Page 1 T3700G-28TQ JetStream 28-Port Gigabit Stackable L3 Managed Switch REV1.0.1 1910011207...
Page 2 Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3 Safety Information When product has power button, the power button is one of the way to shut off the product;  When there is no power button, the only way to completely shut off power is to disconnect the product or the power adapter from the power source. Don’t disassemble the product, or make repairs yourself.
Page 4: Table Of Contents
CONTENTS Package Contents ..........................1 Chapter 1 About This Guide ......................2 Intended Readers ......................2 Conventions ........................2 Overview of This Guide ....................2 Chapter 2 Introduction ........................7 Overview of the Switch ....................7 Main Features ........................ 7 Appearance Description ....................
Page 5 5.1.1 Stack Info ......................40 5.1.2 Stack Config ...................... 41 5.1.3 Switch Renumber ....................42 Application Example for Stack ..................44 Chapter 6 Switching ........................45 Port ..........................45 6.1.1 Port Config ......................45 6.1.2 Port Mirror......................46 6.1.3 Port Security ...................... 48 6.1.4 Port Isolation .....................
Page 6 VLAN VPN ........................85 7.7.1 VPN Config ......................86 7.7.2 Port Enable ......................86 7.7.3 VLAN Mapping ....................87 GVRP ........................... 89 Private VLAN ........................ 93 7.9.1 PVLAN Config ....................94 7.9.2 Port Config ......................95 7.10 Application Example for Private VLAN ................ 96 Chapter 8 Spanning Tree ......................
Page 7 Chapter 10 Routing ........................140 10.1 Interface ........................140 10.2 Routing Table ......................143 10.3 Static Routing ......................143 10.3.1 Static Routing ....................143 10.3.2 Application Example for Static Routing ............144 10.4 DHCP Server ......................145 10.4.1 DHCP Server ....................151 10.4.2 Pool Setting .....................
Page 8 10.9.12 Application Example for OSPF ............... 206 10.10 VRRP.......................... 208 10.10.1 Basic Config ....................212 10.10.2 Advanced Config ..................... 214 10.10.3 Virtual IP Config....................215 10.10.4 Track Config ....................216 10.10.5 Virtual Router Statistics ................... 217 10.10.6 Application Example for VRRP ............... 219 Chapter 11 Multicast Routing .......................
Page 9 12.1 DiffServ ........................265 12.1.1 Port Priority ...................... 265 12.1.2 Schedule Mode ....................266 12.1.3 802.1P Priority ....................267 12.1.4 DSCP Priority ....................268 12.2 Bandwidth Control ...................... 270 12.2.1 Rate Limit ......................270 12.2.2 Storm Control ....................271 12.3 Voice VLAN ........................ 272 12.3.1 Global Config ....................
Page 10 14.2 DHCP Snooping ......................297 14.2.1 Global Config ....................299 14.2.2 Port Config ...................... 301 14.3 ARP Inspection ......................302 14.3.1 ARP Detect ...................... 305 14.3.2 ARP Defend..................... 306 14.3.3 ARP Statistics ....................307 14.4 IP Source Guard ......................308 14.5 DoS Defend ........................
Page 11 16.4.2 Port Config ...................... 348 16.4.3 Local Info ......................350 16.4.4 Neighbor Info ....................351 Chapter 17 Cluster........................353 17.1 NDP ..........................354 17.1.1 Neighbor Info ....................354 17.1.2 NDP Summary ....................355 17.1.3 NDP Config ...................... 356 17.2 NTDP .......................... 357 17.2.1 Device Table ....................
Page 12 Appendix D: Glossary ........................400...
Page 13: Package Contents
One Console Cable  One Power Supply Module Slot Cover  Two mounting brackets and other fittings  Installation Guide  Resource CD for T3700G-28TQ switch, including:  This User Guide • The Command Line Interface Guide • SNMP Mibs •...
Page 14: Chapter 1 About This Guide
Chapter 1 About This Guide This User Guide contains information for setup and management of T3700G-28TQ switch. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for network managers familiar with IT concepts and network terminologies.
Page 15 Chapter Introduction Chapter 4 System This module is used to configure system properties of the switch. Here mainly introduces: System Info: Configure the description, system time and  network parameters of the switch. User Management: Configure the user name and password for ...
Page 16 Chapter Introduction Chapter 8 Spanning Tree This module is used to configure spanning tree function of the switch. Here mainly introduces: STP Config: Configure and view the global settings of  spanning tree function. Port Config: Configure CIST parameters of ports. ...
Page 17 Chapter Introduction Chapter 12 QoS This module is used to configure QoS function to provide different quality of service for various network applications and requirements. Here mainly introduces: DiffServ: Configure priorities, port priority, 802.1P priority and  DSCP priority. Bandwidth Control: Configure rate limit feature to control the ...
Page 18 Chapter Introduction Chapter 17 Cluster This module is used to configure cluster function to centrally manage the scattered devices in the network. Here mainly introduces: NDP: Configure NDP function to get the information of the  directly connected neighbor devices. NTDP: Configure NTDP function for the commander switch to ...
Page 19: Chapter 2 Introduction
T3700G-28TQ is ideal for large enterprises, campuses or SMB networks requiring an outstanding, reliable and affordable 10 Gigabit solution. T3700G-28TQ supports stacking of up to 8 units, thus providing flexible scalability and protective redundancy for your networks. Moreover, aiming to better protect your network, T3700G-28TQ’s main power is removable, with the help of TP-LINK’s...
Page 20: Appearance Description
Quality of Service • + Supports L2/L3 granular CoS with 8 priority queues per port. + Rate limiting confines the traffic flow accurately according to the preset value. • Security + Supports multiple industry standard user authentication methods such as 802.1x, RADIUS. + IP Source Guard prevents IP spoofing attacks.
Page 21  LEDs Status Indication The switch is powered on The switch is powered off or power supply is abnormal Power supply is abnormal Flashing The switch works properly Flashing System The switch works improperly On/Off Both the built-in power supply and the redundant power Green supply work properly The built-in power supply works improperly, but the...
Page 22  SFP+ Ports: Port 25-26, designed to install the 10Gbps SFP+ transceiver/cable. T3700G-28TQ also provides an interface card slot on the rear panel to install the expansion card (TX432 of TP-LINK for example). If TX432 is installed, you get another two 10Gbps SFP+ ports.
Page 23: Rear Panel
 RPS Input Connector: Provides an interface to connect the RPS (Redundant Power Supply). You can select an RPS (RPS150 of TP-LINK for example) for your switch if needed.  Power Supply Module Slot: Provides an interface to install the Power Supply Module. An AC Power Supply Module PSM150-AC is provided with the switch.
Page 24: Chapter 3 Login To The Switch
Chapter 3 Login to the Switch 3.1 Login 1) To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP address of your PC should be set in the same subnet addresses of the switch.
Page 25 Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Save Config. You are suggested to click Save Config before cutting off the power or rebooting the switch to avoid losing the new configurations.
Page 26: Chapter 4 System
Chapter 4 System The System module is mainly for system configuration of the switch, including four submenus: System Info, User Management, System Tools and Access Security. 4.1 System Info The System Info, mainly for basic properties configuration, can be implemented on System Summary, Device Description, System Time and Daylight Saving Time pages.
Page 27 Indicates the 1000Mbps port is not connected to a device. Indicates the 1000Mbps port is at the speed of 1000Mbps. Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. Indicates the SFP port is not connected to a device. Indicates the SFP port is at the speed of 1000Mbps.
Page 28: Device Description
Figure 4-3 Bandwidth Utilization Bandwidth Utilization  Select Rx to display the bandwidth utilization of receiving packets on this port. Select Tx to display the bandwidth utilization of sending packets on this port. 4.1.2 Device Description On this page you can configure the description of the switch, including device name, device location and system contact.
Page 29: System Time
System Contact: Enter your contact information. 4.1.3 System Time System Time is the time displayed while the switch is running. On this page you can configure the system time and the settings here will be used for other time-based functions like ACL. You can manually set the system time, get UTC automatically if it has connected to an NTP server or synchronize with PC’s clock as the system time.
Page 30: Daylight Saving Time
Note: The system time will be restored to the default when the switch is restarted and you need to reconfigure the system time of the switch. When Get Time from NTP Server is selected and no time server is configured, the switch will get time from the time server of the Internet if it has connected to the Internet.
Page 31: User Management
Recurring Mode: Specify the DST configuration in recurring mode. This configuration is recurring in use: Offset: Specify the time adding in minutes when Daylight  Saving Time comes. Start/End Time: Select starting time and ending time of  Daylight Saving Time. Date Mode: Specify the DST configuration in Date mode.
Page 32 Choose the menu System → User Management → User Config to load the following page. Figure 4-8 User Config The following entries are displayed on this screen: User Info  User Name: Create a name for users’ login. Access Level: Select the access level to login.
Page 33: System Tools
Operation: Click the Edit button of the desired entry, and you can edit the corresponding user information. After modifying the settings, please click the Modify button to make the modification effective. Access level and user status of the current user information cannot be modified.
Page 34: Config Restore
Current Startup Displays the current startup image. Image: Next Startup Image: Select the next startup image. Backup Image: Select the backup boot image. Current Startup Displays the current startup config filename. Config: Next Startup Input the next startup config filename. Config: Backup Config: Input the backup config filename.
Page 35: Config Backup
It will take a few minutes to backup the configuration. Please wait without any operation. 4.3.4 Firmware Upgrade The switch system can be upgraded via the Web management page. To upgrade the system is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware.
Page 36: System Reboot
Choose the menu System→System Tools→Firmware Upgrade to load the following page. Figure 4-12 Firmware Upgrade Note: Don’t interrupt the upgrade. Please select the proper software version matching with your hardware to upgrade. To avoid damage, please don't turn off the device while upgrading. After upgrading, the device will reboot automatically.
Page 37: Access Security
Choose the menu System→System Tools→System Reset to load the following page. Figure 4-14 System Reset Note: After the system is reset, the switch will be reset to the default and all the settings will be cleared. 4.4 Access Security Access Security provides different security measures for the remote login so as to enhance the configuration management security.
Page 38: Ssl Config
The following entries are displayed on this screen: Access Control Config  Control Mode: Select the control mode for users to log on to the Web management page. IP-based: Select this option to limit the IP-range of the users  for login.
Page 39 After SSL is effective, you can log on to the Web management page via https://192.168.0.1. For the first time you use HTTPS connection to log into the switch with the default certificate, you will be prompted that “The security certificate presented by this website was not issued by a trusted certificate authority”...
Page 40: Ssh Config
4.4.3 SSH Config As stipulated by IFTF (Internet Engineering Task Force), SSH (Secure Shell) is a security protocol established on application and transport layers. SSH-encrypted-connection is similar to a telnet connection, but essentially the old telnet remote management method is not safe, because the password and data transmitted with plain-text can be easily intercepted.
Page 41 Max Connect: Specify the maximum number of the connections to the SSH server. No new connection will be established when the number of the connections reaches the maximum number you set. The default value is 5. Key Download  Key Type: Select the type of SSH Key to download.
Page 42 2. Click the Open button in the above figure to log on to the switch. Enter the login user name and password, and then you can continue to configure the switch. Application Example 2 for SSH: Network Requirements  1. Log on to the switch via key authentication using SSH and the SSH function is enabled on the switch.
Page 43 2. After the key is successfully generated, please save the public key and private key to the computer. 3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Note: The key type should accord with the type of the key file.
Page 44 4. After the public key is downloaded, please log on to the interface of PuTTY and enter the IP address for login. 5. Click Browse to download the private key file to SSH client software and click Open.
Page 45 After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded. Note: Following the steps above, you have already entered the User EXEC Mode of the switch. However, to configure the switch, you need a password to enter the Privileged EXEC Mode first.
Page 46: Chapter 5 Stack
Chapter 5 Stack The stack technology is to connect multiple stackable devices through their StackWise ports, forming a stack which works as a unified system and presents as a single entity to the network in Layer 2 and Layer 3 protocols. It enables multiple devices to collaborate and be managed as a whole, which improves the performance and simplifies the management of the devices efficiently.
Page 47 In a ring connected stack, it can still operate normally by transforming into a daisy chained stack when link failure occurs, which further ensures the normal operation of load distribution and backup across devices and links as Figure 5-2 shows. Figure 5-2 Load Distribution and Backup across Devices 3.
Page 48 Stack Introduction  1. Stack Elements 1） Stack Role Each device in the stack system is called stack member. Each stack member processes services packets and plays a role which is either master or slave in the stack system. The differences between master and slave are described as below: Master: Indicates the device is responsible for managing the entire stack system.
Page 49 1） Connecting the stack members To establish a stack, please physically connect the stack ports of the member devices with cables. The stack ports of T3700-28TQ can be used for stack connection or as normal Ethernet Gigabit port. When you want to establish a stack, the stack mode of the related ports should be configured as "Enable".
Page 50 The master is elected based on the following rules and in the order listed: The switch that is currently the stack master. The switch with the highest stack member priority value. The switch with the lowest MAC address. After master election, the stack forms and enters into stack management and maintenance stage.
Page 51 Slot Number: Indicates the number of the slot the interface card is in. For T3700G-28TQ, the front panel ports belong to slot 0. Slot number starting from 1 each represents an interface card slot.
Page 52: Stack Management
5.1 Stack Management Before configuring the stack, we highly recommend you to prepare the configuration planning with a clear set of the role and function of each member device. Some configuration needs device reboot to take effect, so you are kindly recommended to configure the stack at first, next connect the devices physically after powering off them, then you can power them on and the devices will join the stack automatically.
Page 53: Stack Config
Role: Displays the stack role of the member switch in the stack. There are two options: Master and Slave. Displays the MAC address of the member switch. MAC Address： Priority: Displays the member priority of the member switch. The higher the value is, the more likely the member will be elected as the master.
Page 54: Switch Renumber
The following entries are displayed on this screen: Stack Config  Enter the name of the stack. The length of this field should be 1-30 Stack Name： characters. After the stack is established, the name of master determines the stack name. Select the authentication mode used in stack creation.
Page 55 Choose the menu Stack Management→Switch Renumber to load the following page. Figure 5-9 Switch Renumber The following entries are displayed on this screen: Switch Renumber  Select: Select the desired entry. It is multi-optional. Current Unit: Displays the current unit number of the member switch. Designated Unit: Configure the unit number of the member switch.
Page 56: Application Example For Stack
5.2 Application Example for Stack Network Requirements  Establish a stack of ring topology with four T3700-28TQ switches. Network Diagram  Configuration Procedure  Configure switch A, B, C and D before physically connecting them:  Step Operation Description Configure stack Optional.
Page 57: Chapter 6 Switching
Chapter 6 Switching Switching module is used to configure the basic functions of the switch, including four submenus: Port, LAG, Traffic Monitor and MAC Address. 6.1 Port The Port function, allowing you to configure the basic features for the port, is implemented on the Port Config, Port Mirror, Port Security, Port Isolation and Loopback Detection pages.
Page 58: Port Mirror
Description: Give a description to the port for identification. Status: Allows you to Enable/Disable the port. When Enable is selected, the port can forward the packets normally. Speed: Select the Speed mode for the port. The device connected to the switch should be in the same Speed and Duplex mode with the switch.
Page 59 The following entries are displayed on this screen. Mirror Session List  Session: This column displays the mirror session number. Destination: This column displays the mirroring port. Mode: This column displays the mirror mode. Source: This column displays the mirrored ports. Operation: You can configure the mirror session by clicking the "Edit", or clear the mirror session configuration by clicking the "Clear".
Page 60: Port Security
The following entries are displayed on this screen. Mirror Session  Session: Displays session number. Destination Port  Destination Port: Input or select a physical port from the port panel as the mirroring port. Source Port  Select: Select the desired port as a mirrored port. It is multi-optional. Port: Displays the port number.
Page 61 Choose the menu Switching→Port→Port Security to load the following page. Figure 6-4 Port Security The following entries are displayed on this screen: Port Security  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for Port Security configuration. It is multi-optional.
Page 62: Port Isolation
Permanent: When Permanent mode is selected, the • learned MAC address will be out of the influence of the aging time and can only be deleted manually. The learned entries will be saved even the switch is rebooted. Status: Select Enable/Disable the Port Security feature for the port. Note: The Port Security function is disabled for the LAG port member.
Page 63: Loopback Detection
Click the Edit button to configure the port isolation list in the following page: Figure 6-6 Port Isolation Config Port Isolation Config  UNIT: Select the unit ID of the desired member in the stack. Port: Select the port number to set its forward list. It is multi-optional. Forward Portlist: Select the port that to be forwarded to.
Page 64 Choose the menu Switching → Port → Loopback Detection to load the following page. Figure 6-7 Loopback Detection Config The following entries are displayed on this screen: Global Config  LoopbackDetection Here you can enable or disable Loopback Detection function Status: globally.
Page 65: Lag
Port: Displays the port number. Status: Enable or disable Loopback Detection function for the port. Operation Mode: Select the mode how the switch processes the detected loops.  Alert: When a loop is detected, display an alert.  Port based: When a loop is detected, display an alert and block the port.
Page 66: Lag Table
Tips: Calculate the bandwidth for a LAG: If a LAG consists of the four ports in the speed of 1000Mbps Full Duplex, the whole bandwidth of the LAG is up to 8000Mbps (2000Mbps * 4) because the bandwidth of each member port is 2000Mbps counting the up-linked speed of 1000Mbps and the down-linked speed of 1000Mbps.
Page 67: Static Lag
Operation: Allows you to view or modify the information for each LAG. • Edit: Click to modify the settings of the LAG. • Detail: Click to get the information of the LAG. Click the Detail button for the detailed information of your selected LAG. Figure 6-9 Detail Information 6.2.2 Static LAG On this page, you can manually configure the LAG.
Page 68: Lacp Config
The following entries are displayed on this screen: LAG Config  Group Number: Select a Group Number for the LAG. Description: Displays the description of the LAG for identification. Member Port  UNIT: Select the unit ID of the desired member in the stack. Member Port: Select the port as the LAG member.
Page 69 Choose the menu Switching→LAG→LACP Config to load the following page. Figure 6-11 LACP Config The following entries are displayed on this screen: Global Config  System Priority: Specify the system priority for the switch. The system priority and MAC address constitute the system identification (ID). A lower system priority value indicates a higher system priority.
Page 70: Traffic Monitor
member. The port with smaller Port Priority will be considered as the preferred one. If the two port priorities are equal; the port with smaller port number is preferred. Mode: Specify LACP mode for your selected port. Status: Enable/Disable the LACP feature for your selected port. LAG: Displays the LAG number which the port belongs to.
Page 71: Traffic Statistics
The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Allows you to Enable/Disable refreshing the Traffic Summary automatically. Refresh Rate: Enter a value in seconds to specify the refresh interval. Traffic Summary  UNIT: Select the unit ID of the desired member in the stack. Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered.
Page 72 Choose the menu Switching→Traffic Monitor→Traffic Statistics to load the following page. Figure6-13 Traffic Statistics The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Allows you to Enable/Disable refreshing the Traffic Summary automatically. Refresh Rate: Enter a value in seconds to specify the refresh interval. Port Select ...
Page 73: Mac Address
Statistics  Port: Enter a port number and click the Select button to view the traffic statistics of the corresponding port. Received: Displays the details of the packets received on the port. Sent: Displays the details of the packets transmitted on the port. Broadcast: Displays the number of good broadcast packets received or transmitted on the port.
Page 74: Address Table
The address filtering feature allows the switch to filter the undesired packets and forbid its forwarding so as to improve the network security. The types and the features of the MAC Address Table are listed as the following: Being kept after reboot Relationship between the Aging bound MAC address and...
Page 75: Static Address
The following entries are displayed on this screen: Search Option  MAC Address: Enter the MAC address of your desired entry. VLAN ID: Enter the VLAN ID of your desired entry. Port: Select the corresponding port number or link-aggregation number of your desired entry.
Page 76 Choose the menu Switching→MAC Address→Static Address to load the following page. Figure 6-15 Static Address The following entries are displayed on this screen: Create Static Address  MAC Address: Enter the static MAC Address to be bound. VLAN ID: Enter the corresponding VLAN ID of the MAC address. UNIT: Select the unit ID of the desired member in the stack.
Page 77: Dynamic Address
MAC Address: Displays the static MAC Address. VLAN ID: Displays the corresponding VLAN ID of the MAC address. Port: Displays the corresponding Port number of the MAC address. Here you can modify the port number to which the MAC address is bound. The new port should be in the same VLAN.
Page 78 Choose the menu Switching→MAC Address→Dynamic Address to load the following page. Figure 6-16 Dynamic Address The following entries are displayed on this screen: Aging Config  Auto Aging: Allows you to Enable/Disable the Auto Aging feature. Aging Time: Enter the Aging Time for the dynamic address. Search Option ...
Page 79: Filtering Address
Aging Status: Displays the Aging Status of the MAC address. Bind: Click the Bind button to bind the MAC address of your selected entry to the corresponding port statically. Tips: Setting aging time properly helps implement effective MAC address aging. The aging time that is too long or too short results in a decrease of the switch performance.
Page 80 Search Option  Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in the Filtering Address Table. MAC Address: Enter the MAC address of your desired entry. • • VLAN ID: Enter the VLAN ID number of your desired entry.
Page 81: Chapter 7 Vlan
Chapter 7 VLAN The traditional Ethernet is a data network communication technology basing on CSMA/CD (Carrier Sense Multiple Access/Collision Detect) via shared communication medium. Through the traditional Ethernet, the overfull hosts in LAN will result in serious collision, flooding broadcasts, poor performance or even breakdown of the Internet.
Page 82: Q Vlan
packets with the MAC VLAN, Protocol VLAN and 802.1Q VLAN in turn. If a packet is matched, the switch will add a corresponding VLAN tag to it and forward it in the corresponding VLAN. 7.1 802.1Q VLAN VLAN tags in the packets are necessary for the switch to identify packets of different VLANs. The switch works at the data link layer in OSI model and it can identify the data link layer encapsulation of the packet only, so you can add the VLAN tag field into the data link layer encapsulation for identification.
Page 83: Vlan Config
GENERAL: The GENERAL port can be added in multiple VLANs and set various egress rules according to the different VLANs. The default egress rule is UNTAG. The PVID can be set as the VID number of any valid VLAN. PVID ...
Page 84 Choose the menu VLAN→802.1Q VLAN→VLAN Config to load the following page. Figure 7-3 VLAN Table To ensure the normal communication of the factory switch, the default VLAN of all ports is set to VLAN1. The following entries are displayed on this screen: VLAN Table ...
Page 85: Port Config
The following entries are displayed on this screen: VLAN Info  VLAN ID: Enter the ID number of VLAN. Name: Displays the user-defined name of VLAN. Untagged port: Displays the untagged port which is ACCESS, TRUNK or GENERAL. UNIT: Select the unit ID of the desired member in the stack. Tagged port: Displays the tagged port which is TRUNK or GENERAL.
Page 86 Select the Link Type from the pull-down list for the port. Link Type: ACCESS: The ACCESS port can be added in a single VLAN, • and the egress rule of the port is UNTAG. The PVID is same as the current VLAN ID. If the current VLAN is deleted, the PVID will be set to 1 by default.
Page 87: Application Example For 802.1Q Vlan
Step Operation Description Delete VLAN Optional. On the VLAN→802.1Q VLAN→VLAN Config page, select the desired entry to delete the corresponding VLAN by clicking the Delete button. 7.2 Application Example for 802.1Q VLAN Network Requirements  Switch A is connecting to PC A and Server B; ...
Page 88: Mac Vlan
Configure switch B  Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure Link Type of the the link type of Port 7, Port 6 and Port 8 as ACCESS, TRUNK and ports ACCESS respectively. Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 6 and Port 8.
Page 89: Port Enable
The following entries are displayed on this screen: Create MAC VLAN  MAC Address: Enter the MAC address. Description: Give a description to the MAC address for identification. VLAN ID: Enter the ID number of the MAC VLAN. This VLAN should be one of the 802.1Q VLANs the ingress port belongs to.
Page 90: Application Example For Mac Vlan
Step Operation Description Required. On the VLAN→MAC VLAN page, create the MAC VLAN. Create MAC VLAN. For the device in a MAC VLAN, it’s required to set its connected port of switch to be a member of this VLAN so as to ensure the normal communication.
Page 91 Step Operation Description Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 11 and Port 12, and configure the egress rule of Port 11 as Untag. Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 20, owning Port 11 and Port 12, and configure the egress rule of Port 11 as Untag.
Page 92: Protocol Vlan
7.5 Protocol VLAN Protocol VLAN is another way to classify VLANs basing on network protocol. Protocol VLANs can be sorted by IP, IPX, DECnet, AppleTalk, Banyan and so on. Through the Protocol VLANs, the broadcast domain can span over multiple switches and the Host can change its physical position in the network with its VLAN member role always effective.
Page 93: Protocol Group
Choose the menu VLAN→Protocol VLAN→Protocol Group Table to load the following page. Figure 7-9 Create Protocol VLAN The following entries are displayed on this screen: Protocol Group Table  Select: Select the desired entry. It is multi-optional. Protocol Name: Displays the protocol of the protocol group. VLAN ID: Displays the corresponding VLAN ID of the protocol.
Page 94: Protocol Template
Protocol Group Member  UNIT: Select the unit ID of the desired member in the stack. 7.5.3 Protocol Template The Protocol Template should be created before configuring the Protocol VLAN. By default, the switch has defined the IP Template, ARP Template, RARP Template, etc. You can add more Protocol Template on this page.
Page 95: Application Example For Protocol Vlan
Configuration Procedure: Step Operation Description Set the link type for port. Required. On the VLAN→802.1Q VLAN→Port Config page, set the link type for the port basing on its connected device. Create VLAN. Required. On the VLAN→802.1Q VLAN→VLAN Config page, click the Create button to create a VLAN. Enter the VLAN ID and the description for the VLAN.
Page 96 Network Diagram  Configuration Procedure  Configure switch A  Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the link type of Port 11 and Port 13 as ACCESS, and configure the link type ports of Port 12 as GENERAL.
Page 97: Vlan Vpn
Step Operation Description Create Protocol Required. On VLAN→Protocol VLAN→Protocol Template page, Template configure the protocol template practically. E.g. the Ether Type of IP network packets is 0800 and that of AppleTalk network packets is 809B. Create Protocol On VLAN→Protocol VLAN→Protocol Group page, create protocol VLAN 10 VLAN 10 with Protocol as IP.
Page 98: Vpn Config
Protocol type Value LACP 0x8809 802.1X 0x888E Table 7-3 Values of Ethernet frame protocol type in common use This VLAN VPN function is implemented on the VPN Config, Port Enable and VLAN Mapping pages. 7.7.1 VPN Config This page allows you to enable the VPN function, adjust the global TPID for VLAN-VPN packets and enable the VPN up-link port.
Page 99: Vlan Mapping
Figure 7-13 Enable Port for VLAN Mapping VPN Port Enable  UNIT: Select the unit ID of the desired member in the stack. Select your desired port for VLAN Mapping function. All the ports are disabled for VLAN Mapping function by default. 7.7.3 VLAN Mapping VLAN Mapping function allows the VLAN TAG of the packets to be replaced with the new VLAN TAG according to the VLAN Mapping entries.
Page 100 The following entries are displayed on this screen: Global Config  VLAN Mapping: Enable/Disable the VLAN mapping function. If VLAN mapping is disabled and VLAN VPN is enabled, the packet will be encapsulated with an outer tag according to the PVID of its arriving port.
Page 101: Gvrp
Configuration Procedure of VLAN VPN Function: Step Operation Description Enable VPN mode. Required. On the VLAN→VLAN VPN→VPN Config page, enable the VPN mode. Optional. On the VLAN→VLAN VPN→VPN Config page, Configure the global TPID. configure the global TPID basing on the devices connected to the up-link port.
Page 102 • When a GARP entity expects other switches to register certain attribute Join Message: information of its own, it sends out a Join message. And when receiving the Join message from the other entity or configuring some attributes statically, the device also sends out a Join message in order to be registered by the other GARP entities.
Page 103 In this switch, only the port with TRUNK link type can be set as the GVRP application entity to maintain the VLAN registration information. GVRP has the following three port registration modes: Normal, Fixed, and Forbidden. • Normal: In this mode, a port can dynamically register/deregister a VLAN and propagate the dynamic/static VLAN information.
Page 104 Port Config  Unit: Select the unit ID of the desired member in the stack. Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. Status: Enable/Disable the GVRP feature for the port. The port type should be set to TRUNK before enabling the GVRP feature.
Page 105: Private Vlan
7.9 Private VLAN Private VLANs, designed to save VLAN resources of uplink devices and decrease broadcast, are sets of VLAN pairs that share a common primary identifier. To guarantee user information security, the ease with which to manage and account traffic for service providers, in campus network, service providers usually require that each individual user is Layer-2 separated.
Page 106: Pvlan Config
4. A Primary VLAN can be associated with multi-Secondary VLANs to create multi-Private VLANs. Private VLAN Implementation  To hide Secondary VLANs from uplink devices and save VLAN resources, Private VLAN containing one Primary VLAN and one Secondary VLAN requires the following characteristics: Packets from different Secondary VLANs can be forwarded to the uplink device via ...
Page 107: Port Config
Search Option  Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in Private VLAN. All: Enter the Primary VLAN ID number or Secondary VLAN ID  of the desired Private VLAN. Primary VLAN ID: Enter the Primary VLAN ID number of the ...
Page 108: Application Example For Private Vlan
The following entries are displayed on this screen: Port Config  Port selected: Select the desired port for configuration. You can input one or select from the port table down the blank. Port Type: Select the Port Type from the pull-down list for the port. Primary VLAN: Specify the Primary VLAN the port belongs to.
Page 109 Network Diagram  Configuration Procedure  Configure Switch C  Step Operation Description Create VLAN6 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 6, owning Port 1/0/1. Configure switch A  Step Operation Description Create Private Required.
Page 110 Configure switch B  Step Operation Description Create Private Required. On the VLAN→Private VLAN→PVLAN Config page, VLANs. enter the Primary VLAN 6 and Secondary VLAN 5 and 8, select one type of secondary VLAN and then click the Create button. Required.
Page 111: Chapter 8 Spanning Tree
Chapter 8 Spanning Tree STP (Spanning Tree Protocol), subject to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network and block ports by exchanging information, in that way, a ring network can be disbranched to form a tree-topological ring-free network to prevent packets from being duplicated and forwarded endlessly in the network.
Page 112 Port: Port 3 is the root port of switch B and port 5 is the root port of switch C; port 1 and 2 are  the designated ports of switch A and port 4 is the designated port of switch B; port 6 is the blocked port of switch C.
Page 113 Comparing BPDUs  Each switch sends out configuration BPDUs and receives a configuration BPDU on one of its ports from another switch. The following table shows the comparing operations. Step Operation If the priority of the BPDU received on the port is lower than that of the BPDU if of the port itself, the switch discards the BPDU and does not change the BPDU of the port.
Page 114 The condition for the root port to transit its port state rapidly: The old root port of the switch  stops forwarding data and the designated port of the upstream switch begins to forward data. The condition for the designated port to transit its port state rapidly: The designated port is ...
Page 115 The following figure shows the network diagram in MSTP. Figure 8-2 Basic MSTP diagram MSTP  MSTP divides a network into several MST regions. The CST is generated between these MST regions, and multiple spanning trees can be generated in each MST region. Each spanning trees is called an instance.
Page 116: Stp Config
The following diagram shows the different port roles. Figure 8-3 Port roles The Spanning Tree module is mainly for spanning tree configuration of the switch, including four submenus: STP Config, Port Config, MSTP Instance and STP Security. 8.1 STP Config The STP Config function, for global configuration of spanning trees on the switch, can be implemented on STP Config and STP Summary pages.
Page 117 The following entries are displayed on this screen: Global Config  Spanning Tree: Select Enable/Disable STP function globally on the switch. Mode: Select the desired STP version on the switch. STP: Spanning Tree Protocol.  RSTP: Rapid Spanning Tree Protocol. ...
Page 118: Stp Summary
turn handicaps spanning trees being regenerated in time and makes the network less adaptive. The default value is recommended. If the TxHold Count parameter is too large, the number of MSTP packets being sent in each hello time may be increased with occupying too much network resources. The default value is recommended.
Page 119 Choose the menu Spanning Tree→Port Config to load the following page. Figure 8-6 Port Config The following entries are displayed on this screen: Port Config  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for STP configuration. It is multi-optional. Port: Displays the port number of the switch.
Page 120: Mstp Instance
Port Role: Displays the role of the port played in the STP Instance. Root Port: Indicates the port that has the lowest path cost from  this bridge to the Root Bridge and forwards packets to the root. Designated Port: Indicates the port that forwards packets to a ...
Page 121: Instance Config
Choose the menu Spanning Tree→MSTP Instance→Region Config to load the following page. Figure 8-7 Region Config The following entries are displayed on this screen: Region Config  Region Name: Create a name for MST region identification using up to 32 characters. Revision: Enter the revision from 0 to 65535 for MST region identification.
Page 122: Instance Port Config
VLAN ID: Enter the desired VLAN ID. Click 'Add' button, the new VLAN ID will be added to the corresponding instance ID and the previous VLAN ID won't be replaced. Click 'Delete' button, the VLAN ID will be delete from the corresponding instance ID. Instance Config ...
Page 123 Choose the menu Spanning Tree→MSTP Instance→Instance Port Config to load the following page. Figure 8-9 Instance Port Config The following entries are displayed on this screen: Instance ID Select  Instance ID: Select the desired instance ID for its port configuration. Instance Port Config ...
Page 124: Stp Security
Path Cost: Path Cost is used to choose the path and calculate the path costs of ports in an MST region. It is an important criterion on determining the root port. The lower value has the higher priority. Port Role: Displays the role of the port played in the MSTP Instance.
Page 125 spanning trees being regenerated and roles of ports being reselected, and causes the blocked ports to transit to forwarding state. Therefore, loops may be incurred in the network. The loop protect function can suppresses loops. With this function enabled, a port, regardless of the role it plays in instances, is always set to blocking state, when the port does not receive BPDU packets from the upstream switch and spanning trees are regenerated, and thereby loops can be prevented.
Page 126 Choose the menu Spanning Tree→STP Security→Port Protect to load the following page. Figure 8-10 Port Protect The following entries are displayed on this screen: Port Protect  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for port protect configuration.
Page 127: Tc Protect
8.4.2 TC Protect When TC Protect is enabled for the port on Port Protect page, the TC threshold and TC protect cycle need to be configured on this page. Choose the menu Spanning Tree→STP Security→TC Protect to load the following page. Figure 8-11 TC Protect The following entries are displayed on this screen: TC Protect...
Page 128 On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Spanning Tree→MSTP...
Page 129 On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Spanning Tree→MSTP...
Page 130 On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Spanning Tree→MSTP Instance→Instance...
Page 131 For Instance 2 (VLAN 102, 104 and 106), the blue paths in the following figure are connected  links; the gray paths are the blocked links. Suggestion for Configuration  Enable TC Protect function for all the ports of switches. ...
Page 132: Chapter 9 Multicast
Chapter 9 Multicast Multicast Overview  In the network, packets are sent in three modes: unicast, broadcast and multicast. In unicast, the source server sends separate copy information to each receiver. When a large number of users require this information, the server must send many pieces of information with the same content to the users.
Page 133 Multicast Address  1. Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination addresses of multicast packets. The multicast IP addresses range from 224.0.0.0~239.255.255.255. The following table displays the range and description of several special multicast IP addresses.
Page 134: Igmp Snooping
IGMP Snooping  In the network, the hosts apply to the near Router for joining (leaving) a multicast group by sending IGMP (Internet Group Management Protocol) messages. When the up-stream device forwards down the multicast data, the switch is responsible for sending them to the hosts. IGMP Snooping is a multicast control mechanism, which can be used on the switch for dynamic registration of the multicast group.
Page 135: Snooping Config
3. IGMP Leave Message The host, running IGMPv1, does not send IGMP leave message when leaving a multicast group, as a result, the switch cannot get the leave information of the host momentarily. However, after leaving the multicast group, the host does not send IGMP report message any more, so the switch will remove the port from the corresponding multicast address table when its member port time times out.
Page 136: Port Config
Choose the menu Multicast→IGMP Snooping→Snooping Config to load the following page. Figure 9-4 Basic Config The following entries are displayed on this screen: Global Config  IGMP Snooping: Select Enable/Disable IGMP Snooping function globally on the switch. Unknown Multicast: Select the operation for the switch to process unknown multicast, Forward or Discard.
Page 137 Choose the menu Multicast→IGMP Snooping→Port Config to load the following page. Figure 9-5 Port Config The following entries are displayed on this screen: Port Config  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for IGMP Snooping feature configuration. It is multi-optional.
Page 138: Vlan Config
9.1.3 VLAN Config Multicast groups established by IGMP Snooping are based on VLANs. On this page you can configure different IGMP parameters for different VLANs. Choose the menu Multicast→IGMP Snooping→VLAN Config to load the following page. Figure 9-6 VLAN Config The following entries are displayed on this screen: VLAN Config ...
Page 139: Multicast Vlan
Router Port Time: Displays the router port time of the VLAN. Member Port Time: Displays the member port time of the VLAN. Leave Time: Displays the leave time of the VLAN. Static Router Ports: Displays the static router ports of the VLAN. Dynamic Router Displays the dynamic router ports of the VLAN.
Page 140 Choose the menu Multicast→IGMP Snooping→Multicast VLAN to load the following page. Figure 9-7 Multicast VLAN The following entries are displayed on this screen: Multicast VLAN  Multicast VLAN: Select Enable/Disable Multicast VLAN feature. VLAN ID: Enter the VLAN ID of the multicast VLAN. Router Port Time: Specify the aging time of the router port.
Page 141: Querier Config
Static Router Ports: Select the desired port as the static router port which is mainly used in the network with stable topology. Note: The router port should be in the multicast VLAN, otherwise the member ports cannot receive multicast streams. The Multicast VLAN won't take effect unless you first complete the configuration for the corresponding VLAN owning the port on the 802.1Q VLAN page.
Page 142 Choose the menu Multicast→IGMP Snooping→Querier Config to load the following page. Figure 9-8 Packet Statistics The following entries are displayed on this screen: IGMP Snooping Querier Config  VLAN ID: Enter the ID of the VLAN that enables IGMP Snooping Querier. Query Interval: Enter the time interval of sending a general query frame by IGMP Snooping Querier.
Page 143: Application Example For Multicast Vlan
VLAN ID: Displays the ID of the VLAN that enables IGMP Snooping Querier. Query Interval: Displays the Query Interval of the IGMP Snooping Querier. Max Response Displays the maximal time for the host to respond to a general Time: query frame sent by IGMP Snooping Querier. General Query Displays the source IP of the general query frame sent by IGMP Source IP:...
Page 144: Multicast Ip
Configuration Procedure  Step Operation Description Create VLANs Create three VLANs with the VLAN ID 3, 4 and 5 respectively, and specify the description of VLAN3 as Multicast VLAN on VLAN→802.1Q VLAN page. Configure ports On VLAN→802.1Q VLAN function pages. For port 3, configure its link type as GENERAL and its egress rule as TAG, and add it to VLAN3, VLAN4 and VLAN5.
Page 145: Static Multicast Ip
The following entries are displayed on this screen: Search Option  Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly. All: Displays all multicast IP entries.  Multicast IP: Enter the multicast IP address the desired entry ...
Page 146 Choose the menu Multicast→Multicast IP→Static Multicast IP to load the following page. Figure9-10 Static Multicast IP Table The following entries are displayed on this screen: Create Static Multicast  Multicast IP: Enter static multicast IP address. VLAN ID: Enter the VLAN ID of the multicast IP. Forward Port: Select the forward port of the multicast group.
Page 147: Multicast Filter
Static Multicast IP Table  Multicast IP: Displays the multicast IP. VLAN ID: Displays the VLAN ID of the multicast group. Forward Port: Displays the forward port of the multicast group. 9.4 Multicast Filter When IGMP Snooping is enabled, you can specified the multicast IP-range the ports can join so as to restrict users ordering multicast programs via configuring multicast filter rules.
Page 148 Mode: The attributes of the profile. Permit: Only permit the IP address within the IP range and  deny others. Deny: Only deny the IP address within the IP range and  permit others. Search Option  Profile ID: Enter the profile ID the desired entry must carry. IGMP Profile Info ...
Page 149: Profile Binding
Deny: Only deny the IP address within the IP range and  permit others. Add IP-range  Start IP: Enter the start IP address of the IP range. End IP: Enter the end IP address of the IP range. IP-range Table ...
Page 150: Packet Statistics
The following entries are displayed on this screen: Profile and Max Group Binding  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration. Port: It is multi-optional. Displays the port number. Profile ID: The existing Profile ID bound to the selected port.
Page 151 Choose the menu Multicast→Packet Statistics to load the following page. Figure 9-14 Packet Statistics The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Select Enable/Disable auto refresh feature. Refresh Period: Enter the time from 3 to 300 in seconds to specify the auto refresh period.
Page 152: Chapter 10 Routing
The goal of a routing protocol is very simple: It is to supply the information that is needed to do routing. This chapter describes how to configure the IPv4 unicast routing on the T3700G-28TQ. 10.1 Interface Interface is a virtual interface in Layer 3 mode and mainly used for realizing the Layer 3 connectivity between VLANs or routed ports.
Page 153 Subnet Mask: Specify the subnet mask of the interface's IP address. Admin Status: Specify interface administrator status. Choose 'Disable' to disable the interface's Layer 3 capabilities. Interface Name: Specify the name of the network interface. Interface List  Select : Select the interfaces to modify or delete.
Page 154 Subnet Mask: View and modify the subnet mask of the interface. Admin Status: View and modify the Admin status. Choose 'Disable' to disable the interface's Layer 3 capabilities. Interface Name: View and modify the interface name. Click Detail to display the following figure: Figure 10-3 Detail Information Detail Information ...
Page 155: Routing Table
Interface Setting Detail Information  Displays the detailed setting information of the interface. 10.2 Routing Table This page displays the routing information summary generated by different routing protocols. Choose the menu Routing→Routing Table→Routing Table to load the following page. Figure 10-4 Routing Table Routing Information Summary ...
Page 156: Application Example For Static Routing
The following entries are displayed on this screen: Static Routing Config  Specify the destination IP address of the packets. Destination: Subnet Mask: Specify the subnet mask of the destination IP address. Next Hop: Enter the IP address to which the packet should be sent next. Distance: Enter the distance metric of route.
Page 157: Dhcp Server
Configuration Procedure  Configure Switch A  Steps Operation Note Required. On page Routing→Interface→Interface Config, add Add interface VLAN 10 interface VLAN 10 with the mode as static, the IP address as 192.168.0.1, the mask as 255.255.255.0 and the interface name as VLAN10.
Page 158 additional configuration options. DHCP captures the behavior of DHCP participants so the administrator can manage the parameters of the host in the network. As workstations and personal computers proliferate on the Internet, the administrative complexity of maintaining a network is increased by an order of magnitude. The assignment of local network resources to each client represents one such difficulty.
Page 159 fixed format section of the message and appending tagged data items in the variable length option area. The process is shown as follows. igure 10-7 The Process of DHCP DHCP discover: the client broadcasts messages on the physical subnet to discover available DHCP servers in the LAN.
Page 160 for the fields given in the figure will be used throughout this document to refer to the fields in DHCP messages. Figure 10-8 The Format of DHCP Message op：Message type, ‘1’ = BOOT-REQUEST, ‘2’ = BOOT-REPLY. htype：Hardware address type, '1' for ethernet. hlen：Hardware address length, '6' for ethernet.
Page 161 14) file：Boot file name, null terminated string, "generic" name or null in DHCPDISCOVER, fully qualified directory-path name in DHCPOFFER. 15) options： Optional parameters field. See the options documents (RFC 2132) for a list of defined options. We will introduce some familiar options in the next section. DHCP Option ...
Page 162 Only a little device need static IP address to connect the network. Details of DHCP Server on T3700G-28TQ  A typical application of T3700G-28TQ working at DHCP Server function is shown below. It can be altered to meet the network requirement. Figure 10-10 DHCP Server Application To guarantee the process of assigning IP address fluency and in safety, and to keep the network run steadily, the DHCP Server function on T3700G-28TQ performs the following tasks.
Page 163: Dhcp Server
At last, the server will choose the first IP from the IP pool which has not been assigned. Tips for Configure DHCP Server Function on T3700G-28TQ  Configure the Excluded IP address which cannot be assigned by the switch, e.g. web server’s IP, broadcast IP of subnet and gateway’s IP.
Page 164 Choose the menu Routing→DHCP Server→DHCP Server to load the following page. Figure10-11 DHCP Server The following entries are displayed on this screen: Global Config  DHCP Server: Enable/Disable the switch as a DHCP server. Ping Time Config  Ping Packets: The number of packets to be sent.
Page 165: Pool Setting
10.4.2 Pool Setting This page shows you how to configure the IP pool in which the IP address can be assigned to the clients in the network. Choose the menu Routing→DHCP Server→DHCP Server Pool to load the following page. Figure 10-12 Pool Setting The following entries are displayed on this screen: DHCP Server Pool ...
Page 166: Manual Binding
Operation: Allows you to view or modify the information of the corresponding IP Pool. Edit: Click to modify the settings of the Pool.  Detail: Click to get the information of the Pool.  10.4.3 Manual Binding In this page, you can specify the IP address for specific clients, and then the switch will supply these specified parameters to them only for ever.
Page 167: Packet Statistics
Choose the menu Routing→DHCP Server→Binding Table to load the following page. Figure 10-14 DHCP Server Binding Table DHCP Server Binding Table  Displays the ID of the client. IP Address: Displays the IP address that the Switch has allocated to the client.
Page 168 The following entries are displayed on this screen: Packets Received  BOOTREQUEST: Displays the Bootp Request packet received. DHCPDISCOVER: Displays the Discover packet received. DHCPREQUEST: Displays the Request packet received. DHCPDECLINE: Displays the Decline packet received. DHCPRELEASE: Displays the Release packet received. DHCPINFORM: Displays the Inform packet received.
Page 169: Application Example For Dhcp Server And Relay
Network Diagram  Use T3700G-28TQ as the central switch and enable its DHCP server function to allocate IP addresses to clients in the network. Enable the DHCP relay function on each access switch in VLAN 10, 20 and 30. For details about DHCP relay, please refer to 10.5 DHCP...
Page 170: Dhcp Relay
DHCP server in the internet. Details of DHCP Relay on T3700G-28TQ  A typical application of T3700G-28TQ working at DHCP Relay function is shown below. It can be altered to meet the network requirement.
Page 171 Figure 10-16 DHCP Relay Application To allow all clients in different VLAN request IP address from one server successfully, the DHCP Relay function can transmit the DHCP packet between clients and server in different VLANs, and all clients in different VLANs can share one DHCP Server. When receiving DHCP-DISCOVER and DHCP-REQUEST packets, the switch will fill the giaddr ...
Page 172: Global Config
Specify the DHCP Server which assigns IP addresses actually. Option 82  On this switch, Option 82 is used to record the location of the DHCP Client, the ethernet port and the VLAN, etc. Upon receiving the DHCP-REQUEST packet, the switch adds the Option 82 field to the packet and then transmits the packet to DHCP Server.
Page 173 Choose the menu Routing→DHCP Relay→Global Config to load the following page. Figure 10-19 Global Config The following entries are displayed on this screen: Option 82 configuration  Configure the Option 82 which cannot be assigned by the switch. Option 82 Support: Enable or disable the Option 82 feature.
Page 174: Dhcp Server
10.5.2 DHCP Server This page enables you to configure DHCP Servers on the specified interface. Choose the menu Routing→DHCP Relay→DHCP Server to load the following page. Figure 10-20 DHCP Server The following entries are displayed on this screen: Add DHCP Server Address ...
Page 175: Proxy Arp
When an ARP request of a host is to be forwarded to another host in the same network segment but isolated at Layer 2, to realize the connectivity, the device connecting the two virtual networks should be able to respond to this request. This can be achieved by the device running proxy ARP. Within the same network segment, hosts connecting with different VLAN interfaces can communicate with each other through Layer 3 forwarding by using proxy ARP function.
Page 176: Application Example For Proxy Arp
Search Default If enabled, default route is included when searching arp Route: proxy. Proxy ARP Information  Select: Select the desired item for configuration. It is multi-optional. IP Address: Displays the interface's IP address. Subnet Mask: Displays the interface's subnet mask. Interface: Displays the interface.
Page 177: Arp
Step Operation Description Enable Proxy Required. On Routing→Proxy ARP→Proxy ARP page, enable Proxy ARP feature for VLAN interface 2 and VLAN interface 3. 10.7 ARP This page displays the ARP table information. Choose the menu Routing→ARP→ARP Table to load the following page. Figure 10-23 ARP Table The following entries are displayed on this screen: ARP Table...
Page 178 RIP routing table  An RIP router has a routing table containing routing entries of all reachable destinations, and each routing entry contains: Destination address: IP address of a host or a network.  Next hop: IP address of the adjacent router’s interface to reach the destination. ...
Page 179 RIP Version  RIP has two versions, RIPv1 and RIPv2. RIPv1, a classful routing protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, and C. That is why RIPv1 does not support discontinuous subnets.
Page 180: Basic Config
Figure 10-25 RIPv2 Message Format The detailed explanations of each field are stated as following: Version: Version of RIP. For RIPv2 the value is 0x02.  Route Tag: Route Tag.  IP Address: Destination IP address. It can be a natural network address, subnet address ...
Page 181 Choose the menu Routing→RIP→Basic Config to load the following page. Figure 10-27 RIP Basic Config The following entries are displayed on this screen: RIP Enable  RIP Protocol: Choose to enable or disable the RIP function. By default is disable. Global Config ...
Page 182: Interface Config
RIP Distance: Set the RIP router distance. Auto Summary: If you select enable groups of adjacent routes will be summarized into single entries, in order to reduce the total number of entries The default is disable. Default Metric: Set the default metric for the redistributed routes. The valid values are (1 to 15).
Page 183: Rip Database
Status: The interface RIP status(up or down) is decided by the network status. You cannot change it here. Send Version: Select the version of RIP control packets the interface should send from the pulldown menu. RIPv1:send RIP version 1 formatted packets via broadcast. ...
Page 184: Application Example For Rip
Choose the menu Routing→RIP→RIP Database to load the following page. Figure 10-29 RIP Database The following entries are displayed on this screen: RIP Routing Table  Destination Network: The destination IP address and subnet mask. Next Hop: The IP address of the next hop. Metric: The metric to reach the destination IP address.
Page 185: Ospf
Configure Switch B  Step Operation Note Required. On page Routing→RIP→Basic Config, enable RIP, Enable RIP select RIPv2 as RIP version. Enable the network Required. On page Routing→RIP→Basic Config Network Enable segments where part, add network segments 1.1.1.0, 10.1.1.0, 11.1.1.0, and enable the interfaces are RIP in these network segments.
Page 186 Figure 10-30 Common Scenario for OSPF routing protocol The network topology is more prone to changes in an autonomous system of larger size. The network adjustment of any one router could destabilize the whole network and cause massive OSPF packets to be forward repeatedly, and all the routers need to recalculate the routes, which would waste lots of network resources.
Page 187 In the automatic election, the router would in the first place select the highest loopback interface IP as the router ID. If the router doesn’t pre-define the loopback interfaces, it would select the address as the router ID. highest physical interface IP address 3.
Page 188 Figure 10-31 Diagram of DR/BDR Adjacency Relation DR or BDR is determined by the interface priority and router ID. First of all, whether a router could be the DR or BDR on a network is decided by its interface priority. The one of highest priority would be elected as DR or BDR;...
Page 189 After two routers have finished the synchronization of link state database, a complete adjacency relation will be established. When the intra-area routers have an identical link state database, each of them will calculate a loop-free topology through SPF algorithm with itself as the root thus to describe the shortest forward path to every network node it knows, and create a routing table according to the topology of shortest forward path and provide a basis for data forwarding.
Page 190 Figure 10-32 Steps to Establish a Complete Adjacency Relation Flooding As Figure 10-32 shows, two random routers will synchronize the link state database via LSA request, LSA update and LSA acknowledgement packets. But in the actual module of router network, how do the routers flood the change of local network to the entire network through LSA update packets? Figure 10-33 will introduce in details the flooding of the LSA update packets on the broadcast network.
Page 191 Figure 10-33 Flooding of the LSA DROthers multicast the LSA update of its directly-connected network to DR and BDR. After receiving the LSA update, DR floods it to all the adjacent routers. After receiving the LSA update from DR, the adjacent routers flood it to the other OSPF interfaces in their own areas.
Page 192 network connectivity at all time. The non-backbone Area 1 and Area 2 cannot communicate directly with each other, but they can exchange routing information through the backbone Area 0. On large-scale networks, an appropriate area partition can help greatly to save network resources and enhance the speed of the routing.
Page 193 Figure 10-36 Virtual Link Sketch As in Figure 10-36, ABR of Area 2 has no physical link to connect directly with the backbone area, in which case Area 2 could not communicate with others without configuring a virtual link. Then a virtual link between ABR1 and ABR2, passing through Area 1, could provide a logical link for Area 2 to connect with the backbone area.
Page 194 learn about the routing information from other areas, the size of the routing table of the routers in the stub area as well as the number of the routing message transferred would be reduced greatly. NSSA (Not-So-Stubby-Area) has a lot in common with stub area, but is not completely the same. NSSA doesn’t allow ABR to import the external routing information described by AS-External LSA, either.
Page 195 Figure 10-38 Discontinuous Network Segment Link State Database  When the routers in the network completely synchronize the link state database through LSA exchanges, they can calculate the shortest path tree by basing themselves as the root node. The OSPF protocol routing calculation is simply presented as below. Each OSPF router would generate LSA according to its own link state or routing information, and then send it through the update packets to the other OSPF routers in the network.
Page 196 Figure 10-39 OSPF Header Version: The version number of OSPF run by this device. For instance, the OSPF run by our IPv4 devices is of Version 2, and that run by IPv6 devices is of Version 3. Type: The type of this packet. There are totally five types of OSPF packets, as shown in the table below.
Page 197 HELLO Packet OSPF routers send Hello packets to each other to find neighbor routers in the network and to maintain the mutual adjacency relationship. Only when two routers send Hello packets carrying the same interface parameters, can they become neighbors. Figure 10-40 HELLO Packet Netmask: Netmask of the router interface forwarding Hello packet.
Page 198 Figure 10-41 DD Packet Interface MTU: Size in bytes of the largest IP packet that can be sent out by the routing interface of the advertising router. I: The Initial bit. During the synchronization of link state database between two routers, it may require multiple DD packets to be forwarded, among which the first DD packet will set its initial bit to 1, while the others 0.
Page 199 Figure 10-42 LSR Packet Link State Type: The type of LSA. There are 11 types of LSA in total: Router LSA, Network LSA, Network Summarization LSA, ASBR Summarization LSA, and so on. In the following, all these would be introduced in details. Link State ID: It has different meanings for different types of LSA.
Page 200 LSAck Packet When receiving a LSU, the router will send to the router forwarding the LSU packet a LSAck packet including the LSA header it receives to confirm whether the data received is correct. OSPF protocol defines area and multiple router types. Via various sorts of LSA, different types of router complete routing update caused by network changes.
Page 201 Type Name Features Code NSSA Originates from ASBR in the NSSA. The content of this LSA is External LSA the same as that of AS external LSA, but it would be advertised only to NSSA. ABR can transform this type of routing information to AS external LSA and then flood it to the entire AS.
Page 202: Process
Create the routing interfaces and configure their IP parameters. Plan the areas to which the subnets (routing interfaces) of the switches belong. Configure the OSPF processes on each switch. Configure the routing interfaces and the areas they belong to under the corresponding OSPF processes.
Page 203: Basic
10.9.2 Basic Choose the menu Routing→OSPF→Basic to load the following page. Figure 10-46 OSPF Base The following entries are displayed on this screen: Select Current Process  Current Process: Select the desired OSPF process for configuration. Default Route Advertise Config ...
Page 204 OSPF Config  ASBR Mode: The router is an Autonomous System Boundary Router if it is configured to redistribute routes from another protocol, or if it is configured to originate an AS-External LSA advertising the default route. ABR Status: The router is an Area Border Router if it has active non-virtual interfaces in two or more OSPF areas.
Page 205: Network
Passive Default: Configure the global passive mode settings for all OSPF interfaces. Configuring this field will overwrite any present interface level passive mode settings. OSPF does not form adjacencies on passive interfaces, but does advertise attached networks as stub networks. The default value is 'Disable'.
Page 206: Interface
Area ID: Displays the area to which the network belongs. 10.9.4 Interface Choose the menu Routing→OSPF→Interface to load the following page. Figure10-48 OSPF Interface The following entries are displayed on this screen: Interface Table  Select: Select the desired item for configuration. It is multi-optional. Interface: The interface for which data is to be displayed or configured.
Page 207 Passive Mode: Make an interface passive to prevent OSPF from forming an adjacency on an interface. OSPF advertises networks attached to passive interfaces as stub networks. Interfaces are not passive by default. MTU Ignore: Disables OSPF MTU mismatch detection on received database description packets.
Page 208 The router establishes adjacencies to all other routers attached to the network. The Backup Designated Router performs slightly different functions during the Flooding Procedure, as compared to the Designated Router. DR Other: The interface is connected to a broadcast on ...
Page 209 Retransmit Interval: The retransmit interval for the specified interface. This is the number of seconds between link-state advertisements for adjacencies belonging to this router interface. This value is also used when retransmitting database descriptions and link-state request packets. The valid value ranges from 1 to 65535 seconds and the default is 5 seconds.
Page 210: Area
10.9.5 Area Choose the menu Routing→OSPF→Area to load the following page. Figure10-50 OSPF Area The following entries are displayed on this screen: Area Config  Process ID: Select the desired OSPF process for configuration. Area ID: The 32 bit unsigned integer that uniquely identifies the area. It can be in decimal format or dotted decimal format.
Page 211 Metric Type: Set the OSPF metric type of the default route. Two types are supported: External Type 1 and External Type 2. The default value is External Type 2. Metric: Specify the metric of the default route. The valid value ranges from 1 to 16777214 and the default is 1.
Page 212: Area Aggregation
10.9.6 Area Aggregation You can configure address ranges for an area on this page. The address range is used to consolidate or summarize routes for an area at an area boundary. The result is that a single summary route is advertised to other areas by the ABR. Routing information is condensed at area boundaries, a single route is advertised for each address range.
Page 213: Virtual Link
Cost: Displays the path cost to the address range and it can be modified. Advertise: Displays the Advertise parameter and it can be modified. 10.9.7 Virtual Link Choose the menu Routing→OSPF→Virtual Link to load the following page. Figure10-52 Virtual Link The following entries are displayed on this screen: Virtual Link Creation ...
Page 214: Route Redistribution
Dead Interval: The dead interval for the specified interface in seconds. This specifies how long a router will wait to see a neighbor router's Hello packets before declaring that the router is down. This parameter must be the same for all routers attached to a network.
Page 215: Asbr Aggregation
Source: The available source routes for redistribution by OSPF. The valid values are 'Static', 'RIP', and other OSPF processes. Redistribute: This option enables or disables the redistribution for the selected source protocol. Metric: Set the metric value to be used as the metric of redistributed routes.
Page 216: Neighbor Table
Tag: Set the tag field in redistributed address range. The valid value ranges from 0 to 4294967295 and the default is 0. NSSA Only: Set whether or not to limit redistributed address range to NSSA areas. The default is Disable. Advertise: Set whether or not the address range will be redistributed to OSPF domain via an AS-External LSA.
Page 217 State: The state of the neighbor: Down: This is the initial state of a neighbor conversation.  It indicates that there has been no recent information received from the neighbor. On NBMA networks, Hello packets may still be sent to 'Down' neighbors, although at a reduced frequency.
Page 218: Link State Database
10.9.11 Link State Database Choose the menu Routing→OSPF→Link State Database to load the following page. Figure10-56 Link State Database The following entries are displayed on this screen: Link State Database  Process: Select one OSPF Process to display its link state database. Area ID: Displays the ID of the area to which the LSA belongs.
Page 219 Network Diagram  Configuration Procedure  Configure Switch A  Step Operation Description Create routing Required. On page Routing→Interface→Interface Config, create interfaces and routed port 1/0/1 with the IP 1.10.1.1/24 and routed port 1/0/2 with the their IP IP 1.20.1.1/24. addresses Create OSPF Required.
Page 220: Vrrp
Configure Switch C  Step Operation Description Create routing Required. On page Routing→Interface→Interface Config, create interfaces and routed port 1/0/1 with the IP 1.20.2.1/24 and routed port 1/0/2 with the their IP IP 1.20.1.2/24. addresses Create OSPF Required. On page Routing→OSPF→Process, Create OPSF process process 1 and configure the Router ID as 3.3.3.3.
Page 221 still be provided and network interruption can be avoided after a single link fails without reconfiguration of dynamic routing or router discovery protocols, or default gateway configuration on every end-host. 2. Small network overhead. The single message that VRRP defines is the VRRP advertisement, which can only be sent by the master router.
Page 222 The VRRP priority ranges from 0 to 255 (the bigger the number is, the higher the priority is). Configurable range is 1-254. The priority value 0 is reserved for the current master when it gives up its role as master router. For example, when master router receives shutdown message, it would send VRRP packet with priority 0 to the backup group which the interface belongs to.
Page 223 interfaces and better performance can be elected as master router; and the stability of backup group is increased. When the router interface connecting the uplink fails, the backup group cannot recognize uplink breakdown. If this router is in Master state, hosts in the LAN cannot visit external network.
Page 224: Basic Config
VRRP Configuration  Before configuring VRRP, users should plan well to specify the role and function of the devices in backup groups. Every switch in backup group should be configured, which is the precondition to construct a backup group. 10.10.1 Basic Config VRRP (Virtual Routing Redundancy Protocol) is a function on the Switch that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.
Page 225 Virtual IP: Displays the primary Virtual IP associated with the VRRP. Priority: Displays the priority associated with the VRRP. Status: Displays the status associated with the VRRP. Other: Displays more information about the VRRP. Select All: Select all the VRRP items. Delete: Delete the selected items.
Page 226: Advanced Config
Priority: Displays the running priority associated with the VRRP. It ranges from 1 to 255. Advertise Timer: Displays the advertise timer associated with the VRRP. It ranges from 1 to 255. Preempt Delay Displays the preempt delay timer associated with the VRRP. It Timer: ranges from 0 to 255.
Page 227: Virtual Ip Config
Description: Enter the description associated with the VRRP. Numbers, characters and '_' are the only valid inputs, and the maximal length of the inputs is 8. Priority: Enter the Priority associated with the VRRP. It ranges from 1 to 254. Advertise Timer: Enter the advertise timer associated with the VRRP.
Page 228: Track Config
The following entries are displayed on this screen: Add Virtual IP  This filed is used to add virtual IP addresses associated with the VRRP. Up to five virtual IP addresses can be added for every VRRP. VRID: Select the VRID From the from the pull-down list. Interface: Select the Interface ID from the pull-down list.
Page 229: Virtual Router Statistics
The following entries are displayed on this screen: Add Track  This filed is used for adding track information associated with the VRRP. Up to 5 interfaces can be tracked for every VRRP. IP owner cannot track any interface. Interface: Select the Interface ID from the pull-down list.
Page 230 The following entries are displayed on this screen: Global Statistics  Router Checksum Displays the total number of VRRP packets received with an Errors: invalid VRRP checksum value. Router Version Displays the total number of VRRP packets received with an Errors: unknown or unsupported version number.
Page 231: Application Example For Vrrp
Packet Length Displays the number of packets received with a packet length Errors: less than the length of the VRRP header. Clear: Clear the statistics displayed on the web. Refresh: Refreshes the web page to show the latest VRRP information. Configuration Procedure：...
Page 232 Network Diagram  Configuration Procedure   Configure Switch A Steps Operation Note Configure On page Routing→Interface→Interface Config, create the interface interface and its VLAN2, and configure its IP address as 192.168.1.1 and Subnet Mask IP address. as 255.255.255.0. Add port to the On page VLAN→802.1Q VLAN→VLAN Config, add port 5 to interface.
Page 233: Chapter 11 Multicast Routing
Chapter 11 Multicast Routing Overview of Multicast Routing Protocols  Note： The router and router icon mentioned in this chapter represent the router in general or the switch that runs the layer 3 multicast routing protocols. The multicast routing protocols run in layer 3 multicast devices and they create and maintain multicast routes to forward the multicast packets correctly and efficiently.
Page 234: Global Config
The multicast model divides into two types depending on whether there is an exact multicast source: ASM (Any-Source Multicast) and SSM (Source-Specific Multicast). ASM (Any-Source Multicast): In the ASM model, any sender can be a multicast source sending multicast information to a multicast group address, and receivers can join a multicast group identified by the group address and obtain multicast information addressed to that multicast group.
Page 235: Mroute Table
11.1.2 Mroute Table On this page you can get the desired mroute information through different search options. Choose the menu Multicast Routing→Global Config→Mroute Table to load the following page. Figure 11-2 Mroute Table The following entries are displayed on this screen: Search Option ...
Page 236: Igmp
11.2 IGMP Brief Introduction of IGMP  IGMP stands for Internet Group Management Protocol. It is responsible for the management of IP multicast members in IPv4, and is used to establish and maintain the multicast member relationships between the IP host and its directly neighboring multicast routers. So far, there are three IGMP versions: IGMPv1(defined in RFC 1112) ...
Page 237 (3) After receiving the IGMP query message, the host that is interested in multicast group G1, either Host B or Host C (depending on whose latency timer runs out first) — for example Host B, will firstly multicast IGMP membership report message to G1 to declare it belongs to G1. As all the hosts and routers can receive this membership report message and the IGMP routers (Router A and Router B) already know there is a host interested in G1, Host C will not send its report message for G1 after it receives the report message of Host B.
Page 238 2. Leave-Group Mechanism When a host leaves a multicast group in IGMPv2: (1) The host will send leave group message to all the multicast routers in the local network with the multicast address 224.0.0.2. (2) After receiving this leave group message, the querier will send group-specific query message to the multicast group that the host announces to leave.
Page 239 Figure 11-4 IGMPv3 Multicast Source Filtering If the IGMP protocol running between the hosts and the multicast routers is IGMPv1 or IGMPv2, Host B will be unable to select its expecting sources when it joins the multicast group G. Thus whether needed or not, the multicast data from Source 1 and Source 2 will be transferred to Host When IGMPv3 is running between the hosts and the multicast routers, Host B will only expect the multicast data sending from Source 1 to G, referred as (S1, G), or refuse to receive the multicast...
Page 240: Interface Config
IS_EX: indicating the mapping relationship between the multicast group and the multicast  source list is EXCLUDE, which means the host will only receive the multicast data sending to this multicast group with its source not in the specified source list. TO_IN: indicating the mapping relationship between the multicast group and the multicast ...
Page 241: Interface State
Robustness: Specify the robustness of the selected interface, ranging from 1 to 255. The default is 2. The robustness variable determines the aging time of the member port after it receives the report message. The aging time = robustness* general-query-interval + query-max-response-time.
Page 242: Static Multicast Config
Routed Port: Enter the routed port the desired entry must carry. Interface State Table  Interface: The interface for which data is to be displayed or configured. IP Address: The IP address of the selected interface. Querier IP: The address of the IGMP querier on the IP subnet to which the selected interface is attached.
Page 243: Multicast Group Table
The following entries are displayed on this screen: IGMP Static Multicast Group  Interface: Enter the ID of the interface corresponds to, VLAN ID or routed port. Multicast IP: Enter the multicast IP address the desired entry must carry. Source IP: Displays the Source IP of the entry.
Page 244: Profile Binding
Choose the menu Multicast Routing→IGMP→Multicast Group Table to load the following page. Figure 11-8 Multicast Group Table The following entries are displayed on this screen: Search Option  Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly.
Page 245 Choose the menu Multicast Routing→IGMP→Profile Binding to load the following page. Figure 11-9 Profile Binding The following entries are displayed on this screen: Profile and Max Group Binding  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration.
Page 246: Packet Statistics
Profile: Click the Profile button to create new IGMP profiles. 11.2.6 Packet Statistics On this page you can view multicast packet statistics over each interface of the switch, which facilitates you monitor the IGMP packets in the network. Choose the menu Multicast Routing→IGMP→Packet Statistics to load the following page. Figure 11-10 Packet Statistics The following entries are displayed on this screen: Auto Refresh...
Page 247: Application Example For Igmp
11.2.7 Application Example for IGMP Network Requirements  Receivers of different organizations form the stub networks N1 and N2, and Host A and Host C are the multicast information receivers in N1 and N2 respectively. They receive the Video-On-Demand information through multicast. In the PIM network, Switch A connects to N1;...
Page 248: Pim Dm
 Configure Switch A Steps Operation Note On page Multicast Routing→ Global Config→ Global Config, Enable IP multicast routing. enable the multicast routing function. Enable IGMP on On page Multicast Routing→ IGMP→ Interface Config, enable user-side interface. IGMP (version 3) on interface VLAN 10. ...
Page 249 RPF Mechanism  PIM uses the unicast routing table to perform the RPF check. RPF mechanism ensures the multicast packets being forwarded correctly according to the multicast routing configuration, and avoids loops causing by various reasons. 1. RPF Check The RPF check relies on unicast route or static multicast route. The unicast routing table aggregates the shortest paths to each destination network segments, and the static multicast routing table lists specified static RPF routing entries configured by the user manually.
Page 250 If the check result shows that the RPF interface is the different from the input interface in the  current (S, G) entry, which indicates that the (S, G) entry is invalid and the router will correct the input interface to the packet’s actual arriving interface, and forward this packet to all the output interfaces.
Page 251 Neighbor Discovering  In PIM domain, routers periodically sends PIM Hello packets to all the PIM routers with the multicast address 224.0.0.13 to discover PIM neighbors, maintain the PIM neighboring relationships between the routers, thus to build and maintain the SPT. SPT Building ...
Page 252 Grafting  When a new receiver on a previously pruned branch of the tree joins a multicast group, the PIM DM takes the Graft mechanism to actively resume this node’s function of forwarding multicast data, thus reducing the time it takes to resume to the forwarding state. The process is illustrated as below: (1) The branch that needs to receive the multicast data again will send a graft message to its upstream node up the distribution tree towards the source hop-by-hop, applying to rejoin the...
Page 253: Pim Dm Interface
(2) The router with the unicast route of the smaller cost to the multicast source; (3) The router with the local interface of the higher IP address. 11.3.1 PIM DM Interface Choose the menu Multicast Routing→PIM DM→PIM DM Interface to load the following page. Figure 11-13 PIM DM Interface The following entries are displayed on this screen: PIM DM Interface Config...
Page 254 Choose the menu Multicast Routing→PIM DM→PIM DM neighbor to load the following page. Figure 11-14 PIM DM neighbor The following entries are displayed on this screen: PIM DM Interface Config  The L3 interfaces can be configured as PIM DM mode by this page. Search Option: ALL: Displays all entries.
Page 255: Application Example For Pim Dm
Step Operation Description Enable IGMP Required. Enable IGMP on the routing interfaces which connect to the receivers on Multicast Routing→IGMP→Interface Config page. 11.3.3 Application Example for PIM DM Network Requirements  Receivers receive VOD data through multicast. The whole network runs PIM DM as multicast routing protocol.
Page 256: Pim Sm
Configuration Procedure  Configure Switch A:  Step Operation Description Configure interface. Configure IP addresses and subnet masks of VLAN interfaces 1, 2 and 3 on Routing→ Interface→Interface Config page. Configure routing Configure the routing entries via static route or dynamic routing protocol.
Page 257 The router connected to the receiver sends the join message to the RP of a certain multicast  group. The path along which the join message is sent to the RP hop-by-hop forms a branch of RPT. When the multicast source is sending multicast data to a multicast group, the router directly ...
Page 258 Figure 11-15 DR Elect As shown in Figure 11-15, the DR election process is illustrated below: (1) Routers in the shared network sends Hello message carrying DR-election priority to each other, and the router with the highest priority will be elected as the DR; (2) If the routers have the same priorities, or at least one route in the network doesn’t support carrying the DR-election priority in the Hello packet, the routers with the highest IP address will be elected as the DR.
Page 259 Figure 11-16 The Locations of C-RP, C-BSR and BSR RPT Building  Figure 11-17 RPT Topology in PIM SM As shown in Figure 11-17, the establishing process of RPT is illustrated below: (1) When a receiver joins a multicast group G, it informs the directly connected DR with IGMP message;...
Page 260 check if there are other receivers of this group. If there are no more receivers, the prune message will be sent upstream. Multicast Source Registering  The multicast source register is to inform its presence to the RP. As shown in Figure 11-18, the process of the multicast source registering to RP is illustrated below: Figure 11-18 Multicast Source Register Topology in PIM SM (1) When the multicast source S’s directly connected DR receives a multicast packet sent from...
Page 261 (2) The receiver-side DR sends prune message toward the RP hop-by-hop. The RP will forward the received prune message toward the multicast source. The switching process from RPT to SPT is then accomplished. After the switching from RPT to SPT, the multicast data will be sent from multicast source to the receivers directly.
Page 262: Pim Sm Interface
The multicast messages (such as C-RP Hello Message and BSR BootStrap Message) of each BSR administrative domain cannot pass through the domain border. 11.4.1 PIM SM Interface Choose the menu Multicast Routing→PIM SM→PIM SM Interface to load the following page. Figure11-20 PIM SM Interface The following entries are displayed on this screen: PIM SM Interface Config...
Page 263: Pim Sm Neighbor
11.4.2 PIM SM Neighbor PIM SM neighbor is automatically learned by sending and receiving Hello Packets when PIM SM is enabled. Choose the menu Multicast Routing→PIM SM→PIM SM Neighbor to load the following page. Figure 11-21 PIM SM neighbor The following entries are displayed on this screen: Search Option ...
Page 264 Choose the menu Multicast Routing→PIM SM→BSR to load the following page. Figure 11-22 BSR The following entries are displayed on this screen: PIM SM Candidate BSR Config  Configure the candidate BSR of current device. Interface: Select the interface on this switch from which the BSR address is derived to make it a candidate.
Page 265 PIM SM Candidate BSR Information  Candidate Displays the Candidate BSR address. Address: Priority: Displays the priority of the Candidate BSR. Hash Mask Length: Displays the hash mask length of the Candidate BSR. 11.4.4 RP In the PIM SM mode, RP receives multicast data from the source and transmits the data down the shared tree to the multicast group members.
Page 266: Rp Mapping
Priority: Specify the priority of the candidate RP. The default value is 192. Interval: Specify the interval of advertisement message of the candidate RP in seconds. The default value is 60. PIM SM Candidate RP Table  Interface: Displays the VLAN interface of the candidate RP. Priority: Displays the priority of the candidate RP.
Page 267: Rp Info
11.4.6 RP Info Choose the menu Multicast Routing→PIM SM→RP Info to load the following page. Figure 11-25 RP Info The following entries are displayed on this screen: Search Option  Search Option: ALL: Select All to display all entries.  Group: Select Group and enter the group IP address of ...
Page 268: Application Example For Pim Sm
11.4.7 Application Example for PIM SM Network Requirements  Receivers receive VOD data through multicast. The whole network runs PIM SM as multicast routing protocol. Host A and Host D act as multicast receivers. Switch A connects to Switch B in VLAN 2, connects to Switch C in VLAN 3. The Source server connects to Switch A in VLAN 1.
Page 269: Static Mroute
Configuration Procedure  Configure Switch A:  Step Operation Description Configure interface. Configure IP addresses and subnet masks of VLAN interfaces 1, 2 and 3 on Routing→ Interface→Interface Config page. Configure routing Configure the routing entries via static route or dynamic routing protocol.
Page 270: Static Mroute Config
The static multicast routing is an important foundation for the RPF check. In the RPF check process, with static multicast routing configured, the router will choose one as the RPF route after comparing the optimal unicast route and the static multicast route selected respectively from the unicast routing table and the static multicast routing table.
Page 271: Static Mroute Table
The following entries are displayed on this screen: Static Mroute Config  Source: Enter the IP address that identifies the multicast source of the entry you are creating. Source Mask: Enter the subnet mask to be applied to the Source. RPF Neighbor: Enter the IP address of the neighbor router on the path to the mroute source.
Page 272: Application Example For Static Mroute
11.5.3 Application Example for Static Mroute Network Requirements  The network runs PIM DM and all the switches in the network support multicast features. Switch A, Switch B and Switch C run OSPF protocol. In normal circumstances, Receiver receives multicast data from Source through the path Switch A-Switch B, which is the same as the unicast route.
Page 273  Configure Switch B Step Operation Note Required. On page Multicast Routing→Global Config→Global Enable multicast routing Config, enable the Multicast Routing function globally. Enable PIM DM Required. On page Multicast Routing→PIM DM→PIM DM Interface, enable PIM DM on the VLAN interfaces 100, 101 and 102. Enable IGMP Required.
Page 274: Chapter 12 Qos
Chapter 12 QoS QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality.  This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function.
Page 275 2. 802.1P Priority Figure 12-2 802.1Q frame As shown in the figure above, each 802.1Q Tag has a Pri field, comprising 3 bits. The 3-bit priority field is 802.1p priority in the range of 0 to 7. 802.1P priority determines the priority of the packets based on the Pri value.
Page 276 Figure 12-4 SP-Mode WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues with lower priority cannot get service for a long time.
Page 277: Diffserv
12.1 DiffServ This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms.
Page 278: Schedule Mode
LAG: Displays the LAG number which the port belongs to. Note: To complete QoS function configuration, you have to go to the Schedule Mode page to select a schedule mode after the configuration is finished on this page. Configuration Procedure: Step Operation Description Select the port priority...
Page 279: P Priority
SP+WRR-Mode: Strict-Priority + Weight Round Robin Mode. In this mode, this switch provides two scheduling groups, SP group and WRR group. Queues in SP group and WRR group are scheduled strictly based on strict-priority mode while the queues inside WRR group follow the WRR mode.
Page 280: Dscp Priority
Priority and CoS-mapping Config  Tag-id/CoS-id: Indicates the precedence level defined by IEEE 802.1P and the CoS ID. Queue TC-id: Indicates the priority level of egress queue the packets with tag and CoS-id are mapped to. The priority levels of egress queue are labeled as TC0, TC1, TC2 to TC7.
Page 281 Choose the menu QoS→DiffServ→DSCP Priority to load the following page. Figure 12-9 DSCP Priority The following entries are displayed on this screen: DSCP Priority Config  DSCP Priority: Select Enable or Disable DSCP Priority. Priority Level  DSCP: Indicates the priority determined by the DiffServ region of IP datagram.
Page 282: Bandwidth Control
12.2 Bandwidth Control Bandwidth function, allowing you to control the traffic rate and broadcast flow on each port to ensure network in working order, can be implemented on Rate Limit and Storm Control pages. 12.2.1 Rate Limit Rate limit functions to control the ingress/egress traffic rate on each port via configuring the available bandwidth of each port.
Page 283: Storm Control
Note: If you enable ingress rate limit feature for the storm control-enabled port, storm control feature will be disabled for this port. When egress rate limit feature is enabled for one or more ports, you are suggested to disable the flow control on each port to ensure the switch works normally. 12.2.2 Storm Control Storm Control function allows the switch to filter broadcast, multicast and UL frame in the network.
Page 284: Voice Vlan
UL-Frame Rate : Select the bandwidth for receiving UL-Frame on the port. The packet traffic exceeding the bandwidth will be discarded. Select Disable to disable the UL-Frame control function for the port. LAG: Displays the LAG number which the port belongs to. Note: If you enable storm control feature for the ingress rate limit-enabled port, ingress rate limit feature will be disabled for this port.
Page 285 the aging time, the switch will remove this port from voice VLAN. Voice ports are automatically added into or removed from voice VLAN. Manual Mode: You need to manually add the port of IP phone to voice VLAN, and then the switch will assign ACL rules and configure the priority of the packets through learning the source MAC address of packets and matching OUI address.
Page 286: Global Config
source MAC addresses do not match OUI addresses. If security mode is not enabled, the port forwards all the packets. Security Mode Packet Type Processing Mode UNTAG packet When the source MAC address of the packet is the OUI address that can be identified, the packet can be Packet with voice transmitted in the voice VLAN.
Page 287: Port Config
Aging Time: Specifies the living time of the member port in auto mode after the OUI address is aging out. Priority: Select the 802.1P priority of the port when sending voice data. 12.3.2 Port Config Before the voice VLAN function is enabled, the parameters of the ports in the voice VLAN should be configured on this page.
Page 288: Oui Config
Port Mode: Select the mode for the port to join the voice VLAN. Auto: In this mode, the switch automatically adds a port to the  voice VLAN or removes a port from the voice VLAN by checking whether the port receives voice data or not. Manual: In this mode, you can manually add a port to the ...
Page 289 OUI Table  Select: Select the desired entry to view the detailed information. OUI: Displays the OUI address of the voice device. Mask: Displays the OUI address mask of the voice device. Description: Displays the description of the OUI. Configuration Procedure of Voice VLAN: Step Operation Description Required.
Page 290: Chapter 13 Acl
Chapter 13 ACL ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and secured access control policy and facilitates you to control the network security.
Page 291: Time-Range Create
13.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figure 13-2 Time-Range Create Note: To successfully configure time-ranges, please firstly specify time-slices and then time-ranges. The following entries are displayed on this screen: Create Time-Range ...
Page 292: Holiday Config
End Time: Displays the end time of the time-slice. Delete: Click the Delete button to delete the corresponding time-slice. 13.1.3 Holiday Config Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays according to your work arrangement. Choose the menu ACL→Time-Range→Holiday Config to load the following page.
Page 293: Acl Summary
13.2.1 ACL Summary On this page, you can view the current ACLs configured in the switch. Choose the menu ACL→ACL Config→ACL Summary to load the following page. Figure 13-4 ACL Summary The following entries are displayed on this screen: Search Option ...
Page 294: Mac Acl
13.2.3 MAC ACL MAC ACLs analyze and process packets based on a series of match conditions, which can be the source MAC addresses, destination MAC addresses and EtherType carried in the packets. Choose the menu ACL→ACL Config→MAC ACL to load the following page. Create MAC Rule Figure 13-6 The following entries are displayed on this screen:...
Page 295: Extend-Ip Acl
Choose the menu ACL→ACL Config→Standard-IP ACL to load the following page. Figure 13-7 Create Standard-IP Rule The following entries are displayed on this screen: Create Standard-IP Rule  ACL ID: Select the desired Standard-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: Select the operation for the switch to process packets which match the rules.
Page 296 Choose the menu ACL→ACL Config→Extend-IP ACL to load the following page. Figure 13-8 Create Extend-IP Rule The following entries are displayed on this screen: Create Extend-IP Rule  ACL ID: Select the desired Extend-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: Select the operation for the switch to process packets which match the rules.
Page 297: Policy Config
IP Pre: Enter the IP Precedence contained in the rule. Time-Range: Select the time-range for the rule to take effect. 13.3 Policy Config A Policy is used to control the data packets those match the corresponding ACL rules by configuring ACLs and actions together for effect. The operations here include stream mirror, stream condition, QoS remarking and redirect.
Page 298: Action Create
Choose the menu ACL→Policy Config→Policy Create to load the following page. Figure 13-10 Create Policy The following entries are displayed on this screen: Create Policy  Policy Name: Enter the name of the policy. 13.3.3 Action Create On this page you can add ACLs and create corresponding actions for the policy. Choose the menu ACL→Policy Config→Action Create to load the following page.
Page 299: Policy Binding
S-Condition: Select S-Condition to limit the transmission rate of the data packets in the policy. Rate: Specify the forwarding rate of the data packets those match  the corresponding ACL. Out of Band: Specify the disposal way of the data packets those ...
Page 300: Port Binding
The following entries are displayed on this screen: Search Options  Show Mode: Select a show mode appropriate to your needs. Policy Vlan-Bind Table  Select: Select the desired entry to delete the corresponding binding policy. Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy.
Page 301: Vlan Binding
The following entries are displayed on this screen: Port-Bind Config  Policy Name: Select the name of the policy you want to bind. Port: Enter the number of the port you want to bind. Port-Bind Table  Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy.
Page 302: Application Example For Acl
Configuration Procedure: Step Operation Description Configure effective Required. On ACL→Time-Range configuration pages, time-range configure the effective time-ranges for ACLs. Configure ACL rules Required. On ACL→ACL Config configuration pages, configure ACL rules to match packets. Configure Policy Required. On ACL→Policy Config configuration pages, configure the policy to control the data packets those match the corresponding ACL rules.
Page 303 Step Operation Description Configure On ACL→ACL Config→ACL Create page, create ACL 11. requirement 1 On ACL→ACL Config→MAC ACL page, select ACL 11, create Rule 1, configure the operation as Permit, configure the S-MAC as 00-64-A5-5D-12-C3 and mask as FF-FF-FF-FF-FF-FF, and configure the time-range as No Limit.
Page 304: Chapter 14 Network Security
Chapter 14 Network Security Network Security module is to provide the multiple protection measures for the network security, including five submenus: IP-MAC Binding, DHCP Snooping, ARP Inspection, IP Source Guard, DoS Defend and 802.1X. Please configure the functions appropriate to your need. 14.1 IP-MAC Binding The IP-MAC Binding function allows you to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together.
Page 305: Manual Binding
The following entries are displayed on this screen: Search  Source: Displays the Source of the entry. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed.
Page 306 Figure 14-2 Manual Binding The following entries are displayed on this screen: Manual Binding Option  Host Name: Enter the Host Name. IP Address: Enter the IP Address of the Host. MAC Address: Enter the MAC Address of the Host. VLAN ID: Enter the VLAN ID.
Page 307: Arp Scanning
Source: Displays the source of the entry. Collision: Displays the Collision status of the entry. • Warning: Indicates that the collision may be caused by the MSTP function. • Critical: Indicates that the entry has a collision with the other entries. 14.1.3 ARP Scanning ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.
Page 308 Choose the menu Network Security→IP-MAC Binding→ARP Scanning to load the following page. Figure 14-4 ARP Scanning The following entries are displayed on this screen: Scanning Option  Start IP Address: Specify the Start IP Address. End IP Address: Specify the End IP Address. VLAN ID: Enter the VLAN ID.
Page 309: Dhcp Snooping
14.2 DHCP Snooping Nowadays, the network is getting larger and more complicated. The amount of the PCs always exceeds that of the assigned IP addresses. The wireless network and the laptops are widely used and the locations of the PCs are always changed. Therefore, the corresponding IP address of the PC should be updated with a few configurations.
Page 310 The most Clients obtain the IP addresses dynamically, which is illustrated in the following figure. Figure 14-6 Interaction between a DHCP client and a DHCP server DHCP-DISCOVER Stage: The Client broadcasts the DHCP-DISCOVER packet to find the DHCP Server. DHCP-OFFER Stage: Upon receiving the DHCP-DISCOVER packet, the DHCP Server selects an IP address from the IP pool according to the assigning priority of the IP addresses and replies to the Client with DHCP-OFFER packet carrying the IP address and other information.
Page 311: Global Config
Option 82 can contain 255 sub-options at most. If Option 82 is defined, at least a sub-option should be defined. This switch supports two sub-options: Circuit ID and Remote ID. Since there is no universal standard about the content of Option 82, different manufacturers define the sub-options of Option 82 to their need.
Page 312 Figure 14-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. The following entries are displayed on this screen: DHCP Snooping Configuration ...
Page 313: Port Config
Replace: Indicates to replace the Option 82 field of the • packets with the switch defined one. Drop: Indicates to discard the packets including the Option • 82 field. Customization: Enable/Disable the switch to define the Option 82. Circuit ID: Enter the sub-option Circuit ID for the customized Option 82.
Page 314: Arp Inspection
Rate Limit: Select the value to specify the maximum amount of DHCP messages that can be forwarded by the switch of this port per second. The excessive DHCP packets will be discarded. Decline Protect: Select Enable/Disable the Decline Protect feature. LAG: Displays the LAG to which the port belongs to.
Page 315 Figure 14-11 ARP Attack – Cheating Gateway As the above figure shown, the attacker sends the fake ARP packets of Host A to the Gateway, and then the Gateway will automatically update its ARP table after receiving the ARP packets. When the Gateway tries to communicate with Host A in LAN, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
Page 316 Man-In-The-Middle Attack  The attacker continuously sends the false ARP packets to the Hosts in LAN so as to make the Hosts maintain the wrong ARP table. When the Hosts in LAN communicate with one another, they will send the packets to the attacker according to the wrong ARP table. Thus, the attacker can get and process the packets before forwarding them.
Page 317: Arp Detect
and unable to learn the ARP entries of legal Hosts, which causes that the legal Hosts cannot access the external network. The IP-MAC Binding function allows the switch to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together when the Host connects to the switch. Basing on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the ARP packets and filter the illegal ARP packet so as to prevent the network from ARP attacks.
Page 318: Arp Defend
Trusted Port  UNIT: Select the unit ID of the desired member in the stack. Trusted Port: Select the port for which the ARP Detect function is unnecessary as the Trusted Port. The specific ports, such as up-linked port, routing port and LAG port, should be set as Trusted Port. To ensure the normal communication of the switch, please configure the ARP Trusted Port before enabling the ARP Detect function.
Page 319: Arp Statistics
Choose the menu Network Security→ARP Inspection→ARP Defend to load the following page. Figure 14-15 ARP Defend The following entries are displayed on this screen: ARP Defend  UNIT: Select the unit ID of the desired member in the stack. Select: Select your desired port for configuration.
Page 320: Ip Source Guard
Choose the menu Network Security→ARP Inspection→ARP Statistics to load the following page. Figure 14-16 ARP Statistics The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Enable/Disable the Auto Refresh feature. Refresh Interval: Specify the refresh interval to display the ARP Statistics. Illegal ARP Packet ...
Page 321 Choose the menu Network Security→IP Source Guard to load the following page. Figure 14-17 IP Source Guard The following entries are displayed on this screen: IP Source Guard Config  UNIT: Select the unit ID of the desired member in the stack. Select: Select your desired port for configuration.
Page 322: Dos Defend
14.5 DoS Defend DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host, which incurs an abnormal service or even breakdown of the network. With DoS Defend function enabled, the switch can analyze the specific fields of the IP packets and distinguish the malicious DoS attack packets.
Page 323: Dos Defend
14.5.1 DoS Defend On this page, you can enable the DoS Defend type appropriate to your need. Choose the menu Network Security→DoS Defend→DoS Defend to load the following page. Figure 14-18 DoS Defend The following entries are displayed on this screen: Defend Config ...
Page 324 Authenticator System: The authenticator system is usually an 802.1X-supported network device, such as this TP-LINK switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system. Authentication Server System: The authentication server system is an entity that provides authentication service to the authenticator system.
Page 325 EAP Relay Mode This mode is defined in 802.1X. In this mode, EAP-packets are encapsulated in higher level protocol (such as EAPOR) packets to allow them successfully reach the authentication server. This mode normally requires the RADIUS server to support the two fields of EAP: the EAP-message field and the Message-authenticator field.
Page 326 (7) The switch changes the state of the corresponding port to accepted state to allow the supplicant system access the network. And then the switch will monitor the status of supplicant by sending hand-shake packets periodically. By default, the switch will force the supplicant to log off if it cannot get the response from the supplicant for two times.
Page 327: Global Config
Quiet-period timer (Quiet Period): This timer sets the quiet-period. When a supplicant system fails to pass the authentication, the switch quiets for the specified period before it processes another authentication request re-initiated by the supplicant system. Guest VLAN  Guest VLAN function enables the supplicants that do not pass the authentication to access the specific network resource.
Page 328: Port Config
The following entries are displayed on this screen: Global Config  802.1X: Enable/Disable the 802.1X function. Auth Method: Select the Authentication Method from the pull-down list. • EAP-MD5: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client.
Page 329 Figure 14-23 Port Config The following entries are displayed on this screen: Port Config  UNIT: Select the unit ID of the desired member in the stack. Select: Select your desired port for configuration. It is multi-optional. Port: Displays the port number. Status: Select Enable/Disable the 802.1X authentication feature for the port.
Page 330: Radius Server
14.6.3 Radius Server RADIUS (Remote Authentication Dial-In User Service) server provides the authentication service for the switch via the stored client information, such as the user name, password, etc, with the purpose to control the authentication and accounting status of the clients. On this page, you can configure the parameters of the authentication server.
Page 331 Key Modify: Select to modify the accounting key. Accounting Key: Set the shared password for the switch and the accounting servers to exchange messages. Note: 1. The 802.1X function takes effect only when it is enabled globally on the switch and for the port. 2.
Page 332: Chapter 15 Snmp
Chapter 15 SNMP SNMP Overview  SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the network devices. It is used for automatically managing the various network devices no matter the physical differences of the devices.
Page 333 SNMP v1: SNMP v1 adopts Community Name authentication. The community name is used to define the relation between SNMP Management Station and SNMP Agent. The SNMP packets failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password.
Page 334: Snmp Config
3. Create SNMP User The User configured in an SNMP Group can manage the switch via the client program on management station. The specified User Name and the Auth/Privacy Password are used for SNMP Management Station to access the SNMP Agent, functioning as the password. SNMP module is used to configure the SNMP function of the switch, including three submenus: SNMP Config, Notification and RMON.
Page 335: Snmp View
Note: The amount of Engine ID characters must be even. 15.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to manage MIB objects.
Page 336: Snmp Group
15.1.3 SNMP Group On this page, you can configure SNMP Group to control the network access by providing the users in various groups with different management rights via the Read View, Write View and Notify View. Choose the menu SNMP→SNMP Config→SNMP Group to load the following page. Figure15-5 SNMP Group The following entries are displayed on this screen: Group Config...
Page 337: Snmp User
Write View: Select the View to be the Write View. The management access is writing only and changes can be made to the assigned SNMP View. The View defined both as the Read View and the Write View can be read and modified. Notify View: Select the View to be the Notify View.
Page 338 Choose the menu SNMP→SNMP Config→SNMP User to load the following page. Figure15-6 SNMP User The following entries are displayed on this screen: User Config  User Name: Enter the User Name here. User Type: Select the type for the User. Local User: Indicates that the user is connected to a •...
Page 339: Snmp Community
User Table  Select: Select the desired entry to delete the corresponding User. It is multi-optional. User Name: Displays the name of the User. User Type: Displays the User Type. Group Name: Displays the Group Name of the User. Security Model: Displays the Security Model of the User.
Page 340 read-only: Management right of the Community is • restricted to read-only, and changes cannot be made to the corresponding View. • read-write: Management right of the Community is read-write and changes can be made to the corresponding View. MIB View: Select the MIB View for the community to access.
Page 341: Notification
Step Operation Description Create SNMP View. Required. On the SNMP→SNMP Config→SNMP View page, create SNMP View of the management agent. The default View Name is viewDefault and the default OID is 1. Create SNMP Required alternatively. Community Create SNMP Community directly. ...
Page 342 Choose the menu SNMP→Notification→Notification Config to load the following page. Figure15-8 Notification Config The following entries are displayed on this screen: Host Config  IP Address: Enter the IP Address of the management Host. User: Enter the User name of the management station. Security Model: Select the Security Model of the management station.
Page 343: Rmon
Type: Displays the type of the notifications. Retry: Displays the maximum time for the switch to wait for the response from the management station before resending a request. Timeout: Displays the amount of times the switch resends an inform request. Operation: Click the Edit button to modify the corresponding entry and click the Modify button to apply.
Page 344: History
Choose the menu SNMP→RMON→Statistics to load the following page. Figure 15-9 Statistics The following entries are displayed on this screen: Statistics Config  Enter the ID number of statistics entry, ranging from 1 to 65535. Port: Enter or choose the Ethernet interface from which to collect the statistics.
Page 345: Event
Choose the menu SNMP→RMON→History to load the following page. Figure 15-10 History Control The following entries are displayed on this screen: History Control Table  Select: Select the desired entry for configuration. Index: Displays the index number of the entry. Port: Specify the port from which the history samples were taken, in format as 1/0/1.
Page 346: Alarm
Choose the menu SNMP→RMON→Event to load the following page. Figure15-11 Event Config The following entries are displayed on this screen: Event Table  Select: Select the desired entry for configuration. Index: Displays the index number of the entry. User: Enter the name of the User or the community to which the event belongs.
Page 347 Choose the menu SNMP→RMON→Alarm to load the following page. Figure 15-12 Alarm Config The following entries are displayed on this screen: Alarm Table  Select: Select the desired entry for configuration. Index: Displays the index number of the entry. Variable: Select the alarm variables from the pull-down list.
Page 348 Interval: Enter the alarm interval time in seconds, ranging from 10 to 3600. Owner: Enter the name of the device or user that defined the entry. Status: Select Enable/Disable the corresponding alarm entry. Note: When alarm variables exceed the Threshold on the same direction continuously for several times, an alarm event will only be generated on the first time, that is, the Rising Alarm and Falling Alarm are triggered alternately for that the alarm following to Rising Alarm is certainly a Falling Alarm and vice versa.
Page 349: Chapter 16 Lldp
Chapter 16 LLDP LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used for network devices to advertise their own device information periodically to neighbors on the same IEEE 802 local area network. The advertised information, including details such as device identification, capabilities and configuration settings, is represented in TLV (Type/Length/Value) format according to the IEEE 802.1ab standard, and these TLVs are encapsulated in LLDPDU (Link Layer Discovery Protocol Data Unit).
Page 350 Disable: the port cannot transmit or receive LLDPDUs.  LLDPDU transmission mechanism If the ports are working in TxRx or Tx mode, they will advertise local information by  sending LLDPDUs periodically. If there is a change in the local device, the change notification will be advertised. To ...
Page 351 Maximum Frame TLV are defined by IEEE 802.3. Note: For detailed introduction of TLV, please refer to IEEE 802.1AB standard. In TP-LINK switch, the following LLDP optional TLVs are supported. Port Description TLV The Port Description TLV allows network management to advertise the IEEE 802 LAN station's port description.
Page 352: Basic Config
System Description TLV The System Description TLV allows network management to advertise the system's description, which should include the full name and version identification of the system's hardware type, software operating system, and networking software. System Name TLV The System Name TLV allows network management to advertise the system's assigned name, which should be the system's fully qualified domain name.
Page 353: Port Config
Choose the menu LLDP→Basic Config→Global Config to load the following page. Figure 16-1 Global Configuration The following entries are displayed on this screen: Global Config  LLDP: Choose to enable/disable LLDP. Parameters Config  Transmit Interval: This parameter indicates the interval at which LLDP frames are transmitted on behalf of this LLDP agent.
Page 354: Device Info
Choose the menu LLDP→Basic Config→Port Config to load the following page. Figure 16-2 Port Configuration The following entries are displayed on this screen: Port Config  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration. It is multi-optional. Port: Displays the port number to be configured.
Page 355: Local Info
16.2.1 Local Info On this page you can see all ports' configuration and system information. Choose the menu LLDP→Device Info→Local Info to load the following page. Figure 16-3 Local Information The following entries are displayed on this screen: Auto Refresh ...
Page 356: Neighbor Info
Indicates the basis for the chassis ID, and the default subtype is Chassis ID Subtype： MAC address. Indicates the specific identifier for the particular chassis in local Chassis ID： device. Indicates the basis for the port ID, and the default subtype is Port ID Subtype：...
Page 357: Device Statistics
Auto Refresh  Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Neighbor(s) Info  Select the desired port to display the information of the corresponding port. UNIT: Select the unit ID of the desired member in the stack. System Name: Displays the system name of the neighbor device.
Page 358: Lldp-Med
The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Global Statistics  Last Update: Display latest update time of the statistics. Total Inserts: Display the number of neighbors during latest update time. Total Deletes: Displays the number of neighbors deleted by local device.
Page 359: Global Config
Media Endpoint Device (Class II): The class of Endpoint Device that supports media stream capabilities. Communication Device Endpoint (Class III): The class of Endpoint Device that directly supports end users of the IP communication system. Network Policy TLV The Network Policy TLV allows both Network Connectivity Devices and Endpoints to advertise VLAN configuration and associated Layer 2 and Layer 3 attributes that apply for a set of specific applications on that port.
Page 360: Port Config
The following entries are displayed on this screen LLDP-MED Parameters Config  Fast Start Count: When LLDP-MED fast start mechanism is activated, multiple LLDP-MED frames will be transmitted (the number of frames equals this parameter). The default value is 4. Device Class: LLDP-MED devices are comprised of two primary device types: Network Connectivity Devices and Endpoint Devices.
Page 361 Included TLVs: Select TLVs to be included in outgoing LLDPDU. Click the Detail button to display the included TLVs and select the desired TLVs. Figure 16-8 Configure TLVs of LLDP-MED Port Included TLVs  Select TLVs to be included in outgoing LLDPDU. Location Identification Parameters ...
Page 362: Local Info
should be used, but may not be known. Options (0) and (1) should not be used unless it is known that the DHCP client is in close physical proximity to the server or network element. Country Code: The two-letters ISO 3166 country code in •...
Page 363: Neighbor Info
Application Type: Application Type indicates the primary function of the applications defined for the network policy. Unknown Policy Displays whether the local device will explicitly advertise the policy Flag: required by the device but currently unknown. VLAN tagged: Indicates the VLAN type the specified application type is using, 'tagged' or 'untagged'.
Page 364 Unit: Select the unit ID of the desired member in the stack. Device Type: Displays the device type of the neighbor. Application Type: Displays the application type of the neighbor. Application Type indicates the primary function of the applications defined for the network policy.
Page 365: Chapter 17 Cluster
Chapter 17 Cluster With the development of network technology, the network scale is getting larger and more network devices are required, which may result in a more complicated network management system. As a large number of devices need to be assigned different network addresses and every management device needs to be respectively configured to meet the application requirements, manpower are needed.
Page 366: Ndp
The commander switch becomes to be the candidate switch only when the cluster is deleted.  Introduction to Cluster  Cluster functions to configure and manage the switches in the cluster based on three protocols, NDP, NTDP and CMP (Cluster Management Protocol). NDP: All switches get neighbor information by collecting NDP.
Page 367: Ndp Summary
The following entries are displayed on this screen: Neighbor  Search Option: Select the information the desired entry should contain and then click the Search button to display the desired entry in the following Neighbor Information table. Neighbor Info  Native Port: Displays the port number of the switch.
Page 368: Ndp Config
Aging Time: Displays the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Displays the interval to send NDP packets. Port Status  UNIT: Select the unit ID of the desired member in the stack. Port: Displays the port number of the switch.
Page 369: Ntdp
The following entries are displayed on this screen: Global Config  NDP: Select Enable/Disable NDP function globally. Aging Time: Enter the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Enter the interval to send NDP packets. Port Config ...
Page 370 Choose the menu Cluster→NTDP→Device Table to load the following page. Figure17-5 Device Table The following entries are displayed on this screen: Device Table  Device Name: Displays the device type collected through NTDP. Device MAC: Displays the MAC address of this device. Cluster Name: Displays the cluster name of this device.
Page 371: Ntdp Summary
Click the Detail button to view the complete information of this device and its neighbors. Figure17-6 Information of the Current Device 17.2.2 NTDP Summary On this page you can view the NTDP configuration. Choose the menu Cluster→NTDP→NTDP Summary to load the following page. Figure17-7 NTDP Summary...
Page 372: Ntdp Config
The following entries are displayed on this screen: Global Config  NTDP: Displays the NTDP status (enabled or disabled) of the switch globally. NTDP Interval Time: Displays the interval to collect topology information. NTDP Hops: Displays the hop count the switch topology collects. NTDP Hop Delay: Displays the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the...
Page 373: Cluster
NTDP Interval Time: Enter the interval to collect topology information. NTDP Hops: Enter the hop count the switch topology collects. NTDP Hop Delay: Enter the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time.
Page 374 Cluster Role: Displays the role the switch plays in the cluster. Cluster Management-vlan  VLAN ID: Displays the management VLAN ID of the switch. For a commander switch，the following page is displayed:  Figure 17-10 Cluster Summary for Commander Switch The following entries are displayed on this screen: Global Config ...
Page 375 TFTP Server: Displays the IP address of TFTP server. Member Info  Device Name: Displays the description of the member switch. Device MAC: Displays the MAC address of the member switch. IP Address: Displays the IP address of the member switch used in the cluster. Status: Displays the connection status of the member switch.
Page 376: Cluster Config
For an individual switch, the following page is displayed:  Figure17-12 Cluster Summary for Individual Switch The following entries are displayed on this screen: Global Config  Cluster: Displays the cluster status (enabled or disabled) of the switch. Cluster Role: Displays the role the switch plays in the cluster.
Page 377 The following entries are displayed on this screen: Current Role  Role: Displays the role the current switch plays in the cluster. Cluster management-vlan  VLAN ID: Enter the cluster management-vlan id. Role Change  Individual: Select this option to change the role of the switch to be individual switch.
Page 378 Role Change  Candidate: Select this option to change the role of the switch to be candidate switch. Cluster Config  Hold Time: Enter the time for the switch to keep the cluster information. Interval Time: Enter the interval to send handshake packets. For a member switch, the following page is displayed.
Page 379: Member Config
For an individual switch, the following page is displayed.  Figure 17-16 Cluster Configuration for Individual Switch The following entries are displayed on this screen: Current Role  Role: Displays the role the current switch plays in the cluster. Cluster management-vlan ...
Page 380: Cluster Topology
The following entries are displayed on this screen: Create Member  Member MAC: Enter the MAC address of the candidate switch. Member Info  Select: Select the desired entry to manage/delete the corresponding member switch. Device Name: Display the description of the member switch. Member MAC: Displays the MAC address of the member switch.
Page 381 The following entries are displayed on this screen: Graphic Show  Collect Topology: Click the Collect Topology button to display the cluster topology. Refresh: Click the Refresh button to refresh the cluster topology. Manage: If the current device is the commander switch in the cluster and the selected device is a member switch in the cluster, you can click the Manage button to log on to Web management page of the corresponding switch.
Page 382: Application Example For Cluster Function
Step Operation Description Enable the NTDP function Optional. On Cluster→NTDP→NTDP Config page, enable globally and for the port, the NTDP function on the switch. and then configure NTDP parameters Manually collect NTDP Optional. On Cluster→NTDP→Device Table page, click the information Collect Topology button to manually collect NTDP information.
Page 383 Configuration Procedure  Configure the member switch  Step Operation Description Enable NDP function on the On Cluster→NDP→NDP Config page, enable NDP switch and for port 1 function. On Cluster→NTDP→NTDP Config page, enable Enable NTDP function on the switch and for port 1 NTDP function.
Page 384: Chapter 18 Maintenance
Chapter 18 Maintenance Maintenance module, assembling the commonly used system tools to manage the switch, provides the convenient method to locate and solve the network problem. System Monitor: Monitor the utilization status of the memory and the CPU of switch. Log: View the configuration parameters of the switch and find out the errors via the Logs.
Page 385: Memory Monitor
UNIT: Select the unit ID of the desired member in the stack. Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds. 18.1.2 Memory Monitor Choose the menu Maintenance→System Monitor→Memory Monitor to load the following page. Figure18-2 Memory Monitor UNIT: Select the unit ID of the desired member in the stack.
Page 386: Log Table
Level Description Severity Action must be taken immediately. alerts Critical conditions critical Error conditions errors Warnings conditions warnings Normal but significant conditions notifications Informational messages informational Debug-level messages debugging Table 18-1 Log Level The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages.
Page 387: Local Log
The following entries are displayed on this screen: Log Info  UNIT: Select the unit ID of the desired member in the stack. Index: Displays the index of the log information. Time: Displays the time when the log event occurs. The log can get the correct time after you configure on the System ->System Info->System Time Web management page.
Page 388: Remote Log
Log File: Indicates the flash sector for saving system log. The inforamtion in the log file will not be lost after the switch is restarted and can be exported on the Backup Log page. Severity: Specify the severity level of the log information output to each channel.
Page 389: Backup Log
Note: The Log Server software is not provided. If necessary, please download it on the Internet. 18.2.4 Backup Log Backup Log feature enables the system logs saved in the switch to be output as a file for device diagnosis and statistics analysis. When a critical error results in the breakdown of the system, you can export the logs to get some related important information about the error for device diagnosis after the switch is restarted.
Page 390 Choose the menu Maintenance→Device Diagnostics→Cable Test to load the following page. Figure18-7 Cable Test The following entries are displayed on this screen: Cable Test  Port: Select the port for cable testing. UNIT: Select the unit ID of the desired member in the stack. Pair: Displays the Pair number.
Page 391: Loopback
18.3.2 Loopback Loopback test function, looping the sender and the receiver of the signal, is used to test whether the port of the switch is available as well as to check and analyze the physical connection status of the port to help you locate and solve network malfunctions. Choose the menu Maintenance→Device Diagnostics→Loopback to load the following page.
Page 392: Tracert
Choose the menu Maintenance→Network Diagnostics→Ping to load the following page. Figure18-9 Ping The following entries are displayed on this screen: Ping Config  Destination IP: Enter the IP address of the destination node for Ping test. Ping Times: Enter the amount of times to send test data during Ping testing. The default value is recommended.
Page 393 Choose the menu Maintenance→Network Diagnostics→Tracert to load the following page. Figure18-10 Tracert The following entries are displayed on this screen: Tracert Config  Destination IP: Enter the IP address of the destination device. Max Hop: Specify the maximum number of the route hops the test data can pass through.
Page 394: Chapter 19 System Maintenance Via Ftp
Chapter 19 System Maintenance via FTP The firmware can be downloaded to the switch via FTP function. FTP (File Transfer Protocol), a protocol in the application layer, is mainly used to transfer files between the remote server and the local PCs. It is a common protocol used in the IP network for files transfer. If there is something wrong with the firmware of the switch and the switch cannot be launched, the firmware can be downloaded to the switch again via FTP function.
Page 395 2） The Connection Description Window will prompt shown as Figure 19-3. Enter a name into the Name field and click OK. Figure 19-3 Connection Description 3） Select the port to connect in Figure 19-4 and click OK. Figure 19-4 Select the port to connect...
Page 396 4） Configure the port selected in the step above shown as the following Figure 19-5. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK. Figure 19-5 Port Settings 3.
Page 397 2） Power off and restart the switch. When you are prompted that “Press CTRL-B to enter the bootutil” in the hyper terminal, please press CTRL-B key to enter into bootutil menu shown as Figure 19-6. Figure 19-6 bootutil Menu As the prompt is displayed for a short time, you are suggested not to release the CTRL-B key until you enter into bootutil menu after powering on the switch.
Page 398 For example: Configure the IP address as 10.10.70.22, mask as 255.255.255.0 and gateway as10.10.70.1. The detailed steps are shown as the figure below. 4） Configure the parameters of the FTP server which keeps the upgrade firmware, and download the firmware to the switch from the FTP server. Store the downloaded firmware in the switch with the name of image1.bin or image2.bin, and specify its attribute as startup image or backup image.
Page 399 5） Enter 1 and y, the switch will reboot with the startup image. 6） Please 3 to start the switch shown as the following figure. After the switch is started, you can login to the CLI command window and manage the switch via CLI command. When you forget the login user name and password, you can enter 2 after entering into bootutil menu to reset the system.
Page 400: Appendix A: Specifications
Appendix A: Specifications IEEE802.3i 10Base-T Ethernet IEEE802.3u 100Base-TX/100Base-FX Fast Ethernet IEEE802.3ab 1000Base-T Gigabit Ethernet IEEE802.3z 1000Base-X Gigabit Ethernet IEEE802.3ae 10GBase-X Ten-Gigabit Ethernet IEEE802.3ad Link Aggregation IEEE802.3x Flow Control IEEE802.1p QoS Standards IEEE802.1q VLAN IEEE802.1d Spanning Tree Protocol IEEE802.1s Multi Spanning Tree Protocol IEEE802.1w Rapid Spanning Tree Protocol IEEE802.1x Port-based Access Authentication ANSI/IEEE 802.3 N-Way Auto-Negotiation...
Page 401 Power, System, RPS, FAN, Master, Module, Link/Act, 21F-24F, 25, 26, M1, M2, Unit ID LED Transmission Method Store and Forward 10BASE-T: 14881pps/port 100BASE-TX: 148810pps/port Packets Forwarding Rate 1000Base-T: 1488095pps/port 10Gbase-X: 14880950pps/port Operating Temperature: 0℃ ~ 40℃ Storage Temperature: -40℃ ~ 70℃ Operating Environment Operating Humidity: 10% ~ 90% RH Non-condensing Storage Humidity: 5% ~ 90% RH Non-condensing...
Page 402: Appendix B: Configuring The Pcs
Appendix B: Configuring the PCs In this section, we’ll introduce how to install and configure the TCP/IP correctly in Windows 2000. First make sure your Ethernet Adapter is working, refer to the adapter’s manual if necessary. Configure TCP/IP component On the Windows taskbar, click the Start button, and then click Control Panel. Click the Network and Internet Connections icon, and then click on the Network Connections tab in the appearing window.
Page 403 The following TCP/IP Properties window will display and the IP Address tab is open on this window by default. Figure B-3 Select Use the following IP address. And the following items will be available. If the switch's IP address is 192.168.0.1, specify IP address as 192.168.0.x (x is from 2 to 254), and the Subnet mask as 255.255.255.0.
Page 404: Appendix C: 802.1X Client Software
Appendix C: 802.1X Client Software In 802.1X mechanism, the supplicant Client should be equipped with the corresponding client software complied with 802.1X protocol standard for 802.1X authentication. When the switch works as the authenticator system, please take the following instructions to install the TpSupplicant provided on the attached CD for the supplicant Client.
Page 405 Then the following screen will appear. Click Next to continue. If you want to stop the installation, click Cancel. Figure C-3 Welcome to the InstallShield Wizard To continue, choose the destination location for the installation files and click Next on the following screen.
Page 406 Till now, The Wizard is ready to begin the installation. Click Install to start the installation on the following screen. Figure C-5 Install the Program The InstallShield Wizard is installing TpSupplicant shown as the following screen. Please wait. Figure C-6 Setup Status...
Page 407 Uninstall Software If you want to remove the TpSupplicant, please take the following steps: On the Windows taskbar, click the Start button, point to All ProgramsTP-LINK TpSupplicant, and then click Uninstall TP-LINK 802.1X, shown as the following figure. Figure C-8 Uninstall TP-LINK 802.1X...
Page 408 Then the following screen will appear. If you want to stop the remove process, click Cancel. Figure C-9 Preparing Setup On the continued screen, click Yes to remove the application from your PC. Figure C-10 Uninstall the Application Click Finish to complete. Figure C-11 Uninstall Complete...
Page 409 Configuration After completing installation, double click the icon to run the TP-LINK 802.1X Client Software. The following screen will appear. Figure C-12 TP-LINK 802.1X Client Enter the Name and the Password specified in the Authentication Server. The length of Name and Password should be less than 16 characters.
Page 410 Auto reconnect after timeout: Select this option to allow the Client to automatically start the connection again when it does not receive the handshake reply packets from the switch within a period. To continue, click Connect button after entering the Name and Password on Figure D-12. Then the following screen will appear to prompt that the Radius server is being searched.
Page 411 1.4 FAQ: Q1: Why does this error dialog box pop up when starting up the TP-LINK 802.1X Client Software? It’s because the supported DLL file is missing. You are suggested to go to http://www.winpcap.org to download WinPcap 4.0.2 or the higher version for installation, and run the client software again.
Page 412 Appendix D: Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 413 Generic Multicast Registration Protocol (GMRP) GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. Group Attribute Registration Protocol (GARP) See Generic Attribute Registration Protocol. IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 414 Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses. Link Aggregation See Port Trunk. Link Aggregation Control Protocol (LACP) Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device.
Page 415 Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Simple Network Management Protocol (SNMP) The application protocol in the Internet suite of protocols which offers network management services.

TP-Link T3700G-28TQ User Manual

Chapter 1 About this Guide

Chapter 2 Introduction

Chapter 3 Login to the Switch

Chapter 4 System

Chapter 5 Stack

Chapter 6 Switching

Chapter 7 VLAN

Chapter 8 Spanning Tree

Chapter 9 Multicast

Chapter 10 Routing

Chapter 11 Multicast Routing

Chapter 12 Qos

Chapter 13 ACL

Chapter 14 Network Security

Chapter 15 SNMP

Chapter 16 LLDP

Chapter 17 Cluster

Chapter 18 Maintenance

Chapter 19 System Maintenance Via FTP

Appendix A: Specifications

Appendix B: Configuring the Pcs

Appendix C: 802.1X Client Software

Quick Links

Related Manuals for TP-Link T3700G-28TQ

Summary of Contents for TP-Link T3700G-28TQ