Page 1 " VN/UN564:1VN/UN5674" LgvUvtgco"N4"Ocpcigf"Uykvej" " REV1.2.3 1910011784...
Page 2 Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3 Kpfwuvt{"Ecpcfc"Uvcvgogpv" CAN ICES-3 (A)/NMB-3(A) Uchgv{"Kphqtocvkqp"  When product has power button, the power button is one of the way to shut off the product; When there is no power button, the only way to completely shut off power is to disconnect the product or the power adapter from the power source.
Page 4: Table Of Contents
EQPVGPVU" Package Contents ..........................1 Chapter 1 About this Guide......................2 Intended Readers ......................2 Conventions........................2 Overview of This Guide ....................3 Chapter 2 Introduction ........................6 Overview of the Switch ....................6 Main Features.......................6 Appearance Description ....................7 2.3.1 Front Panel ......................7 2.3.2 Rear Panel ......................8 Chapter 3 Login to the Switch.......................9 Login..........................9 Configuration ........................9...
Page 5 5.1.1 Port Config .......................30 5.1.2 Port Mirror ......................31 5.1.3 Port Security ....................34 5.1.4 Port Isolation ....................36 5.1.5 Loopback Detection ..................37 LAG ..........................38 5.2.1 LAG Table ......................40 5.2.2 Static LAG ......................41 5.2.3 LACP Config ....................42 Traffic Monitor ......................44 5.3.1 Traffic Summary....................44 5.3.2 Traffic Statistics ....................45 MAC Address......................47...
Page 6 STP Security.......................84 7.4.1 Port Protect ......................84 7.4.2 TC Protect......................87 Application Example for STP Function ...............87 Chapter 8 Multicast........................91 IGMP Snooping ......................93 8.1.1 Snooping Config ....................94 8.1.2 Port Config .......................95 8.1.3 VLAN Config ....................96 8.1.4 Multicast VLAN ....................98 Multicast IP .......................101 8.2.1 Multicast IP Table ...................101 8.2.2...
Page 7 10.2.2 ACL Create ....................127 10.2.3 MAC ACL .......................128 10.2.4 Standard-IP ACL ....................129 10.2.5 Extend-IP ACL ....................129 10.3 Policy Config......................131 10.3.1 Policy Summary .....................131 10.3.2 Policy Create....................131 10.3.3 Action Create ....................132 10.4 Policy Binding ......................133 10.4.1 Binding Table ....................133 10.4.2 Port Binding ....................134 10.4.3 VLAN Binding....................134 10.5...
Page 8 12.3.1 History Control ....................178 12.3.2 Event Config ....................178 12.3.3 Alarm Config ....................179 Chapter 13 Cluster........................182 13.1 NDP ..........................183 13.1.1 Neighbor Info ....................183 13.1.2 NDP Summary ....................184 13.1.3 NDP Config ....................185 13.2 NTDP........................187 13.2.1 Device Table ....................187 13.2.2 NTDP Summary .....................188 13.2.3 NTDP Config....................190 13.3...
Page 9 One power cord  One console cable  Two mounting brackets and other fittings  Installation Guide  Resource CD for TL-SL3428/TL-SL3452 switch, including:  This User Guide  The Command Line Interface Guide  SNMP Mibs  802.1X Client Software ...
Page 10: Conventions
The two devices of TL-SL3428 and TL-SL3452 are sharing this User Guide. For simplicity, we will take TL-SL3428 for example throughout the configuration chapters.TL-SL3428 and TL-SL3452 just differ in the number of LED indicators and ports and all ﬁgures in this guide are of TL-SL3428. Ogpw"Pcog→Uwdogpw"Pcog→Vcd"rcig"indicates"the menu structure. U{uvgo→U{uvgo"...
Page 11: Chapter 1 About This Guide
The Installation Guide (IG) can be found where you find this guide or inside the package of  the switch. Specifications can be found on the product page at http://www.tp-link.com.  A Technical Support Forum is provided for you to discuss our products at ...
Page 12 Ejcrvgt" Kpvtqfwevkqp" Chapter 6 VLAN This module is used to configure VLANs to control broadcast in LANs. Here mainly introduces: 802.1Q VLAN: Configure port-based VLAN.  Protocol VLAN: Create VLANs in application layer to make some  special data transmitted in the specified VLAN. GVRP: GVRP allows the switch to automatically add or remove ...
Page 13 Ejcrvgt" Kpvtqfwevkqp" Chapter 11 Network Security This module is used to configure the multiple protection measures for the network security. Here mainly introduces: IP-MAC Binding: Bind the IP address, MAC address, VLAN ID  and the connected Port number of the Host together. ARP Inspection: Configure ARP inspection feature to prevent the ...
Page 14 Ejcrvgt"4" Kpvtqfwevkqp" Thanks for choosing the TL-SL3428/TL-SL3452 JetStream L2 Managed Switch! 403" Qxgtxkgy"qh"vjg"Uykvej" Designed for workgroups and departments, TL-SL3428/TL-SL3452 from TP-Link provides wire-speed performance and full set of layer 2 management features. It provides a variety of service features and multiple powerful functions with high security.
Page 15: Front Panel
100Mbps or 1000Mbps. Each has a corresponding 1000Mbps LED.  UHR"Rqtvu< Designed to install the SFP module. TL-SL3428 features some SFP transceiver slots that are shared with the associated RJ45 ports. The associated two ports are referred as a “Combo” port, which means they cannot be used simultaneously, otherwise only SFP port works.
Page 16: Rear Panel
LED. For TL-SL3428, When using the SFP port with a 100M module or a gigabit module, you need to log on to the GUI (Graphical User Interface) of the switch and configure its corresponding Speed and Duplex mode on Uykvejkpi→Rqtv→Rqtv"Eqphki page.
Page 17: Chapter 3 Login To The Switch
Ejcrvgt"5" Nqikp"vq"vjg"Uykvej" 503" Nqikp" 1) To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Gpvgt"key. Figure 3-1 Web-browser " Vkru<" To log in to the switch, the IP address of your PC should be set in the same subnet addresses of the switch.
Page 18 Figure 3-3 Main Setup-Menu Pqvg<" Clicking Crrn{ can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Ucxg" Eqphki. You are suggested to click Ucxg" Eqphki" before cutting off the power or rebooting the switch to avoid losing the new configurations.
Page 19: Chapter 4 System
Ejcrvgt"6" U{uvgo" The System module is mainly for system configuration of the switch, including four submenus:" U{uvgo"Kphq, Wugt"Ocpcigogpv."U{uvgo"Vqqnu and Ceeguu"Ugewtkv{. 603" U{uvgo"Kphq" The System Info, mainly for basic properties configuration, can be implemented on U{uvgo" Uwooct{, Fgxkeg"Fguetkrvkqp, U{uvgo"Vkog, Fc{nkijv"Ucxkpi"Vkog"and U{uvgo"KR pages. 60303"U{uvgo"Uwooct{"...
Page 20 Indicates the 1000Mbps port is not connected to a device. " Indicates the 1000Mbps port is at the speed of 1000Mbps. " Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. " " Indicates the SFP port is not connected to a device. "...
Page 21: Device Description
Figure 4-3 Bandwidth Utilization Dcpfykfvj"Wvknk|cvkqp" " Select Rx to display the bandwidth utilization of receiving packets Tz<" on this port. Select Tx to display the bandwidth utilization of sending packets Vz<" on this port. 60304"Fgxkeg"Fguetkrvkqp" On this page you can configure the description of the switch, including device name, device location and system contact.
Page 22: System Time
Enter the location of the switch. Fgxkeg"Nqecvkqp<" Enter your contact information. U{uvgo"Eqpvcev<" 60305"U{uvgo"Vkog" System Time is the time displayed while the switch is running. On this page you can configure the system time and the settings here will be used for other time-based functions like"ACL. You can manually set the system time, get UTC automatically if it has connected to an NTP server or synchronize with PC’s clock as the system time.
Page 23: Daylight Saving Time
Pqvg<" The system time will be restored to the default when the switch is restarted and you need to reconfigure the system time of the switch. When Get Time from NTP Server is selected and no time server is configured, the switch will get time from the time server of the Internet if it has connected to the Internet.
Page 24: System Ip
Specify the DST configuration in Date mode. This configuration Fcvg"Oqfg<" is recurring in use:  Offset: Specify the time adding in minutes when Daylight Saving Time comes.  Start/End Time: Select starting time and ending time of Daylight Saving Time. Pqvg<"...
Page 25: User Management
Enter the ID of management VLAN, the only VLAN through which Ocpcigogpv"XNCP< you can get access to the switch. By default VLAN1 owning all the ports is the Management VLAN and you can access the switch via any port on the switch. However, if another VLAN is created and set to be the Management VLAN, you may have to reconnect the management station to a port that is a member of the Management VLAN.
Page 26: User Config
settings without the right to configure the switch; the admin can configure all the functions of the switch. The Web management pages contained in this guide are subject to the admin’s login without any explanation. Choose the menu U{uvgo→Wugt"Ocpcigogpv→Wugt"Eqphki"to load the following page. Figure 4-9 User Config The following entries are displayed on this screen: Wugt"Kphq"...
Page 27: System Tools
Click the Gfkv button of the desired entry, and you can edit the Qrgtcvkqp<" corresponding user information. After modifying the settings, please click the Modify button to make the modification effective. Access level and user status of the current user information can’t be modified.
Page 28: Config Backup
60505"Hktoyctg"Writcfg" The switch system can be upgraded via the Web management page. To upgrade the system is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware. Choose the menu U{uvgo→U{uvgo"Vqqnu→Hktoyctg"Writcfg"to load the following page.
Page 29: System Reboot
To avoid damage, please don't turn off the device while upgrading. After upgrading, the device will reboot automatically. You are suggested to back up the configuration before upgrading. 60506"U{uvgo"Tgdqqv" On this page you can reboot the switch and return to the login page. Please save the current configuration before rebooting to avoid losing the configuration unsaved.
Page 30: Access Control
60603"Ceeguu"Eqpvtqn" On this page you can control the users logging on to the Web management page to enhance the configuration management security. The definitions of Admin and Guest refer to 4.2 User Management. Choose the menu U{uvgo→Ceeguu"Ugewtkv{→Ceeguu"Eqpvtqn"to load the following page." Figure 4-15 Access Control The following entries are displayed on this screen: Ceeguu"Eqpvtqn"Eqphki"...
Page 31 The field can be available for configuration only when MAC-based OCE"Cfftguu<" " mode is selected. Only the user with this MAC address you set here is allowed for login. The field can be available for configuration only when Port-based Rqtv<" mode is selected.
Page 32: Ssl Config
Choose the menu"U{uvgo→Ceeguu"Ugewtkv{→UUN"Eqphki to load the following page." Figure 4-16 SSL Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Select Enable/Disable the SSL function on the switch. UUN<" " Egtvkhkecvg"Fqypnqcf" " Select the desired certificate to download to the switch. The Egtvkhkecvg"Hkng<"...
Page 33: Ssh Config
an insecure network environment. It can encrypt all the transmission data and prevent the information in a remote management being leaked. Comprising server and client, SSH has two versions, V1 and V2 which are not compatible with each other. In the communication, SSH server and client can auto-negotiate the SSH version and the encryption algorithm.
Page 34 Mg{"Fqypnqcf" " Select the type of SSH key to download. The switch supports Mg{"V{rg<" three types: SSH-1 RSA, SSH-2 RSA and SSH-2 DSA. Select the desired key file to download. Mg{"Hkng<" Click the Download button to download the desired key file to the Fqypnqcf<"...
Page 35 Crrnkecvkqp"Gzcorng"4"hqt"UUJ<" Pgvyqtm"Tgswktgogpvu" " 1. Log on to the switch via password authentication using SSH and the SSH function is enabled on the switch. 2. PuTTY client software is recommended. Eqphkiwtcvkqp"Rtqegfwtg" " 1. Select the key type and key length, and generate SSH key. Pqvg<"...
Page 36 2. On the Web management page of the switch, download the public key file saved in the computer to the switch. Pqvg<" The key type should accord with the type of the key file. The SSH key downloading cannot be interrupted. Download the private key file to SSH client software.
Page 37 3. After the public key and private key are downloaded, please log on to the interface of PuTTY and enter the IP address for login. 4. After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded.
Page 38: Chapter 5 Switching
Ejcrvgt"7" Uykvejkpi" Switching module is used to configure the basic functions of the switch, including four submenus: Rqtv,"NCI,"Vtchhke"Oqpkvqt and"OCE"Cfftguu. 703" Rqtv" The Port function, allowing you to configure the basic features for the port, is implemented on the Rqtv"Eqphki, Rqtv"Okttqt, Rqtv"Ugewtkv{, Rqtv"Kuqncvkqp and Nqqrdcem"Fgvgevkqp"pages. 70303"Rqtv"Eqphki"...
Page 39: Port Mirror
The parameters of the port members in a LAG should be set as the same. For TL-SL3428, when using the SFP port with a 100M module or a gigabit module, you need to configure its corresponding Urggf"cpf"Fwrngz mode. For 100M module, please select 322OHF while select 3222OHF for gigabit module.
Page 40 Choose the menu Uykvejkpi→Rqtv→Rqtv"Okttqt to load the following page." Figure5-2 Mirror Group List The following entries are displayed on this screen: Okttqt"Itqwr"Nkuv" " Displays the mirror group number. Itqwr<" Displays the mirroring port number. Okttqtkpi<" Displays the mirror mode. Oqfg<" Displays the mirrored ports.
Page 41 Click Gfkv to display the following figure. Figure 5-3 Port Mirror Config The following entries are displayed on this screen. Okttqt"Itqwr" " Select the mirror group number you want to configure. Pwodgt<" Okttqtkpi"Rqtv" " Select a port from the pull-down list as the mirroring port. When Okttqtkpi"Rqtv<"...
Page 42: Port Security
Select Enable/Disable the Egress feature. When the Egress is Gitguu<" enabled, the outgoing packets sent by the mirrored port will be copied to the mirroring port. Displays the LAG number which the port belongs to. The LAG NCI<" member cannot be selected as the mirrored port or mirroring port. Pqvg<"...
Page 43 Choose the menu Uykvejkpi→Rqtv→Rqtv"Ugewtkv{ to load the following page. Figure 5-4 Port Security The following entries are displayed on this screen: Rqtv"Ugewtkv{" " Select the desired port for Port Security configuration. It is Ugngev<" multi-optional. Displays the port number. Rqtv<" Specify the maximum number of MAC addresses that can be Ocz"Ngctpgf"OCE<"...
Page 44: Port Isolation
Pqvg<" The Port Security function is disabled for the LAG port member. Only the port is removed from the LAG, will the Port Security function be available for the port. The Port Security function is disabled when the 802.1X function is enabled. 70306"Rqtv"Kuqncvkqp"...
Page 45: Loopback Detection
Select the port that to be forwarded to. Hqtyctf"Rqtvnkuv<" Rqtv"Kuqncvkqp"Nkuv" " Display the port number. Rqtv<" Display the forwardlist. Hqtyctf"Rqtvnkuv<" 70307"Nqqrdcem"Fgvgevkqp" With loopback detection feature enabled, the switch can detect loops using loopback detection packets. When a loop is detected, the switch will display an alert or further block the corresponding port according to the port configuration.
Page 46 The following entries are displayed on this screen: Inqdcn"Eqphki" " Here you can enable or disable loopback detection function NqqrdcemFgvgevkqp" globally. Uvcvwu<" Set a loopback detection interval between 1 and 1000 seconds. Fgvgevkqp"Kpvgtxcn<" By default, it’s 30 seconds. Time after which the blocked port would automatically recover to Cwvqocvke"Tgeqxgt{"...
Page 47 For the member ports in an aggregation group, their basic configuration must be the same. The basic configuration includes UVR,"SqU, IXTR, XNCP, rqtv"cvvtkdwvgu, OCE"Cfftguu"Ngctpkpi" oqfg and other associated settings. The further explains are following: If the ports, which are enabled for the IXTR, :2403S"XNCP, Xqkeg"XNCP, UVR, SqU,"Rqtv" ...
Page 48: Lag Table
70403"NCI"Vcdng" On this page, you can view the information of the current LAG of the switch. Choose the menu Uykvejkpi→NCI→NCI"Vcdng to load the following page. Figure 5-7 LAG Table The following entries are displayed on this screen: Inqdcn"Eqphki" " Select the applied scope of Aggregate Arithmetic, which Jcuj"Cniqtkvjo<"...
Page 49: Static Lag
Click the Fgvckn button for the detailed information of your selected LAG. Figure 5-8 Detail Information 70404"Uvcvke"NCI" On this page, you can manually configure the LAG. The LACP feature is disabled for the member ports of the manually added Static LAG. Choose the menu Uykvejkpi→NCI→Uvcvke"NCI to load the following page.
Page 50 The following entries are displayed on this screen: NCI"Eqphki" " Select a Group Number for the LAG. Itqwr"Pwodgt<" Displays the description of the LAG. Fguetkrvkqp<" NCI"Vcdng" " Select the port as the LAG member. Clearing all the ports of Ogodgt"Rqtv<" the LAG will delete this LAG.
Page 51: Lacp Config
Choose the menu Uykvejkpi→NCI→NCER"Eqphki to load the following page. Figure 5-10 LACP Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Specify a System Priority for the port. The System Priority and the U{uvgo"Rtkqtkv{<" Admin Key constitute the aggregation ID. A dynamic aggregation group will only be formed between ports having the same aggregation NCER"Eqphki"...
Page 52: Traffic Monitor
member. The port with smaller Port Priority will be considered as the preferred one. If the two port priorities are equal; the port with smaller port number is preferred. Specify the LACP mode for your selected port. Oqfg：" Enable/Disable the LACP feature for your selected port. Uvcvwu<"...
Page 53: Traffic Statistics
automatically. Enter a value in seconds to specify the refresh interval. Tghtguj"Tcvg<" Vtchhke"Uwooct{" " Click the Select"button to quick-select the corresponding port based Rqtv"Ugngev<" on the port number you entered. Displays the port number. Rqtv<" Displays the number of packets received on the port. The error Rcemgvu"Tz<"...
Page 54 The following entries are displayed on this screen: Cwvq"Tghtguj" " Allows you to Enable/Disable refreshing the Traffic Summary Cwvq"Tghtguj<" automatically. Enter a value in seconds to specify the refresh interval. Tghtguj"Tcvg<" Uvcvkuvkeu" " Enter a port number and click the Select"button to view the traffic Rqtv<"...
Page 55: Mac Address
706" OCE"Cfftguu" The main function of the switch is forwarding the packets to the correct ports based on the destination MAC address of the packets. Address Table contains the port-based MAC address information, which is the base for the switch to forward packets quickly. The entries in the Address Table can be updated by auto-learning or configured manually.
Page 56 Figure 5-13 Address Table The following entries are displayed on this screen: Ugctej"Qrvkqp" " Enter the MAC address of your desired entry. OCE"Cfftguu<" Enter the VLAN ID of your desired entry. XNCP"KF<" Select the corresponding port number of your desired entry. Rqtv<"...
Page 57: Static Address
Cfftguu"Vcdng" " Displays the MAC address learned by the switch. OCE"Cfftguu<" Displays the corresponding VLAN ID of the MAC address. XNCP"KF<" Displays the corresponding Port number of the MAC address. Rqtv<" Displays the Type of the MAC address. V{rg<" Displays the Aging status of the MAC address. Cikpi"Uvcvwu<"...
Page 58: Dynamic Address
Ugctej"Qrvkqp" " Select a Search Option from the pull-down list and click the Ugctej Ugctej"Qrvkqp<" button to find your desired entry in the Static Address Table.  OCE"Cfftguu<"Enter the MAC address of your desired entry.  XNCP"KF<"Enter the VLAN ID number of your desired entry." ...
Page 59 Figure 5-15 Dynamic Address The following entries are displayed on this screen: Cikpi"Eqphki" " Allows you to Enable/Disable the Auto Aging feature. Cwvq"Cikpi<" Enter the Aging Time for the dynamic address. Cikpi"Vkog<" Ugctej"Qrvkqp" " Select a Search Option from the pull-down list and click the Search Ugctej"Qrvkqp<"...
Page 60: Filtering Address
F{pcoke"Cfftguu"Vcdng" " Select the entry to delete the dynamic address or to bind the MAC Ugngev<" address to the corresponding port statically. It is multi-optional. Displays the dynamic MAC address. OCE"Cfftguu<" Displays the corresponding VLAN ID of the MAC address. XNCP"KF<"...
Page 61 The following entries are displayed on this screen: Etgcvg"Hknvgtkpi"Cfftguu" " Enter the MAC address to be filtered. OCE"Cfftguu<" Enter the corresponding VLAN ID of the MAC address. XNCP"KF<" Ugctej"Qrvkqp" " Select a Search Option from the pull-down list and click the Search Ugctej"Qrvkqp<"...
Page 62: Chapter 6 Vlan
Ejcrvgt"8" XNCP" The traditional Ethernet is a data network communication technology basing on CSMA/CD (Carrier Sense Multiple Access/Collision Detect) via shared communication medium. Through the traditional Ethernet, the overfull hosts in LAN will result in serious collision, flooding broadcasts, poor performance or even breakdown of the Internet. Though connecting the LANs through switches can avoid the serious collision, the flooding broadcasts cannot be prevented, which will occupy plenty of bandwidth resources, causing potential serious security problems.
Page 63: Q Vlan
VLANs. The switch can analyze the received untagged packets on the port and match the packets with the Protocol VLAN and 802.1Q VLAN in turn. If a packet is matched, the switch will add a corresponding VLAN tag to it and forward it in the corresponding VLAN. 803"...
Page 64 （2） VTWPM<"The TRUNK port can be added in multiple VLANs, and the egress rule of the port is TAG. The TRUNK port is generally used to connect the cascaded network devices for it can receive and forward the packets of multiple VLANs. When the packets are forwarded by the TRUNK port, its VLAN tag will not be changed.
Page 65 IEEE 802.1Q VLAN function is implemented on the XNCP"Eqphki"and Rqtv"Eqphki"pages. 80303"XNCP"Eqphki" On this page, you can view the current created 802.1Q VLAN. Choose the menu XNCP→:2403S"XNCP→XNCP"Eqphki to load the following page. Figure 6-3 VLAN Table To ensure the normal communication of the factory switch, the default VLAN of all ports is set to VLAN1.
Page 66 Figure 6-4 Create or Modify 802.1Q VLAN The following entries are displayed on this screen: XNCP"Eqphki" " Enter the ID number of VLAN. XNCP"KF<" Give a description to the VLAN for identification. Fguetkrvkqp<" Click the Check button to check whether the VLAN ID you entered Ejgem<"...
Page 67: Port Config
Select the Egress Rule for the VLAN port member. The default Gitguu"Twng<" egress rule is UNTAG.  TAG: All packets forwarded by the port are tagged. The packets contain VLAN information.  UNTAG: Packets forwarded by the port are untagged. Displays the LAG to which the port belongs.
Page 68: Configuration Procedure
Select the Link Type from the pull-down list for the port. Nkpm"V{rg<"  ACCESS: The ACCESS port can be added in a single VLAN, and the egress rule of the port is UNTAG. The PVID is same as the current VLAN ID. If the current VLAN is deleted, the PVID will be set to 1 by default.
Page 69: Protocol Vlan
Uvgr" Qrgtcvkqp" Fguetkrvkqp" Create VLAN. Required. On the XNCP→:2403S" XNCP→XNCP" Eqphki page, click the Create button to create a VLAN. Enter the VLAN ID and the description for the VLAN. Meanwhile, specify its member ports. Modify/View VLAN. Optional. On the XNCP→:2403S" XNCP→XNCP" Eqphki page, click the Gfkv1Fgvckn button to modify/view the information of the corresponding VLAN.
Page 70: Protocol Vlan
If the Protocol VLAN is created, please set its enabled port to be the member of corresponding 802.1Q VLAN so as to ensure the packets forwarded normally. 80403"Rtqvqeqn"XNCP" On this page, you can create Protocol VLAN and view the information of the current defined Protocol VLANs.
Page 71 Figure 6-8 Create and View Protocol Template The following entries are displayed on this screen: Etgcvg"Rtqvqeqn"Vgorncvg" " Give a name for the Protocol Template. Rtqvqeqn"Pcog<" Enter the Ethernet protocol type field in the protocol template. Gvjgt"V{rg<" Rtqvqeqn"Vgorncvg"Vcdng" " Select the desired entry. It is multi-optional. Ugngev<"...
Page 72: Gvrp
Figure 6-9 Enable Protocol VLAN for Port Select your desired port for Protocol VLAN feature. All the ports are Rqtv"Gpcdng<" disabled by default. Configuration Procedure: Uvgr" Qrgtcvkqp" Fguetkrvkqp" Set the link type for port. Required. On the XNCP→:2403S" XNCP→Rqtv" Eqphki page, set the link type for the port basing on its connected device.
Page 73 ICTR" " GARP provides the mechanism to assist the switch members in LAN to deliver, propagate and register the information among the members. GARP itself does not work as the entity among the devices. The application complied with GARP is called GARP implementation, and GVRP is the implementation of GARP.
Page 74 The switch also propagates the local VLAN registration information to other switches so that all the switching devices in the same switched network can have the same VLAN information. The VLAN registration information includes not only the static registration information configured locally, but also the dynamic registration information, which is received from other switches.
Page 75 Pqvg<" If the GVRP feature is enabled for a member port of LAG, please ensure all the member ports of this LAG are set to be in the same status and registration mode. The following entries are displayed on this screen: Inqdcn"Eqphki"...
Page 76 Eqphkiwtcvkqp"Rtqegfwtg<" Uvgr" Qrgtcvkqp" Fguetkrvkqp" Set the link type for port. Required. On the XNCP→:2403S"XNCP→Rqtv"Eqphki page, set the link type of the port to be TRUNK. Enable GVRP function. Required. On the XNCP→IXTR page, enable GVRP function. Configure the registration mode Required.
Page 77 Uvgr" Qrgtcvkqp" Fguetkrvkqp" Create VLAN20 Required. On XNCP→:2403S"XNCP→XNCP"Eqphki"page, create a VLAN with its VLAN ID as 20, owning Port 3 and Port 4. Configure Switch B  Uvgr" Qrgtcvkqp" Fguetkrvkqp" Configure Required. On XNCP→:2403S" XNCP→Rqtv" Eqphki" page, configure Link Type of the the link type of Port 7, Port 6 and Port 8 as ACCESS, TRUNK and ports ACCESS respectively.
Page 78 Eqphkiwtcvkqp"Rtqegfwtg"  Configure Switch A  Uvgr" Qrgtcvkqp" Fguetkrvkqp" Configure Required. On XNCP→:2403S"XNCP→Rqtv"Eqphki"page, configure the Link Type of the link type of Port 11 and Port 13 as ACCESS, and configure the link type ports of Port 12 as GENERAL. Create VLAN10 Required.
Page 79: Chapter 7 Spanning Tree
Ejcrvgt"9" Urcppkpi"Vtgg" STP (Spanning Tree Protocol), subject to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network and block ports by exchanging information, in that way, a ring network can be disbranched to form a tree-topological ring-free network to prevent packets from being duplicated and forwarded endlessly in the network.
Page 80 Port: Port 3 is the root port of switch B and port 5 is the root port of switch C; port 1 is the  designated port of switch A and port 4 is the designated port of switch B; port 6 is the blocked port of switch C.
Page 81 UVR"Igpgtcvkqp" " In the beginning " In the beginning, each switch regards itself as the root, and generates a configuration BPDU for each port on it as a root, with the root path cost being 0, the ID of the designated bridge being that of the switch, and the designated port being itself.
Page 82 " Vkru：" In an STP with stable topology, only the root port and designated port can forward data, and the other ports are blocked. The blocked ports only can receive BPDUs." RSTP (Rapid Spanning Tree Protocol), evolved from the 802.1D STP standard, enable Ethernet ports to transit their states rapidly.
Page 83 Figure 7-2 Basic MSTP diagram OUVR" " " MSTP divides a network into several MST regions. The CST is generated between these MST regions, and multiple spanning trees can be generated in each MST region. Each spanning tree is called an instance. As well as STP, MSTP uses BPDUs to generate spanning tree. The only difference is that the BPDU for MSTP carries the MSTP configuration information on the switches.
Page 84: Stp Config
Figure 7-3 Port roles The Spanning Tree module is mainly for spanning tree configuration of the switch, including four submenus:"UVR"Eqphki, Rqtv"Eqphki, OUVR"Kpuvcpeg and UVR"Ugewtkv{. 903" UVR"Eqphki" The STP Config function, for global configuration of spanning trees on the switch, can be implemented on UVR"Eqphki and UVR"Uwooct{ pages.
Page 85 The following entries are displayed on this screen: Inqdcn"Eqphki" " Select Enable/Disable STP function globally on the switch. UVR<" Select the desired STP version on the switch. Xgtukqp<"  STP: Spanning Tree Protocol.  RSTP: Rapid Spanning Tree Protocol.  MSTP: Multiple Spanning Tree Protocol. Rctcogvgtu"Eqphki"...
Page 86: Stp Summary
If the TxHold Count parameter is too large, the number of MSTP packets being sent in each hello time may be increased with occupying too much network resources. The default value is recommended. 90304"UVR"Uwooct{" On this page you can view the related parameters for Spanning Tree function. Choose the menu Urcppkpi"Vtgg→UVR"Eqphki→UVR"Uwooct{ to load the following page.
Page 87: Port Config
Figure 7-6 Port Config The following entries are displayed on this screen: Rqtv"Eqphki" " Click the Select button to quick-select the corresponding port based on Rqtv"Ugngev<" the port number you entered. Select the desired port for STP configuration. It is multi-optional. Ugngev<"...
Page 88: Mstp Instance
 Designated Port: Indicates the port that forwards packets to a downstream network segment or switch.  Master Port: Indicates the port that connects a MST region to the common root. The path from the master port to the common root is the shortest path between this MST region and the common root.
Page 89: Region Config
Figure 7-7 Region Config The following entries are displayed on this screen: Tgikqp"Eqphki" " Create a name for MST region identification using up to 32 characters. Tgikqp"Pcog<" Enter the revision from 0 to 65535 for MST region identification. Tgxkukqp<" 90504"Kpuvcpeg"Eqphki" Instance Configuration, a property of MST region, is used to describe the VLAN to Instance mapping configuration.
Page 90 The following entries are displayed on this screen: Kpuvcpeg"Vcdng" " Click the Select button to quick-select the corresponding Instance ID Kpuvcpeg"KF"Ugngev<" based on the ID number you entered. Select the desired Instance ID for configuration. It is multi-optional. Ugngev<" Displays Instance ID of the switch. Kpuvcpeg<"...
Page 91: Instance Port Config
Figure 7-9 Instance Port Config The following entries are displayed on this screen: Rqtv"Eqphki" " Select the desired instance ID for its port configuration. Kpuvcpeg"KF<" Click the Select button to quick-select the corresponding port based on Rqtv"Ugngev<" the port number you entered. Select the desired port to specify its priority and path cost.
Page 92: Stp Security
Pqvg<" The port status of one port in different spanning tree instances can be different. Global configuration Procedure for Spanning Tree function: Uvgr" Qrgtcvkqp" Fguetkrvkqp" Make clear roles the switches Preparation. play spanning tree instances: root bridge designated bridge Globally configure MSTP Required."...
Page 93 Tqqv"Rtqvgev" " A CIST and its secondary root bridges are usually located in the high-bandwidth core region. Wrong configuration or malicious attacks may result in configuration BPDU packets with higher priorities being received by the legal root bridge, which causes the current legal root bridge to lose its position and network topology jitter to occur.
Page 94 Figure 7-10 Port Protect The following entries are displayed on this screen: Rqtv"Rtqvgev" " Click the Select button to quick-select the corresponding port based on Rqtv"Ugngev<" the port number you entered. Select the desired port for port protect configuration. It is Ugngev<"...
Page 95: Tc Protect
90604"VE"Rtqvgev" When TC Protect is enabled for the port on Rqtv"Rtqvgev page, the TC threshold and TC protect cycle need to be configured on this page. Choose the menu Urcppkpi"Vtgg→UVR"Ugewtkv{→VE"Rtqvgev to load the following page." Figure 7-11 TC Protect The following entries are displayed on this screen: VE"Rtqvgev"...
Page 96 On Urcppkpi" Vtgg→UVR" Eqphki→Rqtv" Eqphki page, enable MSTP function for the port. Configure the region name and On Urcppkpi"Vtgg→OUVR"Kpuvcpeg→Tgikqp"Eqphki the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Urcppkpi" Vtgg→OUVR" Kpuvcpeg→Kpuvcpeg"...
Page 97 On Urcppkpi" Vtgg→UVR" Eqphki→Rqtv" Eqphki page, enable MSTP function for the port. Configure the region name and On Urcppkpi"Vtgg→OUVR"Kpuvcpeg→Tgikqp"Eqphki the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Urcppkpi" Vtgg→OUVR" Kpuvcpeg→Kpuvcpeg"...
Page 98 Uvgr" Qrgtcvkqp" Fguetkrvkqp" Configure the region name and On Urcppkpi"Vtgg→OUVR"Kpuvcpeg→Tgikqp"Eqphki the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Urcppkpi" Vtgg→OUVR" Kpuvcpeg→Kpuvcpeg" mapping table of the MST region Eqphki page, configure VLAN-to-Instance mapping table.
Page 99: Chapter 8 Multicast
Ejcrvgt":" Ownvkecuv" Ownvkecuv"Qxgtxkgy" " In the network, packets are sent in three modes: unicast, broadcast and multicast. In unicast, the source server sends separate copy information to each receiver. When a large number of users require this information, the server must send many pieces of information with the same content to the users.
Page 100 Ownvkecuv"Cfftguu" " 1. Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination addresses of multicast packets. The multicast IP addresses range from 224.0.0.0~239.255.255.255. The following table displays the range and description of several special multicast IP addresses.
Page 101: Igmp Snooping
KIOR"Upqqrkpi" " In the network, the hosts apply to the near Router for joining (leaving) a multicast group by sending IGMP (Internet Group Management Protocol) messages. When the up-stream device forwards down the multicast data, the switch is responsible for sending them to the hosts. IGMP Snooping is a multicast control mechanism, which can be used on the switch for dynamic registration of the multicast group.
Page 102 3. IGMP Leave Message The host, running IGMPv1, does not send IGMP leave message when leaving a multicast group, as a result, the switch cannot get the leave information of the host momentarily. However, after leaving the multicast group, the host does not send IGMP report message any more, so the switch will remove the port from the corresponding multicast address table when its member port time times out.
Page 103 Figure 8-4 Basic Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Select Enable/Disable IGMP Snooping function globally on the KIOR"Upqqrkpi<" switch. Select the operation for the switch to process unknown multicast, Wpmpqyp"Ownvkecuv<" Forward or Discard. KIOR"Upqqrkpi"Uvcvwu" " Displays IGMP Snooping status.
Page 104: Port Config
Figure 8-5 Port Config The following entries are displayed on this screen: Rqtv"Eqphki" " Click the Select button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select the desired port for IGMP Snooping feature configuration. It Ugngev<"...
Page 105: Vlan Config
Choose the menu"Ownvkecuv→KIOR"Upqqrkpi→XNCP"Eqphki"to load the following page." Figure 8-6 VLAN Config The following entries are displayed on this screen: XNCP"Eqphki" " Enter the VLAN ID to enable IGMP Snooping for the desired XNCP"KF<" VLAN. Specify the aging time of the router port. Within this time, if the Tqwvgt"Rqtv"Vkog<"...
Page 106: Multicast Vlan
Displays the leave time of the VLAN. Ngcxg"Vkog<" Displays the router port of the VLAN. Tqwvgt"Rqtv<" Pqvg<" The settings here will be invalid when multicast VLAN is enabled. Configuration procedure: Uvgr" Qrgtcvkqp" Fguetkrvkqp" Enable IGMP Snooping Required. Enable IGMP Snooping globally on the switch function port Ownvkecuv→KIOR"...
Page 107 The following entries are displayed on this screen: Ownvkecuv"XNCP" " Select Enable/Disable Multicast VLAN feature. Ownvkecuv"XNCP<" Enter the VLAN ID of the multicast VLAN. XNCP"KF<" Specify the aging time of the router port. Within this time, if the Tqwvgt"Rqtv"Vkog<" switch doesn’t receive IGMP query message from the router port, it will consider this port is not a router port any more.
Page 108 Configure parameters for Optional. Enable and configure a multicast VLAN on the multicast VLAN Ownvkecuv→KIOR"Upqqrkpi→Ownvkecuv"XNCP"page. It is recommende d to keep the default time parameters. Look over the configuration If it is successfully configured, the VLAN ID of the multica VLAN will be displayed in the IGMP Snooping Statu s table on the Ownvkecuv→KIOR"Upqqrkpi→Upqq...
Page 109 Eqphkiwtcvkqp"Rtqegfwtg" " Uvgr" Qrgtcvkqp" Fguetkrvkqp" Create VLANs Create three VLANs with the VLAN ID 3, 4 and 5 respectively, and specify the description of VLAN3 as Multicast VLAN on XNCP→:2403S"XNCP page. Configure ports On XNCP→:2403S"XNCP function pages. For port 3, configure its link type as GENERAL and its egress rule as TAG, and add it to VLAN3, VLAN4 and VLAN5.
Page 110: Multicast Ip
Figure 8-8 Multicast IP Table The following entries are displayed on this screen: Ugctej"Qrvkqp" " ter the multicast IP address th e desired entry must carry. Ownvkecuv"KR<" Enter the VLAN ID the desired entry must carry. XNCP"KF<" Select the port number the desired entry must carry. Rqtv<"...
Page 111: Multicast Filter
Figure 8-9 Static Multicast IP Table The following entries are displa yed on this screen: Etgcvg"Uvcvke"Ownvkecuv" " Enter static multicast IP address. Ownvkecuv"KR<" Enter the VLAN ID of the multicas t IP. XNCP"KF<" Enter the forward port of the multicast grou Hqtyctf"R qtv<"...
Page 112: Ip-Range
When applying for a multicast gro up, the host will send IGMP report message. After receiving the report message, the switch will firstly check the multicast filter rules configured for the receiving port. If the port can be added to the multicast group, it will be added to the multicast address table; if the port cannot be added to the multicast group, the switch will drop the IGMP re port message.
Page 113: Port Filter
04"Rqtv"Hknvgt" this page you can c onfigure the multicast filter rules for port. Take th e configuration on this page and the configuration on IP-Range page together to function to implement multicast filter function on the switch. Choose the menu Ownvkecuv→Ownvkecuv"Hknvgt→Rqtv"Hknvgt to load the following page. Figure 8-11 Port Filter The following entries are displayed on this screen: Rqtv"Hknvgt"Eqphki"...
Page 114: Packet Statistics
Displays the LAG number which the port belongs to. NCI<" Pqvg<" Multicast Filter feature can only have effect on the VLAN with IGMP Snooping enabled. Multicast Filter feature ha s no effect on static multicast IP. Up to 15 IP-Ranges can be bound to one port. Configuration Procedure: Uvgr"...
Page 115 The following entries are displayed on this screen: Cwvq"Tghtguj" " Select Enable/Disable auto refresh feature. Cwvq"Tghtguj<" Enter the time from 3 to 300 in seconds to specify the auto refresh Tghtguj"Rgtkqf<" period. KIOR"Uvcvkuvkeu" " Click the Select button to quick-select the corresponding port Rqtv"Ugngev<"...
Page 116: Chapter 9 Qos
Ejcrvgt";" SqU" QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality.  SqU" " This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function.
Page 117 2. 802.1P Priority Figure 9-2 802.1Q frame As shown in the figure above, each 802.1Q Tag has a Pri field, comprising 3 bits. The 3-bit priority field is 802.1p priority in the range of 0 to 7. 802.1P priority determines the priority of the packets based on the Pri value.
Page 118 Figure 9-4 SP-Mode WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues with lower priority cannot get service for a long time.
Page 119: Diffserv
The QoS module is mainly for traffic control and priority configuration, including three submenus: FkhhUgtx, Dcpfykfvj"Eqpvtqn and Xqkeg"XNCP. ;03" FkhhUgtx" This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms.
Page 120: Dscp Priority
Pqvg<" To complete QoS function configuration, you have to go to the Uejgfwng"Oqfg"page to select a schedule mode after the configuration is finished on this page. Configuration Procedure: Uvgr" Qrgtcvkqp" Fguetkrvkqp" Log on to the Rqtv" Rtkqtkv{ page Select the desired ports for Select the desired ports.
Page 121 The following entries are displayed on this screen: FUER"Rtkqtkv{"Eqphki" " Select Enable or Disable DSCP Priority. FUER"Rtkqtkv{<" Rtkqtkv{"Ngxgn" " " Indicates the priority determined by the DS region of IP datagram. FUER<" It ranges from 0 to 63. Indicates the priority level the packets with tag are mapped to. The Rtkqtkv{"Ngxgn<"...
Page 122: Schedule Mode
Figure 9-8 802.1P Priority The following entries are displayed on this screen: :2403R"Rtkqtkv{"Eqphki" " Select Enable/Disable 802.1P Priority. :2403R"Rtkqtkv{<" Rtkqtkv{"cpf"EqU/ocrrkpi"Eqphki" " Indicates the precedence level defined by IEEE802.1P and the Vci/kf1Equ/kf<" CoS ID. Indicates the priority level of egress queue the packets with tag Swgwg"VE/kf<"...
Page 123: Rate Limit
queues and scheduling algorithms you set. On this switch, the priority levels are labeled as TC0, TC1… TC3. Choose the menu SqU→FkhhUgtx→Uejgfwng"Oqfg to load the following page. Figure 9-9 Schedule Mode The following entries are displayed on this screen: Uejgfwng"Oqfg"Eqphki" "...
Page 124 Figure 9-10 Rate Limit The following entries are displayed on this screen:  Tcvg"Nkokv"Eqphki" Click the Select button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select the desired port for Rate configuration. It is multi-optional. Ugngev<"...
Page 125: Storm Control
Pqvg<" If you enable ingress rate limit feature for the storm control-enabled port, storm control feature will be disabled for this port. When selecting "Manual" to set Ingress/Egress rate, the system will automatically select integral multiple of 64Kbps that closest to the rate you entered as the real Ingress/Egress rate. For example, if you enter 1023Kbps for egress rate, the system will automatically select 1024Kbps as the real Egress rate.
Page 126: Voice Vlan
Enable/Disable broadcast control feature for the port. Dtqcfecuv<" Enable/Disable multicast control feature for the port. Ownvkecuv<" Enable/Disable UL-Frame control feature for the port. WN/Htcog<" Select the bandwidth for receiving the specified packet on the port. Tcvg"*dru+<" The packet traffic exceeding the bandwidth will be discarded. Displays the LAG number which the port belongs to.
Page 127 of the UNTAG packets sent from IP phone when it is powered on. The aging time of voice VLAN can be configured on the switch. If the switch does not receive any voice packet on the ingress port within the aging time, the switch will remove this port from voice VLAN. Voice ports are automatically added into or removed from voice VLAN.
Page 128: Port Config
Figure 9-12 Global Configuration The following entries are displayed on this screen: Inqdcn"Eqphki" " Select Enable/Disable Voice VLAN function. Xqkeg"XNCP<" Enter the VLAN ID of the voice VLAN. XNCP"KF<" Specifies the living time of the member port in auto mode after the Cikpi"Vkog<"...
Page 129 Pqvg<" To enable voice VLAN function for the LAG member port, please ensure its member state accords with its port mode. If a port is a member port of voice VLAN, changing its port mode to be “Auto” will make the port leave the voice VLAN and will not join the voice VLAN automatically until it receives voice streams.
Page 130 Figure 9-14 OUI Configuration The following entries are displayed on this screen: Etgcvg"QWK" " Enter the OUI address of the voice device. QWK<" Enter the OUI address mask of the voice device. Ocum<" Give a description to the OUI for identification. Fguetkrvkqp<"...
Page 131 Uvgr" Qrgtcvkqp" Fguetkrvkqp" Configure the Required. On SqU→Xqkeg"XNCP→Rqtv"Eqphki page, parameters of the ports configure the parameters of the ports in voice VLAN. in voice VLAN Enable Voice VLAN Required. On SqU→Xqkeg"XNCP→Inqdcn"Eqphki page, configure the global parameters of voice VLAN. Return to CONTENTS...
Page 132: Chapter 10 Acl
Ejcrvgt"32" CEN" ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and secured access control policy and facilitates you to control the network security.
Page 133: Time-Range Create
320304" Vkog/Tcpig"Etgcvg" On this page you can create time-ranges. Choose the menu CEN→Vkog/Tcpig→Vkog/Tcpig"Etgcvg"to load the following page. Figure 10-2 Time-Range Create The following entries are displayed on this screen: Etgcvg"Vkog/Tcpig" " Enter the name of the time-range for time identification. Pcog<"...
Page 134: Holiday Config
320305" Jqnkfc{"Eqphki" Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays according to your work arrangement. Choose the menu CEN→Vkog/Tcpig→Jqnkfc{"Eqphki to load the following page. Figure 10-3 Holiday Configuration The following entries are displayed on this screen: Etgcvg"Jqnkfc{"...
Page 135: Acl Summary
320403" CEN"Uwooct{" On this page, you can view the current ACLs configured in the switch. Choose the menu CEN→CEN"Eqphki→CEN"Uwooct{"to load the following page. Figure 10-4 ACL Summary The following entries are displayed on this screen: Ugctej"Qrvkqp" " Select the ACL you have created Ugngev"CEN<"...
Page 136: Mac Acl
320405" OCE"CEN" MAC ACLs analyze and process packets based on a series of match conditions, which can be the source MAC addresses, destination MAC addresses, VLAN ID, and EtherType carried in the packets. Choose the menu CEN→CEN"Eqphki→OCE"CEN"to load the following page. Figure 10-6 Create MAC Rule The following entries are displayed on this screen: Etgcvg"OCE"CEN"...
Page 137: Standard-Ip Acl
320406" Uvcpfctf/KR"CEN" Standard-IP ACLs analyze and process data packets based on a series of match conditions, which can be the source IP addresses and destination IP addresses carried in the packets. Choose the menu CEN→CEN"Eqphki→Uvcpfctf/KR"CEN to load the following page. Figure 10-7 Create Standard-IP Rule The following entries are displayed on this screen: Etgcvg"Uvcpfctf/KR"CEN"...
Page 138 Figure 10-8 Create Extend-IP Rule The following entries are displayed on this screen: Etgcvg"Gzvgpf/KR"CEN" " Select the desired Extend-IP ACL for configuration. CEN"KF<" Enter the rule ID. Twng"KF<" Select the operation for the switch to process packets which match the Qrgtcvkqp<"...
Page 139: Policy Config
3205"Rqnke{"Eqphki" " A Policy is used to control the data packets those match the corresponding ACL rules by configuring ACLs and actions together for effect. The operations here include stream mirror, stream condition, QoS remarking and redirect. The Policy Config can be implemented on Rqnke{"Uwooct{, Rqnkeg"Etgcvg and"Cevkqp"Etgcvg pages."...
Page 140: Action Create
Figure 10-10 Create Policy The following entries are displayed on this screen: Etgcvg"Rqnke{" " Enter the name of the policy. Rqnke{"Pcog<" 320505" Cevkqp"Etgcvg" On this page you can add ACLs and create corresponding actions for the policy. Ejqqug"vjg"ogpw"CEN→Rqnke{"Eqphki→Cevkqp"Etgcvg"vq"nqcf"vjg"hqnnqykpi"rcig0" Figure 10-11 Action Create The following entries are displayed on this screen: Etgcvg"Cevkqp"...
Page 141: Policy Binding
Select S-Condition to limit the transmission rate of the data packets in U/Eqpfkvkqp<" the policy.  Rate: Specify the forwarding rate of the data packets those match the corresponding ACL.  Out of Band: Specify the disposal way of the data packets those are transmitted beyond the rate.
Page 142 320604" Rqtv"Dkpfkpi" On this page you can bind a policy to a port. Choose the menu CEN→Rqnke{"Dkpfkpi→Rqtv"Dkpfkpi"to load the following page. Figure 10-13 Bind the policy to the port The following entries are displayed on this screen: Rqtv/Dkpf"Eqphki" " Select the name of the policy you want to bind. Rqnke{"Pcog<"...
Page 143 The following entries are displayed on this screen: XNCP/Dkpf"Eqphki" " " Select the name of the policy you want to bind. Rqnke{"Pcog<" " Enter the ID of the VLAN you want to bind. XNCP"KF<" XNCP/Dkpf"Vcdng" " " Displays the index of the binding policy. Kpfgz<"...
Page 144 Pgvyqtm"Fkcitco"  Eqphkiwtcvkqp"Rtqegfwtg"  Uvgr" Qrgtcvkqp" " Fguetkrvkqp" Configure On CEN→Vkog/Tcpig page, create a time-range named work_time. Time-range Select Week mode and configure the week time from Monday to Friday. Add a time-slice 08:00~18:00. Configure On CEN→CEN"Eqphki→CEN"Etgcvg page, create ACL 11. requirement 1 On CEN→CEN"Eqphki→OCE"CEN"page, select ACL 11, create Rule 1, configure the operation as Permit, configure the S-MAC as...
Page 145 Uvgr" Qrgtcvkqp" " Fguetkrvkqp" Configure On CEN→CEN"Eqphki→CEN"Etgcvg page, create ACL 100. requirement On CEN→CEN" Eqphki→Uvcpfctf/KR" CEN" page, select ACL 100, and 4 create Rule 1, configure operation as Deny, configure S-IP as 10.10.70.0 and mask as 255.255.255.0, configure D-IP as 10.10.50.0 and mask as 255.255.255.0, configure the time-range as No Limit.
Page 146: Ip-Mac Binding
Ejcrvgt"33" Pgvyqtm"Ugewtkv{" Network Security module is to provide the multiple protection measures for the network security, including five submenus: KR/OCE" Dkpfkpi," CTR" Kpurgevkqp," FqU" Fghgpf and" :2403Z. Please configure the functions appropriate to your need. 3303"KR/OCE"Dkpfkpi" The IP-MAC Binding function allows you to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together.
Page 147 The following entries are displayed on this screen: Ugctej"Qrvkqp" " Select a Source from the pull-down list and click the Search Uqwteg<" button to view your desired entry in the Binding Table.  Cnn< All the bound entries will be displayed. ...
Page 148: Manual Binding
Figure 11-2 Manual Binding The following entries are displayed on this screen: Ocpwcn"Dkpfkpi"Qrvkqp" " Enter the Host Name. Jquv"Pcog<" Enter the IP address of the Host. KR"Cfftguu<" Enter the MAC address of the Host. OCE"Cfftguu<" Enter the VLAN ID. XNCP"KF<" Select the number of port connected to the Host.
Page 149: Arp Scanning
330305" CTR"Uecppkpi" ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly. IP address is the address of the Host on Network layer. MAC address, the address of the Host on Data link layer, is necessary for the packet to reach the very device.
Page 150 Figure 11-4 ARP Scanning The following entries are displayed on this screen: Uecppkpi"Qrvkqp" " Specify the Start IP address. Uvctv"KR"Cfftguu<" Specify the End IP address. Gpf"KR"Cfftguu<" Enter the VLAN ID. If blank, the switch will send the untagged XNCP"KF<" packets for scanning. Click the Scan button to scan the Hosts in the LAN.
Page 151 network configuration protocol optimized and developed basing on the BOOTP, functions to solve the above mentioned problems. FJER"Yqtmkpi"Rtkpekrng" " DHCP works via the “Client/Server” communication mode. The Client applies to the Server for configuration. The Server assigns the configuration information, such as the IP address, to the Client, so as to reach a dynamic employ of the network source.
Page 152 Figure 11-6 Interaction between a DHCP client and a DHCP server （1） FJER/FKUEQXGT"Uvcig< The Client broadcasts the DHCP-DISCOVER packet to find the DHCP Server. （2） FJER/QHHGT" Uvcig< Upon receiving the DHCP-DISCOVER packet, the DHCP Server selects an IP address from the IP pool according to the assigning priority of the IP addresses and replies to the Client with DHCP-OFFER packet carrying the IP address and other information.
Page 153: Dhcp Snooping
Option 82 can contain 255 sub-options at most. If Option 82 is defined, at least a sub-option should be defined. This switch supports two sub-options: Circuit ID and Remote ID. Since there is no universal standard about the content of Option 82, different manufacturers define the sub-options of Option 82 to their need.
Page 154 Choose the menu Pgvyqtm"Ugewtkv{→KR/OCE"Dkpfkpi→FJER"Upqqrkpi to load the following page. Figure 11-8 DHCP Snooping Pqvg<" If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. The following entries are displayed on this screen: FJER"Upqqrkpi"Eqphki"...
Page 155 Select the value to specify the maximum amount of DHCP Inqdcn"Hnqy"Eqpvtqn<" messages that can be forwarded by the switch per second. The excessive massages will be discarded. Select the value to specify the minimum transmission rate of the Fgenkpg"Vjtgujqnf<" Decline packets to trigger the Decline protection for the specific port.
Page 156 3304"CTR"Kpurgevkqp" According to the ARP Implementation Procedure stated in 11.1.3 ARP Scanning, it can be found that ARP protocol can facilitate the Hosts in the same network segment to communicate with one another or access to external network via Gateway. However, since ARP protocol is implemented with the premise that all the Hosts and Gateways are trusted, there are high security risks during ARP Implementation Procedure in the actual complex network.
Page 157 Figure 11-10 ARP Attack – Cheating Gateway As the above figure shown, the attacker sends the fake ARP packets of Host A to the Gateway, and then the Gateway will automatically update its ARP table after receiving the ARP packets. When the Gateway tries to communicate with Host A in LAN, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
Page 158 Figure 11-11 ARP Attack – Cheating Terminal Hosts As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
Page 159 Figure 11-12 Man-In-The-Middle Attack Suppose there are three Hosts in LAN connected with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33. First, the attacker sends the false ARP response packets.
Page 160: Arp Detect
The IP-MAC Binding function allows the switch to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together when the Host connects to the switch. Basing on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the ARP packets and filter the illegal ARP packet so as to prevent the network from ARP attacks.
Page 161: Arp Defend
Eqphkiwtcvkqp"Rtqegfwtg<" Uvgr" Qrgtcvkqp" Fguetkrvkqp" Bind the IP address, MAC Required. On the KR/OCE" Dkpfkpi page, bind the IP address, VLAN ID and the address, MAC address, VLAN ID and the connected Port connected Port number of number of the Host together via Manual Binding, ARP the Host together.
Page 162: Arp Statistics
The following entries are displayed on this screen: CTR"Fghgpf" " Click the Select" button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select your desired port for configuration. It is multi-optional. Ugngev<" Displays the port number. Rqtv<"...
Page 163: Dos Defend
Choose the menu Pgvyqtm" Ugewtkv{→CTR" Kpurgevkqp→CTR" Uvcvkuvkeu to load the following page. Figure 11-15 ARP Statistics The following entries are displayed on this screen: Cwvq"Tghtguj" " Enable/Disable the Auto Refresh feature. Cwvq"Tghtguj<" Specify the refresh interval to display the ARP Statistics. Tghtguj"Kpvgtxcn<"...
Page 164 FqU"Cvvcem"V{rg" Fguetkrvkqp" Scan SYNFIN The attacker sends the packet with its SYN field and the FIN field set to 1. The SYN field is used to request initial connection whereas the FIN field is used to request disconnection. Therefore, the packet of this type is illegal. The switch can defend this type of illegal packet.
Page 165 The following entries are displayed on this screen: Eqphki" " Allows you to Enable/Disable DoS Defend function. FqU"Rtqvgevkqp<" Fghgpf"Vcdng" " Select the entry to enable the corresponding Defend Type. Ugngev<" Displays the Defend Type name. Fghgpf"V{rg<" Vkru<" You are suggested to take the following further steps to ensure the network security. It’s recommended to inspect and repair the system vulnerability regularly.
Page 166 （2） Cwvjgpvkecvqt"U{uvgo< The authenticator system is usually an 802.1X-supported network device, such as this TP-LINK switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system. （3） Cwvjgpvkecvkqp" Ugtxgt" U{uvgo< The authentication server system is an entity that provides authentication service to the authenticator system.
Page 167 Figure 11-18 EAP-MD5 Authentication Procedure A supplicant system launches an 802.1X client program via its registered user name and password to initiate an access request through the sending of an EAPOL-Start packet to the switch. The 802.1X client program then forwards the packet to the switch to start the authentication process.
Page 168 The supplicant system can also terminate the authenticated state by sending EAPOL-Logoff packets to the switch. The switch then changes the port state from accepted to rejected. （2） EAP Terminating Mode In this mode, packet transmission is terminated at authenticator systems and the EAP packets are mapped into RADIUS packets.
Page 169: Global Config
Iwguv"XNCP" " Guest VLAN function enables the supplicants that do not pass the authentication to access the specific network resource. By default, all the ports connected to the supplicants belong to a VLAN, i.e. Guest VLAN. Users belonging to the Guest VLAN can access the resources of the Guest VLAN without being authenticated.
Page 170 Select the Authentication Method from the pull-down list. Cwvj"Ogvjqf<"  GCR/OF7< IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client. protocol packets with  authentication data can be encapsulated in the advanced protocol (such as RADIUS) packets to be transmitted to the authentication server.
Page 171: Port Config
Figure 11-21 Port Config The following entries are displayed on this screen: Rqtv"Eqphki" " Click the Ugngev" button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select your desired port for configuration. It is multi-optional. Ugngev<"...
Page 172: Radius Server
Displays the authentication status of the port. Cwvjqtk|gf<" Displays the LAG to which the port belongs to. NCI<" 330605" Tcfkwu"Ugtxgt" " RADIUS (Remote Authentication Dial-In User Service) server provides the authentication service for the switch via the stored client information, such as the user name, password, etc, with the purpose to control the authentication and accounting status of the clients.
Page 173 Pqvg<" The 802.1X function takes effect only when it is enabled globally on the switch and for the port. The 802.1X function cannot be enabled for LAG member ports. That is, the port with 802.1X function enabled cannot be added to the LAG. The 802.1X function should not be enabled for the port connected to the authentication server.
Page 174: Chapter 12 Snmp
Ejcrvgt"34" UPOR" UPOR"Qxgtxkgy" " SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the network devices. It is used for automatically managing the various network devices no matter the physical differences of the devices.
Page 175 UPOR" x3<" SNMP v1 adopts Community Name authentication. The community name is used to define the relation between SNMP Management Station and SNMP Agent. The SNMP packets failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password.
Page 176: Global Config
3. Create SNMP User The User configured in an SNMP Group can manage the switch via the client program on management station. The specified User Name and the Auth/Privacy Password are used for SNMP Management Station to access the SNMP Agent, functioning as the password. SNMP module is used to configure the SNMP function of the switch, including three submenus: UPOR"Eqphki, Pqvkhkecvkqp and TOQP.
Page 177: Snmp View
Tgoqvg"Gpikpg" " Specify the Remote Engine ID for switch. The Engine ID is a Tgoqvg"Gpikpg"KF<" unique alphanumeric string used to identify the SNMP engine on the remote device which receives informs from switch. Pqvg<" The amount of Engine ID characters must be even. 340304"...
Page 178: Snmp Group
Displays the name of the View entry. Xkgy"Pcog<" Displays the type of the View entry. Xkgy"V{rg<" Displays the OID of the View entry. OKD"Qdlgev"KF<" 340305" UPOR"Itqwr" On this page, you can configure SNMP Group to control the network access by providing the users in various groups with different management rights via the Read View, Write View and Notify View.
Page 179: Snmp User
Select the Security Level for the SNMP v3 Group. Ugewtkv{"Ngxgn<"  noAuthNoPriv: No authentication and no privacy security levels is used.  authNoPriv: Only the authentication security level is used.  authPriv: Both the authentication and the privacy security levels are used. Select the View to be the Read View.
Page 180 Choose the menu UPOR→UPOR"Eqphki→UPOR"Wugt to load the following page. Figure 12-6 SNMP User The following entries are displayed on this screen: Wugt"Eqphki" " Enter the User Name here. Wugt"Pcog<" Select the type for the User. Wugt"V{rg<"  Local User: Indicates that the user is connected to a local SNMP engine.
Page 181: Snmp Community
Enter the Privacy Password. Rtkxce{"Rcuuyqtf<" Wugt"Vcdng" " Select the desired entry to delete the corresponding User. It is Ugngev<" multi-optional. Displays the name of the User. Wugt"Pcog<" Displays the User Type. Wugt"V{rg<" Displays the Group Name of the User. Itqwr"Pcog<" Displays the Security Model of the User.
Page 182 The following entries are displayed on this screen: Eqoowpkv{"Eqphki" " Enter the Community Name here. Eqoowpkv{"Pcog<" Defines the access rights of the community. Ceeguu<"  tgcf/qpn{< Management right of the Community is restricted to read-only, and changes cannot be made to the corresponding View.
Page 183: Notification
If SNMPv1 or SNMPv2c is employed, please take the following steps:  Uvgr" Qrgtcvkqp" Fguetkrvkqp" Enable SNMP function globally. Required. On the UPOR→UPOR" Eqphki→Inqdcn" Eqphki"page, enable UPOR function globally. Create SNMP View. Required. On the UPOR→UPOR" Eqphki→UPOR" Xkgy page, create SNMP View of the management agent.
Page 184 Choose the menu UPOR→Pqvkhkecvkqp→Pqvkhkecvkqp to load the following page. Figure 12-8 Notification Config The following entries are displayed on this screen: Etgcvg"Pqvkhkecvkqp" " Enter the IP address of the management Host. KR"Cfftguu<" Enter the number of the UDP port used to send notifications. WFR"Rqtv<"...
Page 185: Rmon
Pqvkhkecvkqp"Vcdng" " Select the desired entry to delete the corresponding Ugngev<" management station. Displays the IP address of the management host. KR"Cfftguu<" Displays the UDP port used to send notifications. WFR"Rqtv<" Displays the User name of the management station. Wugt<" Displays the Security Model of the management station.
Page 186: History Control
The TOQP Groups can be configured on the Jkuvqt{"Eqpvtqn."Gxgpv"Eqphki and Cncto"Eqphki pages. 340503" Jkuvqt{"Eqpvtqn" On this page, you can configure the History Group for RMON. Choose the menu UPOR→TOQP→Jkuvqt{"Eqpvtqn to load the following page. Figure 12-9 History Control The following entries are displayed on this screen: Jkuvqt{"Eqpvtqn"Vcdng"...
Page 187: Event Config
Figure 12-10 Event Config The following entries are displayed on this screen: Gxgpv"Vcdng" " Select the desired entry for configuration. Ugngev<" Displays the index number of the entry. Kpfgz<" Enter the name of the User or the community to which the Wugt<"...
Page 188: Alarm Config
Figure 12-11 Alarm Config The following entries are displayed on this screen: Cncto"Vcdng" " Select the desired entry for configuration. Ugngev<" Displays the index number of the entry. Kpfgz<" Select the alarm variables from the pull-down list. Xctkcdng<" Select the port on which the Alarm entry acts. Rqtv<"...
Page 189 Enter the alarm interval time in seconds. Kpvgtxcn<" Enter the name of the device or user that defined the entry. Qypgt<" Select Enable/Disable the corresponding alarm entry. Uvcvwu<" Pqvg<" When alarm variables exceed the Threshold on the same direction continuously for several times, an alarm event will only be generated on the first time, that is, the Rising Alarm and Falling Alarm are triggered alternately for that the alarm following to Rising Alarm is certainly a Falling Alarm and vice versa.
Page 190: Chapter 13 Cluster
Ejcrvgt"35" Enwuvgt" With the development of network technology, the network scale is getting larger and more network devices are required, which may result in a more complicated network management system. As a large number of devices need to be assigned different network addresses and every management device needs to be respectively configured to meet the application requirements, manpower are needed.
Page 191: Neighbor Info
The commander switch discovers and determines candidate switches by collecting related " information. After being added to the cluster, the candidate switch becomes to be the member switch. " After being removed from the cluster, the member switch becomes to be the candidate switch. "...
Page 192: Ndp Summary
The following entries are displayed on this screen: Pgkijdqt" " Select the information the desired entry should contain and then Ugctej"Qrvkqp<" click the Ugctej button to display the desired entry in the following Neighbor Information table. Pgkijdqt"Kphq" " Displays the port number of the switch. Pcvkxg"Rqtv<"...
Page 193 The following entries are displayed on this screen: Inqdcn"Eqphki" " Displays the global NDP status (enabled or disabled) for the PFR<" switch. Displays the period for the neighbor switch to keep the NDP Cikpi"Vkog<" packets from this switch. Displays the interval to send NDP packets. Jgnnq"Vkog<"...
Page 194: Ndp Config
Figure 13-4 NDP Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Select Enable/Disable NDP function globally. PFR<" Enter the period for the neighbor switch to keep the NDP packets Cikpi"Vkog<" from this switch. Enter the interval to send NDP packets. Jgnnq"Vkog<"...
Page 195: Ntdp
The aging time should be set over the hello time value, otherwise the neighbor information table of NDP ports will not take effect. 3504"PVFR" NTDP (Neighbor Topology Discovery Protocol）is used for the commander switch to collect NDP information. NTDP transmits and forwards NTDP topology collection request based on NDP neighbor information table, and collects the NDP information and neighboring connection information of each device in a specific network range.
Page 196 Displays the role this device plays in the cluster. Tqng<"  Commander: Indicates the device that can configure and manage all the devices in a cluster.  Member: Indicates the device that is managed in a cluster.  Candidate: Indicates the device that does not belong to any cluster though it can be added to a cluster.
Page 197: Ntdp Summary
Figure 13-7 NTDP Summary The following entries are displayed on this screen: Inqdcn"Eqphki" " Displays the NTDP status (enabled or disabled) of the switch PVFR<" globally. Displays the interval to collect topology information. PVFR"Kpvgtxcn"Vkog<" Displays the hop count the switch topology collects. PVFR"Jqru<"...
Page 198: Ntdp Config
Displays NTDP status (enabled or disabled) of the current port. PVFR<" 350405" PVFR"Eqphki" On this page you can configure NTDP globally. Choose the menu Enwuvgt→PVFR→PVFR"Eqphki"to load the following page. Figure 13-8 NTDP Config The following entries are displayed on this screen: Inqdcn"Eqphki"...
Page 199: Cluster
Enter the time between the port forwarding NTDP request packets PVFR"Rqtv"Fgnc{<" and its adjacent port forwarding NTDP request packets over. The default is 20 milliseconds. Rqtv"Eqphki" " Select the desired port for NTDP status configuration. Ugngev<" Displays the port number of the switch. Rqtv<"...
Page 200 Figure 13-10 Cluster Summary for Member Switch The following entries are displayed on this screen: Inqdcn"Eqphki" " Displays the cluster status (enabled or disabled) of the switch. Enwuvgt<" Displays the role the switch plays in the cluster. Enwuvgt"Tqng<" Displays the name of the current cluster the switch belongs to. Enwuvgt"Pcog<"...
Page 201 Figure 13-12 Cluster Configuration for Candidate Switch The following entries are displayed on this screen: Ewttgpv"Tqng" " Displays the role the current switch plays in the cluster. Tqng<" Tqng"Ejcpig" " Select this option to change the role of the switch to be individual Kpfkxkfwcn<"...
Page 202 Pgvyqtm"Tgswktgogpvu" "  Three switches form cluster, one commander switch (Here take TP-LINK TL-SL5428E as an example) and two member switches (Here take TP-LINK TL-SL3428/TL-SL3452 as an example). The administrator manages all the switches in the cluster via the commander switch.
Page 203 Eqphkiwtcvkqp"Rtqegfwtg" "  Configure the member switch  Uvgr" Qrgtcvkqp" Fguetkrvkqp" Enable NDP function on the On Enwuvgt→PFR→PFR"Eqphki"page, enable NDP switch and for port 1 function. Enable NTDP function on the On Enwuvgt→PVFR→PVFR"Eqphki"page, enable switch and for port 1 NTDP function. Configure the commander switch ...
Page 204: Chapter 14 Maintenance
Ejcrvgt"36" Ockpvgpcpeg" Maintenance module, assembling the commonly used system tools to manage the switch, provides the convenient method to locate and solve the network problem. （1） System Monitor: Monitor the utilization status of the memory and the CPU of switch. （2）...
Page 205: Memory Monitor
360304" Ogoqt{"Oqpkvqt" Choose the menu Ockpvgpcpeg→U{uvgo"Oqpkvqt→Ogoqt{"Oqpkvqt to load the following page. Figure 14-2 Memory Monitor Click the" Oqpkvqt button to enable the switch to monitor and display its Memory utilization rate every four seconds. 3604"Nqi" The Log system of switch can record, classify and manage the system information effectively, providing powerful support for network administrator to monitor network operation and diagnose malfunction.
Page 206: Log Table
Ngxgn" Fguetkrvkqp" " Ugxgtkv{ " debugging Debug-level messages Table 14-1 Log Level The Nqi function is implemented on the Nqi"Vcdng, Nqecn"Nqi, Tgoqvg"Nqi and Dcemwr"Nqi pages. 360403" Nqi"Vcdng" The switch supports logs output to two directions, namely, log buffer and log file. The information in log buffer will be lost after the switch is rebooted or powered off whereas the information in log file will be kept effective even the switch is rebooted or powered off.
Page 207: Local Log
360404" Nqecn"Nqi" Local Log is the log information saved in switch. By default, all system logs are saved in log buffer and the logs with severities from level_0 to level_4 are saved in log file meanwhile. On this page, you can set the output channel for logs. Choose the menu Ockpvgpcpeg→Nqi→Nqecn"Nqi to load the following page.
Page 208: Backup Log
Figure 14-5 Log Host The following entries are displayed on this screen: Nqi"Jquv" " Select the desired entry to configure the corresponding log host. Ugngev<" Displays the index of the log host. The switch supports 4 log Kpfgz<" hosts. Configure the IP for the log host. Jquv"KR<"...
Page 209: Device Diagnostics
Figure 14-6 Backup Log The following entry is displayed on this screen: Dcemwr"Nqi" " " Click the Dcemwr"Nqi button to save the log as a file to your computer. Dcemwr"Nqi<" Pqvg<" It will take a few minutes to back up the log file. Please wait without any operation. 3605"Fgxkeg"Fkcipquvkeu"...
Page 210: Loopback
Displays the Pair number. Rckt<" Displays the connection status of the cable connected to the port. The Uvcvwu<" test results of the cable include normal, close, open, short, impedance or unknown. If the connection status is normal, here displays the length range of Ngpivj<"...
Page 211: Network Diagnostics
Nqqrdcem"Rqtv" " " Select the desired port for loopback test. Nqqrdcem"Rqtv<" Click the Test button to start the loopback test for the port. Vguv<" 3606"Pgvyqtm"Fkcipquvkeu" This switch provides Ping test and Tracert test functions for network diagnostics. 360603" Rkpi" Ping test function, testing the connectivity between the switch and one node of the network, facilitates you to test the network connectivity and reachability of the host so as to locate the network malfunctions.
Page 212: Tracert
360604" Vtcegtv" Tracert test function is used to test the connectivity of the gateways during its journey from the source to destination of the test data. When malfunctions occur to the network, you can locate trouble spot of the network with this tracert test. Choose the menu Ockpvgpcpeg→Pgvyqtm"Fkcipquvkeu→Vtcegtv to load the following page.
Page 213 Ejcrvgt"37" U{uvgo"Ockpvgpcpeg"xkc"HVR" The firmware can be downloaded to the switch via FTP function. FTP (File Transfer Protocol), a protocol in the application layer, is mainly used to transfer files between the remote server and the local PCs. It is a common protocol used in the IP network for files transfer. If there is something wrong with the firmware of the switch and the switch cannot be launched, the firmware can be downloaded to the switch again via FTP function.
Page 214 Figure 15-2 Open Hyper Terminal 2） The Connection Description Window will prompt shown as Figure 15-3. Enter a name into the Name field and click QM. Figure 15-3 Connection Description 3） Select the port to connect in Figure 15-4 and click"QM.
Page 215 Figure 15-4 Select the port to connect 4） Configure the port selected in the step above shown as the following Figure 15-5. Configure Dkvu"rgt"ugeqpf as 38400, Fcvc"dkvu as 8, Rctkv{ as None, Uvqr"dkvu"as 1, Hnqy"eqpvtqn"as None, and then click QM. Figure 15-5 Port Settings 50"...
Page 216 6） When the prompt “Are you sure to upgrade the firmware[Y/N]:” displays, please enter [ to start upgrade or enter P to quit upgrade shown as the following figure. The # icon indicates it is upgrading. After upgrading, the [TP-LINK] command will display. Ctg"{qw"uwtg"vq"writcfg"vjg"hktoyctg][1P_<"{"...
Page 217 Uvctv"0"0"0"0"0"0"0"0" ◀ " " ,",",",",",",",",",",",",",",",","," " Wugt"Ceeguu"Nqikp " " ,",",",",",",",",",",",",",",","," Wugt<" " When you forget the login user name and password, you can enter reset command after entering into bootUtil menu to reset the system. The system will be restored to the factory default settings, and the default login user name and password are both admin.
Page 218 Crrgpfkz"C<"Eqphkiwtkpi"vjg"REu" In this section, we’ll introduce how to install and configure the TCP/IP correctly in Windows 2000. First make sure your Ethernet Adapter is working, refer to the adapter’s manual if necessary. 30" Eqphkiwtg"VER1KR"eqorqpgpv" On the Windows taskbar, click the Uvctv button, and then click Eqpvtqn"Rcpgn. Click the Pgvyqtm"...
Page 219 Figure B-2 The following VER1KR"Rtqrgtvkgu window will display and the KR"Cfftguu"tab is open on this window by default.
Page 220 Figure B-3 Select Wug"vjg"hqnnqykpi"KR"cfftguu. And the following items will be available. If the switch's IP address is 192.168.0.1, specify IP address as 192.168.0.x (x is from 2 to 254), and the Uwdpgv"ocum as 255.255.255.0. Pqy< Click QM to save your settings. Return to CONTENTS...
Page 221 In 802.1X mechanism, the supplicant Client should be equipped with the corresponding client software complied with 802.1X protocol standard for 802.1X authentication. When the switch TL-SL3428 works as the authenticator system, please take the following instructions to install the TpSupplicant provided on the attached CD for the supplicant Client.
Page 222 Figure C-3 Welcome to the InstallShield Wizard To continue, choose the destination location for the installation files and click Pgzv on the following screen. Figure C-4 Choose Destination Location By default, the installation files are saved on the Program Files folder of system disk. Click the Ejcpig button to modify the destination location proper to your need.
Page 223 Figure C-5 Install the Program The InstallShield Wizard is installing TpSupplicant shown as the following screen. Please wait. Figure C-6 Setup Status On the following screen, click Hkpkuj to complete the installation.
Page 224 304" Wpkpuvcnn"Uqhvyctg" If you want to remove the TpSupplicant, please take the following steps: On the Windows taskbar, click the Uvctv button, point to Cnn" RtqitcouVR/NKPM" VrUwrrnkecpv, and then click Wpkpuvcnn"VR/NKPM":2403Z, shown as the following figure. Figure C-8 Uninstall TP-LINK 802.1X...
Page 225 On the continued screen, click [gu to remove the application from your PC. Figure C-10 Uninstall the Application Click Hkpkuj to complete. Figure C-11 Uninstall Complete 305" Eqphkiwtcvkqp" After completing installation, double click the icon to run the TP-LINK 802.1X Client Software. The following screen will appear.
Page 226 Figure C-12 TP-LINK 802.1X Client Enter the Pcog and the Rcuuyqtf specified in the Authentication Server. The length of Pcog and Rcuuyqtf should be less than 16 characters. Click the Rtqrgtvkgu button on Figure C-12 to load the following screen for configuring the connection properties.
Page 227 Double click the icon on the right corner of desktop, and then the following connection status screen will pop up. Figure C-16 Connection Status 306" HCS<" S3<"Why does this error dialog box pop up when starting up the TP-LINK 802.1X Client Software?
Page 228 WinPcap 4.0.2 or the higher version for installation, and run the client software again. " S4< Is this TP-LINK 802.1X Client Software compliable with the switches of the other manufacturers? C4< No. This TP-LINK 802.1X Client Software is customized for TP-LINK switches.
Page 229 Crrgpfkz"E<"Inquuct{" Ceeguu"Eqpvtqn"Nkuv"*CEN+" ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Dqqv"Rtqvqeqn"*DQQVR+" BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 230 Igpgtke"Ownvkecuv"Tgikuvtcvkqp"Rtqvqeqn"*IOTR+" GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. Itqwr"Cvvtkdwvg"Tgikuvtcvkqp"Rtqvqeqn"*ICTR+" See Generic Attribute Registration Protocol. KGGG":2403F" Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 231 Nc{gt"4" Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses. Nkpm"Ciitgicvkqp" See Port Trunk. Nkpm"Ciitgicvkqp"Eqpvtqn"Rtqvqeqn"*NCER+" Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device.
Page 232 Ugewtg"Ujgnn"*UUJ+" A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Ukorng"Pgvyqtm"Ocpcigogpv"Rtqvqeqn"*UPOR+" The application protocol in the Internet suite of protocols which offers network management services.

This manual is also suitable for:

Tl-sl3452

TP-Link TL-SL3428 User Manual

Chapter 1 About this Guide

Chapter 2 Introduction

Chapter 3 Login to the Switch

Chapter 4 System

Chapter 5 Switching

Chapter 6 VLAN

Chapter 7 Spanning Tree

Chapter 8 Multicast

Chapter 9 Qos

Chapter 10 ACL

Chapter 11 Network Security

Chapter 12 SNMP

Chapter 13 Cluster

Chapter 14 Maintenance

Quick Links

Related Manuals for TP-Link TL-SL3428

Summary of Contents for TP-Link TL-SL3428

This manual is also suitable for:

Table of Contents