Page 1 " VN/UN764:G" 46/Rqtv"321322Odru"-"6/Rqtv"Ikicdkv" LgvUvtgco"N4"Ocpcigf"Uykvej" " TGX40302" 3;32233636"...
Page 2 Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3 " Kpfwuvt{"Ecpcfc"Uvcvgogpv" CAN ICES-3 (A)/NMB-3(A) Uchgv{"Kphqtocvkqp" When product has power button, the power button is one of the way to shut off the product;  When there is no power button, the only way to completely shut off power is to disconnect the product or the power adapter from the power source.
Page 4 FGENCTCVKQP"QH"EQPHQTOKV[" Eqorcp{<"VR/NKPM"VGEJPQNQIKGU"EQ0."NVF0" We declare under our own responsibility for the following equipment: Product Description:"46/Rqtv"321322Odru"-"6/Rqtv"Ikicdkv"LgvUvtgco"N4"Ocpcigf" Uykvej" Model No.: VN/UN764:G Trademark: VR/NKPM" The above products satisfy all the technical regulations applicable to the product within the scope of Council Directives: Fktgevkxgu"4226132:1GE."42281;71GE."42331871GW" The above product is in conformity with the following standards or other normative documents: GP"77244<"4232"-"CE<"4233"...
Page 5: Table Of Contents
EQPVGPVU" Package Contents ..........................1 Chapter 1 About This Guide ......................2 Intended Readers ......................2 Conventions........................2 Overview of This Guide ....................2 Chapter 2 Introduction ........................7 Overview of the Switch ....................7 Appearance Description ....................7 2.2.1 Front Panel ......................7 2.2.2 Rear Panel ......................8 Chapter 3 Login to the Switch.......................9 Login..........................9 Configuration ........................9 Chapter 4 System ........................
Page 6 5.1.1 Port Config .......................39 5.1.2 Port Mirror ......................40 5.1.3 Port Security ....................41 5.1.4 Port Isolation ....................43 5.1.5 Loopback Detection ..................44 LAG ..........................45 5.2.1 LAG Table ......................46 5.2.2 Static LAG ......................47 5.2.3 LACP Config ....................48 Traffic Monitor ......................50 5.3.1 Traffic Summary....................50 5.3.2 Traffic Statistics ....................51 MAC Address......................52...
Page 7 6.8.2 Port Config .......................83 GVRP .........................85 6.10 Application Example for Private VLAN................88 Chapter 7 Spanning Tree ......................91 STP Config .........................95 7.1.1 STP Config.......................95 7.1.2 STP Summary....................97 Port Config........................98 MSTP Instance ......................99 7.3.1 Region Config ....................99 7.3.2 Instance Config ....................100 7.3.3 Instance Port Config..................101 STP Security......................103 7.4.1...
Page 8 10.1.6 Static Multicast IP...................149 10.1.7 Packet Statistics.....................150 10.1.8 Querier Config....................151 10.1.9 IGMP Authentication ..................152 10.2 MLD Snooping ......................153 10.2.1 Global Config ....................155 10.2.2 VLAN Config ....................156 10.2.3 Filter Config....................158 10.2.4 Port Config .....................158 10.2.5 Static Multicast ....................159 10.2.6 Querier Config....................160 10.2.7 Packet Statistics.....................161 10.3...
Page 9 12.2.4 Standard-IP ACL ....................185 12.2.5 Extend-IP ACL ....................186 12.2.6 Combined ACL....................188 12.3 Policy Config......................189 12.3.1 Policy Summary .....................189 12.3.2 Policy Create....................190 12.3.3 Action Create ....................190 12.4 Policy Binding ......................192 12.4.1 Binding Table ....................192 12.4.2 Port Binding ....................192 12.4.3 VLAN Binding....................193 12.5 Application Example for ACL ..................194 Chapter 13 Network Security ......................196...
Page 10 13.7.6 Authentication Method List Config ..............228 13.7.7 Application Authentication List Config ............229 13.7.8 802.1X Authentication Server Config .............230 13.7.9 Default Settings....................230 13.8 PPPoE Config......................231 Chapter 14 SNMP........................234 14.1 SNMP Config ......................236 14.1.1 Global Config ....................236 14.1.2 SNMP View ....................237 14.1.3 SNMP Group....................237 14.1.4 SNMP User ....................239...
Page 11 16.3.1 Cluster Summary ...................271 16.3.2 Cluster Config ....................274 16.3.3 Member Config ....................276 16.3.4 Cluster Topology ....................277 Chapter 17 Maintenance ......................280 17.1 System Monitor......................280 17.1.1 CPU Monitor ....................280 17.1.2 Memory Monitor .....................281 17.2 Log..........................281 17.2.1 Log Table .......................282 17.2.2 Local Log .......................283 17.2.3 Remote Log ....................283 17.2.4...
Page 13 One power cord  One console cable  Two mounting brackets and other fittings  Installation Guide  Resource CD for TL-SL5428E switch, including:  This User Guide  The CLI Reference Guide  SNMP Mibs  802.1X Client Software ...
Page 14: Chapter 1 About This Guide
Ejcrvgt"3" Cdqwv"Vjku"Iwkfg" This User Guide contains information for setup and management of TL-SL5428E switch. Please read this guide carefully before operation. 303" Kpvgpfgf"Tgcfgtu" This Guide is intended for network managers familiar with IT concepts and network terminologies. 304" Eqpxgpvkqpu" In this Guide the following conventions are used: The switch or TL-SL5428E mentioned in this Guide stands for TL-SL5428E 24-Port ...
Page 15 Ejcrvgt" Kpvtqfwevkqp" Chapter 4 System This module is used to configure system properties of the switch. Here mainly introduces: System Info: Configure the description, system time and  network parameters of the switch. User Management: Configure the user name and password for ...
Page 16 Ejcrvgt" Kpvtqfwevkqp" Chapter 8 Ethernet OAM This module is used to configure Ethernet OAM function of the switch. Here mainly introduces: Basic Config: Enable the Ethernet OAM function, configure its  OAM mode, and check out the connection status. Link Monitoring: Configure the parameters about OAM link ...
Page 17 Ejcrvgt" Kpvtqfwevkqp" Chapter 13 Network Security This module is used to configure the multiple protection measures for the network security. Here mainly introduces: IP-MAC Binding: Bind the IP address, MAC address, VLAN ID  and the connected Port number of the Host together. DHCP Snooping: DHCP Snooping functions to monitor the ...
Page 18 Ejcrvgt" Kpvtqfwevkqp" Chapter 17 Maintenance This module is used to assemble the commonly used system tools to manage the switch. Here mainly introduces: System Monitor: Monitor the memory and CPU of the switch.  Log: View configuration parameters on the switch. ...
Page 19: Front Panel
Ejcrvgt"4" Kpvtqfwevkqp" Thanks for choosing the TL-SL5428E 24-Port 10/100Mbps + 4-Port Gigabit JetStream L2 Managed Switch! 403" Qxgtxkgy"qh"vjg"Uykvej" Designed for workgroups and departments, TL-SL5428E from TP-LINK provides wire-speed performance and full set of layer 2 management features. It provides a variety of service features and multiple powerful functions with high security.
Page 20: Rear Panel
Data is being transmitted or received. No device is connected to the corresponding port. 40404"Tgct"Rcpgn" The rear panel of TL-SL5428E features a power socket and a Grounding Terminal (marked with ). Figure 2-2 Rear Panel  Itqwpfkpi"Vgtokpcn< TL-SL5428E already comes with Lightning Protection Mechanism. You can also ground the switch through the PE (Protecting Earth) cable of AC cord or with Ground Cable.
Page 21: Chapter 3 Login To The Switch
Ejcrvgt"5" Nqikp"vq"vjg"Uykvej" 503" Nqikp" 1. To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Gpvgt"key. Figure 3-1 Web-browser " Vkru<" To log in to the switch, the IP address of your PC should be set in the same subnet addresses of the switch.
Page 22 Figure 3-3 Main Setup-Menu Pqvg<" Clicking Crrn{ can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Ucxg" Eqphki. You are suggested to click Ucxg" Eqphki" before cutting off the power or rebooting the switch to avoid losing the new configurations.
Page 23: Chapter 4 System
Ejcrvgt"6" U{uvgo" The System module is mainly for system configuration of the switch, including four submenus:" U{uvgo"Kphq, Wugt"Ocpcigogpv."U{uvgo"Vqqnu and Ceeguu"Ugewtkv{. 603" U{uvgo"Kphq" The System Info, mainly for basic properties configuration, can be implemented on U{uvgo" Uwooct{, Fgxkeg"Fguetkrvkqp, U{uvgo"Vkog, Fc{nkijv"Ucxkpi"Vkog, U{uvgo"KR and"U{uvgo" KRx8 pages.
Page 24 " Indicates the SFP port is not connected to a device. " Indicates the SFP port is at the speed of 1000Mbps. " Indicates the SFP port is at the speed of 100Mbps. When the cursor moves on the port, the detailed information of the port will be displayed. Figure 4-2 Port Information Rqtv"Kphq"...
Page 25: Device Description
60304"Fgxkeg"Fguetkrvkqp" On this page you can configure the description of the switch, including device name, device location and system contact. Choose the menu"U{uvgo→U{uvgo"Kphq→Fgxkeg"Fguetkrvkqp"to load the following page." Figure 4-4 Device Description The following entries are displayed on this screen: Fgxkeg"Fguetkrvkqp" "...
Page 26: Daylight Saving Time
The following entries are displayed on this screen: Vkog"Kphq" " Displays the current date and time of the switch. Ewttgpv"U{uvgo"Fcvg<" Displays the current time source of the switch. Ewttgpv"Vkog"Uqwteg<" Vkog"Eqphki" " When this option is selected, you can set the date and time Ocpwcn<"...
Page 27: System Ip
The following entries are displayed on this screen: FUV"Eqphki" " Enable or Disable DST. FUV"Uvcvwu<" Select a predefined DST configuration: Rtgfghkpgf"Oqfg<" USA: Second Sunday in March, 02:00 – First Sunday in  November, 02:00. Australia: First Sunday in October, 02:00 – First Sunday in ...
Page 28 Choose the menu U{uvgo→U{uvgo"Kphq→U{uvgo"KR"to load the following page." Figure 4-7 System IP The following entries are displayed on this screen: KR"Eqphki" " Displays MAC Address of the switch. OCE"Cfftguu<" Select the mode to obtain IP Address for the switch. KR"Cfftguu"Oqfg<" Uvcvke"...
Page 29 If DHCP or BOOTP option is selected, the switch will get network parameters dynamically from the Internet, which means that its IP address, subnet mask and default gateway cannot be configured. By default, the IP address is 192.168.0.1. 60308"U{uvgo"KRx8" IPv6 (Internet Protocol version 6), also called IPng (IP next generation), was developed by the IETF (Internet Engineering Task Force) as the successor to IPv4 (Internet Protocol version 4).
Page 30 messages takes the place of Address Resolution Protocol (ARP) message, Internet Control Message Protocol version 4 (ICMPv4) router discovery message, and ICMPv4 redirection message to provide a series of other functions.  Kpvtqfwevkqp"vq"KRx8"cfftguu" 1. IPv6 address format An IPv6 address is represented as a series of 16-bit hexadecimals, separated by colons (:). An IPv6 address is divided into eight groups, and the 16 bits of each group are represented by four hexadecimal...
Page 31 Anycast address: An identifier for a set of interfaces (typically belonging to different  nodes). A packet sent to an anycast address is delivered to one of the interfaces identified by that address (the nearest one, according to the routing protocols’ measure of distance). The type of an IPv6 address is designated by the first several bits called format prefix.
Page 32 Figure 4-8 Global Unicast Address Format An interface ID is used to identify interfaces on a link. The interface ID must be unique to the link. It may also be unique over a broader scope. In many cases, an interface ID will be the same as or based on the link-layer address of an interface.
Page 33 Pqvg< You can configure multiple IPv6 addresses per interface, but only one link-local address.  KRx8"Pgkijdqt"Fkueqxgt{" The IPv6 neighbor discovery process uses ICMP messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), verify the reachability of a neighbor, and track neighboring devices.
Page 34 RA messages typically include the following information: One or more onlink IPv6 prefixes that nodes on the local link can use to automatically  configure their IPv6 addresses Lifetime information for each prefix included in the advertisement  Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be ...
Page 35 Choose the menu U{uvgo"→U{uvgo"Kphq"→U{uvgo"KRx8"to load the following page." Figure 4-10 System IPv6 The following entries are displayed on this screen: Inqdcn"Eqphki" " Enable/Disable IPv6 function globally on the Switch. KRx8<" Nkpm/nqecn"Cfftguu"Eqphki" " Select the link-local address configuration mode. Eqphki"Oqfg<" Ocpwcn< When this option is selected, you should assign a ...
Page 36 Displays the status of the link-local address. Uvcvwu<" Pqtocn< Indicates that the link-local address is normal.  Vt{< Indicates that the link-local address may be newly  configured Tgrgcv< Indicates that the link-local address is duplicate. It is  illegal to access the switch using the IPv6 address (including link-local and global address).
Page 37: User Management
Displays the status of the global address. Uvcvwu<" Pqtocn< Indicates that the global address is normal.  Vt{< Indicates that the global address may be newly  configured. Tgrgcv< Indicates that the corresponding address is duplicate.  It is illegal to access the switch using this address. "...
Page 38: User Config
Choose the menu U{uvgo→Wugt"Ocpcigogpv→Wugt"Eqphki"to load the following page. Figure 4-12 User Config The following entries are displayed on this screen: Wugt"Kphq" " Create a name for users’ login. Wugt"Pcog<" Select the access level to login. Ceeguu"Ngxgn<" Cfokp<" Admin can edit, modify and view all the settings of ...
Page 39: Config Restore
60503"Eqphki"Tguvqtg" On this page you can upload a backup configuration file to restore your switch to this previous configuration. Choose the menu U{uvgo→U{uvgo"Vqqnu→Eqphki"Tguvqtg"to load the following page. Figure 4-13 Config Restore The following entries are displayed on this screen: Eqphki"Tguvqtg" "...
Page 40: Firmware Upgrade
60505"Hktoyctg"Writcfg" The switch system can be upgraded via the Web management page. To upgrade the system is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware. Choose the menu U{uvgo→U{uvgo"Vqqnu→Hktoyctg"Writcfg"to load the following page.
Page 41: System Reset
Pqvg<" To avoid damage, please don't turn off the device while rebooting. 60507"U{uvgo"Tgugv" On this page you can reset the switch to the default. All the settings will be cleared after the switch is reset. Choose the menu U{uvgo→U{uvgo"Vqqnu→U{uvgo"Tgugv"to load the following page. Figure 4-17 System Reset Pqvg<"...
Page 42: Access Control
Choose the menu U{uvgo→Ceeguu"Ugewtkv{→Ceeguu"Eqpvtqn"to load the following page." Figure 4-18 Access Control The following entries are displayed on this screen: Ceeguu"Eqpvtqn"Eqphki" " Select the control mode for users to log on to the Web Eqpvtqn"Oqfg<" management page. KR/dcugf<"Select this option to limit the IP-range of the users ...
Page 43 The field can be available for configuration only when Port-based Rqtv<" mode is selected. Only the users connected to these ports you set here are allowed for login. Uguukqp"Eqphki" " If you do nothing with the Web management page within the Uguukqp"Vkogqwv<"...
Page 44: Ssl Config
On this page you can configure the SSL function. Choose the menu"U{uvgo→Ceeguu"Ugewtkv{→UUN"Eqphki to load the following page." Figure 4-19 SSL Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Enable/Disable the SSL function on the switch. UUN<" " Egtvkhkecvg"Fqypnqcf"...
Page 45: Ssh Config
an insecure network environment. It can encrypt all the transmission data and prevent the information in a remote management being leaked. Comprising server and client, SSH has two versions, V1 and V2 which are not compatible with each other. In the communication, SSH server and client can auto-negotiate the SSH version and the encryption algorithm.
Page 46 Select the desired key file to download. Mg{"Hkng<" Click the" Fqypnqcf button to down the desired key file to the Fqypnqcf<" switch. Pqvg<" Please ensure the key length of the downloaded file is in the range of 256 to 3072 bits. After the Key File is downloaded, the user’s original key of the same type will be replaced.
Page 47 Crrnkecvkqp"Gzcorng"4"hqt"UUJ<" Pgvyqtm"Tgswktgogpvu" " 1. Log on to the switch via key authentication using SSH and the SSH function is enabled on the switch. 2. PuTTY client software is recommended. Eqphkiwtcvkqp"Rtqegfwtg" " 1. Select the key type and key length, and generate SSH key. Pqvg<"...
Page 48 2. After the key is successfully generated, please save the public key and private key to the computer. 3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Pqvg<" The key type should accord with the type of the key file.
Page 49 5. Click Dtqyug to download the private key file to SSH client software and click Qrgp. After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully loaded.
Page 50 Pqvg<" Following the steps above, you have already entered the User EXEC Mode of the switch. However, to configure the switch, you need a password to enter the Privileged EXEC Mode first. For a switch with factory settings, the Privileged EXEC Mode password can only be configured through the console connection.
Page 51: Chapter 5 Switching
Ejcrvgt"7" Uykvejkpi" Switching module is used to configure the basic functions of the switch, including four submenus: Rqtv,"NCI,"Vtchhke"Oqpkvqt and"OCE"Cfftguu. 703" Rqtv" The Port function, allowing you to configure the basic features for the port, is implemented on the Rqtv"Eqphki, Rqtv"Okttqt, Rqtv"Ugewtkv{, Rqtv"Kuqncvkqp"and"Nqqrdcem"Fgvgevkqp pages. 70303"Rqtv"Eqphki"...
Page 52: Port Mirror
Allows you to Enable/Disable the port. When Enable is Uvcvwu<" selected, the port can forward the packets normally. Select the Speed and Duplex mode for the port. The device Urggf"cpf"Fwrngz<" connected to the switch should be in the same Speed and Duplex mode with the switch.
Page 53: Port Security
The following entries are displayed on this screen. Okttqtkpi"Rqtv" " Select a port from the pull-down list as the mirroring port. When Okttqtkpi"Rqtv<" disable is selected, the Port Mirror feature will be disabled. Okttqtgf"Rqtv" " Click the Ugngev" button to quick-select the corresponding port Rqtv"Ugngev<"...
Page 54 Choose the menu Uykvejkpi→Rqtv→Rqtv"Ugewtkv{ to load the following page. Figure 5-3 Port Security The following entries are displayed on this screen: Rqtv"Ugewtkv{" " Select the desired port for Port Security configuration. It is Ugngev<" multi-optional. Displays the port number. Rqtv<" Specify the maximum number of MAC addresses that can be Ocz"Ngctpgf"OCE<"...
Page 55: Port Isolation
Pqvg<" The Port Security function is disabled for the LAG port member. Only the port is removed from the LAG, will the Port Security function be available for the port. The Port Security function is disabled when the 802.1X function is enabled. 70306"Rqtv"Kuqncvkqp"...
Page 56: Loopback Detection
70307"Nqqrdcem"Fgvgevkqp" With loopback detection feature enabled, the switch can detect loops using loopback detection packets. When a loop is detected, the switch will display an alert or further block the corresponding port according to the port configuration. Choose the menu Uykvejkpi→Rqtv→NqqrdcemFgvgevkqp to load the following page. Figure 5-5 Loopback Detection Config The following entries are displayed on this screen: Inqdcn"Eqphki"...
Page 57 Select the desired port for Loopback Detection configuration. It is Ugngev<" multi-optional. Displays the port number. Rqtv<" Enable or disable Loopback Detection function for the port. Uvcvwu<" Select the mode how the switch processes the detected loops. Qrgtcvkqp"Oqfg<"" Cngtv<"When a loop is detected, display an alert. ...
Page 58: Lag Table
" Vkru<" Calculate the bandwidth for a LAG: If a LAG consists of the four ports in the speed of 1000Mbps Full Duplex, the whole bandwidth of the LAG is up to 8000Mbps (2000Mbps * 4) because the bandwidth of each member port is 2000Mbps counting the up-linked speed of 1000Mbps and the down-linked speed of 1000Mbps.
Page 59: Static Lag
Allows you to view or modify the information for each LAG. Qrgtcvkqp<"  Gfkv< Click to modify the settings of the LAG.  Fgvckn< Click to get the information of the LAG. Click the Fgvckn button for the detailed information of your selected LAG. Figure 5-7 Detail Information 70404"Uvcvke"NCI"...
Page 60 Give a description to the LAG for identification. Fguetkrvkqp<" NCI"Vcdng" " Select the port as the LAG member. Clearing all the ports of Ogodgt"Rqtv<" the LAG will delete this LAG. " Vkru<" The LAG can be deleted by clearing its all member ports. A port can only be added to a LAG.
Page 61: Lacp Config
Choose the menu Uykvejkpi→NCI→NCER"Eqphki to load the following page. Figure 5-9 LACP Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Specify the system priority for the switch. The system priority and U{uvgo"Rtkqtkv{<" MAC address constitute the system identification (ID). A lower system priority value indicates a higher system priority.
Page 62: Traffic Monitor
Enable/Disable the LACP feature for your selected port. Uvcvwu<" Displays the LAG number which the port belongs to. NCI<" 705" Vtchhke"Oqpkvqt" The Traffic Monitor function, monitoring the traffic of each port, is implemented on the" Vtchhke" Uwooct{ and Vtchhke"Uvcvkuvkeu"pages. 70503"Vtchhke"Uwooct{" Traffic Summary screen displays the traffic information of each port, which facilitates you to monitor the traffic and analyze the network abnormity.
Page 63: Traffic Statistics
Displays the number of packets transmitted on the port. Rcemgvu"Vz<" Displays the number of octets received on the port. The error octets Qevgvu"Tz<" are counted in. Displays the number of octets transmitted on the port. Qevgvu"Vz<" Click the Uvcvkuvkeu"button to view the detailed traffic statistics of the Uvcvkuvkeu<"...
Page 64: Mac Address
Displays the details of the packets transmitted on the port. Ugpv<" Displays the number of good broadcast packets received or Dtqcfecuv<" transmitted on the port. The error frames are not counted in. Displays the number of good multicast packets received or Ownvkecuv<"...
Page 65: Address Table
The types and the features of the MAC Address Table are listed as the following: Dgkpi"mgrv"chvgt"tgdqqv" Tgncvkqpujkr"dgvyggp"vjg"dqwpf" Eqphkiwtcvkqp" Cikpi" V{rg" OCE"cfftguu"cpf"vjg"rqtv" Yc{" qwv" (if the configuration is saved) Static Manually The bound MAC address cannot be Address configuring learned by the other ports in the Table same VLAN.
Page 66: Static Address
Select the type of your desired entry. V{rg<" Cnn<" This option allows the address table to display all the  address entries. Uvcvke<"This option allows the address table to display the static  address entries only." " F{pcoke<" This option allows the address table to display the ...
Page 67: Dynamic Address
The following entries are displayed on this screen: Etgcvg"Uvcvke"Cfftguu" " Enter the static MAC Address to be bound. OCE"Cfftguu<" Enter the corresponding VLAN ID of the MAC address. XNCP"KF<" Select a port from the pull-down list to be bound. Rqtv<" Ugctej"Qrvkqp"...
Page 68 On this page, you can configure the dynamic MAC address entry. Choose the menu Uykvejkpi→OCE"Cfftguu→F{pcoke"Cfftguu to load the following page. Figure 5-14 Dynamic Address The following entries are displayed on this screen: Cikpi"Eqphki" " Allows you to Enable/Disable the Auto Aging feature. Cwvq"Cikpi<"...
Page 69: Filtering Address
Click the"Dkpf"button to bind the MAC address of your selected entry Dkpf<" to the corresponding port statically. " Vkru<" Setting aging time properly helps implement effective MAC address aging. The aging time that is too long or too short results decreases the performance of the switch. If the aging time is too long, excessive invalid MAC address entries maintained by the switch may fill up the MAC address table.
Page 70 Hknvgtkpi"Cfftguu"Vcdng" " Select the entry to delete the corresponding filtering address. It is Ugngev<" multi-optional. Displays the filtering MAC Address. OCE"Cfftguu<" Displays the corresponding VLAN ID. XNCP"KF<" Here the symbol “__” indicates no specified port. Rqtv<" Displays the Type of the MAC address. V{rg<"...
Page 71: Chapter 6 Vlan
Ejcrvgt"8" XNCP" The traditional Ethernet is a data network communication technology basing on CSMA/CD (Carrier Sense Multiple Access/Collision Detect) via shared communication medium. Through the traditional Ethernet, the overfull hosts in LAN will result in serious collision, flooding broadcasts, poor performance or even breakdown of the Internet. Though connecting the LANs through switches can avoid the serious collision, the flooding broadcasts cannot be prevented, which will occupy plenty of bandwidth resources, causing potential serious security problems.
Page 72: Q Vlan
803" :2403S"XNCP" VLAN tags in the packets are necessary for the switch to identify packets of different VLANs. The switch works at the data link layer in OSI model and it can identify the data link layer encapsulation of the packet only, so you can add the VLAN tag field into the data link layer encapsulation for identification.
Page 73 RXKF" " PVID (Port VLAN ID) is the default VID of the port. When the switch receives an un-VLAN-tagged packet, it will add a VLAN tag to the packet according to the PVID of its received port and forward the packets. When creating VLANs, the PVID of each port, indicating the default VLAN to which the port belongs, is an important parameter with the following two purposes: 1.
Page 74 To ensure the normal communication of the factory switch, the default VLAN of all ports is set to VLAN1. The following entries are displayed on this screen: XNCP"Vcdng" " Click the Ugngev" button to quick-select the corresponding entry XNCP"KF"Ugngev：" based on the VLAN ID number you entered. Select the desired entry to delete the corresponding VLAN.
Page 75: Port Config
The following entries are displayed on this screen: XNCP"Eqphki" " Enter the ID number of VLAN. XNCP"KF<" Give a description to the VLAN for identification. Fguetkrvkqp<" Click the Ejgem"button to check whether the VLAN ID you entered Ejgem<" is valid or not. XNCP"Ogodgtu"...
Page 76 Choose the menu XNCP→:2403S"XNCP→Rqtv"Eqphki to load the following page. Figure 6-5 802.1Q VLAN – Port Config The following entries are displayed on this screen: XNCP"Rqtv"Eqphki" " Click the Ugngev" button to quick-select the corresponding entry Rqtv"Ugngev<" based on the port number you entered. Select the desired port for configuration.
Page 77: Mac Vlan
Click the Fgvckn button to view the information of the corresponding VLAN. Figure 6-6 View the Current VLAN of Port The following entries are displayed on this screen: XNCP"qh"Rqtv" " Click the Ugngev" button to quick-select the corresponding entry XNCP"KF"Ugngev<" based on the VLAN ID number you entered.
Page 78: Mac Vlan
received port. Thus, the packet is assigned automatically to the corresponding VLAN for transmission. When receiving tagged packet, the switch will process it basing on the 802.1Q VLAN. If the received port is the member of the VLAN to which the tagged packet belongs, the packet will be forwarded normally.
Page 79: Protocol Vlan
80404"Rqtv"Gpcdng" On this page, you can enable the port for the MAC VLAN feature. Only the port is enabled, can the configured MAC VLAN take effect. Choose the menu XNCP→OCE"XNCP→Rqtv"Gpcdng to load the following page. Figure 6-8 Enable MAC VLAN for Port Select your desired port for VLAN Mapping function.
Page 80: Protocol Vlan
Protocol Type Type value 0x8137 IS-IS 0x8000 LACP 0x8809 802.1X 0x888E Table 6-2 Protocol types in common use The packet in Protocol VLAN is processed in the following way: When receiving an untagged packet, the switch matches the packet with the current Protocol VLAN.
Page 81: Protocol Template
Rtqvqeqn"XNCP"Vcdng" " Select the desired entry. It is multi-optional. Ugngev<" Displays the protocol template of the VLAN. Rtqvqeqn<" Displays the Ethernet protocol type field in the protocol template. Gvjgt"V{rg<" Displays the corresponding VLAN ID of the protocol. XNCP"KF<" Click the Gfkv"button to modify the settings of the entry. And click the Qrgtcvkqp<"...
Page 82 80505"Rqtv"Gpcdng" On this page, you can enable the port for the Protocol VLAN feature. Only the port is enabled, can the configured Protocol VLAN take effect. Choose the menu XNCP→Rtqvqeqn"XNCP→Rqtv"Gpcdng to load the following page. Figure 6-11 Enable Protocol VLAN for Port Select your desired port for VLAN Mapping function.
Page 83 Switch B is connecting to PC B and Server A;  PC A and Server A is in the same VLAN;  PC B and Server B is in the same VLAN;  PCs in the two VLANs cannot communicate with each other. ...
Page 84 807" Crrnkecvkqp"Gzcorng"hqt"OCE"XNCP" Pgvyqtm"Tgswktgogpvu"  Switch A and switch B are connected to meeting room A and meeting room B respectively, and  the two rooms are for all departments; Notebook A and Notebook B, special for meeting room, are of two different departments; ...
Page 85: Port Enable
Uvgr" Qrgtcvkqp" Fguetkrvkqp" Configure MAC On XNCP→OCE"XNCP→OCE"XNCP"page, create MAC VLAN10 with VLAN 10 the MAC address as 00-19-56-8A-4C-71. Configure MAC On XNCP→OCE"XNCP→OCE"XNCP"page, create MAC VLAN10 with VLAN 20 the MAC address as 00-19-56-82-3B-70. Port Enable Required. On the XNCP→OCE"XNCP→Rqtv"Gpcdng page, select and enable Port 11 and Port 12 for MAC VLAN feature.
Page 86 IP host, in VLAN10, is served by IP server while AppleTalk host is served by AppleTalk server;  Switch B is connected to IP server and AppleTalk server.  Pgvyqtm"Fkcitco"  Eqphkiwtcvkqp"Rtqegfwtg"  Configure switch A  Uvgr" Qrgtcvkqp" Fguetkrvkqp" Configure Required.
Page 87: Vlan Vpn
Uvgr" Qrgtcvkqp" Fguetkrvkqp" Create Protocol Required. On XNCP→Rtqvqeqn" XNCP→Rtqvqeqn" Vgorncvg" page, Template configure the protocol template practically. E.g. the Ether Type of IP network packets is 0800 and that of AppleTalk network packets is 809B. Port Enable Required. On the XNCP→Rtqvqeqn"XNCP→Rqtv"Gpcdng page, select and enable Port 3, Port 4 and Port 5 for Protocol VLAN feature.
Page 88: Vlan Mapping
Rtqvqeqn"v{rg" Xcnwg" LACP 0x8809 802.1X 0x888E Table 6-3 Values of Ethernet frame protocol type in common use This VLAN VPN function is implemented on the XRP"Eqphki, XNCP"Ocrrkpi and Rqtv"Gpcdng pages. 80903"XRP"Eqphki" This page allows you to enable the VPN function, adjust the global TPID for VLAN-VPN packets and enable the VPN up-link port.
Page 89 Choose the menu XNCP→XNCP"XRP→XNCP"Ocrrkpi to load the following page. Figure 6-13 Create VLAN Mapping Entry The following entries are displayed on this screen: XNCP"Ocrrkpi"Eqphki" " Enter the ID number of the Customer VLAN. C VLAN refers to the E"XNCP<" VLAN to which the packet received by switch belongs. Enter the ID number of the Service Provider VLAN.
Page 90 Figure 6-14 Enable VLAN Mapping for Port Select your desired port for VLAN Mapping function. All the ports are disabled for VLAN Mapping function by default. Eqphkiwtcvkqp"Rtqegfwtg"qh"XNCP"XRP"Hwpevkqp<" Uvgr" Qrgtcvkqp" Fguetkrvkqp" Enable VPN mode. Required. On the XNCP→XNCP"XRP→XRP"Eqphki"page, enable the VPN mode. Configure the global TPID.
Page 91: Private Vlan
80:" Rtkxcvg"XNCP" Private VLANs, designed to save VLAN resources of uplink devices and decrease broadcast, are sets of VLAN pairs that share a common primary identifier. To guarantee user information security, the ease with which to manage and account traffic for service providers, in campus network, service providers usually require that each individual user is layer-2 separated.
Page 92  Packets from different Secondary VLANs can be forwarded to the uplink device via promiscuous port and carry no corresponding Secondary VLAN information.  Packets from Primary VLANs can be sent to end users via host port and carry no Primary VLAN information.
Page 93 Port PVID Allowed VLANs Port5 VLAN5 Port2 VLAN2 Port3 VLAN3 Table 6-4 Port settings before configuration synchronization Port PVID Allowed VLANs Port5 VLAN2, 3, 5 Port2 VLAN2, 5 Port3 VLAN2, 5 Table 6-5 Port settings after configuration synchronization MAC address duplication: After port configuration synchronization, packets from Secondary ...
Page 94  Rcemgv"hqtyctfkpi"kp"Rtkxcvg"XNCP" The Private VLAN packet forwarding process (here we take traffic transmission for PC2) based on the figure above is illustrated as follows: PC2 sends out its first upstream packet with the source MAC as mac_2 and the destination MAC as mac_a.
Page 95 Choose the menu XNCP→Rtkxcvg"XNCP→RXNCP Eqphki to load the following page. Figure 6-16 Create Private VLAN The following entries are displayed on this screen: Etgcvg"Rtkxcvg"XNCP" " Enter the ID number of the Primary VLAN. Rtkoct{"XNCP<" Enter the ID number of the Secondary VLAN. Ugeqpfct{"XNCP<...
Page 96 Choose the menu XNCP→Rtkxcvg"XNCP→Rqtv"Eqphki to load the following page. Figure 6-17 Create and View Protocol Template The following entries are displayed on this screen: Rqtv"Eqphki" " Select the desired port for configuration. Rqtv<" Select the Port Type from the pull-down list for the port. Rqtv"V{rg<"...
Page 97: Gvrp
Uvgr" Qrgtcvkqp" Fguetkrvkqp" Delete VLAN. Optional. On the XNCP→Rtkxcvg" XNCP→RXNCP" Eqphki page, select the desired entry to delete the corresponding VLAN by clicking the Fgngvg button. 80;" IXTR" GVRP (GARP VLAN Registration Protocol) is an implementation of GARP (generic attribute registration protocol).
Page 98  NgcxgCnn"Vkogt<"Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveAll message after the timer times out, so that other GARP entities can re-register all the attribute information on this entity. After that, the entity restarts the LeaveAll timer to begin a new cycle.
Page 99 Choose the menu XNCP→IXTR→IXTR"Eqphki to load the following page. Figure 6-18 GVRP Config Pqvg<" If the GVRP feature is enabled for a member port of LAG, please ensure all the member ports of this LAG are set to be in the same status and registration mode. The following entries are displayed on this screen: Inqdcn"Eqphki"...
Page 100 Once the LeaveAll Timer is set, the port with GVRP enabled can send NgcxgCnn"Vkogt<" a LeaveAll message after the timer times out, so that other GARP ports can re-register all the attribute information. After that, the LeaveAll timer will start to begin a new cycle. The LeaveAll Timer ranges from 1000 to 30000 centiseconds.
Page 101 Pgvyqtm"Fkcitco"  Eqphkiwtcvkqp"Rtqegfwtg"  Configure switch A  Uvgr" Qrgtcvkqp" Fguetkrvkqp" Create VLAN6 Required. On XNCP→:2403S"XNCP→XNCP"Eqphki"page, create a VLAN with its VLAN ID as 6, owning Port 1. Configure switch B  Uvgr" Qrgtcvkqp" Fguetkrvkqp" Create Private Required. On the XNCP→Rtkxcvg" XNCP→RXNCP" Eqphki page, VLANs.
Page 102 Configure switch C  Uvgr" Qrgtcvkqp" Fguetkrvkqp" Create Private Required. On the XNCP→Rtkxcvg" XNCP→RXNCP" Eqphki" page, VLANs. Enter the Primary VLAN 6 and Secondary VLAN 2-3, and then click the Etgcvg button. Required. On the XNCP→Rtkxcvg" XNCP→Rqtv" Eqphki page, Promiscuous configure the port type of Port8 as Rtqokuewqwu, enter Primary port to Private VLAN 6 and Secondary VLAN 2-3, and click the Cff"button.
Page 103: Chapter 7 Spanning Tree
Ejcrvgt"9" Urcppkpi"Vtgg" STP (Spanning Tree Protocol), subject to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network and block ports by exchanging information, in that way, a ring network can be disbranched to form a tree-topological ring-free network to prevent packets from being duplicated and forwarded endlessly in the network.
Page 104 Figure 7-1 Basic STP diagram UVR"Vkogtu" " " Hello Time:" Hello Time ranges from 1 to 10 seconds. It specifies the interval to send BPDU packets. It is used to test the links. Max. Age:" Max. Age ranges from 6 to 40 seconds. It specifies the maximum time the switch can wait without receiving a BPDU before attempting to reconfigure.
Page 105 Uvgr" Qrgtcvkqp" If the priority of the BPDU received on the port is lower than that of the BPDU if of the port itself, the switch discards the BPDU and does not change the BPDU of the port. If the priority of the BPDU is higher than that of the BPDU of the port itself, the switch replaces the BPDU of the port with the received one and compares it with those of other ports on the switch to obtain the one with the highest priority.
Page 106 can transit to forwarding state after getting response from the downstream switch through handshake. TUVR"Gngogpvu" " Gfig"Rqtv< Indicates the port connected directly to terminals. R4R"Nkpm<"Indicates the link between two switches directly connected. MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s standard, not only enables spanning trees to converge rapidly, but also enables packets of different VLANs to be forwarded along their respective paths so as to provide redundant links with a better load-balancing mechanism.
Page 107: Stp Config
Rqtv"Uvcvgu" " " In an MSTP, ports can be in the following four states: Forwarding: In this status the port can receive/forward data, receive/send BPDU packets as  well as learn MAC address. Learning: In this status the port can receive/send BPDU packets and learn MAC address. ...
Page 108 Choose the menu"Urcppkpi"Vtgg→UVR"Eqphki→UVR"Eqphki"to load the following page." Figure 7-4 STP Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Enable/Disable STP function globally on the switch. UVR<" Select the desired STP version on the switch. Xgtukqp<"  UVR< Spanning Tree Protocol. ...
Page 109: Stp Summary
Pqvg<" The forward delay parameter and the network diameter are correlated. A too small forward delay parameter may result in temporary loops. A too large forward delay may cause a network unable to resume the normal state in time. The default value is recommended. An adequate hello time parameter can enable the switch to discover the link failures occurred in the network without occupying too much network resources.
Page 110: Port Config
904" Rqtv"Eqphki" On this page you can configure the parameters of the ports for CIST Choose the menu Urcppkpi"Vtgg→Rqtv"Eqphki"to load the following page." Figure 7-6 Port Config The following entries are displayed on this screen: Rqtv"Eqphki" " Click the Ugngev" button to quick-select the corresponding port based Rqtv"Ugngev<"...
Page 111: Mstp Instance
Displays the role of the port played in the STP Instance. Rqtv"Tqng<" Tqqv"Rqtv< Indicates the port that has the lowest path cost from  this bridge to the Root Bridge and forwards packets to the root. Fgukipcvgf" Rqtv< Indicates the port that forwards packets to a ...
Page 112: Region Config
Figure 7-7 Region Config The following entries are displayed on this screen: Tgikqp"Eqphki" " Create a name for MST region identification using up to 32 characters. Tgikqp"Pcog<" Enter the revision from 0 to 65535 for MST region identification. Tgxkukqp<" 90504"Kpuvcpeg"Eqphki" Instance Configuration, a property of MST region, is used to describe the VLAN to Instance mapping configuration.
Page 113 Select the desired Instance ID for configuration. It is multi-optional. Ugngev<" Displays Instance ID of the switch. Kpuvcpeg<" Displays status of the instance. Uvcvwu<" Enter the priority of the switch in the instance. It is an important Rtkqtkv{<" criterion on determining if the switch will be chosen as the root bridge in the specific instance.
Page 114: Instance Port Config
Figure 7-9 Instance Port Config The following entries are displayed on this screen: Rqtv"Eqphki" " Select the desired instance ID for its port configuration. Kpuvcpeg"KF<" Click the" Ugngev" button to quick-select the corresponding port based Rqtv"Ugngev<" on the port number you entered. Select the desired port to specify its priority and path cost.
Page 115: Stp Security
Global configuration Procedure for Spanning Tree function: Uvgr" Qrgtcvkqp" Fguetkrvkqp" Make clear roles the switches Preparation. play spanning tree instances: root bridge designated bridge Globally configure MSTP Required." Enable Spanning Tree function on the switch parameters configure MSTP parameters Urcppkpi" Vtgg→UVR"Eqphki→UVR"Eqphki page.
Page 116 its position and network topology jitter to occur. In this case, flows that should travel along high-speed links may lead to low-speed links, and network congestion may occur. To avoid this, MSTP provides root protect function. Ports with this function enabled can only be set as designated ports in all spanning tree instances.
Page 117: Tc Protect
Figure 7-10 Port Protect The following entries are displayed on this screen: Rqtv"Rtqvgev" " Click the Ugngev button to quick-select the corresponding port based Rqtv"Ugngev<" on the port number you entered. Select the desired port for port protect configuration. It is Ugngev<"...
Page 118 Figure 7-11 TC Protect The following entries are displayed on this screen: VE"Rtqvgev" " Enter a number from 1 to 100. It is the maximum number of the VE"Vjtgujqnf<" TC-BPDUs received by the switch in a TC Protect Cycle. The default value is 20.
Page 119 On Urcppkpi" Vtgg→UVR" Eqphki→Rqtv" Eqphki page, enable MSTP function for the port. Configure the region name and On Urcppkpi"Vtgg→OUVR"Kpuvcpeg→Tgikqp"Eqphki the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Urcppkpi" Vtgg→OUVR" Kpuvcpeg→Kpuvcpeg"...
Page 120 On Urcppkpi" Vtgg→UVR" Eqphki→Rqtv" Eqphki page, enable MSTP function for the port. Configure the region name and On Urcppkpi"Vtgg→OUVR"Kpuvcpeg→Tgikqp"Eqphki the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Urcppkpi" Vtgg→OUVR" Kpuvcpeg→Kpuvcpeg"...
Page 121 The configuration procedure for switch E and F is the same with that for switch D.  Vjg"vqrqnqi{"fkcitco"qh"vjg"vyq"kpuvcpegu"chvgt"vjg"vqrqnqi{"ku"uvcdng" "  For Instance 1 (VLAN 101, 103 and 105), the red paths in the following figure are connected  links; the gray paths are the blocked links. For Instance 2 (VLAN 102, 104 and 106), the blue paths in the following figure are connected ...
Page 122: Chapter 8 Ethernet Oam
Ejcrvgt":" Gvjgtpgv"QCO" QCO"Qxgtxkgy" " Ethernet OAM (Operation, Administration, and Maintenance) is a Layer 2 protocol for monitoring and troubleshooting Ethernet networks. It can report the network status to network administrators through the OAMPDUs exchanged between two OAM entities, facilitating network management. Ethernet OAM is a slow protocol with very limited bandwidth requirement.
Page 123 Kphqtocvkqp" QCORFW: Information OAMPDU is used for discovery. It transmits the state  information of an OAM entity (including local, remote, and organization-specific information) to another OAM entity, and maintains OAM connection. Gxgpv"Pqvkhkecvkqp"QCORFW: Event Notification OAMPDU is used for link monitoring. It is ...
Page 124 Kvgo" Cevkxg"QCO"oqfg" Rcuukxg"QCO"oqfg" Transmitting Loopback Control Available Unavailable OAMPDUs Available Responding to Loopback Control Available (if both sides operate OAMPDUs in active OAM mode) Transmitting organization-specific Available Available OAMPDUs Table 8-1 Differences between active OAM mode and passive OAM mode After an OAM connection is established, the OAM entities on both sides exchange Information OAMPDUs periodically to keep the OAM connection valid.
Page 125 As Information OAMPDUs are sent between the OAM entities periodically, an OAM entity can inform one of its OAM peers of link faults through Information OAMPDUs. So the network administrator can get informed of the link faults and take action in time. Tgoqvg"Nqqrdcem"...
Page 126: Basic Config
Figure 8-4 Basic Config The following entries are displayed on this screen: Dcuke"Eqphki" " Click the Ugngev" button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select the desired port for configuration. It is multi-optional. Ugngev<"...
Page 127: Discovery Info
:0304"Fkueqxgt{"Kphq" Choose the menu Gvjgtpgv"QCO→"Dcuke"Eqphki→"Fkueqxgt{"Kphq to load the following page. Figure 8-5 Discovery Info The following entries are displayed on this screen: Nqecn"Enkgpv" " The local client part shows the information of the local OAM entity. Displays whether the OAM function is enabled or disabled on the QCO<"...
Page 128 Displays whether the local client supports link monitoring function. Nkpm"Oqpkvqtkpi<" Displays whether the local client supports variable request. If Xctkcdng"Tgswguv<" supports, the local client can send some variable requests to the remote client to learn about the link status from the response of the remote client.
Page 129: Link Monitoring
Displays whether the remote client supports variable request. Xctkcdng"Tgswguv<" Displays the TLV revision of the OAMPDU. RFW"Tgxkukqp<" Displays the vender information of the remote client. Xgpfqt"Kphqtocvkqp<" :04" Nkpm"Oqpkvqtkpi" On this page, you can configure the parameters about OAM link events, including the threshold and the detection period.
Page 130 Specify the threshold for the selected link event. Vjtgujqnf<" For Symbol Period Error, it is the number of error symbols in  the period that is required to be exceeded. For Frame Error, it is the number of error frames in the period ...
Page 131: Remote Loopback
Select the desired port for configuration. It is multi-optional. Ugngev<" Choose whether to notify the dying gasp or not. F{kpi"Icur"Pqvkh{<" Choose whether to notify the critical event or not. Etkvkecn"Gxgpv" Pqvkh{<" :06" Tgoqvg"Nqqrdcem" On this page, you can initiate remote loopback if the OAM connection is established and the local client works in active mode.
Page 132: Statistics
To start or stop the remote loopback. Tgoqvg"Nqqrdcem<" :07" Uvcvkuvkeu" You can view the statistics about the detailed Ethernet OAM traffic information and event log information of a specific port here. :0703"Uvcvkuvkeu" On this page, you can view the detailed Ethernet OAM traffic information of a specific port. The device will recount the numbers every time you click the engct"button or the device is rebooted.
Page 133: Event Log
Displays the number of variable request OAMPDUs that have Xctkcdng" Tgswguv" QCORFWu<" been transmitted or received on the port. Displays the number of variable response OAMPDUs that have Xctkcdng" Tgurqpug" QCORFWu<" been transmitted or received on the port. Displays the number of loopback control OAMPDUs that have Nqqrdcem"...
Page 134: Dldp
Displays the number of error frame link events that have Gttqt"Htcog"Gxgpv<" occurred on the local link or remote link. Displays the number of error frame period link events that have Gttqt"Htcog"Rgtkqf" Gxgpv<" occurred on the local link or remote link. Displays the number of error frame seconds link events that have Gttqt"Htcog"...
Page 135 State Description Advertisement This state indicates that no unidirectional link is detected, which includes two kinds of situations: 1. This device establishes bidirectional links with all its neighbors. 2. DLDP remains in Active state for more than 5 seconds. Probe A device enters this state from the Active state if it receives a packet from an unknown neighbor.
Page 136 ○ ○ ○ The typical bidirectional link detection process is 2 → 4 → 5 , and the typical unidirectional link ○ ○ ○ detection process is 2 → 4 → On the FNFR page, you can enable the DLDP state globally and configure the interval of the advertisement packets and the port shutdown mode.
Page 137 Once detecting a unidirectional link, the port can be shut down in Ujwv"Oqfg<" one of the following two modes:  Cwvq: In this mode, DLDP generates logs and traps and shuts down corresponding port detecting unidirectional links, and the DLDP link state transits to Disable.
Page 138 2. The unidirectional link should be disconnected once being detected, and the ports shut down by DLDP can be restored after the fiber pairs are correctly connected. Pgvyqtm"Fkcitco" " Figure 8-13 DLDP Application Example Eqphkiwtcvkqp"Rtqegfwtg" " Uvgr" Qrgtcvkqp" Fguetkrvkqp" Enable DLDP globally. Required.
Page 139 After these four ports are correctly connected, select ports 1/0/27 and 1/0/28 in the Port Config table and click the Tgugv"button to restore their state from Disable. Return to CONTENTS...
Page 140: Chapter 9 Dhcp
Ejcrvgt";" FJER" DHCP (Dynamic Host Configuration Protocol) is a client-server protocol which is widely used in LAN environments to dynamically assign host IP addresses from a centralized server. As workstations and personal computers proliferate on the Internet, the administrative complexity of maintaining a network is increased by an order of magnitude.
Page 141 Vjg"Rtqeguu"qh"FJER" " DHCP uses UDP as its transport protocol. DHCP messages from a client to a server are sent to the 'DHCP server' port (67), and DHCP messages from a server to a client are sent to the 'DHCP client' port (68). DHCP clients and servers both construct DHCP messages by filling in fields in the fixed format section of the message and appending tagged data items in the variable length option area.
Page 142 for the fields given in the figure will be used throughout this document to refer to the fields in DHCP messages. Figure 9-3 The Format of DHCP Message op：Message type, ‘1’ = BOOT-REQUEST, ‘2’ = BOOT-REPLY. htype：Hardware address type, '1' for ethernet. hlen：Hardware address length, '6' for ethernet.
Page 143 14) file：Boot file name, null terminated string, "generic" name or null in DHCPDISCOVER, fully qualified directory-path name in DHCPOFFER. 15) options： Optional parameters field. See the options documents (RFC 2132) for a list of defined options. We will introduce some familiar options in the next section. FJER"Qrvkqp"...
Page 144: Dhcp Relay
IP address from the DHCP server in another VLAN. Fgvcknu"qh"FJER"Tgnc{"qp"VN/UN764:G " A typical application of TL-SL5428E working at DHCP Relay function is shown below. It can be altered to meet the network requirement. Figure 9-5 DHCP Relay Application To allow all clients in different VLANs request IP address from one server successfully, the DHCP Relay function can transmit the DHCP packets between clients and server in different VLANs.
Page 145  When receiving DHCP-OFFER and DHCP-ACK packets from the server, the switch will delete the option 82 information and forward the packets to the port which receives the request. The process is shown as follows. Figure 9-6 DHCP Relay Process FJER"Tgnc{"Eqphkiwtcvkqp"...
Page 146 Pqvg<" The option 82 parameters configured on the switch should base on and meet the requirement of the network. The DHCP Relay, allowing the clients to get the IP address from the server in another VLAN, is implemented on the FJER"Tgnc{ page. Choose the menu FJER→FJER"Tgnc{→FJER"Tgnc{ to load the following page.
Page 147 Select the operation for the existed Option 82 field of the Gzkuvgf" Qrvkqp" :4" DHCP request packets from the Host. Hkgnf<" Keep: Indicates to keep the Option 82 field of the packets.  Replace: Indicates to replace the Option 82 field of the ...
Page 148: Chapter 10 Multicast
Ejcrvgt"32" Ownvkecuv" Ownvkecuv"Qxgtxkgy" " In the network, packets are sent in three modes: unicast, broadcast and multicast. In unicast, the source server sends separate copy information to each receiver. When a large number of users require this information, the server must send many pieces of information with the same content to the users.
Page 149 KRx6"Ownvkecuv"Cfftguu" " 1. IPv4 Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination addresses of multicast packets. The multicast IP addresses range from 224.0.0.0–239.255.255.255. The following table displays the range and description of several special multicast IP addresses.
Page 150 Flags have 4 bits. The high-order flag is reserved, and must be initialized to 0. T=0 indicates a permanently-assigned multicast address assigned by the Internet Assgined Numbers Authority (IANA). T=1 indicates a non-permanently-assigned multicast address. Scope is a 4-bit value used to limit the scope of the multicast group. The values are as follows: Value Indication reserved...
Page 151 The IPv6 solicited-node multicast address has the prefix FF02:0:0:0:0:1:FF00:0000/104 concatenated with the 24 low-order bits of a corresponding IPv6 unicast or anycast address. 2. IPv6 Multicast MAC Address The high-order 16 bits of an IPv6 multicast MAC address begins with 0x3333 while the low-order 32 bits of an IPv6 multicast MAC address are the low-order 32 bits of the IPv6 multicast IP address.
Page 152: Igmp Snooping
ports in a VLAN. The list is constructed and maintained by snooping IPv6 multicast control packets. MLD snooping performs a similar function in IPv6 as IGMP snooping in IPv4. The Multicast module is mainly for multicast management configuration of the switch, including three submenus:"KIOR"Upqqrkpi, ONF"Upqqrkpi and Ownvkecuv"Vcdng0 3203"KIOR"Upqqrkpi"...
Page 153 When receiving IGMP leave message, the switch will forward IGMP group-specific-query message to check if other members in the multicast group of the port need this multicast and reset the member port time to the leave time. When the leave time times out, the switch will remove the port from the corresponding multicast group.
Page 154: Vlan Config
The following entries are displayed on this screen: Inqdcn"Eqphki" " Enable/Disable IGMP Snooping function globally on the switch. KIOR"Upqqrkpi<" Select the operation for the switch to process unknown multicast, Wpmpqyp"Ownvkecuv<" Forward or Discard. KIOR"Upqqrkpi"Uvcvwu" " Displays IGMP Snooping status. Fguetkrvkqp<" Displays the member of the corresponding status.
Page 155 Enter the static router port which is mainly used in the network Uvcvke"Tqwvgt"Rqtvu<" with stable topology. XNCP"Vcdng" " Click the"Ugngev button to quick-select the corresponding VLAN ID XNCP"KF"Ugngev<" based on the ID number you entered. Select the desired VLAN ID for configuration. It is multi-optional. Ugngev<"...
Page 156: Port Config
Figure 10-7 Port Config The following entries are displayed on this screen: Rqtv"Eqphki" " Click the Ugngev button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select the desired port for IGMP Snooping feature configuration. It Ugngev<"...
Page 157: Ip-Range
Pqvg<" Fast Leave on the port is effective only when the host supports IGMPv2 or IGMPv3. When both Fast Leave feature and Unknown Multicast Discard feature are enabled, the leaving of a user connected to a port owning multi-user will result in the other users intermitting the multicast business.
Page 158: Multicast Vlan
320307" Ownvkecuv"XNCP" In old multicast transmission mode, when users in different VLANs apply for join the same multicast group, the multicast router will duplicate this multicast information and deliver each VLAN owning a receiver one copy. This mode wastes a lot of bandwidth. The problem above can be solved by configuring a multicast VLAN.
Page 159 Enter the static router port which is mainly used in the network Tqwvgt"Rqtvu<" with stable topology. Specify the source IP which will replace the source of IGMP Tgrnceg"Uqwteg"KR<" Request in multicast vlan. Pqvg<" The router port should be in the multicast VLAN, otherwise the member ports cannot receive multicast streams.
Page 160 Switch: Port 3 is connected to the router and the packets are transmitted in VLAN3; port 4 is connected to user A and the packets are transmitted in VLAN4; port 5 is connected to user B and the packets are transmitted in VLAN5. User A: Connected to Port 4 of the switch.
Page 161: Static Multicast Ip
320308" Uvcvke"Ownvkecuv"KR" Static Multicast IP table, isolated from dynamic multicast group and multicast filter, is not learned by IGMP Snooping. It can enhance the quality and security for information transmission in some fixed multicast groups. Choose the menu Ownvkecuv→KIOR"Upqqrkpi→Uvcvke"Ownvkecuv"KR to load the following page. Figure 10-10 Static Multicast IP Table The following entries are displayed on this screen: Etgcvg"Uvcvke"Ownvkecuv"...
Page 162: Packet Statistics
320309" Rcemgv"Uvcvkuvkeu" On this page you can view the multicast data traffic on each port of the switch, which facilitates you to monitor the IGMP messages in the network. Choose the menu"Ownvkecuv→KIOR"Upqqrkpi→Rcemgv"Uvcvkuvkeu to load the following page." Figure 10-11 Packet Statistics The following entries are displayed on this screen: Cwvq"Tghtguj"...
Page 163 Displays the number of error packets the port received. Gttqt"Rcemgv<" 32030:" Swgtkgt"Eqphki" In an IPv4 multicast network that runs IGMP, a Layer 3 multicast device works as an IGMP querier to send IGMP queries and manage the multicast table. But IGMP is not supported by the devices in Layer 2 network.
Page 164: Igmp Authentication
Enter the times of sending specific query frames by IGMP Ncuv"Ogodgt"Swgt{" Vkogu<" Snooping Querier. At receiving a leave frame, a specific query frame will be sent by IGMP Snooping Querier. If a report frame is received before sending specific frames number reaches "Last Member Query Times", the switch will still treat the port as group member and stop sending specific query frames to the port, otherwise the port will be removed from forward-ports of the IP...
Page 165: Mld Snooping
Figure 10-13 IGMP Authentication The following entries are displayed on this screen: KIOR"Cwvjgpvkecvkqp" " Click the Select button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select the desired port for IGMP Authentication feature Ugngev<" configuration.
Page 166 The switch, running MLD Snooping, listens to the MLD messages transmitted between the host and the router, and tracks the MLD messages and the registered port. When receiving MLD report message, the switch adds the port to the multicast address table; when the switch listens to MLD Done message from the host, the router sends the Multicast-Address-Specific Query message of the port to check if other hosts need this multicast, if yes, the switch will receive MLD report message;...
Page 167: Global Config
port will be processed: if the receiving port is a new member port, it will be added to the forward list of the multicast group with its member port aging time specified; if the receiving port is already a member port, its member port aging time will be directly reset. Member Leave The host will send MLD Done message when leaving a multicast group to inform the router of its leaving.
Page 168 Enable or disable Report Message Suppression function globally. Tgrqtv"Oguucig" If this function is enabled, the first Report Message from the Uwrrtguukqp<" listener will forward to the router ports while the subsequent Report Message from the group will be suppressed to reduce the MLD traffic in the network.
Page 169: Vlan Config
Figure 10-15 VLAN Config The following entries are displayed on this screen: XNCP"Eqphki" " Enter the VLAN ID you want to configure. XNCP"KF<" Enter the router port aging time for this VLAN. It will override the Tqwvgt" Rqtv" Cikpi" global configured aging time. Vkog<"...
Page 170: Filter Config
2. When the router port aging time or member port aging time is set for a VLAN, this value overrides the value configured globally. 3. You should only use the Immediate-Leave feature when there is a single receiver present on every port in the VLAN.
Page 171: Port Config
Figure 10-17 Port Config The following entries are displayed on this screen: Rqtv"Eqphki" " Select the port you want to configure. Ugngev< " Displays the port number. Rqtv<" Choose to enable or disable filter function in this port. Hknvgt<" Choose the filter action mode. You can accept or Hknvgt"Oqfg<"...
Page 172: Querier Config
Figure 10-18 Static Multicast" The following entries are displayed on this screen: Uvcvke"Ownvkecuv"Eqphki" " Enter the VLAN ID. XNCP"KF<" Enter the multicast IP address. Ownvkecuv"KR<" Enter the member ports of the static multicast group. Ogodgt"Rqtvu<" Uvcvke"Ownvkecuv"Nkuv" " Select the static multicast group you want to change. Ugngev<"...
Page 173 The following entries are displayed on this screen: Swgtkgt"Eqphki" " Enter the VLAN ID which you want to start Querier. XNCP"KF<" Enter the value of Maximum Response Time field of Oczkowo" Tgurqpug" the Query message. Vkog<" Enter the Query message interval time. The Querier Swgt{"Kpvgtxcn<"...
Page 174: Packet Statistics
Figure 10-20 Packet Statistics The following entries are displayed on this screen: Cwvq"Htguj" " Enable/Disable auto fresh feature. Cwvq"Htguj<" Enter the time from 3 to 300 seconds to specify the Htguj"Rgtkqf<" auto fresh period. ONF"Rcemgv"Uvcvkuvkeu" " Displays the number of MLD Query packets the Tgegkxgf"...
Page 175: Multicast Table
320503" KRx6"Ownvkecuv"Vcdng" On this page you can view the information of the multicast groups already on the switch. Multicast IP addresses range from 224.0.0.0 to 239.255.255.255. The range for receivers to join is from 224.0.1.0 to 239.255.255.255. Choose the menu Ownvkecuv→Ownvkecuv"Vcdng→KRx6"Ownvkecuv"Vcdng to load the following page. Figure 10-21 IPv4 Multicast Table The following entries are displayed on this screen: Ugctej"Qrvkqp"...
Page 176: Ipv6 Multicast Table
Choose the menu Ownvkecuv→Ownvkecuv"Vcdng→KRx8"Ownvkecuv"Vcdng to load the following page. Figure 10-22 IPv6 Multicast Table The following entries are displayed on this screen: Ugctej"Qrvkqp" " Enter the multicast IP address the desired entry must Ownvkecuv"KR<" " carry. Enter the VLAN ID the desired entry must carry. XNCP"KF<"...
Page 177: Chapter 11 Qos
Ejcrvgt"33" SqU" QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality.  SqU" " This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function.
Page 178 2. 802.1P Priority Figure 11-2 802.1Q frame As shown in the figure above, each 802.1Q Tag has a Pri field, comprising 3 bits. The 3-bit priority field is 802.1p priority in the range of 0 to 7. 802.1P priority determines the priority of the packets based on the Pri value.
Page 179 Figure 11-4 SP-Mode WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues with lower priority cannot get service for a long time.
Page 180: Diffserv
3303"FkhhUgtx" This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms.
Page 181: Dscp Priority
Configuration Procedure: Uvgr" Qrgtcvkqp" Fguetkrvkqp" Select the port priority Required. On SqU→FkhhUgtx→Rqtv" Rtkqtkv{" page, configure the port priority. Configure mapping Required. On SqU→FkhhUgtx→:2403R1EqU"ocrrkpi" relation between the CoS page, configure the mapping relation between the CoS priority and TC and TC. Select a schedule mode Required.
Page 182 Rtkqtkv{"Ngxgn" " " Indicates the priority determined by the DSCP region of IP FUER<" datagram. It ranges from 0 to 63. Indicates the priority level the packets with tag are mapped to. The Rtkqtkv{"Ngxgn<" priority levels are labeled as TC0, TC1, TC2 and TC3. Pqvg<"...
Page 183: Schedule Mode
The following entries are displayed on this screen: :2403R"Rtkqtkv{"Eqphki" " Enable/Disable 802.1P Priority. :2403R"Rtkqtkv{<" Rtkqtkv{"cpf"EqU/ocrrkpi"Eqphki" " Indicates the precedence level defined by IEEE802.1P and the Vci/kf1Equ/kf<" CoS ID. Indicates the priority level of egress queue the packets with tag Swgwg"VE/kf<" and CoS-id are mapped to.
Page 184: Rate Limit
Weight Round Robin Mode. In this mode, packets in all the YTT/Oqfg<" queues are sent in order based on the weight value for each queue. The weight value ratio of TC0, TC1, TC2 and TC3 is 1:2:4:8. Strict-Priority + Weight Round Robin Mode. In this mode, this UR-YTT/Oqfg<"...
Page 185: Storm Control
The following entries are displayed on this screen:  Tcvg"Nkokv"Eqphki" Click the Ugngev button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select the desired port for Rate configuration. It is multi-optional. Ugngev<" Displays the port number of the switch. Rqtv<"...
Page 186 " Figure 11-11 Storm Control The following entries are displayed on this screen:  Uvqto"Eqpvtqn"Eqphki" Click the" Ugngev" button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select the desired port for Storm Control configuration. It is Ugngev<"...
Page 187: Voice Vlan
3305"Xqkeg"XNCP" Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with voice devices attached to voice VLANs, you can perform QoS-related configuration for voice data, ensuring the transmission priority of voice data stream and voice quality.
Page 188 Rqtv"Xqkeg" Xqkeg" Nkpm"v{rg"qh"vjg"rqtv"cpf"rtqeguukpi"oqfg" " XNCP"Oqfg" Uvtgco"V{rg" ACCESS: Not supported. TRUNK: Supported. The default VLAN of the port cannot be TAG voice voice VLAN. stream GENERAL: Supported. The default VLAN of the port cannot be voice VLAN and the egress rule of the access port in the voice VLAN should be TAG.
Page 189: Global Config
Pqvg<" Don’t transmit voice stream together with other business packets in the voice VLAN except for some special requirements." The Voice VLAN function can be implemented on Inqdcn"Eqphki."Rqtv"Eqphki"and QWK"Eqphki" pages. 330503" Inqdcn"Eqphki" On this page, you can configure the global parameters of the voice VLAN, including VLAN ID, aging time, the transmission priority of the voice packets and so on.
Page 190: Port Config
Figure 11-13 Port Config Pqvg<" To enable voice VLAN function for the LAG member port, please ensure its member state accords with its port mode. If a port is a member port of voice VLAN, changing its port mode to be “Auto” will make the port leave the voice VLAN and will not join the voice VLAN automatically until it receives voice streams.
Page 191: Oui Config
Displays the state of the port in the current voice VLAN. Ogodgt"Uvcvg<" Displays the LAG number which the port belongs to. NCI<" 330505" QWK"Eqphki" The switch supports OUI creation and adds the MAC address of the special voice device to the OUI table of the switch.
Page 192 Configuration Procedure of Voice VLAN: Uvgr" Qrgtcvkqp" Fguetkrvkqp" Configure the link type of Required. On XNCP→:2403S"XNCP→Rqtv"Eqphki"page, the port configure the link type of ports of the voice device. Create VLAN Required. On XNCP→:2403S"XNCP→Rqtv"Eqphki"page, click the Etgcvg button to create a VLAN. Add OUI address Optional.
Page 193: Time-Range
Ejcrvgt"34" CEN" ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and secured access control policy and facilitates you to control the network security.
Page 194: Time-Range Create
340304" Vkog/Tcpig"Etgcvg" On this page you can create time-ranges. Choose the menu CEN→Vkog/Tcpig→Vkog/Tcpig"Etgcvg"to load the following page. Figure 12-2 Time-Range Create Pqvg<" To successfully configure time-ranges, please firstly specify time-slices and then time-ranges. The following entries are displayed on this screen: Etgcvg"Vkog/Tcpig"...
Page 195: Holiday Config
340305" Jqnkfc{"Eqphki" Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays according to your work arrangement. Choose the menu CEN→Vkog/Tcpig→Jqnkfc{"Eqphki to load the following page. Figure 12-3 Holiday Configuration The following entries are displayed on this screen: Etgcvg"Jqnkfc{"...
Page 196: Acl Summary
Choose the menu CEN→CEN"Eqphki→CEN"Uwooct{"to load the following page. Figure 12-4 ACL Summary The following entries are displayed on this screen: Ugctej"Qrvkqp" " Select the ACL you have created Ugngev"CEN<" Displays the type of the ACL you select. CEN"V{rg<" Displays the rule order of the ACL you select. Twng"Qtfgt<"...
Page 197: Mac Acl
340405" OCE"CEN" MAC ACLs analyze and process packets based on a series of match conditions, which can be the source MAC addresses, destination MAC addresses, VLAN ID, and EtherType carried in the packets. Choose the menu CEN→CEN"Eqphki→OCE"CEN"to load the following page. Figure12-6 Create MAC Rule The following entries are displayed on this screen: Etgcvg"OCE/Twng"...
Page 198: Extend-Ip Acl
Choose the menu CEN→CEN"Eqphki→Uvcpfctf/KR"CEN to load the following page. Figure12-7 Create Standard-IP Rule The following entries are displayed on this screen: Etgcvg"Uvcpfctf/KR"Twng" " Select the desired Standard-IP ACL for configuration. CEN"KF<" Enter the rule ID. Twng"KF<" Select the operation for the switch to process packets which match the Qrgtcvkqp<"...
Page 199 Figure12-8 Create Extend-IP Rule The following entries are displayed on this screen: Etgcvg"Gzvgpf/KR"Twng" " Select the desired Extend-IP ACL for configuration. CEN"KF<" Enter the rule ID. Twng"KF<" Select the operation for the switch to process packets which match the Qrgtcvkqp<" rules.
Page 200: Combined Acl
Configure TCP/IP source port contained in the rule when TCP/UDP is U/Rqtv<" selected from the pull-down list of IP Protocol. Configure TCP/IP destination port contained in the rule when F/Rqtv<" TCP/UDP is selected from the pull-down list of IP Protocol. Enter the DSCP information contained in the rule.
Page 201: Policy Config
Select the operation for the switch to process packets which match the Qrgtcvkqp<" rules. Rgtokv<"Forward packets.  Fgp{<"Discard Packets.  Enter the source MAC address contained in the rule. U/OCE<" Enter the destination MAC address contained in the rule. F/OCE<" Enter IP address mask.
Page 202 The following entries are displayed on this screen: Ugctej"Qrvkqpu" " " Select name of the desired policy for view. If you want to delete the Ugngev"Rqnke{<" desired policy, please click the Fgngvg button. Cevkqp"Vcdng" " Select the desired entry to delete the corresponding policy. Ugngev<"...
Page 203: Action Create
Figure 12-11 Action Create The following entries are displayed on this screen: Etgcvg"Cevkqp" " Select the name of the policy. Ugngev"Rqnke{<" Select the ACL for configuration in the policy. Ugngev"CEN<" Select S-Mirror to mirror the data packets in the policy to the specific U/Okttqt<"...
Page 204: Policy Binding
3406"Rqnke{"Dkpfkpi" Policy Binding function can have the policy take its effect on a specific port/VLAN. The policy will take effect only when it is bound to a port/VLAN. In the same way, the port/VLAN will receive the data packets and process them based on the policy only when the policy is bound to the port/VLAN.
Page 205 Figure 12-13 Bind the policy to the port The following entries are displayed on this screen: Rqtv/Dkpf"Eqphki" " Select the name of the policy you want to bind. Rqnke{"Pcog<" " Enter the number of the port you want to bind. Rqtv<"...
Page 206 Displays the ID of the VLAN bound to the corresponding policy. XNCP"KF<" Displays the binding direction. Fktgevkqp<" Eqphkiwtcvkqp"Rtqegfwtg<" Uvgr" Qrgtcvkqp" Fguetkrvkqp" Configure effective Required. On CEN→Vkog/Tcpig configuration pages, time-range configure the effective time-ranges for ACLs. Configure ACL rules Required. On CEN→CEN" Eqphki configuration pages, configure ACL rules to match packets.
Page 207 Eqphkiwtcvkqp"Rtqegfwtg"  Uvgr" Qrgtcvkqp" " Fguetkrvkqp" Configure On CEN→Vkog/Tcpig page, create a time-range named work_time. Time-range Select Week mode and configure the week time from Monday to Friday. Add a time-slice 08:00–18:00. Configure for On CEN→CEN"Eqphki→CEN"Etgcvg page, create ACL 11. requirement 1 On CEN→CEN"Eqphki→OCE"CEN"page, select ACL 11, create Rule 1, configure...
Page 208: Ip-Mac Binding
Ejcrvgt"35" Pgvyqtm"Ugewtkv{" Network Security module is to provide the multiple protection measures for the network security, including six submenus: KR/OCE"Dkpfkpi, FJER"Upqqrkpi,"CTR"Kpurgevkqp,"KR"Uqwteg"Iwctf." FqU" Fghgpf." :2403Z and" RRRqG" Eqphki. Please configure the functions appropriate to your need. 3503"KR/OCE"Dkpfkpi" The IP-MAC Binding function allows you to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together.
Page 209 The following entries are displayed on this screen: Ugctej"Qrvkqp" " Select a Source from the pull-down list and click the Ugctej Uqwteg<" button to view your desired entry in the Binding Table.  Cnn< All the bound entries will be displayed. ...
Page 210: Manual Binding
Choose the menu Pgvyqtm"Ugewtkv{→KR/OCE"Dkpfkpi→Ocpwcn"Dkpfkpi to load the following page. Figure 13-2 Manual Binding The following entries are displayed on this screen: Ocpwcn"Dkpfkpi"Qrvkqp" " Enter the Host Name. Jquv"Pcog<" Enter the IP Address of the Host. KR"Cfftguu<" Enter the MAC Address of the Host. OCE"Cfftguu<"...
Page 211: Arp Scanning
350305" CTR"Uecppkpi" ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly. IP address is the address of the Host on Network layer. MAC address, the address of the Host on Data link layer, is necessary for the packet to reach the very device.
Page 212 Choose the menu Pgvyqtm" Ugewtkv{→KR/OCE" Dkpfkpi→CTR" Uecppkpi to load the following page. Figure 13-4 ARP Scanning The following entries are displayed on this screen: Uecppkpi"Qrvkqp" " Specify the Start IP Address. Uvctv"KR"Cfftguu<" Specify the End IP Address. Gpf"KR"Cfftguu<" Enter the VLAN ID. If blank, the switch will send the untagged XNCP"KF<"...
Page 213 network configuration protocol optimized and developed basing on the BOOTP, functions to solve the above mentioned problems. FJER"Yqtmkpi"Rtkpekrng" " DHCP works via the “Client/Server” communication mode. The Client applies to the Server for configuration. The Server assigns the configuration information, such as the IP address, to the Client, so as to reach a dynamic employ of the network source.
Page 214: Dhcp Snooping
DHCP-OFFER Stage: Upon receiving the DHCP-DISCOVER packet, the DHCP Server selects an IP address from the IP pool according to the assigning priority of the IP addresses and replies to the Client with DHCP-OFFER packet carrying the IP address and other information.
Page 215 Figure 13-7 DHCP Cheating Attack Implementation Procedure DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Snooping is to monitor the process of the Host obtaining the IP address from DHCP server, and record the IP address, MAC address, VLAN and the connected Port number of the Host for automatic binding.
Page 216: Dhcp Snooping
350403" FJER"Upqqrkpi" Choose the menu Pgvyqtm"Ugewtkv{→FJER"Upqqrkpi→FJER"Upqqrkpi to load the following page. Figure 13-8 DHCP Snooping Pqvg<" If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. The following entries are displayed on this screen: FJER"Upqqrkpi"Eqphki"...
Page 217: Option 82
Rqtv"Eqphki" " Click the"Ugngev"button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select your desired port for configuration. It is multi-optional. Ugngev<" Displays the port number. Rqtv<" Enable/Disable the port to be a Trusted Port. Only the Trusted Vtwuvgf"Rqtv<"...
Page 218 Select the operation for the Option 82 field of the DHCP request Gzkuvgf"Qrvkqp":4"hkgnf<" packets from the Host. Mggr< Indicates to keep the Option 82 field of the packets. " Tgrnceg< Indicates to replace the Option 82 field of the " packets with the switch defined one.
Page 219 As the above figure shown, the attacker sends the fake ARP packets with a forged Gateway address to the normal Host, and then the Host will automatically update the ARP table after receiving the ARP packets. When the Host tries to communicate with Gateway, the Host will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
Page 220 Figure 13-12 ARP Attack – Cheating Terminal Hosts As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
Page 221: Arp Inspection
Suppose there are three Hosts in LAN connected with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33. First, the attacker sends the false ARP response packets.
Page 222 Choose the menu Pgvyqtm"Ugewtkv{→CTR"Kpurgevkqp→CTR"Fgvgev to load the following page. Figure 13-14 ARP Detect The following entries are displayed on this screen: CTR"Fgvgev" " Enable/Disable the ARP Detect function, and click the Crrn{ CTR"Fgvgev<" button to apply." Vtwuvgf"Rqtv" " Select the port for which the ARP Detect function is unnecessary Vtwuvgf"Rqtv<"...
Page 223: Arp Defend
350504" CTR"Fghgpf" With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the legal ARP packet on the port exceeds the defined value so as to avoid ARP Attack flood. Choose the menu Pgvyqtm"Ugewtkv{→CTR"Kpurgevkqp→CTR"Fghgpf to load the following page.
Page 224: Arp Statistics
350505" CTR"Uvcvkuvkeu" ARP Statistics feature displays the number of the illegal ARP packets received on each port, which facilitates you to locate the network malfunction and take the related protection measures. Choose the menu Pgvyqtm" Ugewtkv{→CTR" Kpurgevkqp→CTR" Uvcvkuvkeu to load the following page.
Page 225: Dos Defend
Choose the menu Pgvyqtm"Ugewtkv{→KR"Uqwteg"Iwctf to load the following page. Figure 13-17 IP Source Guard The following entries are displayed on this screen: KR"Uqwteg"Iwctf"Eqphki" " Click the Ugngev" button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select your desired port for configuration.
Page 226 packets may incur a breakdown of the network. The switch can defend several types of DoS attack listed in the following table. FqU"Cvvcem"V{rg" Fguetkrvkqp" Land Attack The attacker sends a specific fake SYN packet to the destination Host. Since both the source IP address and the destination IP address of the SYN packet are set to be the IP address of the Host, the Host will be trapped in an endless circle for building the initial connection.
Page 227: Dos Defend
FqU"Cvvcem"V{rg" Fguetkrvkqp" Ping Of Death ICMP ECHO Request Packet whose sum of "Fragment Offset" and "Total Length" fields in the IP header is greater than 65535 may cause Ping of Death attack. As the maximum packet length of an IPv4 packet including the IP header is 65,535 bytes, many computer systems could not properly handle this malformed or malicious ICMP ECHO Request Packet.
Page 228: Dos Detect
Displays the Defend Type name. Fghgpf"V{rg<" Displays the count of the corresponding attack. Cvvcem"Eqwpv<" 350704" FqU"Fgvgev DoS Detect functions to detect the details of the DoS attack packets, based on which you can quickly locate the attacker in the local network. Choose the menu Pgvyqtm"Ugewtkv{→FqU"Fghgpf→FqU"Fgvgev to load the following page.
Page 229 Note that the client program must support the 802.1X authentication protocol. Cwvjgpvkecvqt" U{uvgo< The authenticator system is usually an 802.1X-supported network device, such as this TP-LINK switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system.
Page 230 802.1X client program to initiate an 802.1X authentication through the sending of an EAPOL-Start packet to the switch, This TP-LINK switch can authenticate supplicant systems in EAP relay mode or EAP terminating mode. The following illustration of these two modes will take the 802.1X authentication procedure initiated by the supplicant system for example.
Page 231 Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to the RADIUS server through the switch. (The encryption is irreversible.) The RADIUS server compares the received encrypted password (contained in a RADIUS Access-Request packet) with the locally-encrypted password.
Page 232 packet to the supplicant system if the supplicant system fails to respond in the specified timeout period. TCFKWU"ugtxgt"vkogt"(Ugtxgt"Vkogqwv): This timer is triggered by the switch after the switch sends an authentication request packet to RADIUS server. The switch will resend the authentication request packet if the RADIUS server fails to respond in the specified timeout period.
Page 233: Global Config
Choose the menu Pgvyqtm"Ugewtkv{→:2403Z→Inqdcn"Eqphki to load the following page. Figure 13-23 Global Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Enable/Disable the 802.1X function. :2403Z<" Select the Authentication Method from the pull-down list. Cwvj"Ogvjqf<"  GCR/OF7< IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client.
Page 234: Port Config
supplicant during the Quiet Period. Specify the maximum transfer times of the repeated Tgvt{"Vkogu<" authentication request. Specify the maximum time for the switch to wait for the Uwrrnkecpv"Vkogqwv<" response from supplicant before resending a request to the supplicant. 350804" Rqtv"Eqphki" On this page, you can configure the 802.1X features for the ports basing on the actual network.
Page 235 Install 802.1X client software. install the TP-LINK 802.1X Client provided on the CD. Please refer to the software guide in the same directory with the software for more information0 Configure the 802.1X globally. Required. By default, the global 802.1X function is disabled.
Page 236: Global Config
Username and password pairs are used for login and privilege authentication. The authentication can be processed locally in the switch or centrally in the RADIUS/TACACS+ server(s). The local authentication username and password pairs can be configured in 4.2 User Management. Crrnkecdng"Ceeguu"Crrnkecvkqp"...
Page 237: Radius Server Config
350904" Rtkxkngig"Gngxcvkqp" This page is used to elevate the current logged-in user from guest to admin and gain administrator level privileges. The authentication password is possibly authenticated in RADIUS/TACACS+ servers, user-defined server groups or local on the switch. Choose the menu Pgvyqtm"Ugewtkv{→CCC→Inqdcn"Eqphki to load the following page. Figure 13-2 Privilege Elevate Eqphkiwtcvkqp Rtqegfwtg：...
Page 238: Tacacs+ Server Config
Gpvt{"Fguetkrvkqp<" " Enter the IP of the server running the RADIUS secure protocol. Ugtxgt"KR<" Enter the shared key between the RADIUS server and the switch. Ujctgf"Mg{<" The RADIUS server and the switch use the key string to encrypt passwords and exchange responses. Specify the UDP destination port on the RADIUS server for Cwvj"Rqtv<"...
Page 239 350907" Cwvjgpvkecvkqp"Ugtxgt"Itqwr"Eqphki" On this page users can group authentication servers running the same secure protocol for authentication. The switch has two built-in authentication server group, one for RADIUS and the other for TACACS+. These two server groups cannot be edited or deleted. The server entries in one group are tried in the order they are added.
Page 240: Authentication Method List Config
350908" Cwvjgpvkecvkqp"Ogvjqf"Nkuv"Eqphki" Before you configure AAA authentication on a certain application, you should define an authentication method list first. An authentication method list describes the sequence and authentication method to be queried to authenticate a user. The switch uses the first method listed to authenticate users, if that method fails to respond, the switch selects the next authentication method in the method list.
Page 241 Gpvt{"Fguetkrvkqp<" " Define a method list name. Ogvjqf"Nkuv" Pcog<" Specify the authentication type as Login or Enable. Login stands Nkuv"V{rg<" for the Authentication Login Method List, and Enable stands for the Authentication Enable Method list. Specify authentication methods order. next Rtk3."Rtk4."Rtk5."...
Page 242: Default Settings
Gpvt{"Fguetkrvkqp<" " Lists of the configurable applications on the switch. Oqfwng<" Configure an application for the login utilizing a previously Nqikp"Nkuv<" configured method list. Configure an application to promote the user level to admin-level Gpcdng"Nkuv<" users utilizing a previously configured method list. 35090:"...
Page 243 Feature Default Settings Communication port is 1812.  TACACA+ server Timeout is 5 seconds.  Server group Two server groups are preset: radius and tacacs. All RADIUS servers are added in the server group radius. All TACACS+ servers are added in the Server group tacacs. Authentication login method The list contains local, and the default login username and list...
Page 244 The switch forwards the PADI packets with Circuit-ID tag to the BRAS. The BRAS responses with the PADO (PPPoE Active Discovery Offer) packets after receiving the PADI packets. Upon receiving the PADO packets with the Circuit-ID tag, the switch will remove the tag and send the packets to the client.
Page 245 The following entries are displayed on this screen: Inqdcn"Eqphki" " Enable/Disable the PPPoE Circuit-ID Insertion function globally. RRRqG"Ektewkv/KF" Kpugtvkqp<" Rqtv"Eqphki" " Click the Ugngev" button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Select the desired port for configuration. It is multi-optional. Ugngev<"...
Page 246: Chapter 14 Snmp
Ejcrvgt"36" UPOR" UPOR"Qxgtxkgy" " SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the network devices. It is used for automatically managing the various network devices no matter the physical differences of the devices.
Page 247 failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password. " UPOR"x4e<"SNMP v2c also adopts community name authentication. It is compatible with SNMP v1 while enlarges the function of SNMP v1. UPOR"x5<...
Page 248: Global Config
SNMP module is used to configure the SNMP function of the switch, including three submenus: UPOR"Eqphki, Pqvkhkecvkqp and TOQP. 3603"UPOR"Eqphki" The UPOR" Eqphki" can be implemented on the Inqdcn" Eqphki, UPOR" Xkgy, UPOR" Itqwr, UPOR"Wugt and UPOR"Eqoowpkv{ pages. 360303" Inqdcn"Eqphki" To enable SNMP function, please configure the SNMP function globally on this page.
Page 249: Snmp View
360304" UPOR"Xkgy" The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to manage MIB objects. Choose the menu UPOR→UPOR"Eqphki→UPOR"Xkgy to load the following page.
Page 250 Choose the menu UPOR→UPOR"Eqphki→UPOR"Itqwr to load the following page. Figure 14-5 SNMP Group The following entries are displayed on this screen: Itqwr"Eqphki" " Enter the SNMP Group name. The Group Name, Security Model Itqwr"Pcog<" and Security Level compose the identifier of the SNMP Group. These three items of the Users in one group should be the same.
Page 251: Snmp User
Itqwr"Vcdng" " Select the desired entry to delete the corresponding group. Ugngev<" It's multi-optional. Displays the Group Name here. Itqwr"Pcog<" Displays the Security Model of the group. Ugewtkv{"Oqfgn<" Displays the Security Level of the group. Ugewtkv{"Ngxgn<" Displays the Read View name in the entry. Tgcf"Xkgy<"...
Page 252 Select the type for the User. Wugt"V{rg<"  Nqecn" Wugt< Indicates that the user is connected to a local SNMP engine.  Tgoqvg"Wugt<"Indicates that the user is connected to a remote SNMP engine. Select the Group Name of the User. The User is classified to Itqwr"Pcog<"...
Page 253: Snmp Community
360307" UPOR"Eqoowpkv{" SNMP v1 and SNMP v2c adopt community name authentication. The community name can limit access to the SNMP agent from SNMP network management station, functioning as a password. If SNMP v1 or SNMP v2c is employed, you can directly configure the SNMP Community on this page without configuring SNMP Group and User.
Page 254 Eqphkiwtcvkqp"Rtqegfwtg<" If SNMPv3 is employed, please take the following steps:  Uvgr" Qrgtcvkqp" Fguetkrvkqp" Enable UPOR function globally. Required. On the UPOR→UPOR" Eqphki→Inqdcn" Eqphki page, enable UPOR function globally. Create SNMP View. Required. On the UPOR→UPOR" Eqphki→UPOR" Xkgy page, create SNMP View of the management agent.
Page 255: Notification
3604"Pqvkhkecvkqp" With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views (e.g., the managed device is rebooted), which allows the management station to monitor and process the events in time. The notification information includes the following two types: Vtcr ：...
Page 256 Select the Security Level for the SNMP v3 User. Ugewtkv{"Ngxgn<"  pqCwvjPqRtkx< No authentication and no privacy security level are used.  cwvjPqRtkx<"Only the authentication security level is used.  cwvjRtkx<"Both the authentication and the privacy security levels are used." Select the type for the notifications.
Page 257: Traps Config
Figure 14-9 Traps Config The following entries are displayed on this screen: UPOR"Vtcru" " If selected, the switch will send an SNMP Authentication trap UPOR" Cwvjgpvkecvkqp<" when a received SNMP request fails the authentication. If selected, the switch will send a Coldstart trap when it is rebooted Eqnfuvctv<"...
Page 258 If selected, the switch will send a VLAN Create/Delete trap when a XNCP"Etgcvg1Fgngvg" VLAN is being created or deleted. If selected, the switch will send an IP Change trap when the IP KR"Ejcpig<" address of the switch is changed. If selected, the switch will send a Storm Control trap when the Uvqto"Eqpvtqn<"...
Page 259: Rmon
3605"TOQP" RMON (Remote Monitoring) basing on SNMP (Simple Network Management Protocol) architecture, functions to monitor the network. RMON is currently a commonly used network management standard defined by Internet Engineering Task Force (IETF), which is mainly used to monitor the data traffic across a network segment or even the entire network so as to enable the network administrator to take the protection measures in time to avoid any network malfunction.
Page 260: History Control
360503" Jkuvqt{"Eqpvtqn" On this page, you can configure the History Group for RMON. Choose the menu UPOR→TOQP→Jkuvqt{"Eqpvtqn to load the following page. Figure 14-10 History Control The following entries are displayed on this screen: Jkuvqt{"Eqpvtqn"Vcdng" " Select the desired entry for configuration. Ugngev<"...
Page 261: Event Config
360504" Gxgpv"Eqphki" On this page, you can configure the RMON events. Choose the menu UPOR→TOQP→Gxgpv"Eqphki to load the following page. Figure 14-11 Event Config The following entries are displayed on this screen: Gxgpv"Vcdng" " Select the desired entry for configuration. Ugngev<"...
Page 262: Alarm Config
360505" Cncto"Eqphki" On this page, you can configure Statistic Group and Alarm Group for RMON. Choose the menu UPOR→TOQP→Cncto"Eqphki to load the following page. Figure 14-12 Alarm Config The following entries are displayed on this screen: Cncto"Vcdng" " Select the desired entry for configuration. Ugngev<"...
Page 263 Specify the type of the alarm. Cncto"V{rg<"  Cnn< The alarm event will be triggered either the sampled value exceeds the Rising Threshold or is under the Falling Threshold.  Tkukpi< When the sampled value exceeds the Rising Threshold, an alarm event is triggered. ...
Page 264: Chapter 15 Lldp
Ejcrvgt"37" NNFR" LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used for network devices to advertise their own device information periodically to neighbors on the same IEEE 802 local area network. The advertised information, including details such as device identification, capabilities and configuration settings, is represented in TLV (Type/Length/Value) format according to the IEEE 802.1ab standard, and these TLVs are encapsulated in LLDPDU (Link Layer Discovery Protocol Data Unit).
Page 265  Disable: the port cannot transmit or receive LLDPDUs. LLDPDU transmission mechanism  If the ports are working in TxRx or Tx mode, they will advertise local information by sending LLDPDUs periodically.  If there is a change in the local device, the change notification will be advertised. To prevent a series of successive LLDPDUs transmissions during a short period due to frequent changes in local device, a transmission delay timer is set by network management to ensure that there is a defined minimum time between successive LLDP...
Page 266 Maximum Frame TLV are defined by IEEE 802.3. Pqvg<" For detailed introduction of TLV, please refer to IEEE 802.1AB standard. In TP-LINK switch, the following LLDP optional TLVs are supported. VNX" Fguetkrvkqp" The Port Description TLV allows network management to Rqtv"Fguetkrvkqp"VNX...
Page 267 VNX" Fguetkrvkqp" The System Name TLV allows network management to advertise U{uvgo"Pcog"VNX the system's assigned name, which should be the system's fully qualified domain name. The Management Address TLV identifies an address associated Ocpcigogpv" Cfftguu" with the local LLDP agent that may be used to reach higher entities to assist discovery by network management.
Page 268: Global Config
370303" Inqdcn"Eqphki" On this page you can configure the LLDP parameters of the device globally. Choose the menu"NNFR→Dcuke"Eqphki→Inqdcn"Eqphki to load the following page." Figure 15-1 Global Configuration The following entries are displayed on this screen: Inqdcn"Eqphki" " Enable/disable LLDP function globally. NNFR<"...
Page 269: Port Config
370304" Rqtv"Eqphki" On this page you can configure all ports' LLDP parameters. Choose the menu"NNFR→Dcuke"Eqphki→Rqtv"Eqphki to load the following page." Figure 15-2 Port Configuration The following entries are displayed on this screen: NNFR"Rqtv"Eqphki" " Select the desired port to configure. Rqtv"Ugngev<"...
Page 270: Neighbor Info
Choose the menu"NNFR→Fgxkeg"Kphq→Nqecn"Kphq to load the following page. Figure 15-3 Local Information The following entries are displayed on this screen: Cwvq"Tghtguj" " Enable/Disable the auto refresh function. Cwvq"Tghtguj<" Specify the auto refresh rate. Tghtguj"Tcvg<" Nqecn"Kphq" " Enter the desired port number and click Ugngev"to display the information of the corresponding port.
Page 271 " The following entries are displayed on this screen: Cwvq"Tghtguj" " Enable/Disable the auto refresh function. Cwvq"Tghtguj<" Specify the auto refresh rate. Tghtguj"Tcvg<" Pgkijdqt"Kphq" " Click the Ugngev button to quick-select the corresponding port Rqtv"Ugngev<" based on the port number you entered. Displays the local port number connecting to the neighbor device.
Page 272: Device Statistics
3705"Fgxkeg"Uvcvkuvkeu" " You can view the LLDP statistics of local device through this feature. Choose the menu"NNFR→Fgxkeg"Uvcvkuvkeu→Uvcvkuvke"Kphq to load the following page. Figure 15-5 Device Statistics The following entries are displayed on this screen: Cwvq"Tghtguj" " Enable/Disable the auto refresh function. Cwvq"Tghtguj<"...
Page 273 Pgkijdqt"Uvcvkuvkeu" " Click the Ugngev button to quick-select the corresponding port Rqtv"Ugngev" based on the port number you entered. Displays local device's port number. Rqtv<" Displays the number of LLDPDUs sent by this port. Vtcpuokv"Vqvcn<" Displays the number of LLDPDUs received by this port. Tgegkxg"Vqvcn<"...
Page 274: Chapter 16 Cluster
Ejcrvgt"38" Enwuvgt" With the development of network technology, the network scale is getting larger and more network devices are required, which may result in a more complicated network management system. As a large number of devices need to be assigned different network addresses and every management device needs to be respectively configured to meet the application requirements, manpower are needed.
Page 275: Neighbor Info
The commander switch discovers and determines candidate switches by collecting related " information. After being added to the cluster, the candidate switch becomes to be the member switch. " After being removed from the cluster, the member switch becomes to be the candidate switch. "...
Page 276: Ndp Summary
The following entries are displayed on this screen: Pgkijdqt" " Select the information the desired entry should contain and then Ugctej"Qrvkqp<" click the Ugctej button to display the desired entry in the following Neighbor Information table. Pgkijdqt"Kphq" " Displays the port number of the switch. Pcvkxg"Rqtv<"...
Page 277 The following entries are displayed on this screen: Inqdcn"Eqphki" " Displays the global NDP status (enabled or disabled) for the PFR<" switch. Displays the period for the neighbor switch to keep the NDP Cikpi"Vkog<" packets from this switch. Displays the interval to send NDP packets. Jgnnq"Vkog<"...
Page 278: Ndp Config
380305" PFR"Eqphki" On this page you can configure the NDP function for the switch. Choose the menu Enwuvgt→PFR→PFR"Eqphki"to load the following page. Figure 16-4 NDP Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Enable/Disable NDP function globally. PFR<"...
Page 279: Ntdp
Pqvg<" NDP function is effective only when NDP function is enabled globally and for the port. The aging time should be set over the hello time value, otherwise this setting will be invalid and will not take effect. 3804"PVFR" NTDP (Neighbor Topology Discovery Protocol）is used for the commander switch to collect NDP information.
Page 280 Displays the role this device plays in the cluster. Tqng<" Eqoocpfgt<" Indicates the device that can configure and  manage all the devices in a cluster. Ogodgt< Indicates the device that is managed in a cluster.  Ecpfkfcvg< Indicates the device that does not belong to any ...
Page 281: Ntdp Summary
380404" PVFR"Uwooct{" On this page you can view the NTDP configuration. Choose the menu"Enwuvgt→PVFR→PVFR"Uwooct{"to load the following page." Figure 16-7 NTDP Summary The following entries are displayed on this screen: Inqdcn"Eqphki" " Displays the NTDP status (enabled or disabled) of the switch PVFR<"...
Page 282: Ntdp Config
380405" PVFR"Eqphki" On this page you can configure NTDP globally. Choose the menu Enwuvgt→PVFR→PVFR"Eqphki"to load the following page. Figure 16-8 NTDP Config The following entries are displayed on this screen: Inqdcn"Eqphki" " Enable/Disable NTDP for the switch globally. PVFR<" " Enter the interval to collect topology information.
Page 283: Cluster
Rqtv"Eqphki" " Select the desired port for NTDP status configuration. Ugngev<" Displays the port number of the switch. Rqtv<" Displays NTDP status (enabled or disabled) of the current port. PVFR<" Click the Gpcdng"button to enable NTDP feature for the port you Gpcdng<"...
Page 284 For a commander switch，the following page is displayed:  Figure 16-10 Cluster Summary for Commander Switch The following entries are displayed on this screen: Inqdcn"Eqphki" " Displays the cluster status (enabled or disabled) of the switch. Enwuvgt<" Displays the role the switch plays in the cluster. Enwuvgt"Tqng<"...
Page 285 Displays the hop count from the member switch to the commander Jqru<" switch. For a member switch, the following page is displayed:  Figure 16-11 Cluster Summary for Member Switch The following entries are displayed on this screen: Inqdcn"Eqphki" " Displays the cluster status (enabled or disabled) of the switch.
Page 286: Cluster Config
380504" Enwuvgt"Eqphki" On this page you can configure the status of the cluster the switch belongs to. Choose the menu Enwuvgt→Enwuvgt→Enwuvgt"Eqphki"to load the following page. For a candidate switch, the following page is displayed.  Figure 16-13 Cluster Configuration for Candidate Switch The following entries are displayed on this screen: Ewttgpv"Tqng"...
Page 287 For a commander switch, the following page is displayed.  Figure 16-14 Cluster Configuration for Commander Switch The following entries are displayed on this screen: Ewttgpv"Tqng" " Displays the role the current switch plays in the cluster. Tqng<" Tqng"Ejcpig" " Select this option to change the role of the switch to be candidate Ecpfkfcvg<"...
Page 288: Member Config
Tqng"Ejcpig" " Select this option to change the role of the switch to be individual Kpfkxkfwcn<" switch. For an individual switch, the following page is displayed.  Figure 16-16 Cluster Configuration for Individual Switch The following entries are displayed on this screen: Ewttgpv"Tqng"...
Page 289: Cluster Topology
Ogodgt"Kphq" " Select the desired entry to manage/delete the corresponding Ugngev<" member switch. Display the description of the member switch. Fgxkeg"Pcog<" Displays the MAC address of the member switch. Ogodgt"OCE<" Displays the IP address of the member switch used in the cluster. KR"Cfftguu<"...
Page 290 The following entries are displayed on this screen: Itcrjke"Ujqy" " Click the Eqnngev"Vqrqnqi{ button to display the cluster topology. Eqnngev"Vqrqnqi{<" If the current device is the commander switch in the cluster and Ocpcig<" the selected device is a member switch in the cluster, you can click the Ocpcig button to log on to Web management page of the corresponding switch.
Page 291 Uvgr" Qrgtcvkqp" Fguetkrvkqp" Manually collect NTDP Optional. On Enwuvgt→PVFR→Fgxkeg" Vcdng" page, information click the Eqnngev"Vqrqnqi{ button to manually collect NTDP information. On Enwuvgt→Enwuvgt→Enwuvgt"Vqrqnqi{"page, click the Collect Topology button to manually collect NTDP information. View the detailed information of Optional. On Enwuvgt→Enwuvgt→Enwuvgt" Vqrqnqi{" other switches in the cluster.
Page 292: Chapter 17 Maintenance
Ejcrvgt"39" Ockpvgpcpeg" Maintenance module, assembling the commonly used system tools to manage the switch, provides the convenient method to locate and solve the network problem. System Monitor: Monitor the utilization status of the memory and the CPU of switch. Log: View the configuration parameters of the switch and find out the errors via the Logs. Cable Test: Test the connection status of the cable to locate and diagnose the trouble spot of the network.
Page 293: Memory Monitor
390304" Ogoqt{"Oqpkvqt" Choose the menu Ockpvgpcpeg→U{uvgo"Oqpkvqt→Ogoqt{"Oqpkvqt to load the following page. Figure 17-2 Memory Monitor Click the" Oqpkvqt button to enable the switch to monitor and display its Memory utilization rate every four seconds. 3904"Nqi" The Log system of switch can record, classify and manage the system information effectively, providing powerful support for network administrator to monitor network operation and diagnose malfunction.
Page 294: Log Table
The Nqi function is implemented on the Nqi"Vcdng, Nqecn"Nqi, Tgoqvg"Nqi and Dcemwr"Nqi pages. 390403" Nqi"Vcdng" The switch supports logs output to two directions, namely, log buffer and log file. The information in log buffer will be lost after the switch is rebooted or powered off whereas the information in log file will be kept effective even the switch is rebooted or powered off.
Page 295: Local Log
390404" Nqecn"Nqi" Local Log is the log information saved in switch. By default, all system logs are saved in log buffer and the logs with severities from level_0 to level_2 are saved in log file meanwhile. On this page, you can set the output channel for logs. Choose the menu Ockpvgpcpeg→Nqi→Nqecn"Nqi to load the following page.
Page 296: Backup Log
Choose the menu Ockpvgpcpeg→Nqi→Tgoqvg"Nqi to load the following page. Figure 17-5 Log Host The following entries are displayed on this screen: Nqi"Jquv" " Displays the index of the log host. The switch supports 4 log Kpfgz<" hosts. Configure the IP for the log host. Jquv"KR<"...
Page 297: Device Diagnostics
The following entry is displayed on this screen: Dcemwr"Nqi" " " Click the Dcemwr"Nqi button to save the log as a file to your computer. Dcemwr"Nqi<" Pqvg<" It will take a few minutes to backup the log file. Please wait without any operation. 3905"Fgxkeg"Fkcipquvkeu"...
Page 298: Network Diagnostics
If the port is 100Mbps and its connection status is normal, cable test can’t get the length of the cable. 3906"Pgvyqtm"Fkcipquvkeu" This switch provides Ping test and Tracert test functions for network diagnostics. 390603" Rkpi" Ping test function, testing the connectivity between the switch and one node of the network, facilitates you to test the network connectivity and reachability of the host so as to locate the network malfunctions.
Page 299: Tracert
390604" Vtcegtv" Tracert test function is used to test the connectivity of the gateways during its journey from the source to destination of the test data. When malfunctions occur to the network, you can locate trouble spot of the network with this tracert test. Choose the menu Ockpvgpcpeg→Pgvyqtm"Fkcipquvkeu→Vtcegtv to load the following page.
Page 300 Data bits: 8  Parity: none  Stop bits: 1  Flow control: none  3） The DOS prompt “TL-SL5428E>” will appear after pressing the Enter button as shown in Figure 18-2. It indicates that you can use the CLI now.
Page 301 Figure 18-2 Open Hyper Terminal 50" Fqypnqcf"Hktoyctg"xkc"dqqvWvkn"ogpw" To download firmware to the switch via FTP function, you need to enter into the bootUtil menu of the switch and take the following steps. 1） Connect the console port of the PC to the console port of the switch and open hyper terminal.
Page 302 6） When the prompt “Are you sure to upgrade the firmware[Y/N]:” displays, please enter [ to start upgrade or enter P to quit upgrade shown as the following figure. The # icon indicates it is upgrading. After upgrading, the [TP-LINK] command will display. Ctg"{qw"uwtg"vq"writcfg"vjg"hktoyctg][1P_<"{"...
Page 303 Crrgpfkz"C<"Urgekhkecvkqpu" IEEE802.3 10Base-T Ethernet IEEE802.3u 100Base-TX/100Base-FX Fast Ethernet IEEE802.3ab 1000Base-T Gigabit Ethernet IEEE802.3z 1000Base-X Gigabit Ethernet Uvcpfctfu" IEEE802.3x Flow Control IEEE802.1p QoS IEEE802.1q VLAN IEEE802.1X Port-based Access Authentication Ethernet: 10Mbps HD，20Mbps FD Vtcpuokuukqp"Tcvg" Fast Ethernet: 100Mbps HD，200Mbps FD Gigabit Ethernet: 2000Mbps FD 10Base-T: UTP/STP of Cat.
Page 304 Crrgpfkz"D<"Inquuct{" Ceeguu"Eqpvtqn"Nkuv"*CEN+" ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Dqqv"Rtqvqeqn"*DQQVR+" BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 305 Igpgtke"Ownvkecuv"Tgikuvtcvkqp"Rtqvqeqn"*IOTR+" GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. Itqwr"Cvvtkdwvg"Tgikuvtcvkqp"Rtqvqeqn"*ICTR+" See Generic Attribute Registration Protocol. KGGG":2403F" Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 306 Nc{gt"4" Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses. Nkpm"Ciitgicvkqp" See Port Trunk. Nkpm"Ciitgicvkqp"Eqpvtqn"Rtqvqeqn"*NCER+" Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device.
Page 307 Ugewtg"Ujgnn"*UUJ+" A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Ukorng"Pgvyqtm"Ocpcigogpv"Rtqvqeqn"*UPOR+" The application protocol in the Internet suite of protocols which offers network management services.

TP-Link TL-SL5428E User Manual

Chapter 1 About this Guide

Chapter 2 Introduction

Chapter 3 Login to the Switch

Chapter 4 System

Chapter 5 Switching

Chapter 6 VLAN

Chapter 7 Spanning Tree

Chapter 8 Ethernet OAM

Chapter 9 DHCP

Chapter 10 Multicast

Chapter 11 Qos

Chapter 12 ACL

Chapter 13 Network Security

Chapter 14 SNMP

Chapter 15 LLDP

Chapter 16 Cluster

Chapter 17 Maintenance

Quick Links

Related Manuals for TP-Link TL-SL5428E

Summary of Contents for TP-Link TL-SL5428E