Page 1 User Guide JetStream 52-Port Gigabit Stackable L3 Managed Switch T3700G-52TQ REV1.0.0 1910011776...
Page 2 Specifications are subject to change without notice. is a registered trademark of TP-Link Technologies Co., Ltd. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-Link Technologies Co., Ltd.
Page 3 Продукт сертифіковано згідно с правилами системи УкрСЕПРО на відповідність вимогам нормативних документів та вимогам, що передбачені чинними законодавчими актами України. Safety Information When product has power button, the power button is one of the way to shut off the  product;...
Page 4 Explanation of the symbols on the product label Symbol Explanation AC voltage Indoor use only RECYCLING This product bears the selective sorting symbol for Waste electrical and electronic equipment (WEEE). This means that this product must be handled pursuant to European directive 2012/19/EU in order to be recycled or dismantled to minimize its impact on the environment.
Page 5: Table Of Contents
CONTENTS Package Contents ........................... 1 Chapter 1 About This Guide ......................2 Intended Readers ......................2 Conventions ........................2 Overview of This Guide....................3 Chapter 2 Introduction ........................8 Overview of the Switch ....................8 Appearance Description ....................8 Front Panel ......................8 2.2.1 Rear Panel ......................
Page 6 Access Control ....................30 4.4.1 HTTP Config ...................... 31 4.4.2 HTTPS Config ....................32 4.4.3 SSH Config ......................35 4.4.4 Telnet Config ....................39 4.4.5 SDM Template ......................39 SDM Template Config ..................39 4.5.1 Chapter 5 Stack ..........................41 Stack Management .....................
Page 7 Chapter 7 VLAN ..........................78 802.1Q VLAN ....................... 79 VLAN Config ..................... 81 7.1.1 Port Config ......................82 7.1.2 Application Example for 802.1Q VLAN ............... 84 MAC VLAN ........................86 Application Example for MAC VLAN ................87 Protocol VLAN ......................88 Protocol Group Table ..................
Page 8 Chapter 9 Multicast ........................129 IGMP Snooping ......................131 Snooping Config ..................... 133 9.1.1 Port Config ...................... 134 9.1.2 VLAN Config ....................135 9.1.3 Querier Config ....................137 9.1.4 Profile Config ....................139 9.1.5 MLD Snooping ......................141 Snooping Config ..................... 142 9.2.1 Port Config ......................
Page 9 Pool Setting ....................177 10.4.2 DHCP Options Set ..................179 10.4.3 Binding Table ....................180 10.4.4 Packet Statistics ..................... 181 10.4.5 Application Example for DHCP Server and Relay .......... 182 10.4.6 10.5 DHCP Relay ........................ 184 Global Config ....................186 10.5.1 DHCP Server ....................
Page 10 10.10.3 Virtual IP Config ....................246 10.10.4 Track Config ....................248 10.10.5 Virtual Router Statistics .................. 249 10.10.6 Application Example for VRRP ............... 251 Chapter 11 Multicast Routing ...................... 253 Global Config ......................254 11.1 Global Config ....................254 11.1.1 Mroute Table ....................
Page 11 Port Priority ..................... 298 12.1.2 802.1P/CoS to Queue Mapping ..............300 12.1.3 DSCP to Queue Mapping................301 12.1.4 Schedule Mode ....................303 12.1.5 12.2 DiffServ ........................304 Global ......................304 12.2.1 Class Summary ....................306 12.2.2 Class Config ....................306 12.2.3 Policy Summary ....................
Page 12 14.1 IP-MAC Binding ......................334 Binding Table ....................334 14.1.1 Manual Binding....................335 14.1.2 14.2 DHCP Snooping ......................336 Global Config ....................339 14.2.1 Port Config ...................... 341 14.2.2 14.3 ARP Inspection ......................342 ARP Detect ...................... 345 14.3.1 ARP Defend ..................... 346 14.3.2 ARP Statistics ....................
Page 13 History ......................381 15.3.1 Event ....................... 382 15.3.2 Alarm ....................... 383 15.3.3 Chapter 16 LLDP .......................... 385 16.1 Basic Config ....................... 388 Global Config ....................388 16.1.1 Port Config ...................... 389 16.1.2 16.2 Device Info ......................... 391 Local Info ......................391 16.2.1 Neighbor Info ....................
Page 14: Package Contents
One USB Cable  One Power Supply Module Slot Cover  Two mounting brackets and other fittings  Installation Guide  Resource CD for T3700G-52TQ switch, including:  This User Guide • The Command Line Interface Guide • SNMP Mibs •...
Page 15: Chapter 1 About This Guide
Chapter 1 About This Guide This User Guide contains information for setup and management of T3700G-52TQ switch. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for network managers familiar with IT concepts and network terminologies.
Page 16: Overview Of This Guide
Chapter 2 Introduction Introduces the features, application and appearance of T3700G-52TQ switch. Chapter 3 Login to the Switch Introduces how to log on to T3700G-52TQ Web management page. Chapter 4 System This module is used to configure system properties of the switch.
Page 17 Chapter Introduction Chapter 7 VLAN This module is used to configure VLANs to control broadcast in LANs. Here mainly introduces: 802.1Q VLAN: Configure port-based VLAN.  MAC VLAN: Configure MAC-based VLAN without changing  the 802.1Q VLAN configuration. Protocol VLAN: Create VLANs in application layer to make ...
Page 18 Chapter Introduction Chapter 10 Routing The module is used to configure several IPv4 unicast routing protocols. Here mainly introduces: Interface: Configure and view different types of interfaces:  VLAN, loopback and routed port. Routing table: Displays the routing information summary. ...
Page 19 Chapter Introduction Chapter 13 ACL This module is used to configure match rules and process policies of packets to filter packets in order to control the access of the illegal users to the network. Here mainly introduces: Time-Range: Configure the effective time for ACL rules. ...
Page 20 Chapter Introduction Chapter 17 Maintenance This module is used to assemble the commonly used system tools to manage the switch. Here mainly introduces: System Monitor: Monitor the memory and CPU of the switch.  Log: View and configure the system log function. ...
Page 21: Chapter 2 Introduction
Switch! 2.1 Overview of the Switch T3700G-52TQ is an L3 managed switch that features advanced L3 routing, 10Gbps wire-speed, physical stacking and removable power supply module and fan module, designed to meet the needs of convergence layer. T3700G-52TQ is ideal for large businesses, campuses or SMB networks requiring an outstanding, reliable and affordable 10 Gigabit solution.
Page 22 Status Indication The switch works properly. Flashing (green) On/Off The switch works improperly. A 1000Mbps device is connected to the corresponding port, but no activity. Green Data is being transmitted or received. Flashing 10/100Mbps device connected MGMT corresponding port, but no activity. Yellow Data is being transmitted or received.
Page 23: Rear Panel
 SFP+ Port: Port 49-50, designed to install the 10Gbps SFP+ transceiver or SFP+ cables. T3700G-52TQ also provides an interface card slot on the rear panel to install the expansion card (TX432 of TP-Link for example). If TX432 is installed, you get another two 10Gbps SFP+ ports.
Page 24 Module, please refer to Installation Guide. With all the protective covers removed, and the Interface Card (TX432) & Power Supply Module (PSM150-AC) inserted, the rear panel of T3700G-52TQ is shown as the following figure. Figure 2-3 Rear Panel (2) Return to CONTENTS...
Page 25: Chapter 3 Login To The Switch
Chapter 3 Login to the Switch 3.1 Login 1) To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP address of your PC should be set in the same subnet addresses of the switch.
Page 26 Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Save Config. You are suggested to click Save Config before cutting off the power or rebooting the switch to avoid losing the new configurations.
Page 27: Chapter 4 System
Chapter 4 System The System module is mainly for system configuration of the switch, including five submenus: System Info, User Management, System Tools, Access Security and SDM Template. 4.1 System Info The System Info, mainly for basic properties configuration, can be implemented on System Summary, Device Description, System Time, Daylight Saving Time, System IPv6, Management Port IPv4 and Management Port IPv6 pages.
Page 28 Choose the menu System → System Info → System Summary to load the following page. Figure 4-1 System Summary Port Status  UNIT： Select the unit ID of the desired member in the stack. Indicates the 1000Mbps port is not connected to a device. Indicates the 1000Mbps port is at the speed of 1000Mbps.
Page 29: Device Description
When the cursor moves on the port, the detailed information of the port will be displayed. Figure 4-2 Port Information Port Info  Port: Displays the port number of the switch. Type: Displays the type of the port. Rate: Displays the maximum transmission rate of the port. Status: Displays the connection status of the port.
Page 30: System Time
Figure 4-4 Device Description The following entries are displayed on this screen: Device Description  Device Name: Enter the name of the switch. Device Location: Enter the location of the switch. System Contact: Enter your contact information. 4.1.3 System Time System Time is the time displayed while the switch is running.
Page 31: Daylight Saving Time
Current Time Source: Displays the current time source of the switch. Time Config  Manual: When this option is selected, you can set the date and time manually. Get Time from NTP When this option is selected, you can configure the time zone Server: and the IP Address for the NTP Server.
Page 32: System Ipv6
The following entries are displayed on this screen: DST Config  DST Status: Enable or disable DST. Predefined Mode: Select a predefined DST configuration: USA: Second Sunday in March, 02:00 ~ First Sunday in  November, 02:00. Europe: Last Sunday in March, 01:00 ~ Last Sunday in ...
Page 33 Figure 4-7 System IPv6 The following entries are displayed on this screen: Gobal Config  IPv6: Enable or disable IPv6 function globally on the switch. Interface: Choose the interface ID to set IPv6 function. You can set interface type as VLAN Port or Routed Port. Link-local Address Config ...
Page 34 Status: Displays the status of the link-local address. Normal: Indicates that the link-local address is normal.  Try: Indicates that the link-local address may be newly  configured. Repeat: Indicates that the link-local address is duplicate.  It is illegal to access the switch using the IPv6 address (including link-local and global address).
Page 35: Management Port Ipv4
Displays the valid time of the global address. Valid Lifetime： Displays the status of the global address. Status： Normal: Indicates that the global address is normal.  Try: Indicates that the global address may be newly  configured. Repeat: Indicates that the corresponding address is ...
Page 36: Management Port Ipv6
Gateway: Specify the Gateway of the interface when the Management Port Configuration Protocol is None. IPv4 Address List  Select: Select the interfaces to modify or delete. IPv4 Protocol: Specify IPv4 Address allocate mode of the management port. None: Setup manually. ...
Page 37: User Management
The following entries are displayed on this screen: IPv6 Configuration  IPv6: Enable or disable IPv6 function globally on the management port. IPv6 Protocol: Specify IPv6 network information allocate mode of the management port. None: Setup manually.  DHCP: Allocated through DHCP. ...
Page 38: User Table
The User Management function can be implemented on User Table and User Config pages. 4.2.1 User Table On this page you can view the information about the current users of the switch. Choose the menu System → User Management → User Table to load the following page. Figure 4-10 User Table 4.2.2 User Config On this page you can configure the access level of the user to log on to the Web management...
Page 39: System Tools
Password: Type a password for users’ login. Confirm Password: Retype the password. User Table  Select: Select the desired entry to delete the corresponding user information. It is multi-optional. The current user information cannot be deleted. User ID, User Name Displays the current user ID, user name and access level.
Page 40: Config Restore
Figure 4-12 Boot Config The following entries are displayed on this screen: Boot Table  Select: Select the unit(s). Unit: Displays the unit ID. Current Startup Displays the current startup image. Image: Next Startup Image: Select the next startup image. Backup Image: Select the backup boot image.
Page 41: Config Backup
Figure 4-13 Config Restore The following entries are displayed on this screen: Config Restore  Import: Click the Import button to restore the backup configuration file. It will take effect after the switch automatically reboots. Note: It will take a few minutes to restore the configuration. Please wait without any operation. To avoid any damage, please don’t power down the switch while being restored.
Page 42: Firmware Upgrade
4.3.4 Firmware Upgrade The switch system can be upgraded via the Web management page. To upgrade the system is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware. Choose the menu System → System Tools → Firmware Upgrade to load the following page.
Page 43: System Reset
Figure 4-16 System Reboot Note: To avoid damage, please don't turn off the device while rebooting. 4.3.6 System Reset On this page you can reset the specified unit in the stack to the default. All the settings will be cleared after the switch is reset. Choose the menu System →...
Page 44: Http Config
Figure 4-18 Access Control The following entries are displayed on this screen: Access Control Config  Control Mode: Select the control mode for users to log on to the Web management page. Disable: Select to disable Access Control function.  IP-based: Select this option to limit the IP-range of the users ...
Page 45: Https Config
Choose the menu System → Access Security → HTTP Config to load the following page. Figure 4-19 HTTP Config The following entries are displayed on this screen Global Config  HTTP: Enable or disable the HTTP function on the switch. Session Config ...
Page 46 trusted certificate authority” or “Certificate Errors”. Please add this certificate to trusted certificates or continue to this website. The switch also supports HTTPS connection for IPv6. After configuring an IPv6 address (for example, 3001::1) for the switch, you can log on to the switch’s Web management page via https://[3001::1].
Page 47 SSL Version 3: Enable or disable Secure Sockets Layer Version 3.0. By default, it’s enabled. TLS Version 1: Enable or disable Transport Layer Security Version 1.0. By default, it’s enabled. CipherSuite Config  RSA_WITH_RC4_128_MD5: Key exchange with RC4 128-bit encryption and MD5 for message digest.
Page 48: Ssh Config
To establish a secured connection using https, please enter https:// into the URL field of the browser. It may take more time for https connection than that for http connection, because https connection involves authentication, encryption and decryption etc. 4.4.4 SSH Config As stipulated by IETF (Internet Engineering Task Force), SSH (Secure Shell) is a security protocol established on application and transport layers.
Page 49 Choose the menu System → Access Security → SSH Config to load the following page. Figure 4-21 SSH Config The following entries are displayed on this screen Global Config  SSH: Enable or disable SSH function. Protocol V1: Enable or disable SSH V1 to be the supported protocol. Protocol V2: Enable or disable SSH V2 to be the supported protocol.
Page 50 Encryption Algorithm  Configure SSH encryption algorithms. AES128-CBC: Select the checkbox to enable the AES128-CBC algorithm of SSH. AES192-CBC: Select the checkbox to enable the AES192-CBC algorithm of SSH. AES256-CBC: Select the checkbox to enable the AES256-CBC algorithm of SSH. Blowfish-CBC: Select the checkbox to enable the Blowfish-CBC algorithm of SSH.
Page 51 Note: It will take a long time to download the key file. Please wait without any operation. After the Key File is downloaded, the user's original key of the same type will be replaced. Application Example for SSH: Network Requirements ...
Page 52: Telnet Config
2. Click the Open button in the above figure to log on to the switch. Enter the login user name and password, and then you can continue to configure the switch. 4.4.5 Telnet Config On this page you can enable or disable Telnet function globally on the switch. Choose the menu System →...
Page 53 Choose the menu System → SDM Template → SDM Template Config to load the following page. Figure 4-23 SDM Template Config Select Options  Current Template Displays the SDM template currently in use. Next Template ID: Displays the SDM template that will become active after a reboot.
Page 54: Chapter 5 Stack
Chapter 5 Stack The stack technology is to connect multiple stackable devices through their stack ports, forming a stack which works as a unified system and presents as a single entity to the network in Layer 2 and Layer 3 protocols. It enables multiple devices to collaborate and be managed as a whole, which improves the performance and simplifies the management of the devices efficiently.
Page 55 Figure 5-1 Distributed LACP In a ring connected stack, it can still operate normally by transforming into a daisy chained stack when link failure occurs, which further ensures the normal operation of load distribution and backup across devices and links as Figure 5-2 shows. Figure 5-2 Load Distribution and Backup across Devices 3.
Page 56 Application Diagram  Figure 5-3 Application Diagram Stack Introduction  1. Stack Elements 1） Stack Role Each device in the stack system is called stack member. Each stack member processes services packets and plays a role which is either master or member in the stack system. The differences between master and member are described as below: Master: Indicates the device is responsible for managing the entire stack system.
Page 57 To establish a stack, please physically connect the stack ports of the member devices with cables. The stack ports of T3700G-52TQ can be used for stack connection or as normal Ethernet Gigabit port. When you want to establish a stack, the stack mode of the related ports should be configured as "Enable".
Page 58 Note: Establish a stack of ring or daisy chain topology with eight T3700G-52TQ switches at most. 2） Topology Collection Each member in the stack collects the topology of the whole stack by exchanging stack discovery packets with its neighbors.
Page 59 Slot Number: Indicates the number of the slot the interface card is in. For T3700G-52TQ, the front panel ports belong to slot 0. Slot number starting from 1 each represents an interface card slot.
Page 60: Stack Management
For instance: Port number 2/0/3 indicates the physical port3 on the switch whose unit number is 2. Configuration Files Application Rules: It includes global configuration and interface • configuration two parts. The global configurations of all stack members are the same. Besides, each member device keeps pace with the global configuration of the master device which enables the stack system to work just like a single entity in the network.
Page 61: Stack Info
5.1.1 Stack Info On this page you can view the basic parameters of the stack function. Choose the menu Stack → Stack Management → Stack Info to load the following page. Figure 5-7 Stack Info Configuration Procedure: View the basic parameters of the stack function. Entry Description: Auto Copy Software ...
Page 62: Stack Config
Allow Downgrade: Displays the status of allowing downgrade of the new members in the Auto Copy Software function. Stack Member Info  UNIT: Displays the unit number of the switch. Role: Displays the stack role of the switch in the stack. There are two options: Master and Member.
Page 63 Figure 5-8 Stack Config Configuration Procedure: Set the role of a specified switch in the stack. Configure the provisioned member switch. Configure the Unit ID and Priority for the Stack Member. Configure the SFP+ port’s stacking feature. Entry Description: Role Config ...
Page 64: Auto Copy Software
New Unit ID: Configure a new unit number of the switch. Priority: Configure the priority used in master election. Large first. The priority change will not take effect until next election. Preconfigured Displays the switch type of the provisioned switch. Device Type: Plugged-in Device...
Page 65: Application Example For Stack
5.2 Application Example for Stack Network Requirements  Establish a stack of ring topology with four T3700G-52TQ switches. Network Diagram  Configuration Procedure  Configure switch A, B, C and D before physically connecting them: ...
Page 66: Chapter 6 Switching
Chapter 6 Switching Switching module is used to configure the basic functions of the switch, including four submenus: Port, LAG, Traffic Monitor and MAC Address. 6.1 Port The Port function, allowing you to configure the basic features for the port, is implemented on the Port Config, Port Mirror, Port Security, Protected Ports and Loopback Detection pages.
Page 67: Port Mirror
Description: Give a port description for identification. Status: With this option enabled, the port forwards packets normally. Otherwise, the port discards all the received packets. By default, it is enabled. Speed: Select the appropriate speed mode for the port. When Auto is selected, the port autonegotiates speed mode with the connected device.
Page 68 Choose the menu Switching→Port→Port Mirror to load the following page. Figure 6-2 Mirror Session List The above page displays a mirror session, and no more session can be created. Click Edit to configure the mirror session on the following page.
Page 69 Figure 6-3 Port Mirror Config Configuration Procedure: In the Destination Port section, specify a monitoring port for the mirror session, and click Apply. In the Source Port section, select one or multiple monitored ports for configuration. The set the parameters and click Apply to make the settings effective. Entry Description: Session: Displays session number.
Page 70: Port Security
LAG: Displays the LAG number which the port belongs to. Note: The member port of a LAG cannot be set as a monitoring port or monitored port. A port cannot be set as the monitoring port and monitored port at the same time. 6.1.3 Port Security You can use this feature to limit the number of MAC addresses that can be learned on each port, thus preventing the MAC address table from being exhausted by the attack packets.
Page 71: Protected Ports
Entry Description: Max Learned MAC: Specify the maximum number of MAC addresses that can be learned on the port. When the learned MAC address number reaches the limit, the port will stop learning. Learned Num: Displays the number of MAC addresses that have been learned on the port.
Page 72: Loopback Detection
Configuration Procedure: Select and configure your desired ports or LAGs. Then click Apply to make the settings effective. Entry Description: Group: Displays the ID of the group for configuration. Group Name: Give a group name for identification. Protected Ports: Select member ports in this group. Protected ports in the same group cannot forward traffic to each other, even if they are in the same VLAN.
Page 73 Choose the menu Switching → Port → Loopback Detection to load the following page. Figure 6-7 Loopback Detection Config Configuration Procedure: In the Global Config section, enable loopback detection and configure the global parameters. Then click Apply to make the settings effective. In the Port Config section, select one or multiple ports for configuration.
Page 74 Automatic Set the recovery time globally, after which the blocked port in Recovery Time: Auto Recovery mode can automatically recover to normal status. It should be integral times of detection interval. The value ranges from 1-100 and is 3 by default Refresh With this option enabled, the switch refreshes the web timely.
Page 75: Default Settings
6.1.6 Default Settings Feature Default Settings Port Config Type: Copper Status: Enable Speed: Auto Duplex: Auto Flow Control: Disable Jumbo: 1518 Port Mirror Ingress: Disable Egress: Disable Port Security Max Learned MAC: 1024 Learned Num: 0 Learned Mode: Dynamic Status: Disable Loopback Detection Loopback Detection Status: Disable Detection Interval: 30 seconds...
Page 76: Lag Table
For the functions like IGMP Snooping, 802.1Q VLAN, MAC VLAN, Protocol VLAN, VLAN-VPN, GVRP, Voice VLAN, STP, QoS, DHCP Snooping and Flow-Control, the member pot of a LAG follows the configuration of the LAG but not its own. The configurations of the port can take effect only after it leaves the LAG.
Page 77 Choose the menu Switching→LAG→LAG Table to load the following page. Figure 6-8 LAG Table Configuration Procedure: In the Global Config section, select the load-balancing algorithm. Click Apply to make the settings effective. In LAG Table, view the information of the current LAG . Entry Description: Hash Algorithm: Select the Hash Algorithm, based on which the switch...
Page 78: Static Lag
Operation: Click Edit to modify the settings of the LAG. Click Detail to get the detailed information of the LAG. Click the Detail button for the detailed information of your selected LAG. Figure 6-9 Detail Information 6.2.2 Static LAG On this page, you can manually configure the LAG. The LACP feature is disabled for the member ports of the manually added Static LAG.
Page 79: Lacp Config
Member Port  UNIT: Select the unit ID of the desired member in the stack. Member Port: Select the port as the LAG member. Clearing all the ports of the LAG will delete this LAG. Tips: Load-balancing algorithm is effective only for outgoing traffic. If the data stream is not well shared by each link, you can change the algorithm of the outgoing interface.
Page 80: Default Settings
In the Member Port section, select the member ports for the LAG. It is multi-optional. Click Apply. Entry Description: System Priority: Specify the system priority for the switch. A smaller value means a higher priority. To keep active ports consistent at both ends, you can set the priority of one device to be higher than that of the other device.
Page 81: Traffic Monitor
LACP System Priority: 32768 Admin Key: 0 Port Priority: 0 Mode: Passive Status: Disable 6.3 Traffic Monitor The Traffic Monitor function, monitoring the traffic of each port, is implemented on the Traffic Summary and Traffic Statistics pages. 6.3.1 Traffic Summary Traffic Summary screen displays the traffic information of each port, which facilitates you to monitor the traffic and analyze the network abnormity.
Page 82: Traffic Statistics
Refresh Rate: Specify the refresh interval in seconds. Traffic Summary  Port: Displays the port number. Packets Rx: Displays the number of packets received on the port. Error packets are not counted in. Packets Tx: Displays the number of packets transmitted on the port. Octets Rx: Displays the number of octets received on the port.
Page 83 Configuration Procedure: To get the real-time traffic summary, enable auto refresh in the Auto Refresh section, or click Refresh at the bottom of the page. In the Traffic Summary section, click 1 to show the information of the physical ports, and click LAGS to show the information of the LAGs.
Page 84: Mac Address
Pkts512to1023Octets: Displays the number of the received packets (including error packets) that are between 512 and 1023 bytes long. PktsOver1023Octets: Displays the number of the received packets (including error packets) that are more than 1023 bytes long. Collisions: Displays the number of collisions experienced by a port during packet transmissions.
Page 85 Figure 6-14 Address Table The following entries are displayed on this screen: Search Option  MAC Address: Enter the MAC address of your desired entry. VLAN ID: Enter the VLAN ID of your desired entry. Port: Select the corresponding port number or link-aggregation number of your desired entry.
Page 86: Static Address
MAC Address: Displays the MAC address learned by the switch. VLAN ID: Displays the corresponding VLAN ID of the MAC address. Port: Displays the corresponding port number or link-aggregation number of the MAC address. Type: Displays the Type of the MAC address. Aging Status: Displays the Aging status of the MAC address.
Page 87: Dynamic Address
Port: Select a port to be bound. Search Option  Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in the Static Address Table. MAC: Enter the MAC address of your desired entry. •...
Page 88 On this page, you can configure the dynamic MAC address entry. Choose the menu Switching→MAC Address→Dynamic Address to load the following page. Figure 6-16 Dynamic Address The following entries are displayed on this screen: Aging Config  Auto Aging: Allows you to Enable/Disable the Auto Aging feature. Aging Time: Enter the Aging Time for the dynamic address.
Page 89: Filtering Address
Port: Displays the corresponding port number or link-aggregation number of the MAC address. Type: Displays the Type of the MAC address. Aging Status: Displays the Aging Status of the MAC address. Bind: Click the Bind button to bind the MAC address of your selected entry to the corresponding port statically.
Page 90 Search Option  Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in the Filtering Address Table. MAC Address: Enter the MAC address of your desired entry. • VLAN ID: Enter the VLAN ID number of your desired entry. •...
Page 91: Chapter 7 Vlan
Chapter 7 VLAN The traditional Ethernet is a data network communication technology basing on CSMA/CD (Carrier Sense Multiple Access/Collision Detect) via shared communication medium. Through the traditional Ethernet, the overfull hosts in LAN will result in serious collision, flooding broadcasts, poor performance or even breakdown of the Internet. Though connecting the LANs through switches can avoid the serious collision, the flooding broadcasts cannot be prevented, which will occupy plenty of bandwidth resources, causing potential serious security problems.
Page 92: Q Vlan
A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be dispersed in a looser way. That is, hosts in a VLAN can belong to different physical network segment. This switch supports three ways, namely, 802.1Q VLAN, MAC VLAN and Protocol VLAN, to classify VLANs.
Page 93 Link Types of ports  When creating the 802.1Q VLAN, you should set the link type for the port according to its connected device. The link types of port including the following three types: ACCESS: The ACCESS port can be added in a single VLAN, and the egress rule of the port is UNTAG.
Page 94: Vlan Config
packet will tag. dropped. If the egress rule of port is TAG, the packet will be forwarded with its current VLAN tag. General If the egress rule of port is UNTAG, the packet will be forwarded after removing its VLAN tag. Table 7-1 Relationship between Port Types and VLAN Packets Processing IEEE 802.1Q VLAN function is implemented on the VLAN Config and Port Config pages.
Page 95: Port Config
Figure 7-4 Create or Modify 802.1Q VLAN The following entries are displayed on this screen: VLAN Info  VLAN ID: Enter the ID number of VLAN. Name: Displays the user-defined name of VLAN. Untagged port: Displays the untagged port which is ACCESS, TRUNK or GENERAL.
Page 96 Figure 7-5 802.1Q VLAN – Port Config The following entries are displayed on this screen: VLAN Port Config  Select the unit ID of the desired member in the stack. UNIT: Select the desired port for configuration. It is multi-optional. Select: Displays the port number.
Page 97: Application Example For 802.1Q Vlan
LAG: Displays the LAG to which the port belongs. VLAN: Click the Detail button to view the information of the VLAN to which the port belongs. Click the Detail button to view the information of the corresponding VLAN. Figure 7-6 View the Current VLAN of Port The following entries are displayed on this screen: VLAN of Port ...
Page 98 PC B and Server B is in the same VLAN;  PCs in the two VLANs cannot communicate with each other.  Network Diagram  Configuration Procedure  Configure switch A  Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure Link Type of the the link type of Port 2, Port 3 and Port 4 as ACCESS, TRUNK and ports...
Page 99: Mac Vlan
7.3 MAC VLAN MAC VLAN technology is the way to classify VLANs according to the MAC addresses of Hosts. A MAC address corresponds to a single VLAN ID. For the device in a MAC VLAN, if its MAC address is bound to VLAN, the device can be connected to another member port in this VLAN and still takes its member role effect without changing the configuration of VLAN members.
Page 100: Application Example For Mac Vlan
7.4 Application Example for MAC VLAN Network Requirements  Switch A and switch B are connected to meeting room A and meeting room B respectively,  and the two rooms are for all departments; Notebook A and Notebook B, special for meeting room, are of two different departments; ...
Page 101: Protocol Vlan
Step Operation Description Configure MAC On VLAN→MAC VLAN→MAC VLAN page, create MAC VLAN10 with VLAN 10 the MAC address as 00-19-56-8A-4C-71. Configure MAC On VLAN→MAC VLAN→MAC VLAN page, create MAC VLAN10 with VLAN 20 the MAC address as 00-19-56-82-3B-70. Configure switch B ...
Page 102: Protocol Group Table
This switch can classify VLANs basing on the common protocol types listed in the following table. Please create the Protocol VLAN to your actual need. Protocol Type Type value 0x0806 0x0800 MPLS 0x8847/0x8848 0x8137 IS-IS 0x8000 LACP 0x8809 802.1X 0x888E Table 7-2 Protocol types in common use The packet in Protocol VLAN is processed in the following way: When receiving an untagged packet, the switch matches the packet with the current...
Page 103: Protocol Group
Protocol Name: Displays the protocol of the protocol group. VLAN ID: Displays the corresponding VLAN ID of the protocol. Member: Displays the member of the protocol group. Operate: Click the Edit button to modify the settings of the entry. 7.5.2 Protocol Group On this page, you can configure the Protocol Group.
Page 104: Application Example For Protocol Vlan
Choose the menu VLAN→Protocol VLAN→Protocol Template to load the following page. Figure 7-11 Create and View Protocol Template Configuration Procedure: Specify a template ID and a name for the protocol template. Enter the ethernet type filed of your desired protocol. Click Create to make the settings effective.
Page 105 Network Diagram  Configuration Procedure  Configure switch A  Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the link type of Port 11 and Port 13 as ACCESS, and configure the link ports type of Port 12 as GENERAL.
Page 106: Vlan Vpn
Step Operation Description Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 20, owning Port 3 and Port 5, and configure the egress rule of Port 3 as Untag. Create Protocol Required. On VLAN→Protocol VLAN→Protocol Template page, Template configure the protocol templates practically.
Page 107: Vlan-Vpn Config
The position of the TPID field in an Ethernet packet is the same as the position of the protocol type field in the packet without VLAN Tag. Thus, to avoid confusion happening when the switch forwards or receives a packet, you must not configure the following protocol type values listed in the following table as the TPID value.
Page 108: Default Settings
VPN Up-link ports: Select the desired port as the VPN Up-link port. 7.7.2 Default Settings Feature Default Settings Global TPID 8100 7.8 GVRP GVRP (GARP VLAN Registration Protocol) is an implementation of GARP (generic attribute registration protocol). GVRP allows the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagate the local VLAN registration information to other switches, without having to individually configure each VLAN.
Page 109 Join Timer: To transmit the Join messages reliably to other entities, a GARP entity sends • each Join message two times. The Join timer is used to define the interval between the two sending operations of each Join message. Leave Timer: When a GARP entity expects to deregister a piece of attribute information, it •...
Page 110: Gvrp Config
7.8.1 GVRP Config On this page, you can configure the GVRP feature. Choose the menu VLAN→GVRP→GVRP Config to load the following page. Figure 7-16 GVRP Config Configuration Procedure: Specify a MAC address and a VLAN ID. Then click Create to make the settings effective. Globally enable the GVRP feautre.
Page 111: Default Settings
Status: Enable/Disable the GVRP feature for the port. The port type should be set to TRUNK before enabling the GVRP feature. LeaveAll Timer: Once the LeaveAll Timer is set, the port with GVRP enabled can send a LeaveAll message after the timer times out, so that other GARP ports can re-register all the attribute information.
Page 112 Private VLAN adopts Layer 2 VLAN structure. A Private VLAN consists of a Primary VLAN and a Secondary VLAN, providing a mechanism for achieving layer-2-separation between ports. For uplink devices, all the packets received from the downstream are without VLAN tags. Uplink devices need to identify Primary VLANs but not Secondary VLANs.
Page 113: Pvlan Config
Private VLAN Implementation  To hide Secondary VLANs from uplink devices and save VLAN resources, Private VLAN containing one Primary VLAN and one Secondary VLAN requires the following characteristics: Packets from different Secondary VLANs can be forwarded to the uplink device via ...
Page 114: Port Config
Primary VLAN ID: Enter the Primary VLAN ID number of the  desired Private VLAN. Secondary VLAN ID: Enter the Secondary VLAN ID number of  the desired Private VLAN. Private VLAN Table  Select: Select the entry to delete. It is multi-optional. Primary VLAN: Displays the Primary VLAN ID number of the Private VLAN.
Page 115: Application Example For Private Vlan
Primary VLAN: Specify the Primary VLAN the port belongs to. Secondary VLAN: Specify the Secondary VLAN the port belongs to. UNIT: Select the unit ID of the desired member in the stack. Private VLAN Port Table  UNIT: Select the unit ID of the desired member in the stack. Port ID: Displays the port number.
Page 116 Network Diagram  Configuration Procedure  Configure Switch C  Step Operation Description Create VLAN6 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 6, owning Port 1/0/1. Configure switch A  Step Operation Description Create Private Required.
Page 117 Configure switch B  Step Operation Description Create Private Required. On the VLAN→Private VLAN→PVLAN Config page, VLANs. enter the Primary VLAN 6 and Secondary VLAN 5 and 8, select one type of secondary VLAN and then click the Create button. Required.
Page 118: Chapter 8 Spanning Tree
Chapter 8 Spanning Tree STP (Spanning Tree Protocol), subject to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network and block ports by exchanging information, in that way, a ring network can be disbranched to form a tree-topological ring-free network to prevent packets from being duplicated and forwarded endlessly in the network.
Page 119 Root Port: The port selected on non-root bridges to provide the lowest root path cost. There is only one root port in each non-root bridge. Designated Port: The port selected for each LAN segment to provide the lowest root path cost from that LAN segment to the root bridge.
Page 120 port begins to forward data after twice forward delay, which ensures the new configuration BPDUs are spread in the whole network. BPDU Comparing Principle in STP mode  Assuming two BPDUs: BPDU X and BPDU Y If the root bridge ID of X is smaller than that of Y, X is superior to Y. If the root bridge ID of X equals that of Y, but the root path cost of X is smaller than that of Y, X is superior to Y.
Page 121 Here are the steps taken by switches in selecting the designated bridge and designated port for each LAN segment: Choose the switch with the lowest root path cost from the LAN segment to the root bridge as the designated bridge. The port through which the designated bridge is attached to the LAN segment is the designated port.
Page 122 MSTP Elements  MST Region (Multiple Spanning Tree Region): An MST region consists of multiple interconnected switches. These switches have the same region name, the same revision level and the same VLAN-Instance mapping table. MSTI (Multiple Spanning Tree Instance): The MST instance is a spanning tree running in the MST region.
Page 123 Forwarding: In this status the port can receive/forward data, receive/send BPDU packets  as well as learn MAC address. Learning: In this status the port can receive/send BPDU packets and learn MAC address.  Blocking: In this status the port can only receive BPDU packets. ...
Page 124: Stp Config
8.1 STP Config The STP Config function, for global configuration of spanning trees on the switch, can be implemented on STP Config and STP Summary pages. 8.1.1 STP Config Before configuring spanning trees, you should make clear the roles each switch plays in each spanning tree instance.
Page 125 Parameters Config  CIST Priority: Specify the CIST priority of the switch. The valid values are from 0 to 61440, which are divisible by 4096.By default, it is 32768. The switch with the lower value has the higher priority. CIST priority is usually a parameter configured in MSTP, which means the priority of a switch in CIST.
Page 126: Stp Summary
8.1.2 STP Summary On this page you can view the related parameters for Spanning Tree function. Choose the menu Spanning Tree→STP Config→STP Summary to load the following page. Figure 8-5 STP Summary 8.2 Port Config On this page you can configure the parameters of the ports for CIST.
Page 127 Choose the menu Spanning Tree→Port Config→Port Config to load the following page. Figure 8-6 Port Config Configuration Procedure: Configure the parameters of the ports for CIST. Entry Description: Port Config  UNIT: Select the desired unit or LAGs. Select: Select the desired port for STP configuration. It is multi-optional. Port: Displays the port number of the switch.
Page 128 Int-Path Cost: Enter the value of the internal path cost. The default setting is Auto, which means the port calculates the path cost automatically according to the port’s link speed. Internal path cost is the path cost of the port in IST. The port with the lowest internal root path cost will be elected as the root port in IST.
Page 129: Mstp Instance
Port Role: Displays the role of the port played in the STP Instance. Root Port: Indicates the port that has the lowest root path cost  from this bridge to the Root Bridge and forwards packets to the root. Designated Port: Indicates the port that forwards packets to a ...
Page 130: Region Config
8.3.1 Region Config On this page you can configure the name and revision of the MST region. Choose the menu Spanning Tree→MSTP Instance→Region Config to load the following page. Figure 8-7 Region Config Configuration Procedure: Set the name and revision level to specify an MSTP region. Entry Description: Region Config ...
Page 131: Instance Port Config
Configuration Procedure: Enter the instance ID and the corresponding VLAN ID, and click Add. Configure the priority of the switch in the desired instance, and click Apply. Entry Description: VLAN-Instance Mapping  Instance ID: Enter the corresponding instance ID. VLAN ID: Enter the desired VLAN ID.
Page 132 Choose the menu Spanning Tree→MSTP Instance→Instance Port Config to load the following page. Figure 8-9 Instance Port Config Configuration Procedure: Select the desired instance ID for its port configuration. Configure port parameters in the desired instance. Instance ID Select  Instance ID: Select the desired instance ID for its port configuration.
Page 133 Priority: Enter the value of port priority from 0 to 240, which is divisible by 16, and the default value is 128. The port with the lower value has the higher priority. In the same condition, the port with the highest priority will be elected as the root port in the desired instance.
Page 134: Stp Security
Configure CIST parameters Required. Configure CIST parameters for ports on for ports Spanning Tree→Port Config→Port Config page. Configure the MST region Required. Create the MST region, VLAN-Instance mapping and the priority of the switch in the corresponding region on Spanning Tree→MSTP Instance→Region Config and Instance Config page.
Page 135 A switch removes MAC address entries upon receiving TC-BPDUs (the packets used to announce changes in the network topology). If a user maliciously sends a large number of TC-BPDUs to a switch in a short period, the switch will be busy with removing MAC address entries, which may decrease the performance and stability of the network.
Page 136 Choose the menu Spanning Tree→STP Security→Port Protect to load the following page. Figure 8-10 Port Protect Configuration Procedure: Configure the Port Protect features for the selected ports, and click Apply. Entry Description: Port Protect  UNIT: Select the desired unit or LAGs. Select: Select the desired port for port protect configuration.
Page 137: Application Example For Mstp Function
Root Protect: Enable or disable the Root Protect function. It is recommended to enable this function on the designated ports of the root bridge. Root Protect function is used to ensure that the desired root bridge will not lose its position. With root protect function enabled, the port will temporarily transit to blocking state when it receives higher-priority BDPUs.
Page 138 MSTP function for the port. Configure region On Spanning Tree→MSTP Instance→Region Config page, name and the revision of configure the region as TP-Link and keep the default revision MST region setting. Configure On Spanning Tree→MSTP Instance→Instance Config page, VLAN-Instance mapping configure VLAN-Instance mapping table.
Page 139 MSTP function for the port. Configure region On Spanning Tree→MSTP Instance→Region Config page, name and the revision of configure the region as TP-Link and keep the default revision MST region setting. Configure On Spanning Tree→MSTP Instance→Instance Config page, VLAN-Instance mapping configure VLAN-Instance mapping table.
Page 140 MSTP function for the port. Configure region On Spanning Tree→MSTP Instance→Region Config page, name and the revision of configure the region as TP-Link and keep the default revision MST region setting. Configure On Spanning Tree→MSTP Instance→Instance Config page, VLAN-Instance mapping configure VLAN-Instance mapping table.
Page 141 For Instance 2 (VLAN 102, 104 and 106), the blue paths in the following figure are connected  links; the gray paths are the blocked links. Suggestion for Configuration  Enable TC Protect function for all the ports of switches. ...
Page 142: Chapter 9 Multicast
Chapter 9 Multicast Multicast Overview  In the network, packets are sent in three modes: unicast, broadcast and multicast. In unicast, the source server sends separate copy information to each receiver. When a large number of users require this information, the server must send many pieces of information with the same content to the users.
Page 143 3. Each user can join and leave the multicast group at any time; 4. Real time is highly demanded and certain packets drop is allowed. Multicast Address  1. Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination addresses of multicast packets.
Page 144: Igmp Snooping
entry cannot be found in the table, the switch will broadcast the packet in the VLAN owning the receiving port. If the corresponding entry can be found in the table, it indicates that the destination address should be a group port list, so the switch will duplicate this multicast data and deliver each port one copy.
Page 145 is not a router port yet, it will be added to the router port list with its router port time specified; if the receiving port is already a router port, its router port time will be directly reset. When receiving IGMP group-specific-query message, the switch will send the group-specific query message to the members of the multicast group being queried.
Page 146: Snooping Config
9.1.1 Snooping Config To configure the IGMP Snooping on the switch, please firstly configure IGMP global configuration and related parameters on this page. If the multicast address of the received multicast data is not in the multicast address table, the switch will broadcast the data in the VLAN.
Page 147: Port Config
9.1.2 Port Config On this page you can configure the IGMP feature for ports of the switch. Choose the menu Multicast→IGMP Snooping→Port Config to load the following page. Figure 9-5 Port Config The following entries are displayed on this screen: Port Config ...
Page 148: Vlan Config
IGMP query message from the router port within the router port time. The switch will no longer consider this port as a router port and delete it from the router port table. The valid values are from 60 to 600 seconds. Max Response Enter the host’s maximum response time to general query Time:...
Page 149 Fast Leave: Enable or disable Fast Leave feature in this VLAN. If Fast Leave is enabled, the switch will immediately remove this port from the multicast group upon receiving IGMP leave messages. Report If this function is enabled, the switch will only forward the first Suppression: IGMP report message to Layer 3 devices and suppress subsequent IGMP report messages from the same multicast...
Page 150: Querier Config
Configuration procedure: Step Operation Description Enable IGMP Snooping Required. Enable IGMP Snooping globally on the switch function on Multicast→IGMP Snooping→Snooping Config page. Configure multicast Optional. Configure the multicast parameters for VLANs parameters for VLANs on Multicast→IGMP Snooping→VLAN Config page. If a VLAN has no multicast parameters configuration, it indicates the IGMP Snooping is not enabled in the VLAN, thus the multicast data in the VLAN will be broadcasted.
Page 151 The following entries are displayed on this screen: IGMP Snooping Querier Config  Querier Mode: Enter the Query mode which for the IGMP snooping querier on the device. When enabled, the IGMP snooping querier sends out periodic IGMP queries that trigger IGMP report messages from the switches that want to receive IP multicast traffic.
Page 152: Profile Config
9.1.5 Profile Config On this page you can configure an IGMP profile. Choose the menu Multicast→Multicast Filter→Profile Config to load the following page. Figure 9-8 Profile Create The following entries are displayed on this screen: Profile Creation  Profile ID: Specify the Profile ID you want to create, and it should be a number between 1 and 999.
Page 153 Operation: Click the Edit button to configure the mode or IP-range of the Profile. Figure 9-9 Profile Config Profile Mode  Profile ID: Displays the Profile ID. Mode: Configure the filtering mode of the profile. Permit: Only permit the IP address within the IP range and ...
Page 154: Mld Snooping
9.2 MLD Snooping MLD Snooping  Multicast Listener Discovery (MLD) snooping is applied for efficient distribution of IPv6 multicast data to clients and routers in a Layer 2 network. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN.
Page 155: Snooping Config
MLD Snooping Process  1. General Query The MLD router regularly sends MLD general queries to query if the multicast groups contain any members. When receiving MLD general queries, the switch will forward them to all other ports in the VLAN. The receiving port will be processed: if the receiving port is not a router port yet, it will be added to the router port list with its router port aging time specified;...
Page 156 Chose the menu Multicast→MLD Snooping→Snooping Config to load the following page. Figure 9-10 MLD Snooping Config The following entries are displayed on this screen: Global Config  MLD Snooping: Enable or disable MLD Snooping function globally. Unknown Multicast: Choose to forward or drop unknown multicast data. Unknown IPv6 multicast packets refer to those packets without corresponding forwarding entries in the IPv6 multicast table: When unknown multicast filter is enabled, the switch will...
Page 157: Port Config
9.2.2 Port Config On this page you can configure MLD Snooping function with each single port. Choose the menu Multicast→MLD Snooping→Port Config to load the following page. Figure 9-11 Port Config The following entries are displayed on this screen: Port Config ...
Page 158: Vlan Config
port time. The switch will no longer consider this port as a router port and delete it from the router port table. The valid values are from 60 to 600 seconds. Max Response Time: Enter the host’s maximum response time to general query messages in a range of 1 to 25 seconds.
Page 159: Querier Config
Member Port Time: Specify the aging time of the member port. Within this time, if the switch doesn’t receive MLD report message from the member port, it will consider this port is not a member port any more. Router Port Time: Specify the aging time of the router port.
Page 160 Layer 2 network. MLD Snooping Querier can act as an MLD Router in Layer 2 network. It can help to create and maintain multicast forwarding table on the switch with the Query messages it generates. Choose the menu Multicast→MLD Snooping→Querier Config to load the following page. Figure 9-13 Packet Statistics The following entries are displayed on this screen: MLD Snooping Querier Config...
Page 161: Profile Config
Querier VLAN Displays the General Query Message source IP address. Address: Operational State: Displays the Operational State. Last Querier Displays the Last Querier Address. Address: Operational Displays the Operational Version. Version: Operational Max Displays the value of Operational Max Response Time. Response Time: Last Querier Address Table ...
Page 162 Mode: The attributes of the profile. Permit: Only permit the IP address within the IP range and  deny others. Deny: Only deny the IP address within the IP range and  permit others. Search Option  Profile ID: Enter the profile ID the desired entry must carry. MLD Profile Info ...
Page 163: Mvr
Deny: Only deny the IP address within the IP range and  permit others. Add IP-range  Start IP: Enter the start IP address of the IP range. End IP: Enter the end IP address of the IP range. IP-range Table ...
Page 164: Interface Config
The following entries are displayed on this screen: MVR Config  MVR: Before configuring functions related to MVR, click Enable to enable MVR function globally. MVR Mode: Select the MVR mode. Compatible: The switch working in Compatible mode does not learn multicast groups, which means the MVR switch does not forward IGMP reports from the hosts to the IGMP router.
Page 165 Choose the menu Multicast→MVR→Interface Config to load the following page. Figure9-17 MVR Interface Config The following entries are displayed on this screen: Interface Config  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port to configure MVR settings on the specific interface.
Page 166: Member Config
Status: Displays the port’s status. INACTIVE/InVLAN: The port is part of a VLAN but inactive. INACTIVE/NotInVLAN: The port is not part of any VLAN and inactive. ACTIVE/InVLAN: The port is part of a VLAN and active. Immediate Leave: Enable or disable the immediate leave function on this port. When immediate leave is enabled, the receiver port will be removed for the multicast group when an IGMP leave message is received on this port, without sending an IGMP query...
Page 167: Traffic
The following entries are displayed on this screen: Create MVR Group  MVR Group IP: Configure an IP multicast address on the switch or use the MVR Group Count parameter to create a contiguous series of MVR group addresses. Any multicast data sent to this address is sent to all source ports on the switch and all receiver ports that have required to receive data on that multicast address.
Page 168: Multicast Table
IGMP Leave: Displays the number of packets of IGMP Leave. IGMP Packet Displays the number of packets of IGMP Packet Failure. Failure: 9.4 Multicast Table You can view different types of multicast table in the follow pages. 9.4.1 Summary On this page you can view the summary of the multicast table and multicast entries. Choose the menu Multicast→Multicast Table→Summary to load the following page.
Page 169: Static Config
Source: Enter the source the desired entry must carry. Type: Enter the type the desired entry must carry. Forward Port: Enter the forward port number the desired entry must carry. Multicast MAC Address Table  VLAN ID: Displays the VLAN ID of the multicast MAC entries. MAC Address: Displays the MAC address of the multicast MAC entries.
Page 170 The following entries are displayed on this screen: Create Static Multicast  MAC Address: Enter the multicast MAC address to create multicast MAC entry. VLAN ID: Enter the VLAN ID to add multicast MAC entry for the desired VLAN. Forward Port: Select the forward port of multicast MAC entry.
Page 171: Igmp Snooping
9.4.3 IGMP Snooping In an MAC multicast environment, all receivers can join a multicast group. On this page you can view the information of the multicast groups for IGMP Snooping already on the switch. Choose the menu Multicast→Multicast Table→IGMP Snooping to load the following page. Figure 9-22 IGMP Multicast Table The following entries are displayed on this screen: Search Option...
Page 172: Ssm Groups
Choose the menu Multicast→Multicast Table→Summary to load the following page. Figure 9-23 MLD Multicast Table The following entries are displayed on this screen: Search Option  Search Option: Select the rules for displaying multicast MAC table to find the desired entries quickly. All: Displays all multicast MAC entries.
Page 173: Ssm Entries
The following entries are displayed on this screen: Search Option  Search Option: Select the rules for displaying source specific multicast table to find the desired entries quickly. All: Displays all source specific multicast entries. • VLAN ID: Enter the VLAN ID the desired entry must carry. •...
Page 174: Ssm Status
The following entries are displayed on this screen: Search Option  Search Option: Select the rules for displaying source specific multicast table to find the desired entries quickly. • All: Displays all source specific multicast entries. • VLAN ID: Enter the VLAN ID the desired entry must carry. •...
Page 175 The following entries are displayed on this screen: IGMP Snooping  Total Entries: Displays the Max MFDB Table Entries. Most SSM FDB Displays the Most SSM FDB Entries Ever Used of source Entries Ever Used: specific multicast. Current Entries: Displays the Current Entries of source specific multicast. MLD Snooping ...
Page 176: Chapter 10 Routing
The goal of a routing protocol is very simple: It is to supply the information that is needed to do routing. This chapter describes how to configure the IPv4 unicast routing on the T3700G-52TQ. 10.1 Interface Interface is a virtual interface in Layer 3 mode and mainly used for realizing the Layer 3 connectivity between VLANs or routed ports.
Page 177 IP Address Mode: Specify the IP address assignment mode of the interface. None: without ip. Static: setup manually. DHCP: allocated through DHCP. IP Address: Specify the IP address of the interface. Subnet Mask: Specify the subnet mask of the interface's IP address. Admin Status: Enable or disable the interface’s Layer 3 capabilities.
Page 178 Configuration Procedure: In the Modify Interface section, specify an interface ID and configure relevant parameters for the interface according to your actual needs. Then click Apply. In the Secondary IP Create section, configure the secondary IP for the specified interface which allows you to have two logical subnets using one physical subnet.
Page 179: Routing Table
IP Address Mode: Displays the IP address allocation mode. None: without ip. Static: setup manually. DHCP: allocated through DHCP. IP Address: Displays the IP address and subnet mask of the interface. Secondary IP: Displays the secondary IP address and subnet mask of the interface.
Page 180: Static Routing
10.3 Static Routing Static routes are special routes manually configured by the administrator and cannot change automatically with the network topology accordingly. Hence, static routes are commonly used in a relative simple and stable network. Proper configuration of static routes can greatly improve network performance.
Page 181: Application Example For Static Routing
Destination Displays the destination IP address of the packets. Address: Subnet Mask: Displays the subnet mask of the destination IP address. Next Hop: Displays the IP address to which the packet should be sent next. Distance: Specify the administrative distance which is a rating of the trustworthiness of a routing information.
Page 182: Dhcp Server
Add interface Required. On page Routing→Interface→Interface Config, add VLAN 20 interface VLAN 20 with the mode as static, the IP address as 192.168.1.1, the mask as 255.255.255.0 and the interface name as VLAN20. Add static route Required. On page Routing→Static Routing→Static Routing entry Config, add a static route entry with the destination as 192.168.2.0, the subnet mask as 255.255.255.0 and the next hop...
Page 183 delegating such responsibility to the user is not plausible and, indeed, the solution is to define the resources in uniform terms, and to automate their assignment. The DHCP dealt with the issue of assigning an internet address to a client, as well as some other resources.
Page 184 igure 10-7 The Process of DHCP DHCP discover: the client broadcasts messages on the physical subnet to discover available DHCP servers in the LAN. Network administrators can configure a local router (e.g. a relay agent) to forward DHCP-DISCOVER messages to a DHCP server in a different subnet.
Page 185 Figure 10-8 The Format of DHCP Message op：Message type, ‘1’ = BOOT-REQUEST, ‘2’ = BOOT-REPLY. htype：Hardware address type, '1' for ethernet. hlen：Hardware address length, '6' for ethernet. hops： Clients set this field to zero and broadcast the DHCP-REQUEST message , optionally used by relay-agents when booting via a relay-agent.
Page 186 14) file：Boot file name, null terminated string, "generic" name or null in DHCPDISCOVER, fully qualified directory-path name in DHCPOFFER. 15) options：Optional parameters field. See the options documents (RFC 2132) for a list of defined options. We will introduce some familiar options in the next section. DHCP Option ...
Page 187 Only a little device need static IP address to connect the network. Details of DHCP Server on T3700G-52TQ  A typical application of T3700G-52TQ working at DHCP Server function is shown below. It can be altered to meet the network requirement. Figure 10-10 DHCP Server Application To guarantee the process of assigning IP address fluency and in safety, and to keep the network run steadily, the DHCP Server function on T3700G-52TQ performs the following tasks.
Page 188: Dhcp Server
At last, the server will choose the first IP from the IP pool which has not been assigned. Tips for Configure DHCP Server Function on T3700G-52TQ  Configure the Excluded IP address which cannot be assigned by the switch, e.g. web server’s IP, broadcast IP of subnet and gateway’s IP.
Page 189 Choose the menu Routing→DHCP Server→DHCP Server to load the following page. Figure10-11 DHCP Server Configuration Procedure: In the Global Config section, enable or disable DHCP Server and DHCP Conflict-logging. Then click Apply. In the Ping Time Config section, configure Ping Packets for ping tests. Click Apply. In the Excluded IP Address section, enter the Start IP Address and End IP Address to specify the range of reserved IP addresses.
Page 190: Pool Setting
Ping Time Config  Ping Packets: The number of packets to be sent. Excluded IP Address  Start IP Address: The first one of the IP addresses that should not be assigned. End IP Address: The last one of the IP addresses that should not be assigned. 10.4.2 Pool Setting This page shows you how to configure the IP pool in which the IP address can be assigned to the clients in the network.
Page 191 Pool Type: Specify the pool type. IP Address: Specify the IP address to be bound. Subnet Mask: Specify the corresponding subnet mask of the IP address in the pool. Binding Mode: Select a binding mode: Client Id: Bind the IP address to the client ID. Client Id in ASCii: Bind the IP address to the client ID in ASCII format.
Page 192: Dhcp Options Set
Specify the Netbios type for the clients, which is the way of Netbios Node Type: inquiring IP address resolution. The following options are provided: b-node Broadcast: The client sends query message via broadcast. p-node Peer-to-Peer: The client sends query message via unicast.
Page 193: Binding Table
Figure 10-13 Manual Binding Configuration Procedure: Select a DHCP server pool from the drop-down list. Configure the extend option in the pool according to your actual needs. Click Create. Entry Description: Pool Name: Select the IP Pool containing the IP address to be bound. Option Code: Specify the extend option code.
Page 194: Packet Statistics
Type: Displays the type of this binding entry. Lease Time Left(s): Displays the lease time of the client left. 10.4.5 Packet Statistics Choose the menu Routing→DHCP Server→Packet Statistics to load the following page. Figure10-15 Statistics Configuration Procedure: View the DHCP packets the switch received or sent. Entry Description: Binds ...
Page 195: Application Example For Dhcp Server And Relay
DHCPREQUEST: Displays the Request packet received. DHCPDECLINE: Displays the Decline packet received. DHCPRELEASE: Displays the Release packet received. DHCPINFORM: Displays the Inform packet received. Packets Sent  BOOTREPLY: Displays the Bootp Reply packet sent. DHCPOFFER: Displays the Offer packet sent. DHCPACK: Displays the Ack packet sent.
Page 196 Network Diagram  Use T3700G-52TQ as the central switch and enable its DHCP server function to allocate IP addresses to clients in the network. Enable the DHCP relay function on each access switch in VLAN 10, 20 and 30. For details about DHCP relay, please refer to 10.5 DHCP...
Page 197: Dhcp Relay
DHCP server in the internet. Details of DHCP Relay on T3700G-52TQ  A typical application of T3700G-52TQ working at DHCP Relay function is shown below. It can be altered to meet the network requirement.
Page 198 Figure 10-16 DHCP Relay Application To allow all clients in different VLAN request IP address from one server successfully, the DHCP Relay function can transmit the DHCP packet between clients and server in different VLANs, and all clients in different VLANs can share one DHCP Server. When receiving DHCP-DISCOVER and DHCP-REQUEST packets, the switch will fill the ...
Page 199: Global Config
Specify the DHCP Server which assigns IP addresses actually. Option 82  On this switch, Option 82 is used to record the location of the DHCP Client, the ethernet port and the VLAN, etc. Upon receiving the DHCP-REQUEST packet, the switch adds the Option 82 field to the packet and then transmits the packet to DHCP Server.
Page 200 Choose the menu Routing→DHCP Relay→Global Config to load the following page. Figure 10-19 Global Config Configuration Procedure: In the Global Config section, enable DHCP Relay. (Optional) In the Option 82 Configuration section, configure Option 82. Click Apply. Entry Description: DHCP Relay: Enable or disable DHCP Relay.
Page 201: Dhcp Server
Remote ID: Enter the customized remote ID, which contains up to 32 characters. The remote ID configurations of the switch and the DHCP server should be compatible with each other. 10.5.2 DHCP Server This page enables you to configure DHCP Servers on the specified interface. Choose the menu Routing→DHCP Relay→DHCP Server to load the following page.
Page 202: Proxy Arp
Configure DHCP Server. Required. On the Routing→DHCP Relay→DHCP Server page, specify the DHCP Server with IP address. 10.6 Proxy ARP Proxy ARP functions to realize the Layer 3 connectivity between the hosts within the same network segment but isolated at Layer 2. When an ARP request of a host is to be forwarded to another host in the same network segment but isolated at Layer 2, to realize the connectivity, the device connecting the two virtual networks should be able to respond to this request.
Page 203: Local Proxy Arp
Choose the menu Routing→Proxy ARP→Proxy ARP to load the following page. Figure 10-22 Proxy ARP Configuration Procedure: Enable Proxy ARP for the VLAN interface or routed port. Entry Description: IP Address/ Subnet Displays the IP Address and Subnet Mask of the VLAN Mask: interface or routed port.
Page 204: Application Example For Proxy Arp
10.6.3 Application Example for Proxy ARP Network Requirements  PC A and PC B are in the same network segment but belong to VLAN2 and VLAN3 respectively. The IP address of PC A is 192.168.2.10/16 and the IP address of PC B is 192.168.3.11/16. PC A and PC B can interconnect with each other by using Proxy ARP function.
Page 205: Static Arp
Figure 10-4 ARP Table Configuration Procedure: View all the dynamic and static ARP entries. Entry Description: Interface: Displays the network interface of an ARP entry. IP Address: Displays the IP address of an ARP entry. MAC Address: Displays the MAC address of an ARP entry. Type: Displays the type of an ARP entry.
Page 206: Rip
Entry Description: ARP Config  IP Address: Specify the IP address of an ARP entry. MAC Address: Specify the MAC address of an ARP entry. ARP Table  Select: Specify the static ARP entries to modify. IP Address: Displays the IP address of an ARP entry. MAC Address: Displays the MAC address of an ARP entry.
Page 207 RIP timers  RIP employs three timers: update, timeout and garbage-collect. Update timer: defines the interval between routing updates.  Timeout timer: defines the route aging time. If no update for a route is received within  the aging time, the metric of the route is set to 16 in the routing table. Garbage-collect: timer defines the interval from when the metric of a route becomes ...
Page 208 RIPv2 is a classless routing protocol. Compared with RIPv1, RIPv2 has the following advantages. Supporting route tags. Route tags are used in routing policies to flexibly control  routes. Supporting masks, route summarization and Classless Inter-Domain Routing (CIDR).  Supporting designated next hops to select the best next hops on broadcast networks. ...
Page 209 Figure 10-25 RIPv2 Message Format The detailed explanations of each field are stated as following: Version: Version of RIP. For RIPv2 the value is 0x02.  Route Tag: Route Tag.  IP Address: Destination IP address. It can be a natural network address, subnet ...
Page 210: Basic Config
10.8.1 Basic Config RIP (Routing Information Protocol) is a dynamic router protocol with Distance Vector Algorithms. You could configure the protocol below to active as you like. Choose the menu Routing→RIP→Basic Config to load the following page. Figure 10-27 RIP Basic Config The following entries are displayed on this screen: RIP Enable ...
Page 211 Global Config  RIP Version: Choose the global RIP version. Default: send with RIP version 1 and receive with both  RIP version 1 and 2. RIPv1: send and receive RIP version 1 formatted  packets via broadcast. RIPv2: send and receive RIP version 2 packets using ...
Page 212: Interface Config
10.8.2 Interface Config On this page, you can configure advanced parameters for the RIP. Choose the menu Routing→RIP→Interface Config to load the following page. Figure 10-28 RIP Interface Config The following entries are displayed on this screen: Interface Config  Select: Select the interface for which data is to be configured.
Page 213: Application Example For Rip
Key ID: Enter the RIP Authentication Key ID for the specified interface. If you choose not to use authentication or to use 'simple' you will not be prompted to enter the key ID. Key: Enter the RIP Authentication Key for the specified interface. If you do not choose to use authentication you will not be prompted to enter a key.
Page 214: Ospf
Enable the Required. On page Routing→RIP→Basic Config Network Enable network segments part, add network segments 1.1.1.0, 10.1.1.0, 11.1.1.0, and enable where the RIP in these network segments. These network segments will be interfaces are displayed in RIP Network List after they are successfully added. located 10.9 OSPF OSPF (Open Shortest Path First) is a routing protocol based on link state and also an internal...
Page 215 Figure 10-30 Common Scenario for OSPF routing protocol The network topology is more prone to changes in an autonomous system of larger size. The network adjustment of any one router could destabilize the whole network and cause massive OSPF packets to be forward repeatedly, and all the routers need to recalculate the routes, which would waste lots of network resources.
Page 216 address as the router ID which is thus always invariant outward. To ensure the uniqueness of the router ID, it is recommended to manually configure the router ID or the loopback interface. In the automatic election, the router would in the first place select the highest loopback interface as the router ID.
Page 217 BDR are determined in a network, unless they become invalid, any new routers joining or exiting would not cause re-election. As shown below, on a network of five routers, ten adjacency relations need to be established if one between every two routers, but only seven adjacencies are required if DR and BDR are introduced.
Page 218 After DR and BDR are determined, the master and slave one will be elected between the DR/BDR and the other routers on the network, and then the link state database synchronization will start. On the network the routers and DR/BDR will mutually unicast the link state data to advertise LSA, until all the routers establish an identical link state database.
Page 219 Figure 10-32 Steps to Establish a Complete Adjacency Relation Flooding As Figure 10-32 shows, two random routers will synchronize the link state database via LSA request, LSA update and LSA acknowledgement packets. But in the actual module of router network, how do the routers flood the change of local network to the entire network through LSA update packets? Figure 10-33 will introduce in details the flooding of the LSA update packets on the broadcast network.
Page 220 Figure 10-33 Flooding of the LSA DROthers multicast the LSA update of its directly-connected network to DR and BDR. After receiving the LSA update, DR floods it to all the adjacent routers. After receiving the LSA update from DR, the adjacent routers flood it to the other OSPF interfaces in their own areas.
Page 221 As shown above, a large-scale network is divided into three areas: Area 0, Area 1 and Area 2. Area 1 and Area 2 exchange the routing information via Backbone Area, which has to maintain its network connectivity at all time. The non-backbone Area 1 and Area 2 cannot communicate directly with each other, but they can exchange routing information through the backbone Area 0.
Page 222 ASBR Connect with the Maintain independent routing tables for different routing routers outside the protocols, import the routing information learned by other OSPF AS by other routing protocol to OSPF domain through a certain routing protocol standard, and then establish a uniform routing table. Table 10-2 Router Types Virtual Link In practice, some physical restrictions might keep ABR of some areas from directly connecting...
Page 223 the Type-2 external route equals to that from the ASBR to the destination of the Type-2 external route. If two routes to the same destination have the same cost, then take the cost from the router to the ASBR into consideration. Intra-area route and inter-area route describe the internal network structure of the autonomous system, while the external routes tell how to select the route to the destination outside the autonomous system.
Page 224 Figure 10-37 ABR Route Summarization Figure 10-38 Discontinuous Network Segment Link State Database  When the routers in the network completely synchronize the link state database through LSA exchanges, they can calculate the shortest path tree by basing themselves as the root node. The OSPF protocol routing calculation is simply presented as below.
Page 225 destination in the network as it knows. This loop-free topology is so-called the SPF algorithm tree. Each router will establish its own routing table according to the SPF algorithm tree. OSPF Protocol Packet Type  During the entire learning process, OSPF routing protocol uses five types of packet, all of which are IP packets.
Page 226 Authentication Type: The authentication type applied by this packet. The segment marked with * in the rear is regarded as essential information of authentication, as shown in the table below. Type Authentication Features Code Name Non-Authentication The 64-bit authentication information fields behind are all 0.
Page 227 Hello Interval: Interval of a sequence of Hello packets sending by the forwarding interface. Only the routers with the same Hello interval can become neighbors. Router Priority: This field decides the election result for DR/BDR in the network segment. The greatest value means the highest priority of the advertising router and also the possibility of being elected as the DR in the segment, while the value 0 means no election right.
Page 228 MS: The Master/Slave bit. Before the synchronization of the link state database between two routers, master/slave router needs to be elected, which in general is decided by such parameters as the router priority, router ID and etc. After the election, the master router will dominate the process of database synchronization.
Page 229 When one router receives an LSR, it would send an LSU packet to inform the other the complete LSA information. The router receiving the LSA update will re-encapsulate this LSA and then flood it. Figure 10-43 LSU Packet LSA Quantity: The quantity of LSA included in the LSU. LSA: A complete description of LSA.
Page 230 Sequence Number: It indicates the uniqueness of a certain LSA, whose update would be flooded to the network by adding 1 to the sequence number. In the table below are the features of 6 types of common LSA. Type Name Features Code Originates from all the routers, and describes the router...
Page 231 Route redistribution –OSPF can import routing information learned by other routing protocols or other OSPF processes. Plaintext authentication and MD5 authentication supported when two neighbor routers in the same area are performing message interaction, which can improve the security. Customized configuration of multiple interface parameters, including the interface cost, the retransmit interval, the transmit delay, the router priority, the router dead time, the hello interval and authentication key, etc.
Page 232: Process
10.9.1 Process Choose the menu Routing→OSPF→Process to load the following page. Figure10-45 OSPF Process Configuration Procedure: Specify a Process ID. Configure the router ID. Click Apply. Entry Description: OSPF Process Config  Process ID: The 16 bit integer that uniquely identifies the OSPF process, ranging from 1 to 65535.
Page 233: Basic
10.9.2 Basic Choose the menu Routing→OSPF→Basic to load the following page. Figure 10-46 OSPF Base Configuration Procedure: Select a process to configure. Configure the relevant parameters and functions. Click Apply. Entry Description: Select Current Process  Current Process: Select the desired OSPF process for configuration. Default Route Advertise Config ...
Page 234 Always: If Originate is Enable, but the Always option is DISABLE, OSPF will only originate a default route if the router already has a default route in its routing table. Set Always to ENABLE to force OSPF to originate a default route regardless of whether the router has a default route.
Page 235: Network
LSAs Received: The number of LSAs received from other routers in OSPF domain. Default Metric: Set a default for the metric of redistributed routes. The valid value ranges from 1 to 16777214. Maximum Paths: Set the number of paths that OSPF can report for a given destination.
Page 236: Interface
Entry Description: Network Config  Process ID: Select the desired OSPF process for configuration. IP Address: The IP address of the network. Wildcard Mask: The wildcard mask of the network. Normal subnet mask is also supported. Area ID: The 32 bit unsigned integer that uniquely identifies the area to which a router interface connects.
Page 237 Retransmit Interval: The retransmit interval for the specified interface. This is the number of seconds between link-state advertisements for adjacencies belonging to this router interface. This value is also used when retransmitting database descriptions and link-state request packets. The valid value ranges from 1 to 65535 seconds and the default is 5 seconds.
Page 238 State: Displays the current state of the selected router interface. One of the following: Down: This is the initial interface state. In this state, the  lower-level protocols have indicated that the interface is unusable. In this state, interface parameters will be set to their initial values.
Page 239 Backup Designated The identity of the Backup Designated Router for this Router: network, in the view of the advertising router. The Backup Designated Router is identified here by its router ID. Set to 0.0.0.0 if there is no Backup Designated Router. Number of Events: This is the number of times the specified OSPF interface has changed its state.
Page 240 Retransmit Interval: The retransmit interval for the specified interface. This is the number of seconds between link-state advertisements for adjacencies belonging to this router interface. This value is also used when retransmitting database descriptions and link-state request packets. The valid value ranges from 1 to 65535 seconds and the default is 5 seconds.
Page 241: Area
10.9.5 Area Choose the menu Routing→OSPF→Area to load the following page. Figure10-50 OSPF Area Configuration Procedure: Select a process, and configure the OSPF parameters of the area. Also you can selelct an entry in the Area Table, and change the configuration of the area. Click Apply.
Page 242 Area Table  Process: Select one OSPF Process to display its area list. Select: Select the desired item for configuration. It is multi-optional. Area ID: Displays the configured area. Area Type: Displays the type of the area and it can be modified. Summary: Displays the Summary parameter and it can be modified.
Page 243: Area Aggregation
10.9.6 Area Aggregation You can configure address ranges for an area on this page. The address range is used to consolidate or summarize routes for an area at an area boundary. The result is that a single summary route is advertised to other areas by the ABR. Routing information is condensed at area boundaries, a single route is advertised for each address range.
Page 244: Virtual Link
Area Aggregation Table  Process: Select one OSPF Process to display its address range list. Area ID: Displays the area to which the address range belongs. Select: Select the desired item for configuration. It is multi-optional. IP Address: Displays the IP address of the address range. Subnet Mask: Displays the subnet mask of the address range.
Page 245 Transit Area ID: Displays the transit area ID of the virtual link. Neighbor Router ID: Displays the neighbor router ID of the virtual link. Retransmit Interval: The retransmit interval for the specified interface. This is the number of seconds between link-state advertisements for adjacencies belonging to this router interface.
Page 246: Route Redistribution
State: Displays the current state of the selected router interface. One of: Down: This is the initial interface state. In this state, the  lower-level protocols have indicated that the interface is unusable. In this state, interface parameters will be set to their initial values.
Page 247: Neighbor Table
Metric Type: Set the OSPF metric type of redistributed routes. The default is External Type 2. Tag: Set the tag field in routes redistributed. The valid value ranges from 0 to 4294967295 and the default is 0. 10.9.9 Neighbor Table Choose the menu Routing→OSPF→Neighbor Table to load the following page.
Page 248 State: The state of the neighbor: Down: This is the initial state of a neighbor conversation.  It indicates that there has been no recent information received from the neighbor. On NBMA networks, Hello packets may still be sent to 'Down' neighbors, although at a reduced frequency.
Page 249: Link State Database
Retransmission An integer representing the current length of the Queue length: retransmission queue of the specified neighbor router ID of the specified interface. Dead Time: The amount of time, in seconds, to wait before the router assumes the neighbor is unreachable. Link State Database 10.9.10 Choose the menu Routing→OSPF→Link State Database to load the following page.
Page 250: Application Example For Ospf
Application Example for OSPF 10.9.11 Network Requirements  The AS is divided into three areas and all switches in the AS run OSPF. Switch A and Switch B act as ABRs to forward routing information between areas. Each switch can learn routing information to all the network segments in the AS after the configuration.
Page 251: Vrrp
Create OSPF Required. On page Routing→OSPF→Process, Create OPSF process process 1 and configure the Router ID as 2.2.2.2. Create Required. On page Routing→OSPF→Network, configure network networks in the 1.10.1.0/24 in area 0 and configure network 1.30.1.0/24 in area 2. area Configure area Optional.
Page 252 VRRP is developed to solve the problem mentioned above and designed for LAN with multicast or broadcast function, such as Ethernet. Virtual router acts as a backup group which consists of one master router and several backup routers. The virtual router (also a backup group) has its own IP address. This IP address can be the same as the interface address of any router in the backup group.
Page 253 router is assigned as the default gateway for the hosts within the LAN. Communication with external network can be realized via the virtual router. Master router is selected from the physical routers in the virtual router group according to VRRP priority. The elected master router provides routing service to the hosts in LAN, and sends VRRP messages periodically to publicize its configuration information like priority and operating condition to other routers in backup group.
Page 254 dead and initiate an election process by transitioning to the Master state and forwarding VRRP packets. To avoid frequent Master-Backup state transition among routers in the backup group and provide enough time for backup routers to collect necessary information, backup router would not preempt to be master as soon as it receives packets with lower priority value.
Page 255: Basic Config
Load balancing means multiple routers undertake workloads simultaneously. Therefore, two or more backup groups are needed to realize load balancing. Each backup group consists of one master router and several backup routers. Master router can vary from one backup group to the others. Figure 10-58 VRRP Load Balancing A router owns different priority in different backup groups when it participates in multiple VRRP backup groups simultaneously.
Page 256 forward packets sent to this IP address. This will allow any Virtual Router IP address on the LAN to be used as the default first hop router by end hosts. Choose the menu Routing → VRRP → Basic Config to load the following page. Figure10-59 VRRP Basic Config Configuration Procedure: Enter the VRID to identify the VRRP group.
Page 257 Virtual IP: Displays the primary Virtual IP associated with the VRRP group. Priority: Displays the priority associated with the VRRP group. Status: Displays the status associated with the VRRP group. Other: Displays more information about the VRRP group. All: Select all the VRRP items. Delete: Delete the selected items.
Page 258: Advanced Config
Running Priority: Displays the running priority associated with the VRRP group. It ranges from 1 to 255. Advertise Timer: Displays the advertise timer associated with the VRRP group. It ranges from 1 to 255. Preempt Delay Displays the preempt delay timer associated with the VRRP Timer: group.
Page 259: Virtual Ip Config
VRID: Displays the VRID associated with the VRRP group. Interface: Displays the Interface ID associated with the VRRP group. Description: Give a description for the VRRP group. It can contain up to 8 characters. Only numbers, letters, and underlines are allowed.
Page 260 Choose the menu Routing → VRRP → Virtual IP Config to load the following page. Figure10-62 Virtual IP Config Configuration Procedure: Select the interface and VRID associated with your desired VRRP group and add one or more virtual IP addresses for the VRRP group. Then Click Create. Entry Description: Add Virtual IP ...
Page 261: Track Config
Track Config 10.10.4 You can configure track information for virtual routers. When the uplink interface of the master router is down, service will be interrupted since VRRP cannot detect the status change of interfaces outside the VRRP group. You can configure interface tracking to track the uplink interface.
Page 262: Virtual Router Statistics
Interface: Displays the Interface ID associated with your desired VRRP group. Tracked Interface: Displays the Interface ID tracked by the VRRP group. Reduced Priority: Displays the reduced priority associated with the interface tracked by the VRRP group. Link State: Displays the status of the interface tracked by the VRRP group.
Page 263 VRID: Displays the VRID associated with your desired VRRP group. Interface: Displays the Interface ID associated with your desired VRRP group. Checksum Errors: Displays the number of VRRP packets received with an invalid VRRP checksum value. Version Errors: Displays the number of VRRP packets received with an unknown or unsupported version number.
Page 264: Application Example For Vrrp
Configuration Procedure： Steps Operation Note Configure Required. On page Routing → Interface → Interface Config, create interface and a routing interface (either interface VLAN or routed port) and specify its IP address. its IP address and subnet mask. Add port to the Required.
Page 265 Network Diagram  Configuration Procedure  Configure Switch A  Steps Operation Note Configure the On page Routing → Interface → Interface Config, create the interface and interface VLAN2, and configure its IP address as 192.168.1.1 and its IP address. Subnet Mask as 255.255.255.0.
Page 266: Chapter 11 Multicast Routing
Chapter 11 Multicast Routing Overview of Multicast Routing Protocols  Note： The router and router icon mentioned in this chapter represent the router in general or the switch that runs the layer 3 multicast routing protocols. The multicast routing protocols run in layer 3 multicast devices and they create and maintain multicast routes to forward the multicast packets correctly and efficiently.
Page 267: Global Config
Multicast Router(or the Layer 3 Multicast Device): The router or switch that supports the  layer 3 multicast functions, which contains the multicast routing function and the management function of the multicast group members. The multicast model divides into two types depending on whether there is an exact multicast source: ASM (Any-Source Multicast) and SSM (Source-Specific Multicast).
Page 268: Mroute Table
Protocol Mode: Select PIM DM or PIM SM from the radio button to set the administrative status in the router. The default is disable. Protocol State: The multicast routing protocol presently activated and operational state of the multicast forwarding module. Table Maximum The maximum number of entries in the IP Multicast routing Entry Count:...
Page 269: Igmp
Protocol: The multicast routing protocol which created this entry. The possibilities are PIM DM and PIM SM. Flags: The value displayed in this field is valid if the multicast routing protocol running is PIM SM. The possible values are RPT or SPT. For other protocols an "------" is displayed. Detail: Displays the detailed information of the mroute entries.
Page 270 Figure 11-3 IGMP Query-and-Response As shown in Figure 11-3, Suppose Host B and Host C expect to receive the multicast traffic sending to multicast group G1, and Host A expects to receive the multicast traffic sending to multicast group G2. The basic process of the host joining the multicast group and the IGMP querier (Router B) maintaining the multicast group membership is as below: (1) Instead of waiting for the IGMP query message from the IGMP querier, the host will actively send IGMP membership report message to the multicast group it wants to join in.
Page 271 IGMPv1 doesn’t specially define the leave group message. When a host running IGMPv1 leaves one multicast group, it wouldn’t send the report message to this multicast group. If no member exists in the multicast group, the IGMP router will not receive any report message to this multicast group, thus it will delete this multicast group’s corresponding multicast forwarding entries after a period of time.
Page 272 IGMPv3 Work Process  Compatible of and Inherited from IGMPv1 and IGMPv2, IGMPv3 further enhances the control capacity of the hosts and broaden the functions of the query and report messages. 1. Enhancement of the Hosts IGMPv3 adds the filtering mode (INCLUDE/EXCLUDE) for the multicast source basing on the group-specific query.
Page 273: Global Config
(1) Query message carrying source address IGMPv3 supports source-specific query as well as the general query in IGMPv1 and the group-specific query in IGMPv2: The general query message carries neither group address nor source address;  The group-specific query message carries the group address without the source address. ...
Page 274: Interface Config
Figure 11-1 IGMP Global Config The following entries are displayed on this screen: Multicast Global Config  Admin Mode: Select Enable/Disable IGMP function globally on the Switch. Header Validation: Select Enable/Disable the validation of igmp header field Router Alert options. The fields validated for IGMPv2 and IGMPv3 only.
Page 275: Interface State
Version: There are three versions for IGMP protocol. IGMPv1: the interface is now an IGMPv1 Router.  IGMPv2: the interface is now an IGMPv2 Router.  IGMPv3: the interface is now an IGMPv3 Router.  Robustness: Specify the robustness of the selected interface, ranging from 1 to 255.
Page 276: Multicast Group Table
Routed Port: Enter the routed port the desired entry must carry. Interface State  Interface: The interface for which data is to be displayed or configured. Operational Status: The operational state of IGMP on the selected interface. Querier State: Indicates whether the selected interface is in querier or non-querier mode.
Page 277: Application Example For Igmp
The following entries are displayed on this screen: Search Option  Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly. All: Displays all multicast IP entries.  Multicast IP: Enter the multicast IP address the desired ...
Page 278 Network Diagram  Configuration Procedure  Configure the interface IP addresses and the unicast routing protocol Configure the IP address and subnet mask of each interface as the diagram above. The detailed configuration steps are omitted here. Configure the switches to access each other through OSPF protocol. Ensure the network-layer intercommunication among Switch A, Switch B and Switch C.
Page 279: Pim Dm
Enable IGMP on On page Multicast Routing→ IGMP→ Interface Config, enable user-side IGMP (version 2) on interface VLAN 20. interface. Configure Switch C  Steps Operation Note Enable IP On page Multicast Routing→ Global Config→ Global Config, multicast routing. enable the multicast routing function. Enable IGMP on On page Multicast Routing→...
Page 280 1. RPF Check The RPF check relies on unicast route or static multicast route. The unicast routing table aggregates the shortest paths to each destination network segments, and the static multicast routing table lists specified static RPF routing entries configured by the user manually. Instead of maintaining certain unicast routing independently, the multicast routing protocol relies on the current unicast routing information or static multicast routing in the network to establish multicast routing entries.
Page 281 If the check result shows that the RPF interface is the different from the input interface in  the current (S, G) entry, which indicates that the (S, G) entry is invalid and the router will correct the input interface to the packet’s actual arriving interface, and forward this packet to all the output interfaces.
Page 282 Neighbor Discovering  In PIM domain, routers periodically sends PIM Hello packets to all the PIM routers with the multicast address 224.0.0.13 to discover PIM neighbors, maintain the PIM neighboring relationships between the routers, thus to build and maintain the SPT. SPT Building ...
Page 283 Grafting  When a new receiver on a previously pruned branch of the tree joins a multicast group, the PIM DM takes the Graft mechanism to actively resume this node’s function of forwarding multicast data, thus reducing the time it takes to resume to the forwarding state. The process is illustrated as below: (1) The branch that needs to receive the multicast data again will send a graft message to its upstream node up the distribution tree towards the source hop-by-hop, applying to rejoin...
Page 284: Pim Dm Interface
priority and cost of the unicast route to the multicast source. The router to forward the multicast packets of (S, G) is elected based on the following rules and in the order listed: (1) The router with the unicast route of the higher priority to the multicast source; (2) The router with the unicast route of the smaller cost to the multicast source;...
Page 285 Choose the menu Multicast Routing→PIM DM→PIM DM neighbor to load the following page. Figure 11-14 PIM DM neighbor The following entries are displayed on this screen: Search Option  The L3 interfaces can be configured as PIM DM mode by this page. Search Option: ALL: Displays all entries.
Page 286: Application Example For Pim Dm
Step Operation Description Enable IGMP Required. Enable IGMP on the routing interfaces which connect to the receivers on Multicast Routing→IGMP→Interface Config page. 11.3.3 Application Example for PIM DM Network Requirements  Receivers receive VOD data through multicast. The whole network runs PIM DM as multicast routing protocol.
Page 287: Pim Sm
Configuration Procedure  Configure Switch A:  Step Operation Description Configure interface. Configure IP addresses and subnet masks of VLAN interfaces 1, 2 and 3 on Routing→ Interface→Interface Config page. Configure routing Configure the routing entries via static route or dynamic routing protocol.
Page 288 The router connected to the receiver sends the join message to the RP of a certain multicast  group. The path along which the join message is sent to the RP hop-by-hop forms a branch of RPT. When the multicast source is sending multicast data to a multicast group, the router directly ...
Page 289 The device working as DR should be enabled with the IGMP function; otherwise the  receivers connected to it would be unable to join the multicast group via this DR. Figure 11-15 DR Elect As shown in Figure 11-15, the DR election process is illustrated below: (1) Routers in the shared network sends Hello message carrying DR-election priority to each other, and the router with the highest priority will be elected as the DR;...
Page 290 avoid business disruption. Similarly, several C-RPs can be configured in one PIM SM domain, and each multicast group’s corresponding RP can be calculated through the BSR mechanism. The location of RP and BSR in the network is shown below: Figure 11-16 The Locations of C-RP, C-BSR and BSR RPT Building ...
Page 291 When multicast data for multicast group G is sent to RP, it will travels along the constructed RPT to DR and finally arrives at the receivers. When a receiver is no longer interested in the multicast group data, its directly connected DR will send prune message up the RPT toward the group’s corresponding RP;...
Page 292 Switching from RPT to SPT  Once receiver-side DR receives the multicast data from RP to multicast group G, the switching process from RPT to SPT will be triggered: (1) The receiver-side DR sends (S, G) join message to the multicast source S hop-by-hop, and the join message finally arrives at the source-side DR.
Page 293: Pim Sm Interface
Features of BSR administrative domain: Divide the BSR administrative domains by setting BSR border  Each BSR administrative domain has its own border, C-RP and BSR devices. These devices are only valid in their belonged domains, which means that the BSR mechanism and RP election are separated between their administrative domains.
Page 294: Pim Sm Neighbor
11.4.2 PIM SM Neighbor PIM SM neighbor is automatically learned by sending and receiving Hello Packets when PIM SM is enabled. Choose the menu Multicast Routing→PIM SM→PIM SM Neighbor to load the following page. Figure 11-21 PIM SM neighbor The following entries are displayed on this screen: Search Option ...
Page 295 Choose the menu Multicast Routing→PIM SM→BSR to load the following page. Figure 11-22 BSR The following entries are displayed on this screen: PIM SM Candidate BSR Config  Configure the candidate BSR of current device. Interface: Select the interface on this switch from which the BSR address is derived to make it a candidate.
Page 296 Next BSR message Displays the time of next BSR message sending if this is the time: elected BSR. Expire: Displays the expiry time of the elected BSR. PIM SM Candidate BSR Information  Candidate Displays the Candidate BSR address. Address: Priority: Displays the priority of the Candidate BSR.
Page 297 PIM SM Static RP Config  By default, no static RP address is configured. You could configure the IP address of RPs on all multilayer switches. RP Address: Specify the IP address of the static RP. Group: Group Address of the RP to be created or deleted. Group Mask: Group Mask of the RP to be created or deleted.
Page 298: Rp Mapping
Next advertisement Displays the remaining time to send the next RP time: advertisement packet. 11.4.5 RP Mapping Choose the menu Multicast Routing→PIM SM→RP Mapping to load the following page. Figure 11-24 RP Mapping The following entries are displayed on this screen: Search Option ...
Page 299: Pim Ssm
The following entries are displayed on this screen: Search Option  Search Option: ALL: Select All to display all entries.  Group: Select Group and enter the group IP address of  desired entry. RP Information  Group: Displays the group address. Displays the RP address.
Page 300: Packet Statistics
Choose the menu Multicast Routing→PIM SM→PIM SSM to load the following page. Figure 11-25 PIM SSM Config The following entries are displayed on this screen: PIM SSM Config  Group: Enter the source-specific multicast group ip-address. Group Mask: Enter the source-specific multicast group ip-address mask. PIM SSM Config Table ...
Page 301: Application Example For Pim Sm
PIM SM Statistics  Interface: The interface on which PIM SM is enabled. Stat: Rx: Packet Received in Protocol. Tx: Packet Sent from Protocol. Hello: Hello Format Packets Statistics. Register: Register Format Packets Statistics. Reg-Stop: Register-Stop Format Packets Statistics. Join/Pru: Join/Prune Format Packets Statistics.
Page 302 Network Diagram  The IP addresses of VLAN interfaces in each switch are displayed below: Switch A: VLAN interface 1: 192.168.1.2/24 VLAN interface 2: 192.168.2.2/24 VLAN interface 3: 192.168.3.2/24 Switch B: VLAN interface 2: 192.168.2.100/24 VLAN interface 4: 192.168.4.100/24 Switch C: VLAN interface 3: 192.168.3.100/24 VLAN interface 5: 192.168.5.100/24 Configuration Procedure ...
Page 303: Static Mroute
Configure candidate Configure VLAN interface 1 as candidate BSR on Multicast BSR and candidate Routing→PIM SM→BSR page. Configure VLAN interface 1 as candidate RP on Multicast Routing→PIM SM→RP page. Configure Switch B and C:  Step Operation Description Configure interface. Configure IP addresses and subnet masks of VLAN interfaces 2, 3, 4 and 5 on Routing→...
Page 304: Static Mroute Config
Figure 11-26 Static Multicast Routing As shown in Figure 11-26, when no static multicast routing entry is configured, the RPF neighbor of Router C to the multicast source is Router A. The multicast packets sent from Source will be transferred along the path Router A→Router C, which is the same as the unicast path.
Page 305: Application Example For Static Mroute
The following entries are displayed on this screen: Static Mroute Config  Source: Enter the IP address that identifies the multicast source of the entry you are creating. Source Mask: Enter the subnet mask to be applied to the Source. RPF Neighbor: Enter the IP address of the neighbor router on the path to the mroute source.
Page 306 Network Diagram  Configuration Procedure  Configure the interfaces and unicast routing protocol Configure the VLAN interfaces and their IP addresses of Switch A, Switch B and Switch C on the page Routing→ Interface→ Interface Config according to the topology, Configure the OSPF features on the switches in this PIM DM domain, making the switches accessible with each other at the network layer.
Page 307 Step Operation Note Enable IGMP Required. On page Multicast Routing→IGMP→Interface Config, enable the IGMP function on VLAN interface 100. Configure static Required. On page Multicast Routing→Static Mroute→Static multicast routing Mroute Config, configure a static multicast routing entry with the Source as 50.1.1.100, the Source Mask as 255.255.255.0 and the RPF Neighbor as 20.1.1.2.
Page 308: Chapter 12 Qos
Chapter 12 QoS QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality.  This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function.
Page 309 2. 802.1P Priority Figure 12-2 802.1Q frame As shown in the figure above, each 802.1Q Tag has a Pri field, comprising 3 bits. The 3-bit priority field is 802.1p priority in the range of 0 to 7. 802.1P priority determines the priority of the packets based on the Pri value.
Page 310 Figure 12-4 SP-Mode WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues with lower priority cannot get service for a long time.
Page 311: Class Of Service
12.1 Class of Service The Class of Service (CoS) queueing feature allows you configure certain aspects of switch queueing. It provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required. This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms.
Page 312 Figure 12-6 Port Priority Config Configuration Procedure: Select the desired port or LAG to set its priority. Click Apply. Entry Description: UNIT:1/LAGS: Click 1 to configure the physical ports. Click LAGS to configure the link aggregation groups. Select: Select the desired port to configure its priority. It is multi-optional.
Page 313: P/Cos To Queue Mapping
Configuration Procedure: Step Operation Description Enable the port Priority Required. On QoS→Class of Service→Trust Mode page, select untrusted mode. Select the port priority Required. On QoS→Class of Service→Port Priority page, configure the port priority. Configure the mapping Required. On QoS→Class of Service→802.1P/CoS relation between the CoS to Queue Mapping page, configure the mapping priority and TC...
Page 314: Dscp To Queue Mapping
Entry Description: CoS-id: CoS-id is a value for the switch to establish mapping relations between the priorities and TC queues. The valid values are from 0 to 7 and correspond to the 802.1P priority levels. Queue TC-id: Select a TC queue that you want the CoS-id to be mapped to. The switch supports 7 TC queues, from TC0 for the lowest priority to TC 6 for the highest priority.
Page 315 Choose the menu QoS→Class of Service→DSCP to Queue Mapping to load the following page. Figure 12-9 DSCP Priority Configuration Procedure: Configure the DSCP-TC mapping relations. Click Apply. Entry Description: DSCP: Select the desired DSCP priority. DSCP priority represents the DSCP field in the IP packet header. It comprises 6 bits and the valid values are from 0 to 63.
Page 316: Schedule Mode
Select a schedule mode Required. On QoS→Class of Service→Schedule Mode page, select a schedule mode. 12.1.5 Schedule Mode On this page you can select a schedule mode for the switch. When the network is congested, the problem that many packets compete for resources must be solved, usually in the way of queue scheduling.
Page 317: Diffserv
SP+WRR-Mode: Strict-Priority + Weight Round Robin Mode. In this mode, this switch provides two scheduling groups, SP group and WRR group. Queues in SP group and WRR group are scheduled strictly based on strict-priority mode while the queues inside WRR group follow the WRR mode. In SP+WRR mode, TC6 is in the SP group;...
Page 318 Figure 12-6 Global Config Configuration Procedure: Enable the DiffServ Admin Mode and click Apply. Entry Description: DiffServ Admin Enable or disable the administrative mode of DiffServ on the device. Mode: While disabled, the DiffServ configuration is retained and can be changed, but it is not active.
Page 319: Class Summary
12.2.2 Class Summary On this page you can configure DiffServ classes and view summary information about the classes that exist on the device. Choose the menu QoS→DiffServ→Class Summary to load the following page. Figure 12-6 Class Summary Configuration Procedure: Specify the name, type and protocol of the DiffServ Class, then click Create. Entry Description: Name: Enter the class name.
Page 320 Figure 12-7 Class Config Configuration Procedure: Select a class from the drop-down list. Define the criteria to associate with a DiffServ class, then click submit. Entry Description: Class: The name of the class. To configure match criteria for a class, select its name from the menu.
Page 321 Reference Class: Select this option to reference another class for criteria. The match criteria defined in the referenced class is as match criteria in addition to the match criteria you define for the selected class. After selecting this option, the classes that can be referenced are displayed.
Page 322: Policy Summary
IP Protocol: Select this option to require a packet header's Layer 4 protocol to match the specified value. Flow Label: Select this option to require an IPv6 packet's flow label to match the configured value. 12.2.4 Policy Summary Choose the menu QoS→DiffServ→Policy Summary to load the following page. Figure 12-8 802.1P Priority Configuration Procedure: Create DiffServ policies and specify the traffic flow direction to which the policy is applied.
Page 323: Policy Config
12.2.5 Policy Config Choose the menu QoS→DiffServ→Policy Config to load the following page. Figure 12-9 DSCP Priority Configuration Procedure: Add or remove a DiffServ policy-class association and configure the policy attributes. Entry Description: DiffServ Policy Config  Policy: The name of the policy. To add a class to the policy, remove a class from the policy, or configure the policy attributes, you must first select its name from the menu.
Page 324 Class: The DiffServ class or classes associated with the policy. The policy is applied to a packet when a class match within that policy-class is found. Add: Click this button to show the avaliable class list menu. DiffServ Policy Attribute ...
Page 325: Service Config
Police Two Rate: Select this option to enable the two-rate traffic policing style for the policy-class. The two-rate form of the police attribute uses two data rates and two burst sizes. Only the smaller of the two data rates is intended to be guaranteed. Redirect Interface: Select this option to force a classified traffic stream to the specified egress port (physical port or LAG).
Page 326: Bandwidth Control
State: The status of the policy on the interface. A policy is Up if DiffServ globally enabled, interface administratively enabled and has a link. Otherwise, the status is Down. Policy: The DiffServ policy associated with the interface. 12.3 Bandwidth Control Bandwidth function, allowing you to control the traffic rate and broadcast flow on each port to ensure network in working order, can be implemented on Rate Limit and Storm Control pages.
Page 327: Storm Control
Entry Description: UNIT:1/LAGS: Click 1 to configure the physical ports. Click LAGS to configure the link aggregation groups. Select: Select the desired port for Rate configuration. It is multi-optional. Port: Displays the port number of the switch. Egress Rate: Configure the bandwidth for sending packets on the port. LAG: Displays the LAG number which the port belongs to.
Page 328: Voice Vlan
Entry Description: UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for Storm Control configuration. It is multi-optional. Port: Displays the port number of the switch. Broadcast Rate Select the broadcast rate mode. Mode: kbps: Specify the threshold in kbits per second.
Page 329: Global Config
The Voice VLAN function can be implemented on Global Config, Port Config and OUI Config pages. 12.4.1 Global Config Choose the menu QoS→Voice VLAN→Global Config to load the following page. Figure 12-12 Global Configuration Configuration Procedure： Enable the voice VLAN feature, and enter a VLAN ID. Specify a priority for the voice VLAN, and click Apply.
Page 330: Oui Config
Figure 12-13 Port Config Configuration Procedure: Select your desired ports/LAGs and enable the Voice VLAN mode for selected ports. Click Apply. Entry Description: Voice VLAN Mode: Enable or disable the administrative mode of OUI-based Voice VLAN on the interface. Operational Status: Displays the current state of the ports that are connected to voice devices.
Page 331: Auto Voip
Figure 12-14 OUI Config Configuration Procedure: Enter an OUI address and give a description about the OUI address. Click Create to add an OUI address to the table. Entry Description: OUI: Enter the OUI address of your device. Description: Give an OUI address description for identification. The length is no more than 16 characters.
Page 332 Figure 12-22 Auto VoIP Config Configuration Procedure: Enable the Admin mode of Auto VoIP. Select your desired ports and choose the interface mode and enter corresponding interface value; choose the CoS override mode and click Apply. Configure the corresponding module based on the interface mode. Entry Description: Enable or disable the Admin mode of Auto VoIP.
Page 333 Interface Mode: Indicates how an IP phone connected to the port should send voice traffic • VLAN ID – Forward voice traffic in the specified Auto VoIP VLAN. If you choose VLAN ID, you need to configure LLDP-MED to instruct voice devices to send tagged voice traffic, and create a priority policy in DiffServ for voice traffic.
Page 334: Chapter 13 Acl
Chapter 13 ACL The fast growth of network size and traffic brings challenges to network security and bandwidth allocation. Packet filtering can prevent unauthorized access behaviors and improve bandwidth use. ACL (Access Control List), which is based on rule matching, is primarily used for packet filtering. ACL accurately identifies and controls packets on the network to manage network access behaviors, prevent network attacks, and improve bandwidth use efficiency.
Page 335 2) To edit the time range, click “Edit” in the Time-Range Table to load the following page. Then configure Absolute entry or Periodic entry according to your actual needs. Entry Description: Select: Select the desired entry to delete the corresponding time-range. Time-Range Name: Displays the name of the time-range.
Page 336: Acl Config
Week: Select Week to configure week time-range. The ACL rule based on this time-range takes effect only when the system time is within the week time-range. Start Time: Configure values for the Start Time of Day. End Time: Configure values for the End Time of Day. Entry Type: The type of time range entry.
Page 337: Acl Create
Figure 13-4 ACL Summary Configuration Procedure: Select an ACL ID from the drop-down list. You can view corresponding rules in the Rule Table. 13.2.2 ACL Create On this page you can create ACLs. Choose the menu ACL → ACL Config → ACL Create to load the following page. Figure 13-5 ACL Create Configuration Procedure: Enter an ID number in the ACL ID field, then click Apply.
Page 338 Create MAC Rule Figure 13-6 Configuration Procedure: Select an ACL ID from the drop-down list, enter a Rule ID, then specify the operation of the rule. Select and define the rule's packet-matching criteria. Entry Description: ACL ID: Select the desired MAC ACL for configuration. Rule ID: Enter the rule ID.
Page 339: Standard-Ip Acl
S-Condition: Select S-Condition to limit the transmission rate of the data packets. Rate: The transmission rate of the data packets. Valid values are (1 to 1000000) in Kbps. Qos Remark: Select QoS Remark to forward the data packets based on the QoS settings.
Page 340: Extend-Ip Acl
Operation: Select the operation for the switch to process packets which match the rules. Permit: Forward packets.  Deny: Discard Packets.  S-IP: Enter the source IP address contained in the rule. Mask: Enter IP address mask. If it is set to 1, it must strictly match the address.
Page 341 Choose the menu ACL → ACL Config → Extend-IP ACL to load the following page. Figure 13-8 Create Extend-IP Rule Configuration Procedure 1) Select an ACL ID from the drop-down list, enter a Rule ID, then specify the operation of the rule.
Page 342: Acl Binding
Mask: Enter IP address mask. If it is set to 1, it must strictly match the address. Select ICMP: Configure the predefined ICMP type and code. ICMP Type: Configure the predefined ICMP type. Configure the predefined ICMP code. ICMP Code: IP Protocol: Select IP protocol contained in the rule.
Page 343: Binding Table
13.3.1 Binding Table On this page view the policy bound to port/VLAN. Choose the menu ACL → ACL Binding → Binding Table to load the following page. Figure13-12 Binding Table Configuration Procedure In the ACL VLAN-Bind Table, you can view VLAN binding entries. In the ACL Port-Bind Table, you can view port binding entries.
Page 344: Port Binding
ACL Port-Bind Table  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry to delete the corresponding binding ACL. Index: Displays the index of the binding ACL. ACL ID: Displays the ID or name of the binding ACL. Interface: Displays the port number bound to the ACL.
Page 345: Vlan Binding
ACL ID: Displays the ID or name of the binding ACL. Port: Displays the number of the port bound to the corresponding ACL. Direction: Displays the binding direction. 13.3.3 VLAN Binding On this page you can bind an ACL to a VLAN. Choose the menu ACL →...
Page 346 Configure ACL rules Required. On ACL → ACL Config configuration pages, configure ACL rules to match packets. Bind the ACL to the Required. On ACL → ACL Binding configuration pages, port/VLAN bind the ACL to the port/VLAN to make the ACL effective on the corresponding port/VLAN.
Page 347: Chapter 14 Network Security
Chapter 14 Network Security Network Security module is to provide the multiple protection measures for the network security, including five submenus: IP-MAC Binding, DHCP Snooping, ARP Inspection, IP Source Guard, DoS Defend and 802.1X. Please configure the functions appropriate to your need.
Page 348: Manual Binding
Entry Description: Source: Displays the Source of the entry. All: All the bound entries will be displayed. • Manual: Only the manually added entries will be • displayed. Snooping: Only the entries formed via DHCP Snooping • will be displayed. Click the Select button to quick-select the corresponding entry based on the IP address you entered.
Page 349: Dhcp Snooping
Figure 14-2 Manual Binding Configuration Procedure: Specify the IP address, MAC address, VLAN ID and port number, and click Bind. Entry Description: IP Address: Enter the IP Address of the Host. MAC Address: Enter the MAC Address of the Host. VLAN ID: Enter the VLAN ID.
Page 350 Figure 14-5 Network diagram for DHCP-snooping implementation For different DHCP Clients, DHCP Server provides three IP address assigning methods: Manually assign the IP address: Allows the administrator to bind the static IP address to the specific Client (e.g.: WWW Server) via the DHCP Server. Automatically assign the IP address: DHCP Server assigns the IP address without an expiration time limitation to the Clients.
Page 351 DHCP-OFFER Stage: Upon receiving the DHCP-DISCOVER packet, the DHCP Server selects an IP address from the IP pool according to the assigning priority of the IP addresses and replies to the Client with DHCP-OFFER packet carrying the IP address and other information. DHCP-REQUEST Stage: In the situation that there are several DHCP Servers sending the DHCP-OFFER packets, the Client will only respond to the first received DHCP-OFFER packet and broadcast the DHCP-REQUEST packet which includes the...
Page 352: Global Config
trading website and cheat the users of their accounts and passwords. The following figure illustrates the DHCP Cheating Attack implementation procedure. Figure 14-7 DHCP Cheating Attack Implementation Procedure DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to forward all types of DHCP packets and thereby ensures that users get proper IP addresses.
Page 353 Figure 14-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. Configuration Procedure: Enable DHCP Snooping globally and for the specified VLAN. Configure Option 82.
Page 354: Port Config
Existed Option 82 field: Select the operation for the Option 82 field of the DHCP request packets from the Host. Keep: Indicates to keep the Option 82 field of the • packets. Replace: Indicates to replace the Option 82 field of the •...
Page 355: Arp Inspection
Rate Limit: Select the value to specify the maximum amount of DHCP messages that can be forwarded by the switch of this port per second. The excessive DHCP packets will be discarded. Circuit ID Customization: Enable or Disable the switch to define Circuit ID. Circuit ID: Enter the sub-option Circuit ID for the customized Option 82.
Page 356 normally. The ARP Attack implemented by cheating Gateway is illustrated in the following figure. Figure 14-11 ARP Attack – Cheating Gateway As the above figure shown, the attacker sends the fake ARP packets of Host A to the Gateway, and then the Gateway will automatically update its ARP table after receiving the ARP packets. When the Gateway tries to communicate with Host A in LAN, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
Page 357 As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
Page 358: Arp Detect
ARP Flooding Attack  The attacker broadcasts a mass of various fake ARP packets in a network segment to occupy the network bandwidth viciously, which results in a dramatic slowdown of network speed. Meantime, the Gateway learns the false IP address-to-MAC address mapping entries from these ARP packets and updates its ARP table.
Page 359: Arp Defend
Entry Description: Validate Source MAC: Enable or disable the switch to check whether the source MAC address and the Sender MAC address are the same when receiving an ARP packet. If not, the ARP packet will be discarded. Validate Destination Enable or disable the switch to check whether the MAC: Destination MAC address and the Target MAC address are...
Page 360: Arp Statistics
Configuration Procedure: Select one or more ports, and configure the relevant parameters. Then click Apply. Entry Description: UNIT: Select the unit ID of the desired member in the stack. Select: Select your desired port for configuration. It is multi-optional. Port: Displays the port number.
Page 361: Ip Source Guard
In the Illegal ARP Packet section, view the statistics of ARP packets in each VLAN. Entry Description: Auto Refresh: Enable or disable the Auto Refresh feature. Refresh Interval: Specify the refresh interval to display the ARP Statistics. VLAN ID: Displays the VLAN ID. Forwarded: Displays the number of forwarded packets in this VLAN.
Page 362: Dos Defend
Entry Description: UNIT: Select the unit ID of the desired member in the stack. Select: Select your desired port for configuration. It is multi-optional. Port: Displays the port number. Security Type: Select Security Type for the port. Disable: Select this option to disable the IP Source Guard •...
Page 363: Dos Defend
NULL Scan Attack The attacker sends the illegal packet with its TCP index and all the control fields set to 0. During the TCP connection and data transmission, the packets with all the control fields set to 0 are considered as the illegal packets. SYN packet with its The attacker sends the illegal packet with its TCP SYN field set to 1 source port less than...
Page 364: 351
Authenticator System: The authenticator system is usually an 802.1X-supported network device, such as this TP-Link switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system. Authentication Server System: The authentication server system is an entity that provides authentication service to the authenticator system.
Page 365 802.1X client program to initiate an 802.1X authentication through the sending of an EAPOL-Start packet to the switch, This TP-Link switch can authenticate supplicant systems in EAP relay mode or EAP terminating mode. The following illustration of these two modes will take the 802.1X authentication procedure initiated by the supplicant system for example.
Page 366 Figure 14-20 EAP-MD5 Authentication Procedure (1) A supplicant system launches an 802.1X client program via its registered user name and password to initiate an access request through the sending of an EAPOL-Start packet to the switch. The 802.1X client program then forwards the packet to the switch to start the authentication process.
Page 367 (8) The supplicant system can also terminate the authenticated state by sending EAPOL-Logoff packets to the switch. The switch then changes the port state from accepted to rejected. EAP Terminating Mode In this mode, packet transmission is terminated at authenticator systems and the EAP packets are mapped into RADIUS packets.
Page 368: Global Config
Quiet-period timer (Quiet Period): This timer sets the quiet-period. When a supplicant system fails to pass the authentication, the switch quiets for the specified period before it processes another authentication request re-initiated by the supplicant system. Guest VLAN  Guest VLAN function enables the supplicants that do not pass the authentication to access the specific network resource.
Page 369 Figure 14-23 Port Config Configuration Procedure: Select one or more ports and configure the relevant parameters. Then click Apply. Entry Description: UNIT: Select the unit ID of the desired member in the stack. Select: Select your desired port for configuration. It is multi-optional. Port: Displays the port number.
Page 370 Tx Period: Specify the Dot1x transmit period on the specified port to determine when an EAP-Request/Identity packet is to be transmitted. It ranges from 1 to 65535 seconds and the default time is 30 seconds. Guest VLAN Specify the Guest VLAN Period of the port. Once set the Guest Period: VLAN on the port, the port will be included in the Guest VLAN after the Guest VLAN Period.
Page 371: Aaa
Configure the 802.1X Required. By default, the global 802.1X function is globally. disabled. On the Network Security→802.1X→Global Config page, configure the 802.1X function globally. Configure the 802.1X for Required. On the Network Security→802.1X→Port the port. Config page, configure the 802.1X feature for the port of the switch basing on the actual network.
Page 372: Radius Server Config
14.7.1 RADIUS Server Config This page is used to configure the authentication servers running the RADIUS security protocols. Choose the menu Network Security→AAA→RADIUS Conifg to load the following page. Configuration Procedure: Configure the RADIUS server’s IP and other relevant parameters under the Server Config. View, edit and delete the configured RADIUS servers in the Server List.
Page 373: Authentication Method List Config
Choose the menu Network Security→AAA→TACACS+ Conifg to load the following page. Configuration Procedure: Configure the TACACS+ server’s IP and other relevant parameters under the Server Config. View, edit and delete the configured TACACS+ servers in the Server list. Entry Description: Server IP: Enter the IP of the server running the TACACS+ secure protocol.
Page 374 Choose the menu Network Security→AAA→Authentication List to load the following page. Figure 14-22 Authentication Method List Config Configuration Procedure: Enter the method list name. Specify the authentication type as Login or Enable. Configure the authencation method with priorities. View and delete the configured method priority list in the Authentication Login Method List and Authentication Enable Method List.
Page 375: Application Authentication List Config
Pri1, Pri2, Pri3, Specify the authentication methods in order. The next Pri4: authentication method is tried only if the previous method does not respond, not if it fails. local: Use the local database in the switch for authentication. enable: Use the locally configured Enable password to verify the user's credentials.
Page 376: Authentication Server Config
Configure the authentication method list from the Enable List drop-down menu. Thisoption defines the authentication method for users requiring the administrator privilege. Entry Description: Module: Lists of the configurable applications on the switch. Login List: Configure an application for the login utilizing a previously configured method list.
Page 377 Communication port is 49. TACACA+ server  Timeout is 5 seconds.  Authentication login method list The list contains local, and the default login username and passwords are both admin. Authentication enable method The list is empty, which means users can prompt list to administrator privilege without password.
Page 378: Chapter 15 Snmp
Chapter 15 SNMP SNMP Overview  SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the network devices. It is used for automatically managing the various network devices no matter the physical differences of the devices.
Page 379 SNMP Versions  This switch supports SNMP v3, and is compatible with SNMP v1 and SNMP v2c. The SNMP versions adopted by SNMP Management Station and SNMP Agent should be the same. Otherwise, SNMP Management Station and SNMP Agent cannot communicate with each other normally.
Page 380: Snmp Config
SNMP Management Station by configuring its view type (included/excluded). The OID of managed object can be found on the SNMP client program running on the SNMP Management Station. 2. Create SNMP Group After creating the SNMP View, it’s required to create an SNMP Group. The Group Name, Security Model and Security Level compose the identifier of the SNMP Group.
Page 381: Snmp View
Remote Engine  Remote Engine ID: Specify the Remote Engine ID for Switch. The Engine ID is a unique alphanumeric string used to identify the SNMP engine on the remote device which receives informs from Switch. Note: The total hexadecimal characters of Engine ID should be even. Change the Local Engine ID could make local user and community invaild, please re-create new local users or community.
Page 382: Snmp Group
MIB Object ID: Enter the Object Identifier (OID) for the entry of view. View Type: Select the type for the view entry. Include: The view entry can be managed by the SNMP • management station. Exclude: The view entry cannot be managed by the •...
Page 383 These three items of the Users in one group should be the same. Security Model: Select the Security Model for the SNMP Group. v1: SNMPv1 is defined for the group. In this model, the • Community Name is used for authentication. SNMP v1 can be configured on the SNMP Community page directly.
Page 384: Snmp User
Operation: Click the Edit button to modify the Views in the entry and click the Modify button to apply. Note: Every Group should contain a Read View. The default Read View is Default. 15.1.4 SNMP User The User in an SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access right.
Page 385: Snmp Community
Security Level: Select the Security Level for the SNMP v3 User. Auth Mode: Select the Authentication Mode for the SNMP v3 User. None: No authentication method is used. • MD5: The port authentication is performed via • HMAC-MD5 algorithm. SHA: The port authentication is performed via SHA •...
Page 386 Figure 15-7 SNMP Community Configuration Procedure: Set the community name, access rights and the related view. Click Create. Entry Description: Community Config  Community Name: Enter the Community Name here. Access: Defines the access rights of the community. read-only: Management right of the Community is •...
Page 387 Note: The default MIB View of SNMP Community is Default. Configuration Procedure: If SNMPv3 is employed, please take the following steps:  Step Operation Description Create SNMP View. Required. On the SNMP→SNMP Config→SNMP View page, create SNMP View of the management agent.
Page 388: Notification
15.2 Notification With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views (e.g., the managed device is rebooted), which allows the management station to monitor and process the events in time. The notification information includes the following two types: Trap：Trap is the information that the managed device initiatively sends to the Network management station without request.
Page 389 Entry Description: Host Config  IP Address: If you set the IP Mode to IPv4, specify an IPv4 address for the host. If you set the IP Mode to IPv6, specify an IPv6 address for the host. UDP Port: Specify a UDP port on the host to send notifications. The default is port 162.
Page 390 Type: Choose a notification type for the NMS that uses SNMPv2c or SNMPv3; the default type is Trap. Trap: Set the switch to send Trap messages to the NMS. • When the NMS receives a trap message, it will not send a response to the switch.
Page 391: Traps Config
15.2.2 Traps Config On this page, you can configure the traps of SNMP. Choose the menu SNMP → Notification → Traps Config to load the following page. Figure15-9 Traps Config Configuration Procedure: Configure traps you desire to send to the SNMP server. Click Apply.
Page 392 Entry Description: SNMP Traps  Multiple User: Generates a trap when the same user ID is logged into the switch more than once at the same time. CPU Thresholds: Generates a trap when the CPU utilization is over 80%. Spanning Tree: Generates a trap when the status of STP changes.
Page 393: Rmon
If Auth Failure: Generates a trap when authentication failures occur on non-virtual interfaces. Virt If Auth Generates a trap when authentication failures occur on virtual Failure: interfaces. Rx Bad Packet: Generates a trap when packet parse failures occur on non-virtual interfaces. Virt If Rx Bad Generates a trap when packet parse failures occur on virtual Packet:...
Page 394: History
RMON Group  This switch supports the following four RMON Groups defined on the RMON standard (RFC1757): History Group, Event Group, Statistic Group and Alarm Group. RMON Group Function History Group After a history group is configured, the switch collects and records network statistics information periodically, based on which the management station can monitor network effectively.
Page 395: Event
Interval: Specify the interval to take samplings from the port, ranging from 10 to 3600 seconds. The default is 1800 seconds. Max Buckets Displays the maximum number of buckets desired for the RMON history group of statistics, ranging from 1 to 65535. The default is 50 buckets.
Page 396: Alarm
Owner: Enter the name of the device or user that defined the entry. Operation: Click “Edit” to edit the event group entry. 15.3.3 Alarm On this page, you can configure Statistic Group and Alarm Group for RMON. Choose the menu SNMP → RMON → Alarm to load the following page. Figure 15-12 Alarm Config Configuration Procedure: Specify the index number of the alarm group, choose a variable to be monitored, and...
Page 397 Alarm Type: Specify the type of the alarm. Rising: When the sampled value exceeds the Rising • Threshold, an alarm event is triggered. Falling: When the sampled value is under the Falling • Threshold, an alarm event is triggered. All: The alarm event will be triggered either the sampled •...
Page 398: Chapter 16 Lldp
Chapter 16 LLDP LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used for network devices to advertise their own device information periodically to neighbors on the same IEEE 802 local area network. The advertised information, including details such as device identification, capabilities and configuration settings, is represented in TLV (Type/Length/Value) format according to the IEEE 802.1ab standard, and these TLVs are encapsulated in LLDPDU (Link Layer Discovery Protocol Data Unit).
Page 399 Tx&Rx: the port can both transmit and receive LLDPDUs.  Rx_Only: the port can receive LLDPDUs only.  Tx_Only: the port can transmit LLDPDUs only.  Disable: the port cannot transmit or receive LLDPDUs.  LLDPDU transmission mechanism If the ports are working in TxRx or Tx mode, they will advertise local information by ...
Page 400 TLV Type TLV Name Description Usage in LLDPDU End of LLDPDU Mark the end of the TLV sequence in LLDPDUs. Mandatory Any information following an End Of LLDPDU TLV shall be ignored. Chassis ID Identifies Chassis address Mandatory connected device. Port ID Identifies the specific port that transmitted the Mandatory...
Page 401: Basic Config
Note: For detailed introduction of TLV, please refer to IEEE 802.1ab standard. In TP-Link switch, the following LLDP optional TLVs are supported. Port Description TLV The Port Description TLV allows network management to advertise the IEEE 802 LAN station's port description.
Page 402: Port Config
Choose the menu LLDP → Basic Config → Global Config to load the following page. Figure 16-1 Global Configuration Configuration Procedure: Configure the global parameters here. Then click Apply to make the settings effective. Entry Description: Transmit Interval: Indicates the interval at which LLDP frames are transmitted on behalf of this LLDP agent.
Page 403 Choose the menu LLDP → Basic Config → Port Config to load the following page. Figure 16-2 Port Configuration Configuration Procedure: Select your desired port and configure the relevant parameters here. Then click Apply to make the settings effective. Entry Description: UNIT: Select the unit ID of the desired member in the stack.
Page 404: Device Info
16.2 Device Info You can view the LLDP information of the local device and its neighbors on the Local Info and Neighbor Info pages respectively. 16.2.1 Local Info On this page you can view all ports' configuration and system information. Choose the menu LLDP →...
Page 405: Neighbor Info
Local Interface: Displays the local port number. Indicates the basis for the chassis ID, and the default subtype Chassis ID Subtype： is MAC address. Chassis ID： Indicates the specific identifier for the particular chassis in local device. Port ID Subtype： Indicates the basis for the port ID, and the default subtype is interface name.
Page 406: Device Statistics
Figure 16-4 Neighbor Information Configuration Procedure: Choose Enable or Disable Auto Refresh according to your needs. 2) Select the desired port to view the information of neighbor connected to the corresponding port. Entry Description: Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate.
Page 407 Figure 16-5 Device Statistics Configuration Procedure: Choose Enable or Disable Auto Refresh according to your needs. View Global Statistics and Neighbors Statistics in the corresponding table. Entry Description: Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Last Update: Display latest update time of the statistics.
Page 408: Lldp-Med
16.4 LLDP-MED LLDP-MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches. The LLDP-MED TLVs advertise information such as network policy and inventory management.  Elements LLDP-MED Device: Refers to any device which implements this Standard. LLDP-MED Device Type: LLDP-MED devices are comprised of two primary device types: Network Connectivity Devices and Endpoint Devices.
Page 409: Port Config
Figure 16-6 LLDP-MED Global Configuration Configuration Procedure: Configure the number of LLDP-MED frames which will be transmitted fast. View Device Class of the device. Entry Description: Fast Start Count: When LLDP-MED fast start mechanism is activated, multiple LLDP-MED frames will be transmitted (the number of frames equals this parameter).
Page 410 Figure 16-7 LLDP-MED Port Configuration Configuration Procedure: Select your desired port and enable LLDP-MED. Then click Apply to make the settings effective. Click Detail to configure the included TLVs in outgoing LLDPDU on the following page. Figure 16-8 Configure TLVs of LLDP-MED Port Entry Description: UNIT: Select the unit ID of the desired member in the stack.
Page 411: Local Info
Included TLVs: Select TLVs to be included in outgoing LLDPDU. Click the Detail button to display the included TLVs and select the desired TLVs. 16.4.3 Local Info On this page you can view all ports' LLDP-MED configuration. Choose the menu LLDP → LLDP-MED → Local Info to load the following page. Figure 16-9 LLDP-MED Local Information Configuration Procedure: Choose Enable or Disable Auto Refresh according to your needs.
Page 412: Neighbor Info
Device Type: Specify the auto refresh rate. Application Type: Application Type indicates the primary function of the applications defined for the network policy. Unknown Policy Displays whether the local device will explicitly advertise the Flag: policy required by the device but currently unknown. VLAN tagged: Indicates the VLAN type the specified application type is using, 'tagged' or 'untagged'.
Page 413 Figure 16-10 LLDP-MED Neighbor Information Configuration Procedure: Choose Enable or Disable Auto Refresh according to your needs. 2) Select the desired port to view the information of neighbor connected to the corresponding port under the LLDP-MED Neighbor Info. Entry Description: Auto Refresh: Enable/Disable the auto refresh function.
Page 414: Chapter 17 Maintenance
Chapter 17 Maintenance Maintenance module, assembling the commonly used system tools to manage the switch, provides the convenient method to locate and solve the network problem. System Monitor: Monitor the utilization status of the memory and the CPU of switch. Log: View the configuration parameters of the switch and find out the errors via the Logs.
Page 415: Memory Monitor
UNIT: Select the unit ID of the desired member in the stack. Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds. 17.1.2 Memory Monitor Choose the menu Maintenance → System Monitor → Memory Monitor to load the following page.
Page 416: Log Table
Level Description Severity Error conditions errors warnings Warnings conditions Normal but significant conditions notifications Informational messages informational debugging Debug-level messages Table 17-1 Log Level The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages.
Page 417: Local Log
Time: Displays the time when the log event occurs. The log can get the correct time after you configure on the System ->System Info-> System Time Web management page. Module: Displays the module which the log information belongs to. You can select a module from the drop-down list to display the corresponding log information.
Page 418: Remote Log
Entry Description: Channel: Local log includes 2 channels: log buffer and log file. Log buffer indicates the RAM for saving system log. The channel is enabled by default. The information in the log buffer is displayed on the Maintenance > Log> Log Table page. It will be lost when the switch is restarted.
Page 419: Backup Log
Configuration Procedure: Select an entry to enable the status, and then set the host IP address and severity. Click Apply to make the settings effective. Entry Description: Admin Mode: Enable or disable the log host. While enabled, syslog packets will be sent to the hosts. While disabled, no syslog packets will be sent to the hosts.
Page 420: Device Diagnose
Entry Description: Backup Log: Click the Backup Log button to save the log as a file to your computer. Note: When a critical error results in the breakdown of the system, you can export the log file to get some related important information about the error for device diagnosis after the switch is restarted.
Page 421: Network Diagnose
Length: If the connection status is normal, here displays the length range of the cable. Error: f the connection status is short, close or crosstalk, here displays the length from the port to the trouble spot. The value makes sense only when the cable is longer than 30m.
Page 422: Tracert
Configuration Procedure: 1) In the Ping Config section, enter the IP address of the destination device for Ping test, set Ping times, data size and interval according to your needs, and then click Ping to start the test. In the Ping Result section, check the test results. Entry Description: Destination IP: Enter the IP address of the destination node for Ping test.
Page 423: Appendix A: Glossary
Appendix A: Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 424 Generic Multicast Registration Protocol (GMRP) GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. Group Attribute Registration Protocol (GARP) See Generic Attribute Registration Protocol. IEEE 802.1d Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 425 Multicast Switching A process whereby the switch filters incoming multicast frames for services for which no attached host has registered, or forwards them to all ports contained within the designated multicast group. Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses.
Page 426 Rapid Spanning Tree Protocol (RSTP) RSTP reduces the convergence time for network topology changes to about 10% of that required by the older IEEE 802.1D STP standard. Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch.

TP-Link T3700G-52TQ User Manual

Chapter 1 About this Guide

Chapter 2 Introduction

Chapter 3 Login to the Switch

Chapter 4 System

Chapter 5 Stack

Chapter 6 Switching

Chapter 7 VLAN

Chapter 8 Spanning Tree

Chapter 9 Multicast

Chapter 10 Routing

Chapter 11 Multicast Routing

Chapter 12 Qos

Chapter 13 ACL

Chapter 14 Network Security

Chapter 15 SNMP

Chapter 16 LLDP

Chapter 17 Maintenance

Appendix A: Glossary

Quick Links

Related Manuals for TP-Link T3700G-52TQ

Summary of Contents for TP-Link T3700G-52TQ