config if end 308
• Switch config if ip igmp snooping 308
• Switch config if show ip igmp snooping 308
• Switch config interface gigabitethernet 1 0 3 308
• Switch copy running config startup config 308
• Unknown multicast pass 308
• Configuring unknown multicast 309
• Enable port 309
• Enable vlan 309
• Global authentication accounting disable 309
• Global member age time 260 309
• Global report suppression enable 309
• Global router age time 300 309
• Igmp snooping enable 309
• Last query interval 1 309
• Last query times 2 309
• Switch config if end 309
• Switch config ip igmp snooping 309
• Switch config ip igmp snooping report suppression 309
• Switch config show ip igmp snooping 309
• Switch configure 309
• Switch copy running config startup config 309
• The following example shows how to enable report message suppression 309
• Unknown multicast pass 309
• Configuring igmp snooping parameters on the port 310
• Configuring router port time and member port time 310
• Configuring fast leave 311
• Enable port 311
• Enable vlan 311
• Global authentication accounting disable 311
• Global member age time 200 311
• Global report suppression disable 311
• Global router age time 200 311
• Igmp snooping enable 311
• Last query interval 1 311
• Last query times 2 311
• Switch config if end 311
• Switch config ip igmp snooping 311
• Switch config ip igmp snooping mtime 200 311
• Switch config ip igmp snooping rtime 200 311
• Switch config show ip igmp snooping 311
• Switch configure 311
• Switch copy running config startup config 311
• The following example shows how to configure the global router port time and member port time as 200 seconds 311
• Unknown multicast pass 311
• Configuring max group and overflow action on the port 312
• Gi1 0 3 enable enable 312
• Port igmp snooping fast leave 312
• Switch config if end 312
• Switch config if ip igmp snooping 312
• Switch config if ip igmp snooping immediate leave 312
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 basic config 312
• Switch config interface gigabiteternet 1 0 3 312
• Switch config ip igmp snooping 312
• Switch configure 312
• Switch copy running config startup config 312
• The following example shows how to enable fast leave on port 1 0 3 312
• Configuring igmp snooping last listener query 313
• Gi1 0 3 500 drop 313
• Port max groups overflow action 313
• Switch config if end 313
• Switch config if ip igmp snooping 313
• Switch config if ip igmp snooping max groups 500 313
• Switch config if ip igmp snooping max groups action drop 313
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 3 max groups 313
• Switch config interface gigabiteternet 1 0 3 313
• Switch config ip igmp snooping 313
• Switch configure 313
• Switch copy running config startup config 313
• The following example shows how to configure the max group as 500 and the overflow action as drop on port 1 0 3 313
• Enable port 314
• Enable vlan 314
• Global authentication accounting disable 314
• Global member age time 260 314
• Global report suppression disable 314
• Global router age time 300 314
• Igmp snooping enable 314
• Last query interval 5 314
• Last query times 5 314
• Switch config end 314
• Switch config ip igmp snooping 314
• Switch config ip igmp snooping last listener query count 5 314
• Switch config ip igmp snooping last listener query interval 5 314
• Switch config show ip igmp snooping 314
• Switch configure 314
• Switch copy running config startup config 314
• The following example shows how to configure the last listener query count as 5 and the last listener query interval as 5 seconds 314
• Unknown multicast pass 314
• Configuring igmp snooping parameters in the vlan 315
• Configuring router port time and member port time 315
• Dynamic router port none 315
• Forbidden router port none 315
• Member time 400 315
• Router time 500 315
• Static router port none 315
• Switch config ip igmp snooping 315
• Switch config ip igmp snooping vlan config 2 3 mtime 400 315
• Switch config ip igmp snooping vlan config 2 3 rtime 500 315
• Switch config show ip igmp snooping vlan 2 315
• Switch config show ip igmp snooping vlan 3 315
• Switch configure 315
• The following example shows how to enable igmp snooping in vlan 2 and vlan 3 configure the router port time as 500 seconds and the member port time as 400 seconds 315
• Vlan id 2 315
• Vlan id 3 315
• Configuring static router port 316
• Dynamic router port none 316
• Forbidden router port none 316
• Member time 0 316
• Member time 400 316
• Router time 0 316
• Static router port gi1 0 2 316
• Static router port none 316
• Switch config end 316
• Switch config ip igmp snooping 316
• Switch config ip igmp snooping vlan config 2 rport interface gigabitethernet 1 0 2 316
• Switch config show ip igmp snooping vlan 2 316
• Switch configure 316
• Switch copy running config startup config 316
• The following example shows how to enable igmp snooping in vlan 2 and configure port 1 0 2 as the static router port 316
• Vlan id 2 316
• Configuring forbidden router port 317
• Dynamic router port none 317
• Forbidden router port gi1 0 4 6 317
• Member time 0 317
• Router time 0 317
• Static router port none 317
• Switch config end 317
• Switch config ip igmp snooping 317
• Switch config ip igmp snooping vlan config 2 router ports forbidden interface gigabitethernet 1 0 4 6 317
• Switch config show ip igmp snooping vlan 2 317
• Switch configure 317
• Switch copy running config startup config 317
• The following example shows how to enable igmp snooping in vlan 2 and forbid port 1 0 4 6 from becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 317
• Vlan id 2 317
• 2 static gi1 0 9 10 318
• Configuring igmp snooping parameters in the multicast vlan 318
• Configuring router port time and member port time 318
• Configuring static multicast multicast ip and forward port 318
• Multicast ip vlan id addr type switch port 318
• Switch config end 318
• Switch config ip igmp snooping 318
• Switch config ip igmp snooping vlan config 2 static 226 interface gigabitethernet 1 0 9 10 318
• Switch config show ip igmp snooping groups static 318
• Switch configure 318
• Switch copy running config startup config 318
• The following example shows how to configure 226 as the static multicast ip and specify port 1 0 9 10 as the forward ports 318
• Configuring static router port 319
• Dynamic router port none 319
• Forbidden router port none 319
• Member time 400 319
• Multicast vlan enable 319
• Replace source ip 0 319
• Router time 500 319
• Static router port none 319
• Switch config end 319
• Switch config ip igmp snooping 319
• Switch config ip igmp snooping multi vlan config 5 mtime 400 319
• Switch config ip igmp snooping multi vlan config 5 rtime 500 319
• Switch config show ip igmp snooping multi vlan 319
• Switch configure 319
• Switch copy running config startup config 319
• The following example shows how to configure vlan 5 as the multicast vlan set the router port time as 500 seconds and the member port time as 400 seconds 319
• Vlan id 5 319
• Configuring forbidden router port 320
• Dynamic router port none 320
• Forbidden router port none 320
• Member time 260 320
• Multicast vlan enable 320
• Replace source ip 0 320
• Router time 300 320
• Static router port gi1 0 5 320
• Switch config end 320
• Switch config ip igmp snooping 320
• Switch config ip igmp snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 320
• Switch config show ip igmp snooping multi vlan 320
• Switch configure 320
• Switch copy running config startup config 320
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 as the static router port 320
• Vlan id 5 320
• Configuring replace source ip 321
• Dynamic router port none 321
• Forbidden router port gi1 0 6 321
• Member time 260 321
• Multicast vlan enable 321
• Replace source ip 0 321
• Router time 300 321
• Static router port none 321
• Switch config end 321
• Switch config ip igmp snooping 321
• Switch config ip igmp snooping multi vlan config 5 router ports forbidden interface gigabitethernet 1 0 6 321
• Switch config show ip igmp snooping multi vlan 321
• Switch configure 321
• Switch copy running config startup config 321
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 as the forbidden router port 321
• Vlan id 5 321
• Configuring the querier 322
• Dynamic router port none 322
• Enabling igmp querier 322
• Forbidden router port none 322
• Member time 260 322
• Multicast vlan enable 322
• Replace source ip 192 68 322
• Router time 300 322
• Static router port none 322
• Switch config end 322
• Switch config ip igmp snooping 322
• Switch config ip igmp snooping multi vlan config 5 replace sourceip 192 68 322
• Switch config show ip igmp snooping multi vlan 322
• Switch configure 322
• Switch copy running config startup config 322
• The following example shows how to configure vlan 5 as the multicast vlan and replace the source ip in the igmp packets sent by the switch with 192 68 322
• Vlan id 5 322
• Configuring query interval max response time and general query source ip 323
• General query source ip 192 68 323
• Maximum response time 10 323
• Query interval 60 323
• Switch config end 323
• Switch config ip igmp snooping 323
• Switch config ip igmp snooping querier vlan 4 323
• Switch config show ip igmp snooping querier 323
• Switch configure 323
• Switch copy running config startup config 323
• The following example shows how to enable igmp snooping and igmp querier in vlan 4 323
• Vlan 4 323
• Configuring multicast filtering 324
• Creating profile 324
• Binding profile to the port 325
• Igmp profile 1 325
• Range 226 226 0 325
• Switch config end 325
• Switch config igmp profile deny 325
• Switch config igmp profile range 226 226 0 325
• Switch config igmp profile show ip igmp profile 325
• Switch config ip igmp profile 1 325
• Switch config ip igmp snooping 325
• Switch configure 325
• Switch copy running config startup config 325
• The following example shows how to configure profile 1 so that the switch filters multicast data sent to 226 226 0 325
• Binding port s 326
• Gi1 0 2 326
• Igmp profile 1 326
• Range 226 226 0 326
• Switch config end 326
• Switch config if ip igmp filter 1 326
• Switch config if ip igmp snooping 326
• Switch config if show ip igmp profile 326
• Switch config igmp profile deny 326
• Switch config igmp profile exit 326
• Switch config igmp profile range 226 226 0 326
• Switch config interface gigabitethernet 1 0 2 326
• Switch config ip igmp profile 1 326
• Switch config ip igmp snooping 326
• Switch configure 326
• Switch copy running config startup config 326
• The following example shows how to bind profile 1 to port 1 0 2 so that port 1 0 2 filters multicast data sent to 226 226 0 326
• Enabling igmp accounting and authentication 327
• Enabling igmp authentication on the port 327
• Gi1 0 2 enable 327
• Port igmp authentication 327
• Switch config end 327
• Switch config if ip igmp snooping 327
• Switch config if ip igmp snooping authentication 327
• Switch config if show ip igmp snooping interface gigabitethernet 1 0 2 authentication 327
• Switch config interface gigabitethernet 1 0 2 327
• Switch config ip igmp snooping 327
• Switch configure 327
• Switch copy running config startup config 327
• T1600g 18ts does not support this feature 327
• The following example shows how to enable igmp authentication on port 1 0 2 327
• Enabling igmp accounting globally 328
• Configuring mld snooping 329
• Configuring mld snooping globally 329
• Using the gui 329
• Click apply 330
• Configure unknown multicast as forward or discard 330
• Configuring router port time and member port time 330
• Enable or disable report message suppression globally 330
• Enabling report message suppression can reduce the number of packets in the network 330
• Follow these steps to configure report message suppression 330
• Follow these steps to configure the aging time of the router ports and the member ports 330
• Follow these steps to configure unknown multicast 330
• Optional configuring report message suppression 330
• Snooping config page at the same time 330
• Specify the aging time of the member ports 330
• Specify the aging time of the router ports 330
• Click apply 331
• Configure the last listener query interval and last listener query count when the switch receives an mld leave message if specified count of multicast address specific queries masqs are sent and no report message is received the switch will delete the multicast address from the multicast forwarding table 331
• Configuring mld snooping last listener query 331
• Follow these steps to configure last listener query interval and last listener query count in the global config section 331
• Mld snooping status table displays vlans and ports with mld snooping enabled 331
• Specify the interval between masqs 331
• Specify the number of masqs to be sent 331
• Verifying mld snooping status 331
• Configuring the port s basic mld snooping features 332
• Enabling mld snooping on the port 332
• Optional configuring fast leave 332
• Configuring mld snooping globally in the vlan 333
• Configuring mld snooping in the vlan 333
• Click create 334
• Configure the forbidden router ports in the designate vlan 334
• Configure the router ports in the designate vlan 334
• Configuring the multicast vlan 334
• Follow these steps to configure static router ports in the designate vlan 334
• Follow these steps to forbid the selected ports to be the router ports in the designate vlan 334
• In old multicast transmission mode when users in different vlans apply for data from the same multicast group the layer 3 device will duplicate this multicast data and deliver copies to the layer 2 devices 334
• Optional configuring the forbidden router ports in the vlan 334
• Optional configuring the static router ports in the vlan 334
• With multicast vlan configured all multicast group members will be added to a vlan layer 3 device only need to send one piece of multicast data to a layer 2 device and the layer 2 device will send the data to all member ports of the vlan in this way multicast vlan saves bandwidth and reduces network load of layer 3 devices 334
• Creating multicast vlan and configuring basic settings 335
• Enable multicast vlan configure the specific vlan to be the multicast vlan and configure the router port time and member port time 335
• In the multicast vlan section follow these steps to enable multicast vlan and to finish the basic settings 335
• Multicast vlan to load the following page 335
• Set up the vlan that the router ports and the member ports are in for details please refer to configuring 802 q vlan 335
• Click apply 336
• Configure the new multicast source ip 336
• Configure the router ports in the designate vlan 336
• Configure the router ports in the multicast vlan 336
• Follow these steps to configure static router ports in the multicast vlan 336
• Follow these steps to forbid the selected ports to be the router ports in the multicast vlan 336
• Optional configuring the forbidden router ports 336
• Optional configuring the static router ports 336
• Optional creating replace source ip 336
• This function allows you to use a new ip instead of the source ip to send data to multicast group members in the multicast vlan section follow these steps to configure replace source ip 336
• This table displays all the dynamic router ports in the multicast vlan 336
• Viewing dynamic router ports in the multicast vlan 336
• Click add 337
• Configuring the querier 337
• Follow these steps to configure the querier 337
• Optional configuring the querier 337
• Querier config to load the following page 337
• Specify a vlan and configure the querier on this vlan 337
• The mld snooping querier table displays all the related settings of the mld querier 337
• Viewing settings of mld querier 337
• You can edit the settings in the mld snooping querier table 337
• Click create 338
• Configuring mld profile 338
• Create a profile and configure its filtering mode 338
• Creating profile 338
• Enter the search condition in the search option field to search the profile in the mld profile info table 338
• Follow these steps to create a profile and configure its filtering mode 338
• Profile config to load the following page 338
• Searching profile 338
• Editing ip range of the profile 339
• Binding profile and member ports 340
• Click apply 340
• Follow these steps to bind the profile to the port 340
• Profile binding to load the following page 340
• Select the port to be bound and enter the profile id in the profile id column 340
• Click apply 341
• Configuring max groups a port can join 341
• Follow these steps to configure the maximum groups a port can join and overflow action 341
• Select a port to configure its max group and overflow action 341
• Click apply 342
• Configuring auto refresh 342
• Enable or disable auto refresh 342
• Follow these steps to configure auto refresh 342
• Packet statistic to load the following page 342
• The mld statistics table displays all kinds of mld statistics of all the ports 342
• Viewing mld statistics 342
• Viewing mld statistics on each port 342
• Configuring static member port 343
• Viewing mld static multicast groups 343
• Enabling mld snooping globally 344
• Enabling mld snooping on the port 344
• Switch config interface gigabitethernet 1 0 3 344
• Switch config ipv6 mld snooping 344
• The following example shows how to enable mld snooping globally and enable mld snooping switch configure 344
• Using the cli 344
• Configuring mld snooping parameters globally 345
• Configuring report message suppression 345
• Enable port gi1 0 3 345
• Enable vlan 345
• Global member age time 260 345
• Global report suppression disable 345
• Global router age time 300 345
• Last query interval 1 345
• Last query times 2 345
• Mld snooping enable 345
• Switch config if end 345
• Switch config if ipv6 mld snooping 345
• Switch config if show ipv6 mld snooping 345
• Switch config ipv6 mld snooping 345
• Switch configure 345
• Switch copy running config startup config 345
• The following example shows how to enable report message suppression 345
• Unknown multicast pass 345
• Configuring unknown multicast 346
• Enable port 346
• Enable vlan 346
• Global member age time 260 346
• Global report suppression enable 346
• Global router age time 300 346
• Igmp snooping and mld snooping share the setting of unknown multicast so you have to enable igmp snooping globally at the same time 346
• Last query interval 1 346
• Last query times 2 346
• Mld snooping enable 346
• Switch config end 346
• Switch config ipv6 mld snooping 346
• Switch config ipv6 mld snooping report suppression 346
• Switch config show ipv6 mld snooping 346
• Switch configure 346
• Switch copy running config startup config 346
• The following example shows how to configure the switch to discard unknown multicast data 346
• Unknown multicast pass 346
• Configuring mld snooping parameters on the port 347
• Configuring router port time and member port time 347
• Enable port 347
• Enable vlan 347
• Global member age time 260 347
• Global report suppression disable 347
• Global router age time 300 347
• Last query interval 1 347
• Last query times 2 347
• Mld snooping enable 347
• Switch config end 347
• Switch config ip igmp snooping 347
• Switch config ipv6 mld snooping drop unknown 347
• Switch config show ipv6 mld snooping 347
• Switch configure 347
• Switch copy running config startup config 347
• The following example shows how to configure the global router port time and member port time as 200 seconds 347
• Unknown multicast discard 347
• Configuring fast leave 348
• Enable port 348
• Enable vlan 348
• Global member age time 200 348
• Global report suppression disable 348
• Global router age time 200 348
• Last query interval 1 348
• Last query times 2 348
• Mld snooping enable 348
• Switch config end 348
• Switch config ipv6 mld snooping 348
• Switch config ipv6 mld snooping mtime 200 348
• Switch config ipv6 mld snooping rtime 200 348
• Switch config show ipv6 mld snooping 348
• Switch copy running config startup config 348
• Unknown multicast pass 348
• Configuring max group and overflow action on the port 349
• Gi1 0 3 enable enable 349
• Port mld snooping fast leave 349
• Switch config if end 349
• Switch config if ipv6 mld snooping 349
• Switch config if ipv6 mld snooping immediate leave 349
• Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 basic config 349
• Switch config interface gigabiteternet 1 0 3 349
• Switch config ipv6 mld snooping 349
• Switch configure 349
• Switch copy running config startup config 349
• The following example shows how to enable fast leave on port 1 0 3 349
• Configuring mld snooping last listener query 350
• Gi1 0 3 500 drop 350
• Port max groups overflow action 350
• Switch config if end 350
• Switch config if ipv6 mld snooping 350
• Switch config if ipv6 mld snooping max groups 500 350
• Switch config if ipv6 mld snooping max groups action drop 350
• Switch config if show ipv6 mld snooping interface gigabitethernet 1 0 3 max groups 350
• Switch config interface gigabiteternet 1 0 3 350
• Switch config ipv6 mld snooping 350
• Switch configure 350
• Switch copy running config startup config 350
• The following example shows how to configure the max group as 500 and the overflow action as drop on port 1 0 3 350
• Configuring mld snooping parameters in the vlan 351
• Configuring router port time and member port time 351
• Enable port 351
• Enable vlan 351
• Global member age time 260 351
• Global report suppression disable 351
• Global router age time 300 351
• Last query interval 5 351
• Last query times 5 351
• Mld snooping enable 351
• Switch config end 351
• Switch config ipv6 mld snooping 351
• Switch config ipv6 mld snooping last listener query count 5 351
• Switch config ipv6 mld snooping last listener query interval 5 351
• Switch config show ipv6 mld snooping 351
• Switch configure 351
• Switch copy running config startup config 351
• The following example shows how to configure the last listener query count as 5 and the last listener query interval as 5 seconds 351
• Unknown multicast pass 351
• Configuring static router port 352
• Configuring forbidden router port 353
• Dynamic router port none 353
• Forbidden router port none 353
• Member time 0 353
• Router time 0 353
• Static router port gi1 0 2 353
• Switch config end 353
• Switch config ipv6 mld snooping 353
• Switch config ipv6 mld snooping vlan config 2 rport interface gigabitethernet 1 0 2 353
• Switch config show ipv6 mld snooping vlan 2 353
• Switch configure 353
• Switch copy running config startup config 353
• The following example shows how to enable mld snooping in vlan 2 and configure port 1 0 2 as the static router port 353
• Vlan id 2 353
• Configuring static multicast multicast ip and forward port 354
• Dynamic router port none 354
• Forbidden router port gi1 0 4 6 354
• Member time 0 354
• Router time 0 354
• Static router port none 354
• Switch config 354
• Switch config end 354
• Switch config ipv6 mld snooping 354
• Switch config ipv6 mld snooping vlan config 2 router ports forbidden interface gigabitethernet 1 0 4 6 354
• Switch config show ipv6 mld snooping vlan 2 354
• Switch copy running config startup config 354
• The following example shows how to enable mld snooping in vlan 2 and forbid port 1 0 4 6 from becoming router ports port 1 0 4 6 will drop all multicast data from layer 3 devices 354
• Vlan id 2 354
• Configuring mld snooping parameters in the multicast vlan 355
• Configuring router port time and member port time 355
• Ff01 1234 02 2 static gi1 0 9 10 355
• Multicast ip vlan id addr type switch port 355
• Switch config end 355
• Switch config ipv6 mld snooping 355
• Switch config ipv6 mld snooping vlan config 2 static ff01 1234 02 interface gigabitethernet 1 0 9 10 355
• Switch config show ipv6 mld snooping groups static 355
• Switch configure 355
• Switch copy running config startup config 355
• The following example shows how to configure ff01 1234 02 as the static multicast ip and specify port 1 0 9 10 as the forward ports 355
• Configuring static router port 356
• Dynamic router port none 356
• Forbidden router port none 356
• Member time 400 356
• Multicast vlan enable 356
• Replace source ip 356
• Router time 500 356
• Static router port none 356
• Switch config end 356
• Switch config ipv6 mld snooping 356
• Switch config ipv6 mld snooping multi vlan config 5 mtime 400 356
• Switch config ipv6 mld snooping multi vlan config 5 rtime 500 356
• Switch config show ipv6 mld snooping multi vlan 356
• Switch configure 356
• Switch copy running config startup config 356
• The following example shows how to configure vlan 5 as the multicast vlan set the router port time as 500 seconds and the member port time as 400 seconds 356
• Vlan id 5 356
• Configuring forbidden router port 357
• Dynamic router port none 357
• Forbidden router port none 357
• Member time 260 357
• Multicast vlan enable 357
• Replace source ip 357
• Router time 300 357
• Static router port gi1 0 5 357
• Switch config end 357
• Switch config ipv6 mld snooping 357
• Switch config ipv6 mld snooping multi vlan config 5 rport interface gigabitethernet 1 0 5 357
• Switch config show ipv6 mld snooping multi vlan 357
• Switch configure 357
• Switch copy running config startup config 357
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 5 as the static router port 357
• Vlan id 5 357
• Configuring replace source ip 358
• Dynamic router port none 358
• Forbidden router port gi1 0 6 358
• Member time 260 358
• Multicast vlan enable 358
• Replace source ip 358
• Router time 300 358
• Static router port none 358
• Switch config end 358
• Switch config ipv6 mld snooping 358
• Switch config ipv6 mld snooping multi vlan config 5 router ports forbidden interface gigabitethernet 1 0 6 358
• Switch config show ipv6 mld snooping multi vlan 358
• Switch configure 358
• Switch copy running config startup config 358
• The following example shows how to configure vlan 5 as the multicast vlan and set port 1 0 6 as the forbidden router port 358
• Vlan id 5 358
• Configuring the querier 359
• Dynamic router port none 359
• Enabling mld querier 359
• Forbidden router port none 359
• Member time 260 359
• Multicast vlan enable 359
• Replace source ip fe80 2ff ffff fe00 1 359
• Router time 300 359
• Static router port none 359
• Switch config end 359
• Switch config ipv6 mld snooping 359
• Switch config ipv6 mld snooping multi vlan config 5 replace sourceip fe80 02ff ffff fe00 0001 359
• Switch config show ipv6 mld snooping multi vlan 359
• Switch configure 359
• Switch copy running config startup config 359
• The following example shows how to configure vlan 5 as the multicast vlan and replace the source ip in the mld packets sent by the switch with fe80 02ff ffff fe00 0001 359
• Vlan id 5 359
• Configuring query interval max response time and general query source ip 360
• General query source ip fe80 2ff ffff fe00 1 360
• Maximum response time 10 360
• Query interval 60 360
• Switch config end 360
• Switch config ipv6 mld snooping 360
• Switch config ipv6 mld snooping querier vlan 4 360
• Switch config show ipv6 mld snooping querier 360
• Switch configure 360
• Switch copy running config startup config 360
• The following example shows how to enable mld snooping and mld querier in vlan 4 360
• The following example shows how to enable mld snooping and mld querier in vlan 4 set the query interval as 100 seconds the max response time as 20 seconds and the general query source ip as fe80 2ff ffff fe00 1 360
• Vlan 4 360
• Configuring multicast filtering 361
• Creating profile 361
• General query source ip fe80 2ff ffff fe00 1 361
• Maximum response time 20 361
• Query interval 100 361
• Switch config end 361
• Switch config ipv6 mld snooping 361
• Switch config ipv6 mld snooping querier vlan 4 general query source ip fe80 2ff ffff fe00 1 361
• Switch config ipv6 mld snooping querier vlan 4 max response time 20 361
• Switch config ipv6 mld snooping querier vlan 4 query interval 100 361
• Switch config show ipv6 mld snooping querier 361
• Switch copy running config startup config 361
• Vlan 4 361
• Binding profile to the port 362
• Mld profile 1 362
• Range ff01 1234 5 ff01 1234 8 362
• Switch config end 362
• Switch config ipv6 mld profile 1 362
• Switch config ipv6 mld snooping 362
• Switch config mld profile deny 362
• Switch config mld profile range ff01 1234 5 ff01 1234 8 362
• Switch config mld profile show ipv6 mld profile 362
• Switch configure 362
• Switch copy running config startup config 362
• The following example shows how to configure profile 1 so that the switch filters multicast data sent to ff01 1234 5 ff01 1234 8 362
• Using the gui 364
• Viewing ipv4 multicast snooping configurations 364
• Viewing multicast snooping configurations 364
• Ipv6 multicast table to view all valid multicast ip vlan port entries 365
• Using the cli 365
• Viewing ipv4 multicast snooping configurations 365
• Viewing ipv6 multicast snooping configurations 365
• Viewing ipv6 multicast snooping configurations 366
• Configuration examples 368
• Configuration scheme 368
• Example for configuring basic igmp snooping 368
• Network requirements 368
• Using the gui 369
• Vlan config to load the following page create vlan 10 and add untagged port 1 0 1 3 and tagged port 1 0 4 to vlan 10 370
• Using the cli 372
• Verify the configurations 373
• Configuration scheme 374
• Example for configuring multicast vlan 374
• Network requirements 374
• Network topology 374
• Demonstrated with t1600g 52ts this section provides configuration procedures in two ways using the gui and using the cli 375
• Internet 375
• Snooping config to load the following page enable igmp snooping globally and keep the default values in the router port time and member port time fields 375
• Using the gui 375
• Snooping config to load the following page enable igmp snooping on port 1 0 1 4 376
• Using the cli 378
• Verify the configurations 379
• Example for configuring unknown multicast and fast leave 380
• Network requirement 380
• Configuration scheme 381
• Using the gui 381
• Port config to load the following page enable igmp snooping on port 1 0 2 and port 1 0 4 and enable fast leave on port 1 0 2 382
• Vlan config to load the following page enable igmp snooping in vlan 10 383
• Using the cli 384
• Verify the configurations 384
• Configuration scheme 385
• Example for configuring multicast filtering 385
• Network requirements 385
• Network topology 385
• Demonstrated with t1600g 52ts this section provides configuration procedures in two ways using the gui and using the cli 386
• Internet 386
• Snooping config to load the following page enable igmp snooping globally and keep the default values in the router port time and member port time fields 386
• Using the gui 386
• Snooping config to load the following page 387
• Using the cli 393
• Verify the configurations 395
• Appendix default parameters 396
• Default parameters for igmp snooping 396
• Default parameters for mld snooping 397
• Chapters 399
• Configuring logical interfaces 399
• Part 12 399
• Interfaces of a device are used to exchange data and interact with interfaces of other network devices interfaces are classified into physical interfaces and logical interfaces 400
• Logical interfaces are manually configured and do not physically exist such as loopback interfaces and routing interfaces 400
• Overview 400
• Physical interfaces are the ports on the front panel or rear panel of the switch 400
• This chapter introduces the configurations for logical interfaces the supported types of logical interfaces are shown as below 400
• Creating a layer 3 interface 401
• Logical interfaces configurations 401
• Using the gui 401
• Configuring ipv4 parameters of the interface 402
• Figure 2 402
• In the interface list section you can view the corresponding interface entry you create 402
• In the modify interface section specify an interface id and configure relevant parameters for the interface according to your actual needs then click apply 402
• List section on the corresponding interface entry click edit to load the following page and configure the ipv4 parameters of the interface 402
• You can view the corresponding interface entry you create in the interface 402
• Configuring ipv6 parameters of the interface 403
• Figure 2 403
• In the secondary ip create section configure the secondary ip for the specified interface which allows you to have two logical subnets using one physical subnet then click create 403
• In the secondary ip list section you can view the corresponding secondary ip entry you create 403
• List section on the corresponding interface entry click edit ipv6 to load the following page and configure the ipv6 parameters of the interface 403
• You can view the corresponding interface entry you create in the interface 403
• Configure the ipv6 link local address of the interface manually or automatically in the link local address config section then click apply 404
• Enable ipv6 function on the interface of switch in the general config section then click apply 404
• Configure one or more ipv6 global addresses of the interface via following three ways 405
• Manually 405
• Via dhcpv6 server 405
• Via ra message 405
• View the global address entry in the global address table 405
• Creating a layer 3 interface 406
• Figure 2 406
• Follow these steps to create a layer 3 interface you can create a vlan interface a loopback interface a routed port or a port channel interface according to your needs 406
• List section on the corresponding interface entry click detail to load the following page and view the detail information of the interface 406
• Using the cli 406
• Viewing detail information of the interface 406
• You can view the corresponding interface entry you create in the interface 406
• Switch config if description vlan 2 407
• Switch config if end 407
• Switch config interface vlan 2 407
• Switch configure 407
• Switch copy running config startup config 407
• The following example shows how to create a vlan interface with a description of vlan 2 407
• Configuring ipv4 parameters of the interface 408
• Follow these steps to configure the ipv4 parameters of the interface 408
• Switch config if ip address 192 68 00 255 55 55 408
• Switch config if no switchport 408
• Switch config if show ip interface brief 408
• Switch config interface gigabitethernet 1 0 1 408
• Switch configure 408
• The following example shows how to configure the ipv4 parameters of a routed port including setting a static ip address for the port and enabling the layer 3 capabilities 408
• Configuring ipv6 parameters of the interface 409
• Follow these steps to configure the ipv6 parameters of the interface 409
• Interface ip address method status protocol shutdown gi1 0 1 192 68 00 24 static up up no 409
• Switch config if end 409
• Switch copy running config startup config 409
• Global address dhcpv6 enable 410
• Global address ra disable 410
• Global unicast address es ff02 1 ff13 237b 410
• Ipv6 is enable link local address fe80 20a ebff fe13 237bnor 410
• Joined group address es ff02 1 410
• Switch config if ipv6 address autoconfig 410
• Switch config if ipv6 address dhcp 410
• Switch config if ipv6 enable 410
• Switch config if show ipv6 interface 410
• Switch config interface vlan 2 410
• Switch configure 410
• The following example shows how to enable the ipv6 function and configure the ipv6 parameters of a vlan interface 410
• Vlan2 is up line protocol is up 410
• Appendix default parameters 412
• Default settings of interface are listed in the following tables 412
• Chapters 413
• Configuring static routing 413
• Part 13 413
• Overview 414
• In the ipv4 static route table section you can view and modify the ipv4 static routing entries 415
• In the ipv4 static routing config section configure the corresponding parameters to add an ipv4 static route then click create 415
• Ipv4 static routing config to load the following page 415
• Ipv4 static routing configuration 415
• Using the gui 415
• C 192 68 24 is directly connected vlan1 416
• Candidate default 416
• Codes c connected s static 416
• Follow these steps to create an ipv4 static route 416
• S 192 68 24 1 0 via 192 68 vlan1 416
• Switch config end 416
• Switch config ip route 192 68 255 55 55 192 68 416
• Switch config show ip route 416
• Switch configure 416
• Switch copy running config startup config 416
• The following example shows how to create an ipv4 static route with the destination ip address as 192 68 the subnet mask as 255 55 55 and the next hop address as 192 68 416
• Using the cli 416
• In the ipv6 routing section enable ipv6 routing function and click apply 417
• In the ipv6 static routing config section configure corresponding parameters to add an ipv6 static route then click create 417
• Ipv6 static routing config to load the following page 417
• Ipv6 static routing configuration 417
• Using the gui 417
• C 3000 64 is directly connected vlan1 418
• Candidate default 418
• Codes c connected s static 418
• Follow these steps to enable ipv6 routing function and create an ipv6 static route 418
• In the ipv6 static route table section you can view and modify the ipv6 static routing entries 418
• S 3200 64 1 0 via 3100 1234 vlan2 418
• Switch config ipv6 route 3200 64 3100 1234 418
• Switch config show ipv6 route static 418
• Switch configure 418
• The following example shows how to create an ipv6 static route with the destination ip address as 3200 64 and the next hop address as 3100 1234 418
• Using the cli 418
• Switch config end 419
• Switch copy running config startup config 419
• Using the gui 420
• Viewing ipv4 routing table 420
• Viewing routing table 420
• Ipv6 routing table to load the following page 421
• On privileged exec mode or any other configuration mode you can use the following command to view ipv4 routing table 421
• Using the cli 421
• View the ipv6 routes in the ipv6 routing information summary section 421
• Viewing ipv4 routing table 421
• Viewing ipv6 routing table 421
• On privileged exec mode or any other configuration mode you can use the following command to view ipv6 routing table 422
• Viewing ipv6 routing table 422
• Configuration scheme 423
• Example for static routing 423
• Network requirements 423
• Using the gui 423
• Using the cli 424
• Verify the configurations 425
• Appendix default parameter 427
• Default setting of static routing is listed in the following table 427
• Chapters 428
• Configuring dhcp 428
• Part 14 428
• Dhcp client 429
• Dhcp relay 429
• Overview 429
• Supported features 429
• As the following figure shows no ip addresses are assigned to vlan 10 and vlan 20 but a default relay agent interface is configured with the ip address 192 68 24 the switch uses ip address of the default agent interface 192 68 24 to apply for ip addresses for clients in both vlan 10 and vlan 20 as a result the dhcp server will assign ip addresses on 192 68 24 the same subnet with the ip address of the default agent interface to clients in both vlan 10 and vlan 20 431
• In dhcp vlan relay you can simply specify a layer 3 interface as default agent interface for all vlans the swith will fill this default agent interface s ip address in the relay agent ip address field of the dhcp packets from all vlans 431
• Click create 432
• Dhcp client configuration 432
• Follow these steps to configure dhcp client 432
• In the creating interface section select interface vlan or routed port as the interface type and enter the interface id select dhcp or bootp as the ip address mode set the admin status as enable and enter the interface name optional 432
• Interface config to load the following page 432
• Using the gui 432
• Follow these steps to configure dhcp client 433
• Switch configure 433
• The following example shows how to configure port 1 0 5 as an layer 3 interface and to configure its ip address mode as dhcp 433
• Using the cli 433
• Dhcp relay configuration 435
• Enabling dhcp relay and configuring option 82 435
• Using the gui 435
• Click apply 436
• Dhcp interface relay 436
• Dhcp interface relay to load the following page 436
• Dhcp server to load the following page 436
• Follow these steps to specify dhcp server for the interface 436
• In the add dhcp server address section select the interface type and enter the interface id and then enter the server address of the interface 436
• Specifying dhcp server for the interface or vlan 436
• You can specify dhcp server for an layer 3 interface or for a vlan the following respectively introduces how to configure dhcp interface relay and dhcp vlan relay 436
• Click create to specify the dhcp server for the interface 437
• Dhcp vlan relay 437
• Dhcp vlan relay to load the following page 437
• Follow these steps to specify dhcp server for the specific vlan 437
• In the default relay agent interface section specify the type and id of the interface that needs to be configured as the default relay agent interface then click apply 437
• Only t1600g 18ts supports this feature 437
• Dhcp relay is enabled 438
• Enabling dhcp relay 438
• Follow these steps to configure option 82 438
• Follow these steps to enable dhcp relay 438
• In the add dhcp server address section specify the vlan in which the clients needs ip addresses and the server address click add 438
• Optional configuring option 82 438
• Switch config end 438
• Switch config service dhcp relay 438
• Switch config show ip dhcp relay 438
• Switch configure 438
• Switch copy running config startup config 438
• The following example shows how to enable dhcp relay 438
• Using the cli 438
• Switch config ip dhcp relay information 439
• Switch config ip dhcp relay information policy keep 439
• Switch configure 439
• The following example shows how to enable option 82 and configure the process of option 82 information as keep 439
• Dhcp interface relay 440
• Dhcp relay option 82 is enabled 440
• Existed option 82 field operation keep 440
• Follow these steps to dhcp interface relay 440
• Specifying dhcp server for interface or vlan 440
• Switch config end 440
• Switch config show ip dhcp relay 440
• Switch copy running config startup config 440
• You can specify dhcp server for an layer 3 interface or for a vlan the following respectively introduces how to configure dhcp interface relay and dhcp vlan relay 440
• Configuration examples 444
• Configuration scheme 444
• Example for dhcp interface relay 444
• Network requirements 444
• Using the gui 445
• Using the cli 446
• Verify the configurations 446
• Appendix default parameters 448
• Default setting of dhcp client is listed in the following table 448
• Default settings of dhcp relay are listed in the following table 448
• Arp address resolution protocol is used to map ip addresses to mac addresses taking an ip address as input arp learns the associated mac address and stores the ip mac address association in an arp entry for rapid retrieval 450
• Overview 450
• Arp configurations 451
• Using the gui 451
• Viewing the arp entries 451
• Adding static arp entries 452
• Adding static arp entries manually 452
• Configuring arp function 452
• Follow these steps to add arp entries 452
• Follow these steps to add static arp entries 452
• In the arp config section enter the ip address and mac address and click create 452
• Static arp to load the following page 452
• Using the cli 452
• You can add desired static arp entries by mannually specifying the ip addresses and mac addresses 452
• Configuring the aging time of dynamic arp entries 453
• Follow these steps to configure the aging time of dynamic arp entries 453
• Interface address hardware addr type 453
• Switch config arp 192 68 00 11 22 33 44 55 arpa 453
• Switch config end 453
• Switch config show arp 192 68 453
• Switch configure 453
• Switch copy running config startup config 453
• This example shows how to create a static arp entry with the ip as 192 68 and the mac as 00 11 22 33 44 55 453
• Vlan1 192 68 00 11 22 33 44 55 static 453
• Clearing dynamic entries 454
• On privileged exec mode or any other configuration mode you can use the following command to view arp entries 454
• Switch config if arp timeout 1000 454
• Switch config if end 454
• Switch config interface vlan 2 454
• Switch configure 454
• Switch copy running config startup config 454
• This example shows how to configure the aging time of dynamic arp entries as 1000 seconds for vlan interface 2 454
• Viewing arp entries 454
• Chapters 456
• Configuring qos 456
• Part 16 456
• Bandwidth control 457
• Diffserv 457
• Overview 457
• Supported features 457
• 802 p priority 458
• Configuration guidelines 458
• Diffserv configuration 458
• Dscp priority 458
• Port priority 458
• Configuring priority mode 459
• Using the gui 459
• Click apply 460
• Configuring dscp priority 460
• Dscp priority to load the following page 460
• Click apply 461
• Configure the dscp tc mapping relations 461
• Configuring port priority 461
• Enable dscp priority and click apply dscp priority is disabled by default 461
• Follow these steps to configure the dscp priority 461
• Configuring schedule mode 462
• Follow these steps to configure the schedule mode 463
• Optional configure the weight value of the each tc queue if the schedule mode is wrr of sp wrr 463
• Select a schedule mode 463
• Click apply 464
• Configuring 802 priority 464
• Configuring priority mode 464
• The instructions of the three priority modes are described respectively in this section 464
• Using cli 464
• Configuring dscp priority 465
• Dscp priority is disabled 465
• P priority is enabled 465
• Switch config end 465
• Switch config qos queue cos map 2 0 465
• Switch config show qos cos map 465
• Switch config show qos status 465
• Switch configure 465
• Switch copy running config startup config 465
• Tag 0 1 2 3 4 5 6 7 465
• Tc tc1 tc0 tc0 tc3 tc4 tc5 tc6 tc7 465
• The following example shows how to map cos2 to tc0 and keep other cos id tc as default 465
• Switch config qos queue dscp map 10 14 0 466
• Switch config show qos cos map 466
• Switch configure 466
• Tag 0 1 2 3 4 5 6 7 466
• Tc tc1 tc0 tc0 tc3 tc4 tc5 tc6 tc7 466
• The following example shows how to map dscp values 10 14 to tc1 and keep other mapping relations as default 466
• Configuring port priority 467
• Cos cos1 cos1 cos0 cos0 cos0 cos0 cos0 cos1 467
• Dscp 8 9 10 11 12 13 14 15 467
• Dscp priority is enabled 467
• P priority is disabled 467
• Select the desired port to set the priority packets from this ingress port are mapped to the tc queue based on port priority 467
• Switch config end 467
• Switch config show qos dscp map 467
• Switch config show qos status 467
• Switch copy running config startup config 467
• Configuring schedule mode 469
• Follow these steps to configure the schedule mode to control the forwarding sequence of different tc queues when congestion occurs 469
• Bandwidth control configuration 471
• Configuring rate limit 471
• Using the gui 471
• Click apply 472
• Configuring storm control 472
• Follow these steps to configure the storm control function 472
• Select the port s and configure the upper rate limit for forwarding broadcast packets multicast packets and ul frames 472
• Storm control to load the following page 472
• Click apply 473
• Configure the upper rate limit for the port to receive and send packets 474
• Configuring rate limit on port 474
• Switch config interface gigabitethernet 1 0 5 474
• Switch configure 474
• The following example shows how to configure the ingress rate as 5120 kbps and egress rate as 1024 kbps for port 1 0 5 474
• Using the cli 474
• Configuring storm control 475
• Configuration example 478
• Configuration scheme 478
• Configure the port priority for the two ports set port 1 0 1 with higher priority 478
• Demonstrated with t1600g 52ts this chapter provides configuration procedures in two ways using the gui and using the cli 478
• Network requirements 478
• Select sp schedule mode 478
• The figure below shows the network topology 478
• The overview of the configuration is as follows 478
• Two hosts admin and host a can access the local network server through the switch configure the switch to ensure the traffic from the admin can be treated preferentially when congestion occurs only when the traffic from the admin is completely forwarded will the traffic from host a be forwarded 478
• Using the gui 479
• Using the cli 480
• Verify the configuration 481
• Appendix default parameters 482
• Diffserv 482
• Bandwidth control 483
• Chapters 484
• Configuring voice vlan 484
• Part 17 484
• Overview 485
• Because the voice vlan in automatic mode supports only tagged voice traffic you need to make sure traffic from the voice device is tagged to do so there are mainly two ways 487
• Before configuring voice vlan you need to create a vlan for voice traffic for details about vlan configuration please refer to configuring 802 q vlan 487
• Configuration guidelines 487
• Configure oui addresses 487
• Configure voice vlan globally 487
• Configure voice vlan mode on ports 487
• Configuring lld 487
• Create a vlan 487
• If your switch provides the lldp med feature you can also configure it to instruct the voice device to send tagged voice traffic for details about lldp med please refer to 487
• Only one vlan can be set as the voice vlan on the switch 487
• To apply the voice vlan configuration you may need to further configure pvid port vlan id and the link type of the port which is connected to voice devices we recommend that you choose the mode according to your needs and configure the port as the following table shows 487
• To complete the voice vlan configuration follow these steps 487
• Vlan 1 is a default vlan and cannot be configured as the voice vlan 487
• Voice vlan configuration 487
• You can configure the voice device to forward traffic with a voice vlan tag 487
• Click create to add an oui address to the table 488
• Configuring oui addresses 488
• Enter an oui address and the corresponding mask and give a description about the oui address 488
• Follow these steps to add oui addresses 488
• If the oui address of your voice device is not in the oui table you need to add the oui address to the table 488
• Oui config to load the following page 488
• Using the gui 488
• Click apply 489
• Configuring voice vlan globally 489
• Enable the voice vlan feature and enter a vlan id 489
• Follow these steps to configure the voice vlan globally 489
• Global config to load the following page 489
• Set the aging time for the voice vlan 489
• Specify a priority for the voice vlan 489
• Configuring voice vlan mode on ports 490
• Follow these steps to configure voice vlan mode on ports 490
• Port config to load the following page 490
• Select your desired ports and choose the port mode 490
• Set the security mode for selected ports 490
• Click apply 491
• Follow these steps to configure the voice vlan 491
• Using the cli 491
• Avoid attacks from malicious data flows 494
• Configuration example 494
• Configuration scheme 494
• Ip phones share switch ports used by computers because no more ports are available for ip phones 494
• Network requirements 494
• Network topology 494
• Transmit voice traffic in an exclusive path with high quality 494
• Using the gui 495
• Vlan config and edit vlan 10 to load the following page add port 1 0 2 to the voice vlan 497
• Using the cli 503
• Verify the configurations 505
• Vlan name status ports 507
• Voicevlan active gi1 0 1 gi1 0 2 gi1 0 507
• Appendix default parameters 509
• Default settings of voice vlan are listed in the following tables 509
• Chapters 510
• Configuring poe 510
• Part 18 510
• Overview 511
• Poe power management 511
• Supported features 511
• Time range function 511
• Configuring the poe parameters manually 512
• Poe power management configurations 512
• Using the gui 512
• In the port config section select the port you want to configure and specify the parameters click apply 513
• Click apply 514
• Configuring the poe parameters using the profile 514
• Creating a poe profile 514
• Follow these steps to create a poe profile 514
• In the create poe profile section specify the desired configurations of the profile 514
• Poe profile to load the following page 514
• Binding the profile to the corresponding ports 515
• Follow these steps to bind the profile to the corresponding ports 515
• In the global config section specify the system power limit and click apply 515
• In the port config section select a profile and bind it to the corresponding ports click apply 515
• Configuring the poe parameters manually 516
• Follow these steps to configure the basic poe parameters 516
• Using the cli 516
• Gi1 0 5 enable middle class3 no limit none 517
• Interface poe status poe prio power limit w time range poe profile 517
• Switch config if power inline consumption class3 517
• Switch config if power inline priority middle 517
• Switch config if power inline supply enable 517
• Switch config if show power inline 517
• Switch config if show power inline configuration interface gigabitethernet 1 0 5 517
• Switch config interface gigabitethernet 1 0 5 517
• Switch config power inline consumption 160 517
• Switch configure 517
• System power consumption 0 w 517
• System power limit 160 w 517
• System power remain 160 w 517
• The following example shows how to set the system power limit as 160w set the priority as middle and set the power limit as class3 in the port 1 0 5 517
• Configuring the poe parameters using the profile 518
• Follow these steps to configure the poe profile 518
• Gi1 0 5 1 26 53 class 2 on 518
• Interface power w current ma voltage v pd class power status 518
• Switch config end 518
• Switch config if show power inline information interface gigabitethernet 1 0 5 518
• Switch copy running config startup config 518
• Creating a time range 520
• Time range function configurations 520
• Using the gui 520
• Click apply 521
• In the add absolute or periodic section specify the parameters and click add 521
• When the absolute mode is selected the following section will be shown 521
• When the periodic mode is selected the following section will be shown 521
• Configuring the holiday parameters 522
• Viewing the time range table 522
• Configuring a time range 523
• Follow these steps to create a time range 523
• Using the cli 523
• 01 00 to 23 00 on 5 524
• 09 08 2016 00 00 to 09 10 2016 24 00 524
• Holiday include 524
• Number of absolute time 1 524
• Number of periodic time 1 524
• Switch config power time range time range1 524
• Switch config show power time range time range1 524
• Switch config time range absolute from 09 08 2016 00 00 to 09 10 2016 24 00 524
• Switch config time range exit 524
• Switch config time range holiday include 524
• Switch config time range periodic start 01 00 end 23 00 day of the week 5 524
• Switch configure 524
• The following example shows how to create a time range named time range1 select include to make the settings take affected on holiday set absolute mode from 2016 09 08 00 00 to 2016 09 10 24 00 set the periodic mode from 01 00 to 23 00 in friday bind the time range to the port 1 0 7 524
• Time range entry time range1 active 524
• Configuring the holiday parameters 525
• Follow these steps to configure the holiday parameters 525
• Holiday1 08 6 08 0 525
• Index holiday name start end 525
• Switch config end 525
• Switch config if end 525
• Switch config if power inline time range time range1 525
• Switch config interface gigabitethernet 1 0 7 525
• Switch config power holiday holiday1 start date 08 16 end date 08 20 525
• Switch config show power holiday 525
• Switch configure 525
• Switch copy running config startup config 525
• The following example shows how to create a holiday named holiday1 set the starting date as 08 16 set the ending date as 08 20 525
• 01 01 2000 00 00 to 12 31 2099 24 00 by default 526
• 08 30 to 18 00 on 1 2 3 4 5 526
• Holiday include 526
• Number of absolute time 0 526
• Number of periodic time 1 526
• On privileged exec mode or any other configuration mode you can use the following command to view the time range table 526
• Switch copy running config startup config 526
• Switch end 526
• Switch show power time range 526
• The following example shows how to view the time range table 526
• Time range entry office time active 526
• Viewing the time range table 526
• Configuring scheme 527
• Example for poe configurations 527
• Network requirements 527
• Using the gui 527
• Using the cli 529
• Verify the configuration 530
• Appendix default parameters 531
• Chapters 532
• Configuring acl 532
• Part 19 532
• Acl binding 533
• Overview 533
• Policy binding 533
• Supported features 533
• Acl configurations 534
• Creating an acl 534
• Using the gui 534
• Configuring acl rules 535
• Click apply 536
• Configure the rule s packet matching criteria 536
• Configuring the standard ip acl rule 536
• Follow these steps to create the standard ip acl rule 536
• Select a standard ip acl from the drop down list enter a rule id and specify the operation for the matched packets 536
• Standard i 536
• Standard ip acl to load the following page 536
• Tandard i 536
• Click apply 537
• Configure the rule s packet matching criteria 537
• Configuring the extend ip acl rule 537
• Extend ip ac 537
• Extend ip acl to load the following page 537
• Follow these steps to create the extend ip acl rule 537
• Select an extend ip acl from the drop down list enter a rule id and specify the operation for the matched packets 537
• Click apply 538
• Configure the rule s packet matching criteri 538
• Configuring the ipv6 acl rule 538
• Follow these steps to create the ipv6 acl rule 538
• Ipv6 acl to load the following page 538
• Select an ipv6 acl from the drop down list enter a rule id and specify the operation for the rule 538
• Click apply 539
• Configure the rule s packet matching criteri 539
• In the acl rule table you can view all the acls and their rules you can also delete an acl or an acl rule or change the matching order if needed 539
• The rules in an acl are listed in ascending order of configuration time regardless of their rule ids by default a rule configured earlier is listed before a rule configured later the switch matches a received packet with the rules in order when a packet matches a rule the device stops the match process and performs the action defined in the rule 539
• Verifying the rule table 539
• Configuring policy 540
• Configuring the acl binding 541
• Configuring the acl binding and policy binding 541
• Verifying the binding configuration 543
• Configuring acl 545
• Configuring the mac acl 545
• Follow the steps to create different types of acl and configure the acl rules 545
• Using the cli 545
• You can define the rules based on source or destination ip addresses source or destination mac addresses protocol type and so on 545
• Configuring the standard ip acl 546
• Mac access list 50 546
• Rule 1 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 546
• Switch config mac access list 50 546
• Switch config mac acl end 546
• Switch config mac acl rule 1 permit smac 00 34 a2 d4 34 b5 smask ff ff ff ff ff ff 546
• Switch config mac acl show access list 50 546
• Switch configure 546
• Switch copy running config startup config 546
• The following example shows how to create mac acl 50 and configure rule 1 to permit packets with source mac address 00 34 a2 d4 34 b5 546
• Configuring the extend ip acl 547
• Rule 1 permit sip 192 68 00 smask 255 55 55 55 547
• Standard ip access list 600 547
• Switch config access list create 600 547
• Switch config end 547
• Switch config rule 1 permit sip 192 68 00 smask 255 55 55 55 547
• Switch config show access list 600 547
• Switch configure 547
• Switch copy running config startup config 547
• The following example shows how to create standard ip acl 600 and configure rule 1 to permit packets with source ip address 192 68 00 547
• Extended ip access list 1700 548
• Rule 7 deny sip 192 68 00 smask 255 55 55 55 protocol 6 d port 23 548
• Switch config access list create 1700 548
• Switch config access list extended 1700 rule 7 deny sip 192 68 00 smask 255 55 55 55 protocol 6 d port 23 548
• Switch config end 548
• Switch config show access list 1700 548
• Switch configure 548
• Switch copy running config startup config 548
• The following example shows how to create extend ip acl 1700 and configure rule7 to deny telnet packets with source ip192 68 00 548
• Configuring the ipv6 acl 549
• Configuring policy 550
• Follow the steps below to create a policy and configure the policy actions 550
• Ipv6 access list 3600 550
• Rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ff ff ffff ffff 550
• Switch config access list create 3600 550
• Switch config access list ipv6 3600 rule 1 deny sip cdcd 910a 2222 5498 8475 1111 3900 2020 sip mask ffff ffff ffff ffff 550
• Switch config end 550
• Switch config show access list 3600 550
• Switch configure 550
• Switch copy running config startup config 550
• The following example shows how to create ipv6 acl 3600 and configure rule 1 to deny packets with source ipv6 address cdcd 910a 2222 5498 8475 1111 3900 2020 550
• Access list 600 551
• Acl binding 551
• Acl binding and policy binding 551
• Policy name rd 551
• Switch config access list policy action rd 600 551
• Switch config access list policy name rd 551
• Switch config action exit 551
• Switch config end 551
• Switch config show access list policy rd 551
• Switch configure 551
• Switch copy running config startup config 551
• The following example shows how to create policy rd and apply acl 600 to policy rd 551
• You can bind the acl to a port or a vlan the received packets will then be matched and processed according to the acl rules 551
• You can select acl binding or policy binding according to your needs an acl rule and policy takes effect only after they are bound to a port or vlan 551
• Configuration example for acl 554
• Configuration scheme 554
• Network requirements 554
• Network topology 554
• Using the gui 555
• Extend acl to load the the following page configure rule 2 and rule 3 to permit packets with source ip 10 0 0 and destination port tcp 80 http service port and udp 443 https service port 556
• Using the cli 559
• Verify the configurations 560
• Appendix default parameters 561
• For extend ip acl 561
• For ipv6 acl 561
• For mac acl 561
• For standard ip acl 561
• Chapters 562
• Configuring network security 562
• Part 20 562
• Dhcp snooping 563
• Ip mac binding 563
• Network security 563
• Overview 563
• Supported features 563
• Arp inspection 564
• Dos defend 565
• Binding entries manually 568
• Ip mac binding configurations 568
• Using the gui 568
• Arp scanning 569
• Binding entries dynamically 569
• Click bind 569
• Select protect type for the entry 569
• Select the port that is connected to this host 569
• The binding entries can be dynamically learned from arp scanning and dhcp snooping 569
• With arp scanning the switch sends the arp request packets of the specified ip field to the hosts upon receiving the arp reply packet the switch can get the ip address mac address vlan id and the connected port number of the host you can bind these entries conveniently 569
• Arp scanning to load the following page 570
• Follow these steps to configure ip mac binding via arp scanning 570
• In the scanning option section specify an ip address range and a vlan id then click scan to scan the entries in the specified ip address range and vlan 570
• In the scanning result section select one or more entries and configure the relevant parameters then click apply 570
• Binding table to load the following page 571
• Dhcp snooping 571
• For instructions on how to configure dhcp snooping refer to dhcp snooping configurations 571
• In the search section specify the search criteria to search your desired entries 571
• Viewing the binding entries 571
• With dhcp snooping enabled the switch can monitor the ip address obtaining process of the host and record the ip address mac address vlan id and the connected port number of the host 571
• With the binding table you can view and search the specified binding entries 571
• Binding entries manually 572
• Binding entries via arp scanning is not supported by the cli binding entries via dhcp snooping is introduced in dhcp snooping configurations the following sections introduce how to bind entries manually and view the binding entries 572
• Follow these steps to manually bind entries 572
• In the binding table section you can view the searched entries additionally you can configure the host name and protect type for one or more entries and click apply 572
• Using the cli 572
• You can manually bind the ip address mac address vlan id and the port number together on the condition that you have got the related information of the hosts 572
• Host1 192 68 5 aa bb cc dd ee ff 10 gi1 0 5 arp d 573
• Switch config end 573
• Switch config ip source binding host1 192 68 5 aa bb cc dd ee ff vlan 10 interface gigabitethernet 1 0 5 arp detection 573
• Switch config show ip source binding 573
• Switch configure 573
• Switch copy running config startup config 573
• The following example shows how to bind an entry with the hostname host1 ip address 192 68 5 mac address aa bb cc dd ee ff vlan id 10 port number 1 0 5 and enable this entry for the arp detection feature 573
• U no host ip addr mac addr vid port acl col 573
• On privileged exec mode or any other configuration mode you can use the following command to view binding entries 574
• Viewing binding entries 574
• Dhcp snooping configuration 575
• Enabling dhcp snooping on vlan 575
• Using the gui 575
• Click apply 576
• Configuring dhcp snooping on ports 576
• Follow these steps to configure dhcp snooping on the specified port 576
• Port config to load the following page 576
• Select one or more ports and configure the parameters 576
• Click apply 577
• Follow these steps to configure option 82 577
• Option 82 config to load the following page 577
• Option 82 records the location of the dhcp client the switch can add option 82 to the dhcp request packet and then transmit the packet to the dhcp server administrators can check the location of the dhcp client via option 82 the dhcp server supporting option 82 can also set the distribution policy of ip addresses and other parameters providing a more flexible address distribution way 577
• Optional configuring option 82 577
• Select one or more ports and configure the parameters 577
• Click apply 578
• Enabling dhcp snooping on vlan 578
• Follow these steps to globally configure dhcp snooping 578
• Using the cli 578
• Configuring dhcp snooping on ports 579
• Follow these steps to configure dhcp snooping on the specified ports 579
• Global status enable 579
• Switch config if end 579
• Switch config ip dhcp snooping 579
• Switch config ip dhcp snooping vlan 5 579
• Switch config show ip dhcp snooping 579
• Switch configure 579
• Switch copy running config startup config 579
• The following example shows how to enable dhcp snooping globally and on vlan 5 579
• Vlan id 5 579
• Gi1 0 1 enable enable 10 20 n a 580
• Interface trusted mac verify limit rate dec rate lag 580
• Switch config if end 580
• Switch config if ip dhcp snooping decline rate 20 580
• Switch config if ip dhcp snooping limit rate 10 580
• Switch config if ip dhcp snooping mac verify 580
• Switch config if ip dhcp snooping trust 580
• Switch config if show ip dhcp snooping interface gigabitethernet 1 0 1 580
• Switch config interface gigabitethernet 1 0 1 580
• Switch configure 580
• Switch copy running config startup config 580
• The following example shows how to configure port 1 0 1 as a trusted port enable the mac verify feature and set the limit rate as 10 pps and decline rate as 20 pps on this port 580
• Follow these steps to configure option 82 581
• Option 82 records the location of the dhcp client the switch can add the option 82 to the dhcp request packet and then transmit the packet to the dhcp server administrators can check the location of the dhcp client via option 82 the dhcp server supporting option 82 can also set the distribution policy of ip addresses and other parameters providing more flexible address distribution way 581
• Optional configuring option 82 581
• Arp inspection configurations 583
• Configuring arp detection 583
• Using the gui 583
• Arp defend to load the following page 584
• Configuring arp defend 584
• Follow these steps to configure arp defend 584
• Select one or more ports and configure the parameters 584
• With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds when the transmission speed of the legal arp packet on the port exceeds the defined value so as to avoid arp attack flood 584
• Arp statistics to load the following page 585
• Click apply 585
• In the auto refresh section you can enable the auto refresh feature and specify the refresh interval and thus the web page will be automatically refreshed 585
• Viewing arp statistics 585
• You can view the number of the illegal arp packets received on each port which facilitates you to locate the network malfunction and take the related protection measures 585
• Configuring arp detection 586
• Follow these steps to configure arp detection 586
• In the illegal arp packet section you can view the number of illegal arp packets on each port 586
• Switch configure 586
• The arp detection feature allows the switch to detect the arp packets basing on the binding entries in the ip mac binding table and filter the illegal arp packets before configuring arp detection complete ip mac binding configuration for details refer to ip mac binding configurations 586
• The following example shows how to globally enable arp detection and configure port 1 0 1 as a trusted port 586
• Using the cli 586
• Arp detection global status enabled 587
• Configuring arp defend 587
• Follow these steps to configure arp defend 587
• Gi1 0 1 yes 587
• Gi1 0 2 no 587
• Port trusted 587
• Switch config if end 587
• Switch config if ip arp inspection trust 587
• Switch config if show ip arp inspection 587
• Switch config interface gigabitethernet 1 0 1 587
• Switch config ip arp inspection 587
• Switch copy running config startup config 587
• With arp defend enabled the switch can terminate receiving the arp packets for 300 seconds when the transmission speed of the legal arp packet on the port exceeds the defined value so as to avoid arp attack flood 587
• Gi1 0 1 disabled 15 n a normal n a 589
• On privileged exec mode or any other configuration mode you can use the following command to view arp statistics 589
• Port overspeed rate current status lag 589
• Switch config if end 589
• Switch copy running config startup config 589
• Viewing arp statistics 589
• Dos defend configuration 590
• Follow these steps to configure dos defend 590
• In the configure section enable dos protection 590
• In the defend table section select one or more defend types according to your needs the following table introduces each type of dos attack 590
• Using the gui 590
• Click apply 591
• Follow these steps to configure dos defend 591
• Using the cli 591
• Configuring the radius server 594
• Using the gui 594
• X configuration 594
• Adding the radius server 595
• Click apply 595
• Configuring the radius server group 595
• Follow these steps to create a protocol template 595
• In the server config section configure the parameters of radius server 595
• Radius config to load the following page 595
• You can configure the radius servers for authentication and accounting if multiple radius servers are available you are suggested to add them to different server groups respectively for authentication and accounting 595
• Configuring 802 x globally 598
• Follow these steps to configure 802 x global parameters 598
• Global config to load the following page 598
• In the global config section enable 802 x globally and click apply 598
• In the authentication config section enable quiet configure the quiet timer and click apply 599
• Configure 802 x authentication on the desired port and click apply 600
• Configuring 802 x on ports 600
• Port config to load the following page 600
• Configuring the radius server 601
• Follow these steps to configure radius 601
• Using the cli 601
• The following example shows how to enable aaa add a radius server to the server group named radius1 and apply this server group to the 802 x authentication the ip address of the radius server is 192 68 00 the shared key is 123456 the authentication port is 1812 the accounting port is 1813 602
• Configuring 802 x globally 603
• Configuring 802 x on ports 605
• Switch configure 606
• The following example shows how to enable 802 x authentication on port 1 0 2 configure the control type as port based and configure the control mode as auto 606
• Aaa configuration 608
• Configuration guidelines 608
• Adding servers 609
• Globally enabling aaa 609
• Using the gui 609
• Adding tacacs server 610
• Click add to add the radius server on the switch 610
• Follow these steps to add a radius server 610
• Follow these steps to add a tacacs server 610
• In the server config section configure the following parameters 610
• Tacacs conifg to load the following page 610
• Configuring server groups 611
• Configuring the method list 612
• Click add to add the new method 613
• In the add method list section configure the parameters for the method to be added 613
• Method list to load the following page 613
• There are two default methods respectively for the login authentication and the enable authentication 613
• You can edit the default methods or follow these steps to add a new method 613
• Configuring login account and enable password 614
• Configuring the aaa application list 614
• Globally enabling aaa 615
• Using the cli 615
• Aaa global status enable 616
• Adding radius server 616
• Adding servers 616
• Follow these steps to add radius server on the switch 616
• Switch config aaa enable 616
• Switch config end 616
• Switch config show aaa global 616
• Switch configure 616
• Switch copy running config startup config 616
• You can add one or more radius tacacs servers on the switch for authentication if multiple servers are added the server with the highest priority authenticates the users trying to access the switch and the others act as backup servers in case the first one breaks down 616
• 68 0 49 8 123456 618
• Server ip port timeout shared key 618
• Switch config end 618
• Switch config show tacacs server 618
• Switch config tacacs server host 192 68 0 auth port 49 timeout 8 key 123456 618
• Switch configure 618
• Switch copy running config startup config 618
• The following example shows how to add a tacacs server on the switch set the ip address of the server as 192 68 0 the authentication port as 49 the shared key as 123456 and the timeout as 8 seconds 618
• Configuring server groups 619
• Switch aaa group server 192 68 0 619
• Switch aaa group show aaa group radius1 619
• Switch config aaa group radius radius1 619
• Switch configure 619
• The following example shows how to create a radius server group named radius1 and add the existing two radius servers whose ip address is 192 68 0 and 192 68 0 to the group 619
• The switch has two built in server groups one for radius and the other for tacacs the servers running the same protocol are automatically added to the default server group you can add new server groups as needed 619
• The two default server groups cannot be deleted or edited follow these steps to add a server group 619
• A method list describes the authentication methods and their sequence to authenticate the users the switch supports login method list for users of all types to gain access to the switch and enable method list for guests to get administrative privileges 620
• Configuring the method list 620
• Follow these steps to configure the method list 620
• Switch aaa group end 620
• Switch config aaa authentication login login1 radius local 620
• Switch config show aaa authentication login 620
• Switch configure 620
• Switch copy running config startup config 620
• The following example shows how to create a login method list named login1 and configure the method 1 as the default radius server group and the method 2 as local 620
• Configuring the aaa application list 621
• Follow these steps to apply the login and enable method lists for the application ssh 622
• Http default default 622
• Module login list enable list 622
• Ssh default default 622
• Switch config line enable authentication enable1 622
• Switch config line end 622
• Switch config line login authentication login1 622
• Switch config line show aaa global 622
• Switch config line telnet 622
• Switch configure 622
• Switch copy running config startup config 622
• Telnet login1 enable1 622
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application telnet 622
• Follow these steps to apply the login and enable method lists for the application http 623
• Http default default 623
• Module login list enable list 623
• Ssh login1 enable1 623
• Switch config line enable authentication enable1 623
• Switch config line end 623
• Switch config line login authentication login1 623
• Switch config line show aaa global 623
• Switch config line ssh 623
• Switch configure 623
• Switch copy running config startup config 623
• Telnet default default 623
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application ssh 623
• Configuring login account and enable password 624
• Http login1 enable1 624
• Module login list enable list 624
• Ssh default default 624
• Switch config end 624
• Switch config ip http enable authentication enable1 624
• Switch config ip http login authentication login1 624
• Switch config show aaa global 624
• Switch configure 624
• Switch copy running config startup config 624
• Telnet default default 624
• The following example shows how to apply the existing login method list named login1 and enable method list named enable1 for the application http 624
• The login account and enable password can be configured locally on the switch or centrally on the radius tacacs server s 624
• For enable password configuration 625
• For login authentication configuration more than one login account can be created on the server besides both the user name and password can be customized 625
• On radius server the user name should be set as enable and the enable password is customizable all the users trying to get administrative privileges share this enable password 625
• On the server 625
• On the switch 625
• Some configuration principles on the server are as follows 625
• The accounts created by the radius tacacs server can only view the configurations and some network information without the enable password 625
• The local username and password for login can be configured in the user management feature for details refer to managing system 625
• To configure the local enable password for getting administrative privileges follow these steps 625
• Configuration examples 627
• Configuration scheme 627
• Example for dhcp snooping and arp detection 627
• Network requirements 627
• Using the gui 628
• Using the cli 631
• Verify the configuration 632
• Configuration scheme 633
• Example for 802 x 633
• Network requirements 633
• Network topology 634
• Using the gui 634
• Using the cli 637
• Verify the configurations 638
• Example for aaa 639
• Network requirements 639
• Configuration scheme 640
• Using the gui 640
• Using the cli 643
• Verify the configuration 644
• Appendix default parameters 646
• Default settings of network security are listed in the following tables 646
• Chapters 650
• Configuring lldp 650
• Part 21 650
• Overview 651
• Supported features 651
• Global config 652
• Lldp configurations 652
• Using the gui 652
• Follow these steps to enable lldp and configure the lldp feature globally 653
• In the global config section enable lldp you can also enable the switch to forward lldp messages when lldp function is disabled click apply 653
• In the parameters config section configure the lldp parameters click apply 653
• Follow these steps to configure the lldp feature for the interface 654
• Policy config to load the following page 654
• Port config 654
• Select the desired port and set its admin status and notification mode 654
• Select the tlvs type length value included in the lldp packets according to your needs 654
• Enable the lldp feature on the switch and configure the lldp parameters 655
• Global config 655
• Optional configure the port s management address for identifying the devices 655
• Using the cli 655
• Lldp status enabled 656
• Switch config lldp 656
• Switch config lldp hold multiplier 4 656
• Switch config lldp timer tx interval 30 tx delay 2 reinit delay 3 notify interval 5 fast count 3 656
• Switch config show lldp 656
• Switch configure 656
• The following example shows how to configure the following parameters lldp timer 4 tx interval 30 seconds tx delay 2 seconds reinit delay 3 seconds notify iinterval 5 seconds fast count 3 656
• Fast packet count 3 657
• Initialization delay 2 seconds 657
• Lldp forward message disabled 657
• Lldp med fast start repeat count 4 657
• Port config 657
• Select the desired port and set its admin status notification mode and the tlvs included in the lldp packets 657
• Switch config end 657
• Switch copy running config startup config 657
• Trap notification interval 5 seconds 657
• Ttl multiplier 4 657
• Tx delay 2 seconds 657
• Tx interval 30 seconds 657
• Global config 660
• Lldp med configurations 660
• Using the gui 660
• Port config 661
• Global config 663
• Lldp status enabled 663
• Switch config lldp 663
• Switch config lldp med fast count 4 663
• Switch config show lldp 663
• Switch configure 663
• The following example shows how to configure lldp med fast count as 4 663
• Tx interval 30 seconds 663
• Using the cli 663
• Fast packet count 3 664
• Initialization delay 2 seconds 664
• Lldp med fast start repeat count 4 664
• Port config 664
• Select the desired port enable lldp med and select the tlvs type length value included in the outgoing lldp packets according to your needs 664
• Switch config end 664
• Switch copy running config startup config 664
• Trap notification interval 5 seconds 664
• Ttl multiplier 4 664
• Tx delay 2 seconds 664
• Using gui 667
• Viewing lldp device info 667
• Viewing lldp settings 667
• Follow these steps to view the local information 668
• In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 668
• In the local info section select the desired port and view its associated local device information 668
• Viewing lldp statistics 670
• Using cli 671
• Viewing lldp statistics 671
• Viewing the local info 671
• Viewing the neighbor info 671
• Using gui 672
• Viewing lldp med settings 672
• Follow these steps to view lldp med neighgbor information 673
• In the auto refresh section enable the auto refresh feature and set the refresh rate according to your needs click apply 673
• In the lldp med neighbor info section select the desired port and view the lldp med settings 673
• Viewing the neighbor info 673
• Using cli 674
• Viewing lldp statistics 674
• Viewing the local info 674
• Viewing the neighbor info 674
• Configuration example 675
• Configuration scheme 675
• Example for configuring lldp 675
• Network requirements 675
• Network topology 675
• Using the gui 675
• Using cli 676
• Verify the configurations 677
• Configuration scheme 682
• Example for configuring lldp med 682
• Network requirements 682
• Network topology 682
• Using the gui 683
• Using the cli 687
• Verify the configurations 688
• Appendix default parameters 694
• Default lldp med settings 694
• Default lldp settings 694
• Default settings of lldp are listed in the following tables 694
• Chapters 695
• Configuring maintenance 695
• Part 22 695
• Device diagnose 696
• Maintenance 696
• Network diagnose 696
• Overview 696
• Supported features 696
• System monitor 696
• Monitoring the cpu 697
• Monitoring the system 697
• Using the gui 697
• Monitoring the memory 698
• Monitoring the cpu 699
• Monitoring the memory 699
• Using the cli 699
• Backing up log files 700
• Configuration guidelines 700
• Configuring the local log 700
• Configuring the remote log 700
• Logs are classified into the following eight levels messages of levels 0 to 4 mean the functionality of the switch is affected please take actions according to the log message 700
• System log configurations 700
• System log configurations include 700
• Viewing the log table 700
• Click apply 701
• Configuring the local log 701
• Follow these steps to configure the local log 701
• Local log to load the following page 701
• Select your desired channel and configure the corresponding severity and status 701
• Using the gui 701
• Backing up the log file 702
• Configuring the remote log 702
• Configuring the local log 703
• Follow these steps to configure the local log 703
• Log table to load the following page 703
• Select a module and a severity to view the corresponding log information 703
• Using the cli 703
• Viewing the log table 703
• Switch config logging buffer 704
• Switch config logging buffer level 5 704
• Switch config logging file flash 704
• Switch config logging file flash frequency periodic 10 704
• Switch configure 704
• The following example shows how to configure the local log on the switch save logs of levels 0 to 5 to the log buffer and synchronize logs of levels 0 to 2 to the flash every 10 hours 704
• Buffer 5 enable immediately 705
• Channel level status sync periodic 705
• Configuring the remote log 705
• Flash 2 enable 10 hour s 705
• Follow these steps to set the remote log 705
• Monitor 5 enable immediately 705
• Remote log enables the switch to send system logs to a host to display the logs the host should run a log server that complies with the syslog standard 705
• Switch config end 705
• Switch config logging file flash level 2 705
• Switch config show logging local config 705
• Switch copy running config startup config 705
• Cable test to load the following page 707
• Diagnosing the device 707
• In the port section select your desired port for the test 707
• In the result section click apply and check the test results 707
• Using the gui 707
• Gi1 0 2 pair a normal 2 10m 708
• On privileged exec mode or any other configuration mode you can use the following command to check the connection status of the cable that is connected to the switch 708
• Pair b normal 2 10m 708
• Pair c normal 0 10m 708
• Pair d normal 2 10m 708
• Port pair status length error 708
• Switch show cable diagnostics interface gigabitehternet 1 0 2 708
• The following example shows how to check the cable diagnostics of port 1 0 2 708
• Using the cli 708
• Configuring the ping test 709
• Diagnosing the network 709
• Using the gui 709
• Configuring the tracert test 710
• Follow these steps to test connectivity between the switch and routers along the path from the source to the destination 710
• In the ping result section check the test results 710
• In the tracert config section enter the ip address of the destination set the max hop and then click tracert to start the test 710
• In the tracert result section check the test results 710
• Tracert to load the following page 710
• Approximate round trip times in milli seconds 711
• Configuring the ping test 711
• Minimum 0ms maximum 0ms average 0ms 711
• On privileged exec mode or any other configuration mode you can use the following command to test the connectivity between the switch and one node of the network 711
• Packets sent 3 received 3 lost 0 0 loss 711
• Ping statistics for 192 68 0 711
• Pinging 192 68 0 with 1000 bytes of data 711
• Reply from 192 68 0 bytes 1000 time 16ms ttl 64 711
• Switch ping ip 192 68 0 n 3 l 1000 i 500 711
• The following example shows how to test the connectivity between the switch and the destination device with the ip address 192 68 0 specify the ping times as 3 the data size as 1000 bytes and the interval as 500 milliseconds 711
• Using the cli 711
• Configuring the tracert test 712
• Ms 1 ms 2 ms 192 68 712
• Ms 2 ms 2 ms 192 68 00 712
• On privileged exec mode or any other configuration mode you can use the following command to test the connectivity between the switch and routers along the path from the source to the destination 712
• Switch tracert 192 68 00 2 712
• The following example shows how to test the connectivity between the switch and the network device with the ip address 192 68 00 set the maxhops as 2 712
• Trace complete 712
• Tracing route to 192 68 00 over a maximum of 2 hops 712
• Configuration scheme 713
• Example for configuring remote log 713
• Network requirements 713
• Using the gui 713
• Using the cli 714
• Verify the configurations 714
• Appendix default parameters 715
• Default settings of maintenance are listed in the following tables 715
• Chapters 716
• Configuring snmp rmon 716
• Part 23 716
• Snmp overview 717
• Snmp simple network management protocol is a standard network management protocol widely used on tcp ip networks it facilitates device management using nms network management system software with snmp network managers can view or modify network device information and troubleshoot according to notifications sent by those devices in a timely manner 717
• The device supports three snmp versions snmpv1 snmpv2c and snmpv3 table 1 1 lists features supported by different snmp versions and table 1 2 shows corresponding application scenarios 717
• Snmp configurations 718
• Creating an snmp view 719
• Enabling snmp 719
• Using the gui 719
• Create an snmp group and configure related parameters 720
• Creating an snmp group 720
• Set the view name and one mib variable that is related to the view choose the view type and click create to add the view entry 720
• Follow these steps to create an snmp group 721
• Set the group name and security model if you choose snmpv3 as the security model you need to further configure security level 721
• Set the read write and notify view of the snmp group click create 721
• Snmp group to load the following page 721
• Creating snmp users 722
• Follow these steps to create an snmp user 722
• Snmp user to load the following page 722
• Specify the user name user type and the group which the user belongs to set the security model according to the related parameters of the specified group if you choose snmpv3 you need to configure the security level 722
• Click create 723
• Creating snmp communities 723
• If you have chosen authnopriv or authpriv as the security level you need to set corresponding auth mode or privacy mode if not skip the step 723
• If you want to use snmpv1 or snmpv2c as the security model you can create snmp communities directly 723
• Enabling snmp 724
• Set the community name access rights and the related view click create 724
• Snmp community to load the following page 724
• Using the cli 724
• Bad snmp version errors 725
• Encoding errors 725
• Get request pdus 725
• Illegal operation for community name supplied 725
• Number of altered variables 725
• Number of requested variables 725
• Snmp agent is enabled 725
• Snmp packets input 725
• Switch config show snmp server 725
• Switch config snmp server 725
• Switch config snmp server engineid remote 123456789a 725
• Switch configure 725
• The following example shows how to enable snmp and set 123456789a as the remote engine id 725
• Unknown community name 725
• Bad value errors 726
• Creating an snmp view 726
• General errors 726
• Get next pdus 726
• Local engine id 80002e5703000aeb132397 726
• No such name errors 726
• Remote engine id 123456789a 726
• Response pdus 726
• Set request pdus 726
• Snmp packets output 726
• Specify the oid object identifier of the view to determine objects to be managed 726
• Switch config end 726
• Switch config show snmp server engineid 726
• Switch copy running config startup config 726
• Too big errors maximum packet size 1500 726
• Trap pdus 726
• Creating an snmp group 727
• No name sec mode sec lev read view write view notify view 1 nms monitor v3 authpriv view view 728
• Switch config end 728
• Switch config show snmp server group 728
• Switch config snmp server group nms monitor smode v3 slev authpriv read view notify view 728
• Switch configure 728
• Switch copy running config startup config 728
• The following example shows how to create an snmpv3 group name the group as nms monitor enable auth mode and privacy mode and set the view as read view and notify view 728
• Configure users of the snmp group users belong to the group and use the same security level and access rights as the group 729
• Creating snmp users 729
• The following example shows how to create an snmp user on the switch name the user as admin and set the user as a remote user snmpv3 as the security mode authpriv as the 729
• Admin remote nms monitor v3 authpriv sha des 730
• Creating snmp communities 730
• For snmpv1 and snmpv2c the community name is used for authentication functioning as the password 730
• No u name u type g name s mode s lev a mode p mode 730
• Security level sha as the authentication algorithm 1234 as the authentication password des as the privacy algorithm and 1234 as the privacy password 730
• Switch config end 730
• Switch config show snmp server user 730
• Switch config snmp server user admin remote nms monitor smode v3 slev authpriv cmode sha cpwd 1234 emode des epwd 1234 730
• Switch configure 730
• Switch copy running config startup config 730
• The following example shows how to set an snmp community name the community as the nms monitor and allow the nms to view and modify parameters of view 730
• Configuration guidelines 732
• Notification configurations 732
• Using the gui 732
• Choose a notification type based on the snmp version if you choose the inform type you need to set retry times and timeout interval 733
• Click create 733
• Specify the user name or community name used by the nms and configure the security model and security level based on the settings of the user or community 733
• Configure parameters of the nms host and packet handling mechanism 734
• Configuring the host 734
• Using the cli 734
• 68 22 162 admin v3 authpriv inform 3 100 735
• Enabling snmp notification 735
• Enabling the snmp standard trap 735
• No des ip udp name secmode seclev type retry timeout 735
• Switch config end 735
• Switch config show snmp server host 735
• Switch config snmp server host 172 68 22 162 admin smode v3 slev authpriv type inform retries 3 timeout 100 735
• Switch configure 735
• Switch copy running config startup config 735
• The following example shows how to set the nms host ip address as 172 68 22 udp port as port 162 name used by the nms as admin security model as snmpv3 security level as authpriv notification type as inform retry times as 3 and the timeout interval as 100 seconds 735
• Optional enabling the snmp extended trap 736
• Switch config end 736
• Switch config snmp server traps snmp linkup 736
• Switch configure 736
• Switch copy running config startup config 736
• The following example shows how to configure the switch to send linkup traps 736
• Switch config end 737
• Switch config snmp server traps bandwidth control 737
• Switch configure 737
• Switch copy running config startup config 737
• The following example shows how to configure the switch to enable bandwidth control traps 737
• Optional enabling the ddm trap 738
• Switch config end 738
• Switch config snmp server traps ddm create 738
• Switch configure 738
• Switch copy running config startup config 738
• The following example shows how to configure the switch to enable ddm created trap 738
• Optional enabling the illegal dhcp server trap 739
• Optional enabling the link status trap 739
• Switch config end 739
• Switch config snmp server traps ddm 739
• Switch config snmp server traps security dhcp snoop 739
• Switch configure 739
• Switch copy running config startup config 739
• The following example shows how to configure the switch to enable all the snmp ddm trap 739
• The following example shows how to configure the switch to enable illegal dhcp server trap 739
• Switch config if end 740
• Switch config if snmp server traps link status 740
• Switch config interface gigabitethernet 1 0 1 740
• Switch configure 740
• Switch copy running config startup config 740
• The following example shows how to configure the switch to enable link status trap 740
• Rmon overview 741
• Configuring statistics 742
• Rmon configurations 742
• Using the gui 742
• Configuring history 743
• Follow these steps to configure history 743
• History to load the following page 743
• Select a history entry and specify a port to be monitored 743
• Set the sample interval and the maximum buckets of history entries 743
• Specify the entry id the port to be monitored and the owner name of the entry set the entry as valid or undercreation and click create 743
• Choose an event entry and set the snmp user of the entry 744
• Configuring event 744
• Enter the owner name and set the status of the entry click apply 744
• Event to load the following page 744
• Follow these steps to configure event 744
• Set the description and type of the event 744
• Alarm to load the following page 745
• Before you begin please complete configurations of statistics entries and event entries because the alarm entries must be associated with statistics and event entries 745
• Configuring alarm 745
• Enter the owner name and set the status of the entry click apply 745
• Follow these steps to configure alarm 745
• Select an alarm entry choose a variable to be monitored and associate the entry with a statistics entry 745
• Set the sample type the rising and falling threshold the corresponding event action and the alarm type of the entry 746
• Configuring statistics 747
• Enter the owner name and set the status of the entry click apply 747
• Using the cli 747
• Configuring history 748
• Gi1 0 1 monitor valid 748
• Gi1 0 2 monitor valid 748
• Index port owner state 748
• Switch config end 748
• Switch config rmon statistics 1 interface gigabitethernet 1 0 1 owner monitor status valid 748
• Switch config rmon statistics 2 interface gigabitethernet 1 0 2 owner monitor status valid 748
• Switch config show rmon statistics 748
• Switch configure 748
• Switch copy running config startup config 748
• The following example shows how to create two statistics entries on the switch to monitor port 1 0 1 and 1 0 2 respectively the owner of the entry is monitor and the entry is valid 748
• Configuring event 749
• Gi1 0 1 100 50 monitor enable 749
• Index port interval buckets owner state 749
• Switch config end 749
• Switch config rmon history 1 interface gigabitethernet 1 0 1 interval 100 owner monitor buckets 50 749
• Switch config show rmon history 749
• Switch configure 749
• Switch copy running config startup config 749
• The following example shows how to create a history entry on the switch to monitor port 1 0 1 set the sample interval as 100 seconds max buckets as 50 and the owner as monitor 749
• Admin rising notify notify monitor enable 750
• Index user description type owner state 750
• Switch config end 750
• Switch config rmon event 1 user admin description rising notify type notify owner monitor 750
• Switch config show rmon event 750
• Switch configure 750
• Switch copy running config startup config 750
• The following example shows how to create an event entry on the switch set the user name as admin the event type as notify set the switch to initiate notifications to the nms and the owner as monitor 750
• Configuring alarm 751
• Configuration example 753
• Configuration scheme 753
• Network requirements 753
• Network topology 754
• Using the gui 754
• Using the cli 759
• Verify the configurations 761
• Appendix default parameters 765
• Default settings of snmp are listed in the following table 765
• Default settings of notification are listed in the following table 766
• Ce mark warning 769
• Copyright trademarks 769
• Fcc statement 769
• Industry canada statement 769
• Bsmi notice 770
• Ce doc 770
• Safety information 770
• Explanation of the symbols on the product label 771