Tenda TEG3224P User Manual
  1. Manuals
  2. Brands
  3. Tenda Manuals
  4. Switch
  5. TEG3224P
  6. User manual

Tenda TEG3224P User Manual

24-port gigabit poe managed switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

Advertisement

Table of Contents
loading

Related Manuals for Tenda TEG3224P

Summary of Contents for Tenda TEG3224P

  • Page 2 Tenda does not assume any liability that may occur due to the use or application of the product or circuit layout(s) described herein. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information and recommendations in this document do not constitute the warranty of any kind, express or implied.
  • Page 3 User Guide Safety Guidelines Observe the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage. Basic Requirements 1. Keep the device strictly dry while storing, shipping and using; 2. Keep the device from fierce collision; 3.

  • Page 4: Table Of Contents

    User Guide Contents Chapter 1 Product Overview ........................... 1 1.1 Overview ................................1 1.2 Physical Description ............................1 1.2.1 Front Panel ..............................1 1.2.2 Back Panel ..............................1 1.3 Specifications ..............................1 1.3.1 Hardware Specifications ..........................1 1.3.2 Software Specifications ..........................2 1.3.3 Package Contents ............................
  • Page 5 User Guide 4.2 Port Management ............................. 27 4.2.1 Port Configuration ............................27 4.2.2 Link Aggregation ............................32 4.3 VLAN Management ............................38 4.3.1 VLAN ................................39 4.3.2 MAC VLAN ..............................49 4.3.3 Protocol VLAN ............................51 4.3.4 Voice VLAN ..............................54 4.4 PoE Management .............................
  • Page 6 User Guide 5.3.1 Commands for entering common views ....................193 5.3.2 Config system info ........................... 193 5.3.3 Config IP address manually ........................194 5.3.4 Enable DHCP client to obtain an IP address ..................194 5.3.5 User configuration ........................... 194 5.3.6 System Time Configuration ........................195 5.3.7 Reset and reboot .............................

  • Page 7: Chapter 1 Product Overview

    User Guide Chapter 1 Product Overview 1.1 Overview Thank you for purchasing this product. This 24-port Smart Gigabit PoE Switch provides 24 10/100/1000Mbps auto-sensing RJ45 ports, 4 1000Mbps Combo (copper/fiber) ports and one Console port. All its RJ45 ports are PoE-capable and it can connect up to 24 IEEE 802.3af-compliant PDs (15.4W) or up to 12 IEEE 802.3at-compliant PDs (30W).

  • Page 8: Software Specifications

    User Guide Item Specification Input Voltage 100 - 240VAC 50/60Hz 6A About 15W(no load); Power Consumption About 390W(full load); 24 10/100/1000Mbps auto-sensing, PoE-capable RJ45 ports with up to 30W on each; It supports static or dynamic power allocation and can connect up to 24 IEEE 802.3af-compliant PDs (15.4W) or up to 12 IEEE 802.3at-compliant PDs (30W);...
  • Page 9 User Guide MAC Address Table 1. VLAN distribution based on ports. Up to 24 can be configured; 2. IEEE 802.1Q VLAN. Up to 128 can be configured; VLAN 3. Protocol VLAN. Up to 16 can be configured; 4. MAC VLAN. Up to 64 can be configured; 5.

  • Page 10: Package Contents

    User Guide 1. IEEE 802.3at and IEEE 802.3af; 2. Maximum power consumption: 385W; Maintenance Ping\Tracert\Cable check-up; 1.3.3 Package Contents Please verify that the package contains the following items: • Smart PoE Switch • Power cord • Install guide • Console cable •...
  • Page 11 User Guide maintain and manage the system. The console cable is an 8-conductor cable. One end of the console cable, RJ45 plug, is connected to the Console port on the switch; while the other end, DB9 plug, is connected to 9-conductor console outlet. Figure 1-4 Console Port Connection 1.4.2.2 Ethernet Interface (1) Ethernet interface overview...

  • Page 12: Fan

    User Guide 1.4.2.3 RESET Button To restore factory defaults, press and hold the button for more than 5 seconds when the switch functions correctly. When pressing it for a while, SYS LED will be off and POWER LED is solid. The device will restart and all LEDs will be on.

  • Page 13: Chapter 2 Installation

    User Guide Chapter 2 Installation The smart switch can be installed on a flat surface or in a standard 19-inch rack. 2.1 Installing the Switch in a Rack To install the switch in a rack, observe the following procedures. To perform this procedure, you need the 19-inch rack-mount kit supplied with switch.

  • Page 14: Connecting To Protective Grounding Line

    User Guide 2.3 Connecting to Protective Grounding Line Proper connection of protective grounding line is important for lightning protection and anti-interference. Proper connection is as follows: 2.3.1 With Grounding Bar Connect the yellow-green color protective grounding cable to binding post on the grounding bar and fix the screws.

  • Page 15: Connecting The Power Cord

    User Guide If the device supports AC power supply, you can connect it to the grounding bar through the PE line of the AC power and ensure the PE line in the switchgear room or beside the AC power supply transformer is well-grounded.

  • Page 16: Connecting To Sfp Fiber Combo Ports

    User Guide the remote device; Check PoE LED status. For LED status, please refer to 1.4.1 LEDs. 2.5.3 Connecting to SFP fiber combo ports The small form-factor pluggable (SFP) module is a compact, hot-pluggable transceiver used for optical signal transmission. The module bay is a combo port, sharing a connection with an RJ45 port. Being a combo port, only one type of connection can be active at any given time.

  • Page 17: Chapter 3 Login

    User Guide Chapter 3 Login 3.1 Web Login 3.1.1 Preparation Item Caption Network Interface Card installed PC’s IP and the switch’s IP should be in the same network segment (It IP and Subnet Mask can’t be 192.168.0.1). WEB Browser Microsoft IE 8.0 or higher Ethernet Cable One CAT.5 RJ45 cable 3.1.2 Configuration Preparation...

  • Page 18: Login Through Console Port

    User Guide 3.2 Login through Console Port 3.2.1 Preparation Item Caption With the Console port Ethernet Cable DB9-RJ45 Console Cable 3.2.2 Configuration Preparation Step 1: Connect the console port from your PC (or other terminals) to the console port on the switch. Step 2: Run terminal program (for example, terminal in Windows 3.X, Hyper Terminal in Windows 9X/Windows 2000/Windows XP, an example of Windows XP is described below) on PC and select the console port that is connected to the switch and configure as below (Note: For win7 and win8 OS, you...
  • Page 19 User Guide Figure 3-1: New Connection Figure 3-2: Connect To...

  • Page 20: Telnet Login

    User Guide Figure 3-3: Port Settings Step 3: Power the switch, press Enter, input user name and password (admin/admin by default) and then press Enter again. Below screen will appear. 3.3 Telnet Login Take Windows XP as an example, click Start -> Run and enter “telnet 192.168.0.1” as seen below:...

  • Page 21: Chapter 4 Web Configuration

    User Guide Then press OK, input the username and password “admin/admin” and the following window will appear: Chapter 4 Web Configuration This chapter instructs how to configure switch's functionalities and features on the Web manager. It includes below sections: Menu Submenu Description This section displays the device’s system...
  • Page 22 User Guide Firmware Update Updates firmware. SSL Setup Allows you to encrypt information. User This section allows you to add new users and change old password. Port Setup Displays and allows users to config port rate, flow control and jumbo size. Port Mirroring Displays and allows users to config port mirroring settings.
  • Page 23 User Guide Voice VLAN Allows users to configure voice VLAN (manual or auto). Global Setup Static and dynamic allocations are supported. The default is dynamic allocation. PoE Management Port Setup Two power supply standards: 802.3at and 802.3af. By default, it is 802.3at. Time Range Time Range Allows users to configure absolute time, periodic...
  • Page 24 User Guide DHCP Relay Allows users to implement DHCP among multiple VLANs. DHCP Snooping Allows users to configure DHCP snooping settings, DHCP server trust settings and client access settings. CoS priority 0-7 is supported. Default 0 and 3 correspond to queue 1; 1 and 2 correspond to 2; 4 and 5 correspond to queue 3;...

  • Page 25: Administration

    User Guide DoS Attack Allows users to configure DoS attack defense Defense settings. MAC Attack Allows users to configure MAC attack defense Defense settings. IP Filter Configure IP+MAC+Port+VLAN Binding, ARP filter and IP filter settings. 802.1X Displays and allows you to configure 802.1X settings.
  • Page 26 User Guide Field Description Displays switch's current firmware version Firmware Version and release date. Hardware Version Displays switch's current hardware version. Displays switch’s physical address. MAC Address Displays switch’s management VLAN ID. Management VLAN1 is preset to management VLAN by VLAN default.
  • Page 27 User Guide  Sync with SNTP Server The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Simple Network Time Protocol (SNTP) is another less complex implementation of NTP. It synchronizes time between time servers and clients so that clock-dependent devices on the network can consistently provide diverse time based applications.
  • Page 28 User Guide Note------------------------------------------------------------------------------------------------------------------------------- 1. Current settings will be lost after reset. So if you want to retain current settings, please click Save Configurations. 2. Do not operate the device while reset is in process. Otherwise it may be damaged. ------------------------------------------------------------------------------------------------------------------------------------------- Reboot Click System Configuration ->...

  • Page 29: System Security

    User Guide This section displays current firmware version. To update the switch's firmware, click Browse to locate and select the latest firmware and click Update. The process takes 1-2 minutes to finish. Note------------------------------------------------------------------------------------------------------------------------------- 1. Do not disconnect power connection while upgrade is in process. 2.
  • Page 30 User Guide SSL alert HTTP, FTP,… handshake change protocol protocol cipher spec protocol SSL record protocol  SSL record protocol: Mainly applied for data partition, data calculation, MAC adding, encryption and record block transmission.  SSL handshake protocol: It is a very important part of SSL protocol, mainly used for cryptography negotiation and authentication.
  • Page 31 User Guide Enable/disable SSL Select the desired certificate to download to SSL Certificate the switch. Select the desired SSL Key to download to SSL Key the switch for encryption. Certificate Import Import the downloaded certificate Key Import Import the downloaded key User Click Administration ->...
  • Page 32 User Guide Specify an access right for a corresponding user: Administrator: Has absolute rights to view and config switch's settings and system info. Access Mode Technician: Has the right to view and config switch's settings, except for “Firmware Update”, “User”, “Reset”, “Reboot” settings. User: Has the right to view switch's current settings but no right to manage/config them.

  • Page 33: Port Management

    User Guide Enter the user name in the corresponding input box; Select User or Technician from the Access Mode pull-down menu ; Enter the password, for example, a12345+; Retype the new password; Click OK; Exit from the management interface and use the new user name and password to re-access the switch.
  • Page 34 User Guide Field Description Displays currently actual link rates and duplex Link Status modes on switch ports. "--" is displayed if a port is not linked. Three types of duplex modes are available on Ethernet ports:  Full-duplex: Ports operating in Full-duplex mode can send and receive packets concurrently.
  • Page 35 User Guide Use this option to config the size of a jumbo frame (1518-9216) that the switch is to Jumbo Frame receive. The switch continues data processing within the jumbo frame range. The default jumbo frame size is 1518.  To config a single port, click the corresponding port on the main screen and a screen for configuring the specific port will display.
  • Page 36 User Guide 2. Only ports in the same isolation group cannot intercommunicate, will intercommunication between ports within an isolation group and ports outside such group not be affected. 3. When a port in an aggregation group joins or leaves an isolation group, other ports in such aggregation group will join or leave the same isolation group automatically.
  • Page 37 User Guide as a mirroring destination port. Select a sniffer mode for a corresponding mirroring source port. "None" indicates the corresponding port is not mirrored. Mirroring can be implemented on packets of different directions (incoming/outgoing) on different ports concurrently. When total bandwidth of the mirrored port exceeds that of the mirroring port, packets loss will appear.
  • Page 38 User Guide Buttons on the screen are described below: Field Description Clear Clicking it removes current statistic info. Refresh Clicking it updates current statistic info. Clicking it goes back to the interface which displays all ports’ Back statistic info. 4.2.2 Link Aggregation Link Aggregation Overview Link aggregation groups multiple Ethernet ports together in parallel to act as a single logical link.
  • Page 39 User Guide Benefits of Link Aggregation Double bandwidth: Aggregation-enabled devices treat all physical links (ports) in an aggregation group entirely as a single logical link (port). Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group. This allows packets in a data stream to arrive in the same order they were sent.

  • Page 40: Link Aggregation

    User Guide For LACP aggregation, you must manually maintain the aggregation state of the member ports. Whether ports in LACP group are aggregation ports or not is deterrmined by LLDPBU frame auto-negotiation. Down to 2 member ports must be included in a single aggregation group. LACP is enabled on the member ports in LACP mode.
  • Page 41 User Guide Enter a valid aggregation group number (1-6); Select static aggregation; Select ports to join the aggregation group. Up to 8 ports and down to 2 ports can be added to each. Click OK and the group will be created. Note------------------------------------------------------------------------------------------------------------------------------- Once ports in static aggregation group are linked successfully, they will be aggregated and not be affected by port speed.
  • Page 42 User Guide LACP Parameters—Config  To config LACP parameters Click Port Management -> Link Aggregation -> LACP Protocol and below screen will be displayed: Fields on the screen are described below: Field Description Config system priority (0-65535). The default is System Priority 32768.
  • Page 43 User Guide To config LACP parameters on a group of ports as a batch task: click Config as seen below: Application Example of LACP Configurable range of system priority is 0-65535 and the default is 32768. When system priority is set, ports in LACP aggregation group with higher priority will be selected.

  • Page 44: Vlan Management

    User Guide 2) By default, after negotiation, LACP aggregation group 5 contains port 1 and port 3. Then, on the LACP protocol interface, group ID 5 will be only displayed on port 1 and port 3. 3) Set Switch A’s system priority (on the LACP protocol interface) to a value which is smaller than 32768 so that switch A’s priority is higher than switch B’s.

  • Page 45: Vlan

    User Guide 4.3.1 VLAN VLAN Overview A Virtual Local Area Network (VLAN) is a network topology which allows to logically instead of physically segment a LAN into several net segments. A VLAN combines a group of hosts with a common set of requirements logically instead of physically relocating devices or connections.
  • Page 46 User Guide user B and user C to the other VLAN. 802.1Q VLAN VLAN Tag: As defined in IEEE 802.1Q, a four-byte VLAN tag is inserted after the DA&SA field to identify frames of different VLANs. (1) TPID: The 16-bit TPID field with a value of 0x8100 indicates that the frame is VLAN-tagged. (2) Priority: The 3-bit priority field indicates the 802.1P priority of the frame (0-7).
  • Page 47 User Guide corresponding If the VID of packet is VLAN according to corresponding the same as the PVID the VID in the Tag VLAN according of the port, the packet to PVID on this will be forwarded after Trunk port removing its VLAN tag;...
  • Page 48 User Guide  To switch to Port VLAN: Select Port VLAN and click OK. 802.1Q VLAN--Config To enter the screen below, click VLAN Management -> 802.1Q VLAN.  To add QVLAN/Access port:...
  • Page 49 User Guide Click New to enter below screen: 1. Enter 2 in VLAN ID field. 2. Select port1 and port2 from Available Port and click to move them to Member Ports. 3. Click OK and below screen will be displayed. Note------------------------------------------------------------------------------------------------------------------------------- 1.
  • Page 50 User Guide 3. Select port2 from Member Ports and click 4. Click OK.  Add trunk port 1. Click Trunk Port to enter the trunk port interface. Click New. Enter "1~24" in Trunk Port field. Enter 1 or an existing VLAN ID in the PVID field. Click VLAN All or enter "1-4094"...
  • Page 51 User Guide  Edit trunk port 1. Click trunk port 1. 2. The PVID is configurable and must be an existing VID and between 1 and 4094. 3. If you only want the trunk port to carry some VLANs, you can delete the unwanted VLANs or add desired VLANs.
  • Page 52 User Guide  Add a hybrid port 1. Click Hybrid Port to display below screen: 2. Click New and enter a port number in the Hybrid Port field. You can add multiple ports by entering "x-x" (where x represents any number between 1 and 24). For example, "1-24" denotes 24 ports while "1, 24" indicates 2 ports.
  • Page 53 User Guide The PVID is configurable and should be an existing VID and between 1 and 4094. Add/delete currently configured Tagged VLAN and Untagged VLAN. Click OK. Note-------------------------------------------------------------------------------------------------------------------------------- 1. Tagged VLAN and Untagged VLAN should not share the same VID. 2.
  • Page 54 User Guide Note-------------------------------------------------------------------------------------------------------------------------------- An existing Trunk port cannot be directly configured as a Hybrid port. However, you can convert a Trunk port into a Hybrid port by first deleting it from Trunk ports and then setting it to a Hybrid port. Deleted hybrid ports will join VLAN1 as access ports.

  • Page 55: Mac Vlan

    User Guide 2. Select port1 and port2 in Member Ports and click to move it back to Available Ports. 3. Click OK.  Add members to a port VLAN To add new ports to an existing port VLAN, click the corresponding VLAN ID to enter related interface for configuration.
  • Page 56 User Guide 3. If the MAC address of a Host is classified into 802.1Q VLAN, please set its connected port of the switch to be a member of this 802.1Q VLAN so as to ensure the packets are forwarded normally. MAC VLAN---Config MAC VLAN can only be valid in 802.1Q VLAN mode.

  • Page 57: Protocol Vlan

    User Guide 4.3.3 Protocol VLAN Overview Protocol VLAN, another way to classify VLANs based on network protocol, can bind ToS provided in the network to VLAN to realize the specific service. Through protocol VLAN, the switch can analyze the received untagged packets on the port and match the packets with the user-defined protocol template according to different encapsulation formats and the values of the special fields.
  • Page 58 User Guide matched, the switch will add a tag to the packet according to the PVID of the received port and forward packets in the corresponding VLAN. Thus, the packet is assigned automatically to the corresponding VLAN for transmission. 2. When receiving a tagged packet, the switch will process it based on the 802.1Q VLAN. If the received port is the member of the VLAN to which the tagged packet belongs, the packet will be forwarded normally.
  • Page 59 User Guide letters (case-sensitive), numbers and underlines can be configured here. 3. Enter the specific protocol Ether Type (0x600-0xFFFF). The corresponding relationship between Ether Type and protocol name is shown as below: Ether Type Corresponding Protocol Name 0x0806 0x0800 0x8847/0x8848 MPLS 0x8137 0x8000...

  • Page 60: Voice Vlan

    User Guide  Add protocol VLAN 1. Click New to enter interface below: 2. Select protocol name from the pull-down list. 3. Enter VLAN ID. This VLAN ID must exist in 802.1Q VLAN already. 4. Click to move ports from Available Port to VLAN-Included Port. 5.
  • Page 61 User Guide of voice traffic and guaranteeing communication quality. Voice Stream Recognition According to the source MAC fields of the ingress packets, this device can distinguish whether the data flow is voice data flow or not. If the source MAC address conforms to the voice device’s OUI (Organizationally Unique Identifier) address, the packets will be regarded as voice data flow and the port which has received the voice data flow will automatically join the voice VLAN.

  • Page 62: Global Setup

    User Guide connected port must be voice VLAN and voice VLAN is allowed to pass on the connected port. Hybrid: Supported, but the default VLAN of the connected port must be voice VLAN and exist in allowed untagged VLAN list. As for phones which require manually configured IP address and voice VLAN ID, the matching relationship is relatively simple, for only tagged voice traffic can be sent.

  • Page 63: Port Setup

    User Guide  To configure voice VLAN setup: Select Enable or Disable from the pull-down list. Voice VLAN security mode is disabled by default. From the Voice VLAN Aging Time field, specify the amount of time between 5 and 43200min. As for the port joining in voice VLAN under auto mode, if the system doesn't receive any voice message after ageing time, this port will be deleted from voice VLAN automatically.
  • Page 64 User Guide  To batch configure voice VLAN port setttings, click Config on the port setup page: OUI Setup Click VLAN Management-> Voice VLAN -> OUI Setup to enter interface below:  To configure OUI settings: 1. To add a new OUI address, click Add on the OUI Setup page.

  • Page 65: Poe Management

    User Guide Fields on the screen are described below: Field Description Configures source MAC address (xxxx-xxxx-xxxx) OUI Address sent by voice devices. Click to select the prompted mask. The default is FFFF-FF00-0000, indicating the top 24 bits must Mask match the OUI address and the last 24 bits are arbitrary.
  • Page 66 User Guide Fields on the screen are described below: Field Description Configures PoE power management mode. When it is static, you can configure power allocation manually. When power supply is connected on the port, part of power will be enforced to be reserved Power Management for this port and can't be used by other ports.
  • Page 67 User Guide Field Description Enable PoE Displays PoE is enabled or not. Power Supply Displays the current PoE power standard (AT or Standard AF). Transmission Displays PoE power. Power Displays PD level of the current connected port PD Level when power supply is normal. IEEE 802.3at: 0-4; IEEE 802.3af: 0-3.

  • Page 68: Time Range Management

    User Guide 4.5 Time Range Management If a configured ACL is needed to be effective in a specified time-range, a time-range should be firstly specified in the ACL. As the time-range based ACL takes effect only within the specified time-range, data packets can be filtered by differentiating the time-ranges.
  • Page 69 User Guide display “--”. Delete Click to delete the corresponding time range. Click to create a new time range.  To create or modify time range, click New on the Time Range page to enter interface below: Fields on the screen are described below: Field Description Time Range ID...

  • Page 70: Device Management

    User Guide 4.6 Device Management 4.6.1 MAC MAC Forwarding Table Overview An Ethernet device uses a MAC address table for forwarding frames through unicast instead of broadcast. This table describes from which port a MAC address (or host) can be reached. When forwarding a frame, the device first looks up the MAC address of the frame in the MAC address table for a match.
  • Page 71 User Guide Note-------------------------------------------------------------------------------------------------------------------------------- The VLAN field displays "--" for port VLANs. -------------------------------------------------------------------------------------------------------------------------------------------  To display MAC address entries on a single port Click the corresponding port number, and all MAC address entries on it will be displayed.  Bind Click this button to bind corresponding MAC address to a specific port. And the same button changes to Bound after being clicked.
  • Page 72 User Guide  To delete a single MAC address Click the Delete button next to the corresponding MAC address.  To delete a batch of MAC address concurrently Check corresponding check boxes and click Batch Delete.  To delete all MAC address entries, click Delete All. Note-------------------------------------------------------------------------------------------------------------------------------- The Delete All and Batch Delete options do not take effect on bound MAC address entries.

  • Page 73: Stp

    User Guide  To delete a single MAC address, click the Delete button next to the corresponding MAC address.  To delete a batch of MAC address concurrently, check corresponding check boxes and click Batch Delete. Note-------------------------------------------------------------------------------------------------------------------------------- 1. A certain interface’s MAC address and VLAN ID can be bound to another interface. 2.
  • Page 74 User Guide responsive to other RSTP bridge's link status. The port does not need to wait for the topology to become stable. Edge port and P2P port are introduced to the protocol for faster transition. The explanation of an Edge port and a P2P port is shown below: ...
  • Page 75 User Guide Octet 39-89 for MST Configuration Identifier Global Setup Click Device Management -> STP -> Global Setup to enter interface below: Fields on the screen are described below: Field Description Enable/Disable STP globally. STP Status By default, the STP feature is disabled. Select the desired version of STP version: STP Version MSTP/RSTP/STP compatible to eliminate loops on...
  • Page 76 User Guide Select a BPDU processing method: Broadcast/Filter. BPDU This option takes effect only if STP is disabled Processing globally. By default, BPDU packets are broadcasted. Config a max aging time for messages. You may Max Age choose a time between 6 and 40 seconds. The default value is 20s.
  • Page 77 User Guide Config MSTP modification level. Valid range is Modification Level 0-65535. The default is 0. Format Selector Display 0. A value worked out by VLAN mapping, Configuration belonging to an important parameter of the Abstract inter-domain calculation. MSTP Instance Click Device Management ->...
  • Page 78 User Guide Port Setup To configure STP port settings, click Device Management -> STP -> Port Setup. To config STP settings on a single port, click the corresponding port as seen below: Fields on the screen are described below:...
  • Page 79 User Guide Field Description Select to enable/disable the STP feature or make no change. By default, the STP feature is STP Status disabled. To activate the STP feature, you must enable STP both globally on the entire device and specifically on desired port(s). An edge port is a port that is connected to the terminal directly.
  • Page 80 User Guide Port Statistics To display STP port statistic info, click Device Management -> STP -> Port Statistics. Application Example of MST Typical application structure overview As the topology shown above, Device 1 and Device 2 belong to the same domain (the same domain name, the same modification level and the same instance mapping).
  • Page 81 Set ports on Device 1 and Device 2 to Hybrid and Tagged; Set Device 1 and Device 2’s domain name to TEG3224P, set modification level to the default 0 and configure mapping between instances and VLANs: instance 1 maps VLAN 10, 30, 100;...
  • Page 82 User Guide your configurations. In this way, packets of different VLANs can be forwarded via different instances. 4.6.3 LLDP LLDP Overview LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used for network devices to advertise their own device information periodically to neighbors on the same IEEE 802 local area network. The advertised information, including details such as device identification, capabilities and configuration settings, is represented in TLV (Type/Length/Value) format according to the IEEE 802.1ab standard, and these TLVs are encapsulated in LLDPDU (Link Layer Discovery Protocol Data Unit).

  • Page 83: Lldp

    User Guide Fields on the screen are described below: Field Description LLDP Enable/ Disable LLDP feature. Sending The interval among each LLDP message (5~32768s). Interval TTL value is used to configure neighbor info’s age time on local devices. TTL = Multiplier Min (65535, (TTL multiplier ×...
  • Page 84 User Guide Field Description Port Displays corresponding port numbers. LLDP Working Displays LLDP working status: Disable, TX, RX or TX & RX. Status Config Click Config to go to LLDP Batch Ports Setup page. To config LLDP settings on a single port, click the corresponding port as seen below: To config LLDP settings on a batch of ports concurrently, click Config as seen below: Fields on the screen are described below: Field...

  • Page 85: Igsp

    User Guide Neighbor Info To display neighbor info, click Device Management -> LLDP -> Neighbor Info. Fields on the screen are described below: Field Description Local Port Display the port which receives LLDP packet. System Display the neighboring device's system name. Name Neighbor Display the port which sends LLDP packets on the...
  • Page 86 User Guide conversation between hosts and routers. Principle of IGMP snooping By listening to the conversations between hosts and routers, the switch maintains a map of links which need IP multicast streams. Multicast streams may be filtered from the links which do not solicit them. An IGMP-Snooping-disabled layer-2 device will flood multicast traffic to all the ports in a broadcast domain (or the VLAN equivalent).
  • Page 87 User Guide the member port that corresponds to the host expires, the switch immediately deletes its forwarding entry from the forwarding table. When an IGMPv2 or IGMPv3 host leaves a multicast group, it sends an IGMP leave message to the multicast router to inform of such leave.

  • Page 88: Snmp

    User Guide Group-general Config max amount of time in response to Query Max group-general query messages (1-25 sec). The Response Time default is 10s. Group-specific Config max amount of time in response to Query Max group-specific query messages (1-5 sec). The Response Time default is 2s.
  • Page 89 User Guide SNMP, using polling scheme, is suitable for use in small-sized network environment demanding high speed and low cost. SNMP, implemented through the connectionless UDP, can seamlessly interoperate with multiple devices. SNMP Work Mechanism The SNMP framework comprises NMS and Agent: NMS—Network Management Station NMS, is a station that runs the SNMP client software to monitor and manage the SNMP-capable devices in the network.
  • Page 90 User Guide 3. Specify a Max Packet Size value, the default is 1500. 4. Configure contact info. The default is www.Tendacn.com. 5. Here you can specify device's physical location. 6. SNMP Version: Select V1, V2c or V3. 7. Click Add to create a community name as seen below: Note: You must create a view before you can create a community.
  • Page 91 User Guide Note: You must create a group before you can add a user. 1. Specify a user name, say, zhangsan. 2. Specify a group name. All existing groups are displayed in the drop-down list. 3. Select a Security Level from the drop-down list. 4.
  • Page 92 User Guide Note: You must create a view before you can create a group. 1. Specify a group name, say, Tenda. 2. Specify a security level, say, auth/nopriv. 3. Specify Read only View, Read & Write View, Notification View respectively from the corresponding drop-down list.
  • Page 93 User Guide 1. Specify a view name, say, qq. 2. Specify a MIB subtree OID, say, 1.2.1. 3. Specify a view rule from the drop-down list. Enable Trap To config SNMP Trap settings, click Device Management -> SNMP -> Enable Trap as below: By default, the SNMP Trap feature is enabled on each port.
  • Page 94 User Guide To config the host, do as follows: 1. Click Add to enter the following screen: 2. Enter an IP address in the Target Host IP field. Note that the host IP must be a legal unicast address and should be on the same IP net segment as the switch, say "192.168.0.77". 3.
  • Page 95 User Guide clients, so that it can relay DHCP broadcast messages to your DHCP server. Data forwarding of DHCP relay agent is different from general routing forwarding. General routing forwarding is relatively transparent and usually the transmitted IP packets won’t be modified. However, if DHCP relay agent receives a DHCP packet, it will generate a new one and forward it out.

  • Page 96: Dhcp Relay

    User Guide Discard the packets including the Drop Option82 field. Packets without switch-defined into Option82 Option82 field. DHCP Relay Global Setup Click Device Management -> DHCP Relay -> Global Setup to enter interface below: Fields on the screen are described below: Field Description Enable/Disable DHCP relay feature.
  • Page 97 User Guide To create a new VLAN virtual interface, click New as below: 1. Specify the VLAN ID ranging from 2 to 4094 and the VLAN ID must be existing 802.1Q VLAN ID. 2. Enable the IPV4 setup status. 3. Enter the valid IPV4 address, say, 1.1.1.1. 4.
  • Page 98 User Guide To modify the VLAN virtual interface, click the corresponding VLAN ID as below: Remote DHCP Server Click Device Management -> DHCP Relay -> Remote DHCP Server to enter interface below: 1. To create a remote DHCP server, click New as below:...
  • Page 99 User Guide 2. Specify the server ID (1-4). 3. Specify the IP address, say 1.1.1.10. 4. Click OK. Then continue to create remote DHCP server 2 as the same steps listed above. Note-------------------------------------------------------------------------------------------------------------------------------- The remote server must be in the same network segment with one of the virtual interfaces. Virtual interfaces on which DHCP relay has been enabled can’t select remote servers which are in the same network segment with virtual interfaces themselves.
  • Page 100 User Guide 2. Click the corresponding interface ID, say 2, and the interface ID corresponds to the existing VLAN virtual interface ID. 3. Select Enable from the DHCP Relay Setup drop-down list. 4. Select Server ID, say 2, and click OK. DHCP relay on VLAN virtual interface 2 is enabled. When all DHCH relay settings are finished, clients connected to all servers in VLAN 2 can obtain IP from the DHCP IP pool in VLAN 3.
  • Page 101 User Guide When DHCP relay is enabled and Client sends out DHCP REQUEST packets, follow below steps to configure the switch: 1. View corresponding server ID of VLAN virtual interface 2 from the DHCP Relay Setup interface, say 2. View corresponding IP of this server ID, say 2.2.2.20. 3.

  • Page 102: Dhcp Snooping

    User Guide Fields on the screen are described below: Field Description Enable/Disable DHCP snooping feature DHCP Snooping globally. By default, it is disabled. Source MAC Config whether source MAC address Address Check-up check-up feature is enabled or not. Port Setup To configure DHCP snooping port settings, click Device Management ->...
  • Page 103 User Guide Enable/Disable option 82. Option 82 Option82 Status records DHCP clients' location info. When DHCP snooping receives DHCP packets, it will process these packets according to whether Option 82 included, processing strategy of user configuration Option82 Strategy and fill pattern, and then forward them to DHCP server.

  • Page 104: Qos

    User Guide IP Address Displays the user binding's IP address. MAC Address Displays user binding's MAC address. VLAN Displays user binding's VLAN ID. Port Displays user binding's port number. Remaining Displays user binding's remaining lease time. Lease Time Delete Click it to delete the user binding. 4.7 QoS 4.7.1 QoS Configuration QoS Overview...
  • Page 105 User Guide contained in the priority field of the TCI. It is made up of 3 bits and with available values ranging from 0 to 802.1QTag The 802.1P priority tags are mapped to the Switch’s priority queues as follows: 802.1P Priority Queue 1, 2 0, 3...
  • Page 106 User Guide Strict Priority Queueing is specially designed to meet the demands of critical services or applications. Critical services or applications such as voice are delay-sensitive and thus require to be dequeued and sent first before packets in other queues are dequeued on a congested network. For example, 4 egress queues 3, 2, 1 and 0 with descending priority are configured on a port.
  • Page 107 User Guide Scheduling Scheme Click QoS -> QoS Configuration -> Scheduling Scheme to enter interface below:  To configure scheduling scheme, select SP or WRR from the pull-down list and then click OK.  To configure queue settings, select WRR scheduling scheme first, and then configure the queue weight values accordingly.
  • Page 108 User Guide Note------------------------------------------------------------------------------------------------------------------------------- When congestions occur, the device will first map DSCP values to CoS values according to the configured mapping relationships. Then according to the CoS-queue mapping table, it assigns packets with DSCP priority to queues which CoS priority corresponds to. ------------------------------------------------------------------------------------------------------------------------------------------- Port Priority To configure port priority settings, click QoS ->...

  • Page 109: Traffic Control

    User Guide  To configure port priority settings on multiple ports, click Config. Note------------------------------------------------------------------------------------------------------------------------------- For packets with CoS and DSCP enabled, DSCP takes effect. For packets with only CoS enabled, CoS takes effect. For packets without CoS and DSCP, port priority takes effect. ------------------------------------------------------------------------------------------------------------------------------------------- 4.7.2 Traffic Control Bandwidth Control...
  • Page 110 User Guide  To configure rate limit on multiple ports, click Config. Storm Constrain Storm Constrain function allows the switch to filter broadcast, multicast and unknown unicast frames in the network. If the transmission rate of the three kind packets exceeds the set bandwidth, the packets will be automatically discarded to avoid network broadcast storm.

  • Page 111: Acl

    User Guide  To configure storm constrain settings on a specified port, click the corresponding port.  To configure storm constrain settings on multiple ports, click Config. 4.7.3 ACL ACL Overview As traffic increases and network grows, network security appears more and more important. Pack filter can effectively block unauthorized users from accessing network and control traffic volume on the network for the purpose of conserving network resources.
  • Page 112 User Guide MAC Based ACL Click QoS -> ACL -> MAC Based ACL to enter interface below:  This page displays all existing MAC based ACLs and rules thereof.  To delete an existing MAC based ACL Select the ACL you wish to delete from the ACL drop-down list and click on the Delete ACL button. ...
  • Page 113 User Guide Select an ACL Click Add Rule. Configure required settings and click OK. Fields on the screen are described below: Field Description Select ACL Select an existing ACL and specify rules for it. Specify a priority for a given rule, which determines match scheduling order.
  • Page 114 User Guide Click the corresponding rule you wish to modify, configure required modifications and click OK.  To delete a rule Check the rule you wish to remove and click Delete Rule. IP Based ACL Click QoS -> ACL -> IP Based ACL to enter interface below: ...
  • Page 115 User Guide Select an ACL from the ACL drop-down list and click Add Rule to enter the corresponding interface. Specify a rule for the ACL and click OK. Fields on the screen are described below: Field Description Select ACL Select an existing ACL and specify rules for it. Specify a priority for a given rule, which determines match scheduling order.
  • Page 116 User Guide match existing rules (64~1048576kbps). The default action is Prohibit. Select time range ID for rule application. Within the set time range, rules will take effect. By default, no Time Range ID time range is specified and ACL rules take effect at any time.

  • Page 117: Security

    User Guide Select the port and the ACL you wish to unbind and then click OK. 4.8 Security 4.8.1 Attack Defense ARP Attack Defense If a switch continuously receives an enormous number of ARP messages on a specific port, it will not function properly as CPU is overloaded and, worse still, may break up.
  • Page 118 User Guide Limit disabled. Note: ARP rate limit enabled ports will check current ARP rate every 60s and discard ARP messages received if current ARP RX rate exceeds the set ARP RX rate threshold. The default is 100PPS. Port ARP RX Note: PPS refers to the number of packets per Rate second.
  • Page 119 User Guide Worm Attack Defense Worm Attack Defense prevents virus/worm infected PCs being spread to targeted healthy PCs and the whole network by scanning for security failures. Once Worm Attack Defense feature is enabled, the switch directly discards messages that match features of predefined virus so that PC and other network devices will not be infected.
  • Page 120 User Guide 2. Enter the virus name, say, SQLSlammer. 3. Specify a protocol, say, TCP or UDP. 4. Specify the TCP destination port number, say, 1434. 5. Click OK and defense against this virus attack is automatically enabled. What you just added will appear on the page.
  • Page 121 User Guide Note------------------------------------------------------------------------------------------------------------------------------- The device supports up to 20 virus types. ------------------------------------------------------------------------------------------------------------------------------------------- DoS Attack Defense DoS Attack Defense prevents potential attackers from making a machine or network resource unavailable to its intended users by saturating the target machine with large amount of malicious communication requests.
  • Page 122 User Guide This section displays the current number of MAC addresses that can be learned on corresponding ports and drop status of unknown MAC address. By default, the number of MAC addresses that a port can learn is not limited. ...
  • Page 123 User Guide Address Limit: Config it according to the actual network environment. By default, the number of MAC addresses that each port can learn is not limited. Unknown MAC Address Drop: If enabled, corresponding port(s) will discard packets where source MAC addresses are not in the MAC address table when reaching the set address limit, otherwise, continue forwarding.
  • Page 124 User Guide 6. Click Bind and system will automatically bind the IP addresses on the current page, namely 10 items. To re-search for host, click the Search Hosts button to return to the search page. To delete a single host just searched, click the corresponding Delete button. To delete all searched host, click Delete All.

  • Page 125: Ip Filter

    User Guide Fields on the screen are described below: Field Description Determine whether to connect selected port to gateway. Yes: Connect selected port to gateway and IP Filter is Connect to unavailable for configuration. Gateway No: Do not connect selected port to gateway and IP Filter is available for configuration.

  • Page 126: Mac Filter

    User Guide  Delete binding entry To delete a batch of binding entries concurrently, click the Batch Delete button on the IP+MAC+Port+VLAN Binding screen; to delete a single binding entry, on the IP+MAC+Port+VLAN Binding screen, click the Delete button at the end of the entry. Note------------------------------------------------------------------------------------------------------------------------------- After you delete a binding entry on a port, go to Port Filter Setup interface to check whether the IP filter is disabled, if not, such port will not be able to receive any IP packets.
  • Page 127 User Guide  To add MAC address filter 1. Click Add to enter interface below: 2. Specify the VLAN ID in the VLAN field. Valid range is 1-4094 and the VLAN ID must already exist. 3. Enter the MAC address you wish to filter, such as “0000-aaaa-aaaa”. 4.
  • Page 128 User Guide supplicant is a client device (such as a laptop) that wishes to attach to the LAN/WLAN - though the term “supplicant” is also used interchangeably to refer to the software running on the client that provides credentials for the authenticator. The authenticator is a network device, such as an Ethernet switch or wireless access point;...
  • Page 129 User Guide Fields on the screen are described below: Field Description Configure global 802.1X status Enable: Enable 802.1X feature globally. Disable: Disable 802.1X feature globally. By default, the 802.1X feature is disabled Global Mode globally on the device. Note: 802.1X settings take effect only when the 802.1X feature is enabled on both the device and specific ports.
  • Page 130 User Guide  To configure MAC based 802.1X settings on a single port 1. Click the corresponding port. 2. Select Enable from Mode drop-down list and Auto from Port Control Mode drop-down list. 3. Select MAC from Access Control Method drop-down list. 4.

  • Page 131: Smart Configuration

    User Guide 802.1X Port Statistics To display 802.1X port statistics, click Security -> 802.1X -> 802.1X Port Statistics as below: Fields on the screen are described below: Field Description Port Corresponding Port Number EAP: EAP packets sent from ports to 802.1x clients. RADIUS:RADIUS packets sent from ports to 802.1x server.
  • Page 132 User Guide Fields on the screen are described below: Field Description The priority of a Cash Register Server Port Cash Register will be automatically set to 7 and 2 cash Server Port register server ports can be configured. If a port is set as a monitor server port, flow Monitor Server Port control monitoring...
  • Page 133 User Guide installed physical hard drives to employ network booting to load its operating system from a server. It lowers hotel production/maintenance cost and delievers unified management at ease for IT admininstrators.  GHOST Service: GHOST (General Hardware-Oriented System Transfer) is a disk cloning program that supports unicast, multicast (by default) and broadcast transfers.

  • Page 134: For Business

    User Guide 4.9.2 For Business Smart Port Setup Click Smart Configuration -> For Business -> Smart Port Setup to enter interface below (Specify file server port and router port according to your practical needs.): Fields on the screen are described below: Field Description File Server Port...

  • Page 135: Maintenance

    User Guide 4.10 Maintenance 4.10.1 Syslog Syslog Overview As the system information hub, system logs classify and manage system information. Together with the debugging command, system logs offer a powerful support for network administrators and developers to monitor network operation and diagnose malfunction. The system logs have the following features: 1) Classification of Syslog Log: log info...

  • Page 136: Network Diagnostics

    User Guide Log Setup To configure log settings, click Maintenance -> Syslog -> Log Setup as below: Fields on the screen are described below: Field Description Enable Logging Enable/disable Log feature. By default, it is enabled. Enable Server Check to enable log server. Severity Only logs of severity level equal to or lower than Level...
  • Page 137 User Guide Cable Check-up On this device, you can test current cabling situations on all Ethernet interfaces, pair A, B, C, D connection status and pair length included. Click Maintenance -> Network Diagnostics -> Cable Check-up to enter interface below: Specify the check-up port field as you wish and click OK.
  • Page 138 User Guide Fields on the screen are described below: Field Description Specify the destination host IP which should be Destination in the same network segment as this device. Address This field is blank by default. Configure ICMP request sending packets Sending Times (1~10).

  • Page 139: Logout

    User Guide (2) Device B (the first L3 device packets have reached) replies with an ICMP error of TTL timeout (Device B’s IP 1.1.1.2 included), thus Device A obtains the first L3 device’s IP (1.1.1.2); (3) Device A re-transmits an IP packet to Device D and TTL value is 2. (4) Device C replies with an ICMP error of TTL timeout, thus Device A obtains the second L3 device’s IP (1.1.2.2);...

  • Page 140: Save Configurations

    User Guide 4.12 Save Configurations Configurations on switch will be lost if they are not saved before switch reboots. So do save them on this screen before you reboot the switch. 1. Save Current Settings Use this feature to save device current configurations to ensure you will still have them on the switch even after the device restarts.

  • Page 141: Chapter 5 Cli Configuration

    "con" field automatically.  To go back to previous directory, press the "/" key. "/" is invalid in "Tenda #".  To activate a command, press Enter after you finish entering it.

  • Page 142: Config Ip Address Manually

    Note: Config contact as Tenda TENDA (config)# snmp-server location Shenzhen Note: Config location as Shenzhen 5.3.3 Config IP address manually TENDA (config)# ip address 192.168.111.217 255.255.255.0 Note: Config a static IP address TENDA (config)#ip route 192.168.111.1 Note: Config a gateway IP address...

  • Page 143: System Time Configuration

    TENDA# no service telnet Note: Disable Telnet service 5.3.6 System Time Configuration TENDA# clock set 14:09:30 4 11 2012 Note: Manually set system date and time to Apr 11 2012 and 14:09:30 respectively TENDA(config)# sntp enable Note: Enable SNTP server...

  • Page 144: Web Login Timeout Configuration

    Note: Set storm constrain ratio to 20% TENDA(config-if)# port-isolated Note: Enable port isolation TENDA(config-if)# mtu 9600 Note: Set max jumbo frame size to 9600B on the port 5.3.11 Port mirroring configuration TENDA(config)# monitor destination interface gigabitethernet 0/8 Note: Config port 8 as the mirroring destination port...

  • Page 145: View Rx/Tx Packet Statistics

    User Guide TENDA(config)# monitor source interface range gigabitethernet 0/1-3 rx Note: Config ports 1-3 as mirroring source ports and sniffer mode as Ingress. TENDA(config)# monitor source interface range gigabitethernet 0/4-5 tx Note: Config ports 4-5 as mirroring source ports and sniffer mode as Egress.
  • Page 146 User Guide TENDA(config)# interface range gigabitethernet 0/1-2 TENDA(config-if)# no trunk-group Note: Delete member ports 1-2 from the aggregation group  Config LACP settings TENDA(config-if)# lacp priority 65535 Note: Set LACP port priority to 65535 TENDA(config-if)# lacp timeout long Note: Set timeout to long...

  • Page 147: Vlan Configuration

    Note: Enter the directory of port 2 TENDA(config-if)# switchport mode trunk Note: Set port 2 to a Trunk port TENDA(config-if)# switchport trunk native vlan 1 Note: Set the PVID of Trunk port 2 to 1 TENDA(config-if)# switchport trunk allowed vlan all...
  • Page 148 TENDA(config-if)# switchport trunk native vlan 2 Note: Set the PVID of Trunk port 24 to 2 TENDA(config-if)# switchport trunk allowed vlan add 1,2 or 1-2 Note: Set Trunk port to carry VLANs 1-2 TENDA(config-if)# switchport trunk allowed vlan except 2...
  • Page 149 User Guide Note: Set port 10 to carry untagged VLAN4094 TENDA(config-if)# switchport hybrid allowed vlan untagged except 30 Note: Set port 10 to carry all untagged VLANs except VLAN30 TENDA(config-if)# switchport hybrid allowed vlan untagged remove 4094 Note: Delete VLAN4094 from untagged VLANs; VLAN4094 then cannot be carried on the port ...

  • Page 150: Mac Vlan

    TENDA# configure terminal TENDA(config)# vlan 2 Note: Create QVLAN2 TENDA(config)# mac-vlan 0000.0000.0001 vl1 vlan 2 cos 0 Note: Add MAC VLANs whose MAC address is 0000.0000.0001. It is described as v11 and corresponds to vlan2 with cos 0. TENDA# configure terminal TENDA(config)# no mac-vlan 0000.0000.0001...

  • Page 151: Mac Configuration

    TENDA# show voice vlan interface gigabitethernet 0/6 Note: View single port info in voice VLAN  Voice VLAN OUI settings TENDA(config-if)# voice vlan mac-address c234-1200-0000 mask ffff-ff00-0000 description m23 Note: Configure voice VLAN OUI settings TENDA(config-if)# voice vlan vvid 2 Note: Configure Voice Vlan ID...

  • Page 152: Qos Configuration

    Note: Add static MAC address of 0000.0000.0002 to port 1 of VLAN1 TENDA(config)# no mac-address-table static Note: Delete all static MAC addresses TENDA(config)# no mac-address-table static 0000.0000.0002 interface gigabitethernet 0/1 vlan 1 Note: Delete a single static MAC address ...

  • Page 153: Stp Configuration

    Note: Set Scheduling Scheme to SP TENDA(config)# QoS scheduler wrr Note: Set Scheduling Scheme to WRR TENDA(config)# wrr-queue bind-width 1 6 10 31 Note: Assign QoS weights: 1,6,10 and 31 to queues: 1,2,3 and 4 respectively 5.3.21 STP Configuration ...
  • Page 154 TENDA(config)# spanning-tree forward-time 4 Note: Set Forward Delay to 4s TENDA(config)# spanning-tree mstp max-hops 30 Note: Set max hops to 30 TENDA(config)# spanning-tree mstp 0 priority 32768 Note: Set instance priority Note------------------------------------------------------------------------------------------------------------------------- BPDU message broadcast and filter take effect when STP is disabled.
  • Page 155 TENDA(config-if)# no spanning-tree link-type point-to-point Note: Delete current p2p port setting and restore it to factory default TENDA(config-if)# spanning-tree mstp 10(0-15) cost default Note: Set path cost to 802.1t auto mode in the instance TENDA(config-if)# spanning-tree mstp 0 cost 2000...

  • Page 156: Igmp Configuration

    User Guide TENDA(config-if)# no spanning-tree mstp 0 cost Note: Delete current port path cost setting and restore it to factory default TENDA(config-if)# no spanning-tree mstp 2 port-priority Note: Delete current instance priority setting and restore it to factory default ...

  • Page 157: Time Range Management

    Note: Disable IGMP port fast leave 5.3.23 Time Range Management  Configure time range TENDA(config)# timerange 99 absolute start time 11 23 2010 end time 08 16 2013 Note: Configure absolute time TENDA(config)# timerange 67 weekday 8 Note: Configure periodic time...

  • Page 158: Poe Management

     Add MAC based ACL rule TENDA (config)# access-list 125 TENDA(config)# mac access-list 125 Note: Enter ACL 125 TENDA(config-mac-nacl)# rule 1 deny vlan 2 eth-type any src-mac any dst-mac any Note: Add rule 1 and deny all packets to pass...
  • Page 159 TENDA(config)# ip access-list extended 1 Note: Enter ACL 1 TENDA(config-ip-nacl)# rule 1 deny tcp src-ip any eq any dst-ip any eq any Note: Add rule 1 and deny all TCP packets to pass TENDA(config-ip-nacl)# rule 2 rate-limit 64 ip src-ip 192.168.10.1 src-ip-mask any dst-ip any Note: Add rule 2 and set RX rate of packets with the source IP address of 192.168.10.1 to 64kbps...

  • Page 160: Dos Attack Defense Configuration

     Delete port binding TENDA(config)# mac access-list 125 Note: Enter ACL 125 TENDA(config-mac-nacl)# no bind-to interface range gigabitethernet 0/1 Note: Delete binding between ACL 125 and port 1 TENDA(config)# ip access-list extended 1 TENDA(config-ip-nacl)#no bind-to interface range gigabitethernet 0/1-4 Note: Enter ACL 1 and unbind ACL 125 with ports 1-4 ...

  • Page 161: Worm Attack Defense Configuration

    TENDA(config)# no ip deny blat-udp Note: Disable BLAT UDP Attack Defense 5.3.27 Worm Attack Defense Configuration TENDA(config)# filter aaa tcp 10 on Note: Enable filter of TCP virus packets with destination port number of 10 TENDA(config)# filter aaa tcp 10 off...

  • Page 162: Arp Attack Defense Configuration

    Enable ARP Attack Defense TENDA(config)# interface gigabitethernet 0/10 TENDA(config-if)# ip arp inspection trust TENDA(config-if)# ip arp inspection limit rate 200 Note: Enable ARP attack defense on port 10 and ARP RX rate to 200PPS TENDA(config)# interface rang gigabitethernet 0/11-20 TENDA(config-if)# ip arp inspection trust...

  • Page 163: Ip Filter Configuration

    Note: Add IP+MAC+Port+VLAN binding entry: bind the IP address of 192.168.0.5 and MAC address of 0000.0000.0006 to port 1 TENDA(config)# ipmacbind 192.168.0.5 0000.0000.0002 4094 interface gigabitethernet 0/5 Note: Add IP+MAC+Port+VLAN binding entry: bind the IP address of 192.168.0.5 and MAC address of 0000.0000.0002 to port 5 in VLAN4094...

  • Page 164: Dhcp Relay

    Display IP+MAC+Port+VLAN binding entry TENDA# show ipmacbind Note: Display all IP-MAC-Port-VLAN binding entries TENDA# show ipmacbind interface gigabitethernet 0/1 Note: Display port filter settings and IP+MAC+Port+VLAN binding entries on a single port TENDA# show ipmacbind interfaces Note: Display all port filter settings and IP+MAC+Port+VLAN binding entries 5.3.31 DHCP Relay...

  • Page 165: Dhcp Snooping

    TENDA(vlan-if)# no enable Note: Disable virtual interface 2  Display virtual interface settings TENDA# show interface vlan-interface all Note: Display all virtual interfaces which have been created TENDA# show interface vlan-interface 2 Note: Display settings on VLAN virtual interface 2 ...

  • Page 166: Snmp Agent Configuration

    Note: Enable user-defined option TENDA(config-if)# no ip dhcp snooping option user-option Note: Disable user-defined option TENDA(config-if)# ip dhcp snooping information option circuit-id 123 remote-id 345 Note: Configure current port’s circuit ID sub-option and remote ID sub-option  View DHCP SNOOPING global info TENDA# show dhcp snooping 5.3.33 SNMP Agent Configuration...
  • Page 167 Note: Set community name to private, access right to read only TENDA(config)# snmp-server community TENDA rw Note: Specify community name as Tenda and access right as read & write TENDA(config)# snmp-server packetsize 1500 Note: Set SNMP packet size to 1500 TENDA(config)# snmp-server version 1&2c...

  • Page 168: Log Configuration

    TENDA(config)# snmp-server trap off  Create the destination host TENDA(config)# snmp-server host 192.168.0.2 traps version 2c public udp-port 162 Note: Set destination host IP to 192.168.0.1, Trap version to V2c, UDP port number to 162 and community name to public TENDA(config)# snmp-server host 172.16.100.20 traps version 1 555 udp-port 200...

  • Page 169: Configuration

    Note: Display log server TENDA# show logging all Note: Display all system logs TENDA# show logging alert / critical / debug / emergency / error / informational / notice / warning Note: Display logs by 9 severity levels  Clear logs...

  • Page 170: Save Configurations

    TENDA# show dot1x all Note: Display 802.1X global settings and port status TENDA# show dot1x statistics Note: Display all ports’ status TENDA# show dot1x interface gigabitethernet 0/1 Note: Display a single port’s status 5.3.36 Save Configurations TENDA# copy running-config startup-config Note: Save current settings TENDA# copy running-config 192.168.111.79:mib.conf...
  • Page 171 User Guide TENDA(config-if)# no port-isolated Note: Disable port isolation  Display settings on port TENDA# show interface gigabitethernet 0/3 Note: Display basic settings on port 3 TENDA# show interface status Note: Display basic settings on all ports...

  • Page 172: Glossary

    User Guide Chapter 6 Appendix 6.1 Glossary SNTP Simple Network Time Protocol (SNTP), using UDP datagram packets at the transport layer, is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. HTTP The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems.
  • Page 173 User Guide is allowed to access resources located on the protected side of the network. Port Mirroring Network Engineers or Administrators use port mirroring to copy traffic from multiple ports to the mirroring destination port for analyzing and debugging data or diagnosing errors on a network. It helps the administrator keep a close eye on network performance and will alert him when problems occur.
  • Page 174 User Guide gateways, and even root name servers. One common method of attack involves saturating the target machine with external communication requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. IGMP The Internet Group Management Protocol (IGMP) is a communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships.
  • Page 175 User Guide Port VLAN Port-based VLANs are created by assigning ports to a VLAN. QoS(Quality of Service) is the ability to provide different priority for different applications, users, or data flows, or to guarantee a certain level of performance to a data flow. Delay sensitive applications such as real-time HD streaming multimedia, voice over IP, online games and IP-TV, are often transfered on networks where the capacity is a limited resource.

  • Page 176: Technical Support

    If any problem occurs while in use, please feel free to go to www.tendacn.com to find a solution or email your problems to: support@tenda.com.cn or support02@tenda.com.cn. We will be more than happy to help you out as soon as possible. Manufacturer: Shenzhen Tenda Technology Co., Ltd Website: http://www.tendacn.com...

  • Page 177: Appendix Safety And Emission Statement

    User Guide Appendix Safety and Emission Statement CE Mark Warning This is a Class A product. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures. NOTE: (1) The manufacturer is not responsible for any radio or TV interference caused by unauthorized modifications to this equipment.

Table of Contents