Page 2
Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3
Safety Information When product has power button, the power button is one of the way to shut off the product; When there is no power button, the only way to completely shut off power is to disconnect the product or the power adapter from the power source. Don’t disassemble the product, or make repairs yourself.
CONTENTS Package Contents ..........................1 Chapter 1 About This Guide ......................2 Intended Readers ......................2 Conventions ........................2 Overview of This Guide ....................2 Chapter 2 Introduction ........................7 Overview of the Switch ....................7 Main Features ........................ 7 Appearance Description ....................
Page 5
5.1.1 Stack Info ......................40 5.1.2 Stack Config ...................... 41 5.1.3 Switch Renumber ....................42 Application Example for Stack ..................44 Chapter 6 Switching ........................45 Port ..........................45 6.1.1 Port Config ......................45 6.1.2 Port Mirror......................46 6.1.3 Port Security ...................... 48 6.1.4 Port Isolation .....................
Page 6
VLAN VPN ........................85 7.7.1 VPN Config ......................86 7.7.2 Port Enable ......................86 7.7.3 VLAN Mapping ....................87 GVRP ........................... 89 Private VLAN ........................ 93 7.9.1 PVLAN Config ....................94 7.9.2 Port Config ......................95 7.10 Application Example for Private VLAN ................ 96 Chapter 8 Spanning Tree ......................
Page 7
Chapter 10 Routing ........................140 10.1 Interface ........................140 10.2 Routing Table ......................143 10.3 Static Routing ......................143 10.3.1 Static Routing ....................143 10.3.2 Application Example for Static Routing ............144 10.4 DHCP Server ......................145 10.4.1 DHCP Server ....................151 10.4.2 Pool Setting .....................
Page 8
10.9.12 Application Example for OSPF ............... 206 10.10 VRRP.......................... 208 10.10.1 Basic Config ....................212 10.10.2 Advanced Config ..................... 214 10.10.3 Virtual IP Config....................215 10.10.4 Track Config ....................216 10.10.5 Virtual Router Statistics ................... 217 10.10.6 Application Example for VRRP ............... 219 Chapter 11 Multicast Routing .......................
One Console Cable One Power Supply Module Slot Cover Two mounting brackets and other fittings Installation Guide Resource CD for T3700G-28TQ switch, including: This User Guide • The Command Line Interface Guide • SNMP Mibs •...
Chapter 1 About This Guide This User Guide contains information for setup and management of T3700G-28TQ switch. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for network managers familiar with IT concepts and network terminologies.
Page 15
Chapter Introduction Chapter 4 System This module is used to configure system properties of the switch. Here mainly introduces: System Info: Configure the description, system time and network parameters of the switch. User Management: Configure the user name and password for ...
Page 16
Chapter Introduction Chapter 8 Spanning Tree This module is used to configure spanning tree function of the switch. Here mainly introduces: STP Config: Configure and view the global settings of spanning tree function. Port Config: Configure CIST parameters of ports. ...
Page 17
Chapter Introduction Chapter 12 QoS This module is used to configure QoS function to provide different quality of service for various network applications and requirements. Here mainly introduces: DiffServ: Configure priorities, port priority, 802.1P priority and DSCP priority. Bandwidth Control: Configure rate limit feature to control the ...
Page 18
Chapter Introduction Chapter 17 Cluster This module is used to configure cluster function to centrally manage the scattered devices in the network. Here mainly introduces: NDP: Configure NDP function to get the information of the directly connected neighbor devices. NTDP: Configure NTDP function for the commander switch to ...
T3700G-28TQ is ideal for large enterprises, campuses or SMB networks requiring an outstanding, reliable and affordable 10 Gigabit solution. T3700G-28TQ supports stacking of up to 8 units, thus providing flexible scalability and protective redundancy for your networks. Moreover, aiming to better protect your network, T3700G-28TQ’s main power is removable, with the help of TP-LINK’s...
Quality of Service • + Supports L2/L3 granular CoS with 8 priority queues per port. + Rate limiting confines the traffic flow accurately according to the preset value. • Security + Supports multiple industry standard user authentication methods such as 802.1x, RADIUS. + IP Source Guard prevents IP spoofing attacks.
Page 21
LEDs Status Indication The switch is powered on The switch is powered off or power supply is abnormal Power supply is abnormal Flashing The switch works properly Flashing System The switch works improperly On/Off Both the built-in power supply and the redundant power Green supply work properly The built-in power supply works improperly, but the...
Page 22
SFP+ Ports: Port 25-26, designed to install the 10Gbps SFP+ transceiver/cable. T3700G-28TQ also provides an interface card slot on the rear panel to install the expansion card (TX432 of TP-LINK for example). If TX432 is installed, you get another two 10Gbps SFP+ ports.
RPS Input Connector: Provides an interface to connect the RPS (Redundant Power Supply). You can select an RPS (RPS150 of TP-LINK for example) for your switch if needed. Power Supply Module Slot: Provides an interface to install the Power Supply Module. An AC Power Supply Module PSM150-AC is provided with the switch.
Chapter 3 Login to the Switch 3.1 Login 1) To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP address of your PC should be set in the same subnet addresses of the switch.
Page 25
Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Save Config. You are suggested to click Save Config before cutting off the power or rebooting the switch to avoid losing the new configurations.
Chapter 4 System The System module is mainly for system configuration of the switch, including four submenus: System Info, User Management, System Tools and Access Security. 4.1 System Info The System Info, mainly for basic properties configuration, can be implemented on System Summary, Device Description, System Time and Daylight Saving Time pages.
Page 27
Indicates the 1000Mbps port is not connected to a device. Indicates the 1000Mbps port is at the speed of 1000Mbps. Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. Indicates the SFP port is not connected to a device. Indicates the SFP port is at the speed of 1000Mbps.
Figure 4-3 Bandwidth Utilization Bandwidth Utilization Select Rx to display the bandwidth utilization of receiving packets on this port. Select Tx to display the bandwidth utilization of sending packets on this port. 4.1.2 Device Description On this page you can configure the description of the switch, including device name, device location and system contact.
System Contact: Enter your contact information. 4.1.3 System Time System Time is the time displayed while the switch is running. On this page you can configure the system time and the settings here will be used for other time-based functions like ACL. You can manually set the system time, get UTC automatically if it has connected to an NTP server or synchronize with PC’s clock as the system time.
Note: The system time will be restored to the default when the switch is restarted and you need to reconfigure the system time of the switch. When Get Time from NTP Server is selected and no time server is configured, the switch will get time from the time server of the Internet if it has connected to the Internet.
Recurring Mode: Specify the DST configuration in recurring mode. This configuration is recurring in use: Offset: Specify the time adding in minutes when Daylight Saving Time comes. Start/End Time: Select starting time and ending time of Daylight Saving Time. Date Mode: Specify the DST configuration in Date mode.
Page 32
Choose the menu System → User Management → User Config to load the following page. Figure 4-8 User Config The following entries are displayed on this screen: User Info User Name: Create a name for users’ login. Access Level: Select the access level to login.
Operation: Click the Edit button of the desired entry, and you can edit the corresponding user information. After modifying the settings, please click the Modify button to make the modification effective. Access level and user status of the current user information cannot be modified.
Current Startup Displays the current startup image. Image: Next Startup Image: Select the next startup image. Backup Image: Select the backup boot image. Current Startup Displays the current startup config filename. Config: Next Startup Input the next startup config filename. Config: Backup Config: Input the backup config filename.
It will take a few minutes to backup the configuration. Please wait without any operation. 4.3.4 Firmware Upgrade The switch system can be upgraded via the Web management page. To upgrade the system is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware.
Choose the menu System→System Tools→Firmware Upgrade to load the following page. Figure 4-12 Firmware Upgrade Note: Don’t interrupt the upgrade. Please select the proper software version matching with your hardware to upgrade. To avoid damage, please don't turn off the device while upgrading. After upgrading, the device will reboot automatically.
Choose the menu System→System Tools→System Reset to load the following page. Figure 4-14 System Reset Note: After the system is reset, the switch will be reset to the default and all the settings will be cleared. 4.4 Access Security Access Security provides different security measures for the remote login so as to enhance the configuration management security.
The following entries are displayed on this screen: Access Control Config Control Mode: Select the control mode for users to log on to the Web management page. IP-based: Select this option to limit the IP-range of the users for login.
Page 39
After SSL is effective, you can log on to the Web management page via https://192.168.0.1. For the first time you use HTTPS connection to log into the switch with the default certificate, you will be prompted that “The security certificate presented by this website was not issued by a trusted certificate authority”...
4.4.3 SSH Config As stipulated by IFTF (Internet Engineering Task Force), SSH (Secure Shell) is a security protocol established on application and transport layers. SSH-encrypted-connection is similar to a telnet connection, but essentially the old telnet remote management method is not safe, because the password and data transmitted with plain-text can be easily intercepted.
Page 41
Max Connect: Specify the maximum number of the connections to the SSH server. No new connection will be established when the number of the connections reaches the maximum number you set. The default value is 5. Key Download Key Type: Select the type of SSH Key to download.
Page 42
2. Click the Open button in the above figure to log on to the switch. Enter the login user name and password, and then you can continue to configure the switch. Application Example 2 for SSH: Network Requirements 1. Log on to the switch via key authentication using SSH and the SSH function is enabled on the switch.
Page 43
2. After the key is successfully generated, please save the public key and private key to the computer. 3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Note: The key type should accord with the type of the key file.
Page 44
4. After the public key is downloaded, please log on to the interface of PuTTY and enter the IP address for login. 5. Click Browse to download the private key file to SSH client software and click Open.
Page 45
After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded. Note: Following the steps above, you have already entered the User EXEC Mode of the switch. However, to configure the switch, you need a password to enter the Privileged EXEC Mode first.
Chapter 5 Stack The stack technology is to connect multiple stackable devices through their StackWise ports, forming a stack which works as a unified system and presents as a single entity to the network in Layer 2 and Layer 3 protocols. It enables multiple devices to collaborate and be managed as a whole, which improves the performance and simplifies the management of the devices efficiently.
Page 47
In a ring connected stack, it can still operate normally by transforming into a daisy chained stack when link failure occurs, which further ensures the normal operation of load distribution and backup across devices and links as Figure 5-2 shows. Figure 5-2 Load Distribution and Backup across Devices 3.
Page 48
Stack Introduction 1. Stack Elements 1) Stack Role Each device in the stack system is called stack member. Each stack member processes services packets and plays a role which is either master or slave in the stack system. The differences between master and slave are described as below: Master: Indicates the device is responsible for managing the entire stack system.
Page 49
1) Connecting the stack members To establish a stack, please physically connect the stack ports of the member devices with cables. The stack ports of T3700-28TQ can be used for stack connection or as normal Ethernet Gigabit port. When you want to establish a stack, the stack mode of the related ports should be configured as "Enable".
Page 50
The master is elected based on the following rules and in the order listed: The switch that is currently the stack master. The switch with the highest stack member priority value. The switch with the lowest MAC address. After master election, the stack forms and enters into stack management and maintenance stage.
Page 51
Slot Number: Indicates the number of the slot the interface card is in. For T3700G-28TQ, the front panel ports belong to slot 0. Slot number starting from 1 each represents an interface card slot.
5.1 Stack Management Before configuring the stack, we highly recommend you to prepare the configuration planning with a clear set of the role and function of each member device. Some configuration needs device reboot to take effect, so you are kindly recommended to configure the stack at first, next connect the devices physically after powering off them, then you can power them on and the devices will join the stack automatically.
Role: Displays the stack role of the member switch in the stack. There are two options: Master and Slave. Displays the MAC address of the member switch. MAC Address: Priority: Displays the member priority of the member switch. The higher the value is, the more likely the member will be elected as the master.
The following entries are displayed on this screen: Stack Config Enter the name of the stack. The length of this field should be 1-30 Stack Name: characters. After the stack is established, the name of master determines the stack name. Select the authentication mode used in stack creation.
Page 55
Choose the menu Stack Management→Switch Renumber to load the following page. Figure 5-9 Switch Renumber The following entries are displayed on this screen: Switch Renumber Select: Select the desired entry. It is multi-optional. Current Unit: Displays the current unit number of the member switch. Designated Unit: Configure the unit number of the member switch.
5.2 Application Example for Stack Network Requirements Establish a stack of ring topology with four T3700-28TQ switches. Network Diagram Configuration Procedure Configure switch A, B, C and D before physically connecting them: Step Operation Description Configure stack Optional.
Chapter 6 Switching Switching module is used to configure the basic functions of the switch, including four submenus: Port, LAG, Traffic Monitor and MAC Address. 6.1 Port The Port function, allowing you to configure the basic features for the port, is implemented on the Port Config, Port Mirror, Port Security, Port Isolation and Loopback Detection pages.
Description: Give a description to the port for identification. Status: Allows you to Enable/Disable the port. When Enable is selected, the port can forward the packets normally. Speed: Select the Speed mode for the port. The device connected to the switch should be in the same Speed and Duplex mode with the switch.
Page 59
The following entries are displayed on this screen. Mirror Session List Session: This column displays the mirror session number. Destination: This column displays the mirroring port. Mode: This column displays the mirror mode. Source: This column displays the mirrored ports. Operation: You can configure the mirror session by clicking the "Edit", or clear the mirror session configuration by clicking the "Clear".
The following entries are displayed on this screen. Mirror Session Session: Displays session number. Destination Port Destination Port: Input or select a physical port from the port panel as the mirroring port. Source Port Select: Select the desired port as a mirrored port. It is multi-optional. Port: Displays the port number.
Page 61
Choose the menu Switching→Port→Port Security to load the following page. Figure 6-4 Port Security The following entries are displayed on this screen: Port Security UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for Port Security configuration. It is multi-optional.
Permanent: When Permanent mode is selected, the • learned MAC address will be out of the influence of the aging time and can only be deleted manually. The learned entries will be saved even the switch is rebooted. Status: Select Enable/Disable the Port Security feature for the port. Note: The Port Security function is disabled for the LAG port member.
Click the Edit button to configure the port isolation list in the following page: Figure 6-6 Port Isolation Config Port Isolation Config UNIT: Select the unit ID of the desired member in the stack. Port: Select the port number to set its forward list. It is multi-optional. Forward Portlist: Select the port that to be forwarded to.
Page 64
Choose the menu Switching → Port → Loopback Detection to load the following page. Figure 6-7 Loopback Detection Config The following entries are displayed on this screen: Global Config LoopbackDetection Here you can enable or disable Loopback Detection function Status: globally.
Port: Displays the port number. Status: Enable or disable Loopback Detection function for the port. Operation Mode: Select the mode how the switch processes the detected loops. Alert: When a loop is detected, display an alert. Port based: When a loop is detected, display an alert and block the port.
Tips: Calculate the bandwidth for a LAG: If a LAG consists of the four ports in the speed of 1000Mbps Full Duplex, the whole bandwidth of the LAG is up to 8000Mbps (2000Mbps * 4) because the bandwidth of each member port is 2000Mbps counting the up-linked speed of 1000Mbps and the down-linked speed of 1000Mbps.
Operation: Allows you to view or modify the information for each LAG. • Edit: Click to modify the settings of the LAG. • Detail: Click to get the information of the LAG. Click the Detail button for the detailed information of your selected LAG. Figure 6-9 Detail Information 6.2.2 Static LAG On this page, you can manually configure the LAG.
The following entries are displayed on this screen: LAG Config Group Number: Select a Group Number for the LAG. Description: Displays the description of the LAG for identification. Member Port UNIT: Select the unit ID of the desired member in the stack. Member Port: Select the port as the LAG member.
Page 69
Choose the menu Switching→LAG→LACP Config to load the following page. Figure 6-11 LACP Config The following entries are displayed on this screen: Global Config System Priority: Specify the system priority for the switch. The system priority and MAC address constitute the system identification (ID). A lower system priority value indicates a higher system priority.
member. The port with smaller Port Priority will be considered as the preferred one. If the two port priorities are equal; the port with smaller port number is preferred. Mode: Specify LACP mode for your selected port. Status: Enable/Disable the LACP feature for your selected port. LAG: Displays the LAG number which the port belongs to.
The following entries are displayed on this screen: Auto Refresh Auto Refresh: Allows you to Enable/Disable refreshing the Traffic Summary automatically. Refresh Rate: Enter a value in seconds to specify the refresh interval. Traffic Summary UNIT: Select the unit ID of the desired member in the stack. Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered.
Page 72
Choose the menu Switching→Traffic Monitor→Traffic Statistics to load the following page. Figure6-13 Traffic Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Allows you to Enable/Disable refreshing the Traffic Summary automatically. Refresh Rate: Enter a value in seconds to specify the refresh interval. Port Select ...
Statistics Port: Enter a port number and click the Select button to view the traffic statistics of the corresponding port. Received: Displays the details of the packets received on the port. Sent: Displays the details of the packets transmitted on the port. Broadcast: Displays the number of good broadcast packets received or transmitted on the port.
The address filtering feature allows the switch to filter the undesired packets and forbid its forwarding so as to improve the network security. The types and the features of the MAC Address Table are listed as the following: Being kept after reboot Relationship between the Aging bound MAC address and...
The following entries are displayed on this screen: Search Option MAC Address: Enter the MAC address of your desired entry. VLAN ID: Enter the VLAN ID of your desired entry. Port: Select the corresponding port number or link-aggregation number of your desired entry.
Page 76
Choose the menu Switching→MAC Address→Static Address to load the following page. Figure 6-15 Static Address The following entries are displayed on this screen: Create Static Address MAC Address: Enter the static MAC Address to be bound. VLAN ID: Enter the corresponding VLAN ID of the MAC address. UNIT: Select the unit ID of the desired member in the stack.
MAC Address: Displays the static MAC Address. VLAN ID: Displays the corresponding VLAN ID of the MAC address. Port: Displays the corresponding Port number of the MAC address. Here you can modify the port number to which the MAC address is bound. The new port should be in the same VLAN.
Page 78
Choose the menu Switching→MAC Address→Dynamic Address to load the following page. Figure 6-16 Dynamic Address The following entries are displayed on this screen: Aging Config Auto Aging: Allows you to Enable/Disable the Auto Aging feature. Aging Time: Enter the Aging Time for the dynamic address. Search Option ...
Aging Status: Displays the Aging Status of the MAC address. Bind: Click the Bind button to bind the MAC address of your selected entry to the corresponding port statically. Tips: Setting aging time properly helps implement effective MAC address aging. The aging time that is too long or too short results in a decrease of the switch performance.
Page 80
Search Option Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in the Filtering Address Table. MAC Address: Enter the MAC address of your desired entry. • • VLAN ID: Enter the VLAN ID number of your desired entry.
Chapter 7 VLAN The traditional Ethernet is a data network communication technology basing on CSMA/CD (Carrier Sense Multiple Access/Collision Detect) via shared communication medium. Through the traditional Ethernet, the overfull hosts in LAN will result in serious collision, flooding broadcasts, poor performance or even breakdown of the Internet.
packets with the MAC VLAN, Protocol VLAN and 802.1Q VLAN in turn. If a packet is matched, the switch will add a corresponding VLAN tag to it and forward it in the corresponding VLAN. 7.1 802.1Q VLAN VLAN tags in the packets are necessary for the switch to identify packets of different VLANs. The switch works at the data link layer in OSI model and it can identify the data link layer encapsulation of the packet only, so you can add the VLAN tag field into the data link layer encapsulation for identification.
GENERAL: The GENERAL port can be added in multiple VLANs and set various egress rules according to the different VLANs. The default egress rule is UNTAG. The PVID can be set as the VID number of any valid VLAN. PVID ...
Page 84
Choose the menu VLAN→802.1Q VLAN→VLAN Config to load the following page. Figure 7-3 VLAN Table To ensure the normal communication of the factory switch, the default VLAN of all ports is set to VLAN1. The following entries are displayed on this screen: VLAN Table ...
The following entries are displayed on this screen: VLAN Info VLAN ID: Enter the ID number of VLAN. Name: Displays the user-defined name of VLAN. Untagged port: Displays the untagged port which is ACCESS, TRUNK or GENERAL. UNIT: Select the unit ID of the desired member in the stack. Tagged port: Displays the tagged port which is TRUNK or GENERAL.
Page 86
Select the Link Type from the pull-down list for the port. Link Type: ACCESS: The ACCESS port can be added in a single VLAN, • and the egress rule of the port is UNTAG. The PVID is same as the current VLAN ID. If the current VLAN is deleted, the PVID will be set to 1 by default.
Step Operation Description Delete VLAN Optional. On the VLAN→802.1Q VLAN→VLAN Config page, select the desired entry to delete the corresponding VLAN by clicking the Delete button. 7.2 Application Example for 802.1Q VLAN Network Requirements Switch A is connecting to PC A and Server B; ...
Configure switch B Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure Link Type of the the link type of Port 7, Port 6 and Port 8 as ACCESS, TRUNK and ports ACCESS respectively. Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 6 and Port 8.
The following entries are displayed on this screen: Create MAC VLAN MAC Address: Enter the MAC address. Description: Give a description to the MAC address for identification. VLAN ID: Enter the ID number of the MAC VLAN. This VLAN should be one of the 802.1Q VLANs the ingress port belongs to.
Step Operation Description Required. On the VLAN→MAC VLAN page, create the MAC VLAN. Create MAC VLAN. For the device in a MAC VLAN, it’s required to set its connected port of switch to be a member of this VLAN so as to ensure the normal communication.
Page 91
Step Operation Description Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 11 and Port 12, and configure the egress rule of Port 11 as Untag. Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 20, owning Port 11 and Port 12, and configure the egress rule of Port 11 as Untag.
7.5 Protocol VLAN Protocol VLAN is another way to classify VLANs basing on network protocol. Protocol VLANs can be sorted by IP, IPX, DECnet, AppleTalk, Banyan and so on. Through the Protocol VLANs, the broadcast domain can span over multiple switches and the Host can change its physical position in the network with its VLAN member role always effective.
Choose the menu VLAN→Protocol VLAN→Protocol Group Table to load the following page. Figure 7-9 Create Protocol VLAN The following entries are displayed on this screen: Protocol Group Table Select: Select the desired entry. It is multi-optional. Protocol Name: Displays the protocol of the protocol group. VLAN ID: Displays the corresponding VLAN ID of the protocol.
Protocol Group Member UNIT: Select the unit ID of the desired member in the stack. 7.5.3 Protocol Template The Protocol Template should be created before configuring the Protocol VLAN. By default, the switch has defined the IP Template, ARP Template, RARP Template, etc. You can add more Protocol Template on this page.
Configuration Procedure: Step Operation Description Set the link type for port. Required. On the VLAN→802.1Q VLAN→Port Config page, set the link type for the port basing on its connected device. Create VLAN. Required. On the VLAN→802.1Q VLAN→VLAN Config page, click the Create button to create a VLAN. Enter the VLAN ID and the description for the VLAN.
Page 96
Network Diagram Configuration Procedure Configure switch A Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the link type of Port 11 and Port 13 as ACCESS, and configure the link type ports of Port 12 as GENERAL.
Step Operation Description Create Protocol Required. On VLAN→Protocol VLAN→Protocol Template page, Template configure the protocol template practically. E.g. the Ether Type of IP network packets is 0800 and that of AppleTalk network packets is 809B. Create Protocol On VLAN→Protocol VLAN→Protocol Group page, create protocol VLAN 10 VLAN 10 with Protocol as IP.
Protocol type Value LACP 0x8809 802.1X 0x888E Table 7-3 Values of Ethernet frame protocol type in common use This VLAN VPN function is implemented on the VPN Config, Port Enable and VLAN Mapping pages. 7.7.1 VPN Config This page allows you to enable the VPN function, adjust the global TPID for VLAN-VPN packets and enable the VPN up-link port.
Figure 7-13 Enable Port for VLAN Mapping VPN Port Enable UNIT: Select the unit ID of the desired member in the stack. Select your desired port for VLAN Mapping function. All the ports are disabled for VLAN Mapping function by default. 7.7.3 VLAN Mapping VLAN Mapping function allows the VLAN TAG of the packets to be replaced with the new VLAN TAG according to the VLAN Mapping entries.
Page 100
The following entries are displayed on this screen: Global Config VLAN Mapping: Enable/Disable the VLAN mapping function. If VLAN mapping is disabled and VLAN VPN is enabled, the packet will be encapsulated with an outer tag according to the PVID of its arriving port.
Configuration Procedure of VLAN VPN Function: Step Operation Description Enable VPN mode. Required. On the VLAN→VLAN VPN→VPN Config page, enable the VPN mode. Optional. On the VLAN→VLAN VPN→VPN Config page, Configure the global TPID. configure the global TPID basing on the devices connected to the up-link port.
Page 102
• When a GARP entity expects other switches to register certain attribute Join Message: information of its own, it sends out a Join message. And when receiving the Join message from the other entity or configuring some attributes statically, the device also sends out a Join message in order to be registered by the other GARP entities.
Page 103
In this switch, only the port with TRUNK link type can be set as the GVRP application entity to maintain the VLAN registration information. GVRP has the following three port registration modes: Normal, Fixed, and Forbidden. • Normal: In this mode, a port can dynamically register/deregister a VLAN and propagate the dynamic/static VLAN information.
Page 104
Port Config Unit: Select the unit ID of the desired member in the stack. Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. Status: Enable/Disable the GVRP feature for the port. The port type should be set to TRUNK before enabling the GVRP feature.
7.9 Private VLAN Private VLANs, designed to save VLAN resources of uplink devices and decrease broadcast, are sets of VLAN pairs that share a common primary identifier. To guarantee user information security, the ease with which to manage and account traffic for service providers, in campus network, service providers usually require that each individual user is Layer-2 separated.
4. A Primary VLAN can be associated with multi-Secondary VLANs to create multi-Private VLANs. Private VLAN Implementation To hide Secondary VLANs from uplink devices and save VLAN resources, Private VLAN containing one Primary VLAN and one Secondary VLAN requires the following characteristics: Packets from different Secondary VLANs can be forwarded to the uplink device via ...
Search Option Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in Private VLAN. All: Enter the Primary VLAN ID number or Secondary VLAN ID of the desired Private VLAN. Primary VLAN ID: Enter the Primary VLAN ID number of the ...
The following entries are displayed on this screen: Port Config Port selected: Select the desired port for configuration. You can input one or select from the port table down the blank. Port Type: Select the Port Type from the pull-down list for the port. Primary VLAN: Specify the Primary VLAN the port belongs to.
Page 109
Network Diagram Configuration Procedure Configure Switch C Step Operation Description Create VLAN6 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 6, owning Port 1/0/1. Configure switch A Step Operation Description Create Private Required.
Page 110
Configure switch B Step Operation Description Create Private Required. On the VLAN→Private VLAN→PVLAN Config page, VLANs. enter the Primary VLAN 6 and Secondary VLAN 5 and 8, select one type of secondary VLAN and then click the Create button. Required.
Chapter 8 Spanning Tree STP (Spanning Tree Protocol), subject to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network and block ports by exchanging information, in that way, a ring network can be disbranched to form a tree-topological ring-free network to prevent packets from being duplicated and forwarded endlessly in the network.
Page 112
Port: Port 3 is the root port of switch B and port 5 is the root port of switch C; port 1 and 2 are the designated ports of switch A and port 4 is the designated port of switch B; port 6 is the blocked port of switch C.
Page 113
Comparing BPDUs Each switch sends out configuration BPDUs and receives a configuration BPDU on one of its ports from another switch. The following table shows the comparing operations. Step Operation If the priority of the BPDU received on the port is lower than that of the BPDU if of the port itself, the switch discards the BPDU and does not change the BPDU of the port.
Page 114
The condition for the root port to transit its port state rapidly: The old root port of the switch stops forwarding data and the designated port of the upstream switch begins to forward data. The condition for the designated port to transit its port state rapidly: The designated port is ...
Page 115
The following figure shows the network diagram in MSTP. Figure 8-2 Basic MSTP diagram MSTP MSTP divides a network into several MST regions. The CST is generated between these MST regions, and multiple spanning trees can be generated in each MST region. Each spanning trees is called an instance.
The following diagram shows the different port roles. Figure 8-3 Port roles The Spanning Tree module is mainly for spanning tree configuration of the switch, including four submenus: STP Config, Port Config, MSTP Instance and STP Security. 8.1 STP Config The STP Config function, for global configuration of spanning trees on the switch, can be implemented on STP Config and STP Summary pages.
Page 117
The following entries are displayed on this screen: Global Config Spanning Tree: Select Enable/Disable STP function globally on the switch. Mode: Select the desired STP version on the switch. STP: Spanning Tree Protocol. RSTP: Rapid Spanning Tree Protocol. ...
turn handicaps spanning trees being regenerated in time and makes the network less adaptive. The default value is recommended. If the TxHold Count parameter is too large, the number of MSTP packets being sent in each hello time may be increased with occupying too much network resources. The default value is recommended.
Page 119
Choose the menu Spanning Tree→Port Config to load the following page. Figure 8-6 Port Config The following entries are displayed on this screen: Port Config UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for STP configuration. It is multi-optional. Port: Displays the port number of the switch.
Port Role: Displays the role of the port played in the STP Instance. Root Port: Indicates the port that has the lowest path cost from this bridge to the Root Bridge and forwards packets to the root. Designated Port: Indicates the port that forwards packets to a ...
Choose the menu Spanning Tree→MSTP Instance→Region Config to load the following page. Figure 8-7 Region Config The following entries are displayed on this screen: Region Config Region Name: Create a name for MST region identification using up to 32 characters. Revision: Enter the revision from 0 to 65535 for MST region identification.
VLAN ID: Enter the desired VLAN ID. Click 'Add' button, the new VLAN ID will be added to the corresponding instance ID and the previous VLAN ID won't be replaced. Click 'Delete' button, the VLAN ID will be delete from the corresponding instance ID. Instance Config ...
Page 123
Choose the menu Spanning Tree→MSTP Instance→Instance Port Config to load the following page. Figure 8-9 Instance Port Config The following entries are displayed on this screen: Instance ID Select Instance ID: Select the desired instance ID for its port configuration. Instance Port Config ...
Path Cost: Path Cost is used to choose the path and calculate the path costs of ports in an MST region. It is an important criterion on determining the root port. The lower value has the higher priority. Port Role: Displays the role of the port played in the MSTP Instance.
Page 125
spanning trees being regenerated and roles of ports being reselected, and causes the blocked ports to transit to forwarding state. Therefore, loops may be incurred in the network. The loop protect function can suppresses loops. With this function enabled, a port, regardless of the role it plays in instances, is always set to blocking state, when the port does not receive BPDU packets from the upstream switch and spanning trees are regenerated, and thereby loops can be prevented.
Page 126
Choose the menu Spanning Tree→STP Security→Port Protect to load the following page. Figure 8-10 Port Protect The following entries are displayed on this screen: Port Protect UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for port protect configuration.
8.4.2 TC Protect When TC Protect is enabled for the port on Port Protect page, the TC threshold and TC protect cycle need to be configured on this page. Choose the menu Spanning Tree→STP Security→TC Protect to load the following page. Figure 8-11 TC Protect The following entries are displayed on this screen: TC Protect...
Page 128
On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Spanning Tree→MSTP...
Page 129
On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Spanning Tree→MSTP...
Page 130
On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Spanning Tree→MSTP Instance→Instance...
Page 131
For Instance 2 (VLAN 102, 104 and 106), the blue paths in the following figure are connected links; the gray paths are the blocked links. Suggestion for Configuration Enable TC Protect function for all the ports of switches. ...
Chapter 9 Multicast Multicast Overview In the network, packets are sent in three modes: unicast, broadcast and multicast. In unicast, the source server sends separate copy information to each receiver. When a large number of users require this information, the server must send many pieces of information with the same content to the users.
Page 133
Multicast Address 1. Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination addresses of multicast packets. The multicast IP addresses range from 224.0.0.0~239.255.255.255. The following table displays the range and description of several special multicast IP addresses.
IGMP Snooping In the network, the hosts apply to the near Router for joining (leaving) a multicast group by sending IGMP (Internet Group Management Protocol) messages. When the up-stream device forwards down the multicast data, the switch is responsible for sending them to the hosts. IGMP Snooping is a multicast control mechanism, which can be used on the switch for dynamic registration of the multicast group.
3. IGMP Leave Message The host, running IGMPv1, does not send IGMP leave message when leaving a multicast group, as a result, the switch cannot get the leave information of the host momentarily. However, after leaving the multicast group, the host does not send IGMP report message any more, so the switch will remove the port from the corresponding multicast address table when its member port time times out.
Choose the menu Multicast→IGMP Snooping→Snooping Config to load the following page. Figure 9-4 Basic Config The following entries are displayed on this screen: Global Config IGMP Snooping: Select Enable/Disable IGMP Snooping function globally on the switch. Unknown Multicast: Select the operation for the switch to process unknown multicast, Forward or Discard.
Page 137
Choose the menu Multicast→IGMP Snooping→Port Config to load the following page. Figure 9-5 Port Config The following entries are displayed on this screen: Port Config UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for IGMP Snooping feature configuration. It is multi-optional.
9.1.3 VLAN Config Multicast groups established by IGMP Snooping are based on VLANs. On this page you can configure different IGMP parameters for different VLANs. Choose the menu Multicast→IGMP Snooping→VLAN Config to load the following page. Figure 9-6 VLAN Config The following entries are displayed on this screen: VLAN Config ...
Router Port Time: Displays the router port time of the VLAN. Member Port Time: Displays the member port time of the VLAN. Leave Time: Displays the leave time of the VLAN. Static Router Ports: Displays the static router ports of the VLAN. Dynamic Router Displays the dynamic router ports of the VLAN.
Page 140
Choose the menu Multicast→IGMP Snooping→Multicast VLAN to load the following page. Figure 9-7 Multicast VLAN The following entries are displayed on this screen: Multicast VLAN Multicast VLAN: Select Enable/Disable Multicast VLAN feature. VLAN ID: Enter the VLAN ID of the multicast VLAN. Router Port Time: Specify the aging time of the router port.
Static Router Ports: Select the desired port as the static router port which is mainly used in the network with stable topology. Note: The router port should be in the multicast VLAN, otherwise the member ports cannot receive multicast streams. The Multicast VLAN won't take effect unless you first complete the configuration for the corresponding VLAN owning the port on the 802.1Q VLAN page.
Page 142
Choose the menu Multicast→IGMP Snooping→Querier Config to load the following page. Figure 9-8 Packet Statistics The following entries are displayed on this screen: IGMP Snooping Querier Config VLAN ID: Enter the ID of the VLAN that enables IGMP Snooping Querier. Query Interval: Enter the time interval of sending a general query frame by IGMP Snooping Querier.
VLAN ID: Displays the ID of the VLAN that enables IGMP Snooping Querier. Query Interval: Displays the Query Interval of the IGMP Snooping Querier. Max Response Displays the maximal time for the host to respond to a general Time: query frame sent by IGMP Snooping Querier. General Query Displays the source IP of the general query frame sent by IGMP Source IP:...
Configuration Procedure Step Operation Description Create VLANs Create three VLANs with the VLAN ID 3, 4 and 5 respectively, and specify the description of VLAN3 as Multicast VLAN on VLAN→802.1Q VLAN page. Configure ports On VLAN→802.1Q VLAN function pages. For port 3, configure its link type as GENERAL and its egress rule as TAG, and add it to VLAN3, VLAN4 and VLAN5.
The following entries are displayed on this screen: Search Option Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly. All: Displays all multicast IP entries. Multicast IP: Enter the multicast IP address the desired entry ...
Page 146
Choose the menu Multicast→Multicast IP→Static Multicast IP to load the following page. Figure9-10 Static Multicast IP Table The following entries are displayed on this screen: Create Static Multicast Multicast IP: Enter static multicast IP address. VLAN ID: Enter the VLAN ID of the multicast IP. Forward Port: Select the forward port of the multicast group.
Static Multicast IP Table Multicast IP: Displays the multicast IP. VLAN ID: Displays the VLAN ID of the multicast group. Forward Port: Displays the forward port of the multicast group. 9.4 Multicast Filter When IGMP Snooping is enabled, you can specified the multicast IP-range the ports can join so as to restrict users ordering multicast programs via configuring multicast filter rules.
Page 148
Mode: The attributes of the profile. Permit: Only permit the IP address within the IP range and deny others. Deny: Only deny the IP address within the IP range and permit others. Search Option Profile ID: Enter the profile ID the desired entry must carry. IGMP Profile Info ...
Deny: Only deny the IP address within the IP range and permit others. Add IP-range Start IP: Enter the start IP address of the IP range. End IP: Enter the end IP address of the IP range. IP-range Table ...
The following entries are displayed on this screen: Profile and Max Group Binding UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration. Port: It is multi-optional. Displays the port number. Profile ID: The existing Profile ID bound to the selected port.
Page 151
Choose the menu Multicast→Packet Statistics to load the following page. Figure 9-14 Packet Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Select Enable/Disable auto refresh feature. Refresh Period: Enter the time from 3 to 300 in seconds to specify the auto refresh period.
The goal of a routing protocol is very simple: It is to supply the information that is needed to do routing. This chapter describes how to configure the IPv4 unicast routing on the T3700G-28TQ. 10.1 Interface Interface is a virtual interface in Layer 3 mode and mainly used for realizing the Layer 3 connectivity between VLANs or routed ports.
Page 153
Subnet Mask: Specify the subnet mask of the interface's IP address. Admin Status: Specify interface administrator status. Choose 'Disable' to disable the interface's Layer 3 capabilities. Interface Name: Specify the name of the network interface. Interface List Select : Select the interfaces to modify or delete.
Page 154
Subnet Mask: View and modify the subnet mask of the interface. Admin Status: View and modify the Admin status. Choose 'Disable' to disable the interface's Layer 3 capabilities. Interface Name: View and modify the interface name. Click Detail to display the following figure: Figure 10-3 Detail Information Detail Information ...
Interface Setting Detail Information Displays the detailed setting information of the interface. 10.2 Routing Table This page displays the routing information summary generated by different routing protocols. Choose the menu Routing→Routing Table→Routing Table to load the following page. Figure 10-4 Routing Table Routing Information Summary ...
The following entries are displayed on this screen: Static Routing Config Specify the destination IP address of the packets. Destination: Subnet Mask: Specify the subnet mask of the destination IP address. Next Hop: Enter the IP address to which the packet should be sent next. Distance: Enter the distance metric of route.
Configuration Procedure Configure Switch A Steps Operation Note Required. On page Routing→Interface→Interface Config, add Add interface VLAN 10 interface VLAN 10 with the mode as static, the IP address as 192.168.0.1, the mask as 255.255.255.0 and the interface name as VLAN10.
Page 158
additional configuration options. DHCP captures the behavior of DHCP participants so the administrator can manage the parameters of the host in the network. As workstations and personal computers proliferate on the Internet, the administrative complexity of maintaining a network is increased by an order of magnitude. The assignment of local network resources to each client represents one such difficulty.
Page 159
fixed format section of the message and appending tagged data items in the variable length option area. The process is shown as follows. igure 10-7 The Process of DHCP DHCP discover: the client broadcasts messages on the physical subnet to discover available DHCP servers in the LAN.
Page 160
for the fields given in the figure will be used throughout this document to refer to the fields in DHCP messages. Figure 10-8 The Format of DHCP Message op:Message type, ‘1’ = BOOT-REQUEST, ‘2’ = BOOT-REPLY. htype:Hardware address type, '1' for ethernet. hlen:Hardware address length, '6' for ethernet.
Page 161
14) file:Boot file name, null terminated string, "generic" name or null in DHCPDISCOVER, fully qualified directory-path name in DHCPOFFER. 15) options: Optional parameters field. See the options documents (RFC 2132) for a list of defined options. We will introduce some familiar options in the next section. DHCP Option ...
Page 162
Only a little device need static IP address to connect the network. Details of DHCP Server on T3700G-28TQ A typical application of T3700G-28TQ working at DHCP Server function is shown below. It can be altered to meet the network requirement. Figure 10-10 DHCP Server Application To guarantee the process of assigning IP address fluency and in safety, and to keep the network run steadily, the DHCP Server function on T3700G-28TQ performs the following tasks.
At last, the server will choose the first IP from the IP pool which has not been assigned. Tips for Configure DHCP Server Function on T3700G-28TQ Configure the Excluded IP address which cannot be assigned by the switch, e.g. web server’s IP, broadcast IP of subnet and gateway’s IP.
Page 164
Choose the menu Routing→DHCP Server→DHCP Server to load the following page. Figure10-11 DHCP Server The following entries are displayed on this screen: Global Config DHCP Server: Enable/Disable the switch as a DHCP server. Ping Time Config Ping Packets: The number of packets to be sent.
10.4.2 Pool Setting This page shows you how to configure the IP pool in which the IP address can be assigned to the clients in the network. Choose the menu Routing→DHCP Server→DHCP Server Pool to load the following page. Figure 10-12 Pool Setting The following entries are displayed on this screen: DHCP Server Pool ...
Operation: Allows you to view or modify the information of the corresponding IP Pool. Edit: Click to modify the settings of the Pool. Detail: Click to get the information of the Pool. 10.4.3 Manual Binding In this page, you can specify the IP address for specific clients, and then the switch will supply these specified parameters to them only for ever.
Choose the menu Routing→DHCP Server→Binding Table to load the following page. Figure 10-14 DHCP Server Binding Table DHCP Server Binding Table Displays the ID of the client. IP Address: Displays the IP address that the Switch has allocated to the client.
Page 168
The following entries are displayed on this screen: Packets Received BOOTREQUEST: Displays the Bootp Request packet received. DHCPDISCOVER: Displays the Discover packet received. DHCPREQUEST: Displays the Request packet received. DHCPDECLINE: Displays the Decline packet received. DHCPRELEASE: Displays the Release packet received. DHCPINFORM: Displays the Inform packet received.
Network Diagram Use T3700G-28TQ as the central switch and enable its DHCP server function to allocate IP addresses to clients in the network. Enable the DHCP relay function on each access switch in VLAN 10, 20 and 30. For details about DHCP relay, please refer to 10.5 DHCP...
DHCP server in the internet. Details of DHCP Relay on T3700G-28TQ A typical application of T3700G-28TQ working at DHCP Relay function is shown below. It can be altered to meet the network requirement.
Page 171
Figure 10-16 DHCP Relay Application To allow all clients in different VLAN request IP address from one server successfully, the DHCP Relay function can transmit the DHCP packet between clients and server in different VLANs, and all clients in different VLANs can share one DHCP Server. When receiving DHCP-DISCOVER and DHCP-REQUEST packets, the switch will fill the giaddr ...
Specify the DHCP Server which assigns IP addresses actually. Option 82 On this switch, Option 82 is used to record the location of the DHCP Client, the ethernet port and the VLAN, etc. Upon receiving the DHCP-REQUEST packet, the switch adds the Option 82 field to the packet and then transmits the packet to DHCP Server.
Page 173
Choose the menu Routing→DHCP Relay→Global Config to load the following page. Figure 10-19 Global Config The following entries are displayed on this screen: Option 82 configuration Configure the Option 82 which cannot be assigned by the switch. Option 82 Support: Enable or disable the Option 82 feature.
10.5.2 DHCP Server This page enables you to configure DHCP Servers on the specified interface. Choose the menu Routing→DHCP Relay→DHCP Server to load the following page. Figure 10-20 DHCP Server The following entries are displayed on this screen: Add DHCP Server Address ...
When an ARP request of a host is to be forwarded to another host in the same network segment but isolated at Layer 2, to realize the connectivity, the device connecting the two virtual networks should be able to respond to this request. This can be achieved by the device running proxy ARP. Within the same network segment, hosts connecting with different VLAN interfaces can communicate with each other through Layer 3 forwarding by using proxy ARP function.
Search Default If enabled, default route is included when searching arp Route: proxy. Proxy ARP Information Select: Select the desired item for configuration. It is multi-optional. IP Address: Displays the interface's IP address. Subnet Mask: Displays the interface's subnet mask. Interface: Displays the interface.
Step Operation Description Enable Proxy Required. On Routing→Proxy ARP→Proxy ARP page, enable Proxy ARP feature for VLAN interface 2 and VLAN interface 3. 10.7 ARP This page displays the ARP table information. Choose the menu Routing→ARP→ARP Table to load the following page. Figure 10-23 ARP Table The following entries are displayed on this screen: ARP Table...
Page 178
RIP routing table An RIP router has a routing table containing routing entries of all reachable destinations, and each routing entry contains: Destination address: IP address of a host or a network. Next hop: IP address of the adjacent router’s interface to reach the destination. ...
Page 179
RIP Version RIP has two versions, RIPv1 and RIPv2. RIPv1, a classful routing protocol, supports message advertisement via broadcast only. RIPv1 protocol messages do not carry mask information, which means it can only recognize routing information of natural networks such as Class A, B, and C. That is why RIPv1 does not support discontinuous subnets.
Figure 10-25 RIPv2 Message Format The detailed explanations of each field are stated as following: Version: Version of RIP. For RIPv2 the value is 0x02. Route Tag: Route Tag. IP Address: Destination IP address. It can be a natural network address, subnet address ...
Page 181
Choose the menu Routing→RIP→Basic Config to load the following page. Figure 10-27 RIP Basic Config The following entries are displayed on this screen: RIP Enable RIP Protocol: Choose to enable or disable the RIP function. By default is disable. Global Config ...
RIP Distance: Set the RIP router distance. Auto Summary: If you select enable groups of adjacent routes will be summarized into single entries, in order to reduce the total number of entries The default is disable. Default Metric: Set the default metric for the redistributed routes. The valid values are (1 to 15).
Status: The interface RIP status(up or down) is decided by the network status. You cannot change it here. Send Version: Select the version of RIP control packets the interface should send from the pulldown menu. RIPv1:send RIP version 1 formatted packets via broadcast. ...
Choose the menu Routing→RIP→RIP Database to load the following page. Figure 10-29 RIP Database The following entries are displayed on this screen: RIP Routing Table Destination Network: The destination IP address and subnet mask. Next Hop: The IP address of the next hop. Metric: The metric to reach the destination IP address.
Configure Switch B Step Operation Note Required. On page Routing→RIP→Basic Config, enable RIP, Enable RIP select RIPv2 as RIP version. Enable the network Required. On page Routing→RIP→Basic Config Network Enable segments where part, add network segments 1.1.1.0, 10.1.1.0, 11.1.1.0, and enable the interfaces are RIP in these network segments.
Page 186
Figure 10-30 Common Scenario for OSPF routing protocol The network topology is more prone to changes in an autonomous system of larger size. The network adjustment of any one router could destabilize the whole network and cause massive OSPF packets to be forward repeatedly, and all the routers need to recalculate the routes, which would waste lots of network resources.
Page 187
In the automatic election, the router would in the first place select the highest loopback interface IP as the router ID. If the router doesn’t pre-define the loopback interfaces, it would select the address as the router ID. highest physical interface IP address 3.
Page 188
Figure 10-31 Diagram of DR/BDR Adjacency Relation DR or BDR is determined by the interface priority and router ID. First of all, whether a router could be the DR or BDR on a network is decided by its interface priority. The one of highest priority would be elected as DR or BDR;...
Page 189
After two routers have finished the synchronization of link state database, a complete adjacency relation will be established. When the intra-area routers have an identical link state database, each of them will calculate a loop-free topology through SPF algorithm with itself as the root thus to describe the shortest forward path to every network node it knows, and create a routing table according to the topology of shortest forward path and provide a basis for data forwarding.
Page 190
Figure 10-32 Steps to Establish a Complete Adjacency Relation Flooding As Figure 10-32 shows, two random routers will synchronize the link state database via LSA request, LSA update and LSA acknowledgement packets. But in the actual module of router network, how do the routers flood the change of local network to the entire network through LSA update packets? Figure 10-33 will introduce in details the flooding of the LSA update packets on the broadcast network.
Page 191
Figure 10-33 Flooding of the LSA DROthers multicast the LSA update of its directly-connected network to DR and BDR. After receiving the LSA update, DR floods it to all the adjacent routers. After receiving the LSA update from DR, the adjacent routers flood it to the other OSPF interfaces in their own areas.
Page 192
network connectivity at all time. The non-backbone Area 1 and Area 2 cannot communicate directly with each other, but they can exchange routing information through the backbone Area 0. On large-scale networks, an appropriate area partition can help greatly to save network resources and enhance the speed of the routing.
Page 193
Figure 10-36 Virtual Link Sketch As in Figure 10-36, ABR of Area 2 has no physical link to connect directly with the backbone area, in which case Area 2 could not communicate with others without configuring a virtual link. Then a virtual link between ABR1 and ABR2, passing through Area 1, could provide a logical link for Area 2 to connect with the backbone area.
Page 194
learn about the routing information from other areas, the size of the routing table of the routers in the stub area as well as the number of the routing message transferred would be reduced greatly. NSSA (Not-So-Stubby-Area) has a lot in common with stub area, but is not completely the same. NSSA doesn’t allow ABR to import the external routing information described by AS-External LSA, either.
Page 195
Figure 10-38 Discontinuous Network Segment Link State Database When the routers in the network completely synchronize the link state database through LSA exchanges, they can calculate the shortest path tree by basing themselves as the root node. The OSPF protocol routing calculation is simply presented as below. Each OSPF router would generate LSA according to its own link state or routing information, and then send it through the update packets to the other OSPF routers in the network.
Page 196
Figure 10-39 OSPF Header Version: The version number of OSPF run by this device. For instance, the OSPF run by our IPv4 devices is of Version 2, and that run by IPv6 devices is of Version 3. Type: The type of this packet. There are totally five types of OSPF packets, as shown in the table below.
Page 197
HELLO Packet OSPF routers send Hello packets to each other to find neighbor routers in the network and to maintain the mutual adjacency relationship. Only when two routers send Hello packets carrying the same interface parameters, can they become neighbors. Figure 10-40 HELLO Packet Netmask: Netmask of the router interface forwarding Hello packet.
Page 198
Figure 10-41 DD Packet Interface MTU: Size in bytes of the largest IP packet that can be sent out by the routing interface of the advertising router. I: The Initial bit. During the synchronization of link state database between two routers, it may require multiple DD packets to be forwarded, among which the first DD packet will set its initial bit to 1, while the others 0.
Page 199
Figure 10-42 LSR Packet Link State Type: The type of LSA. There are 11 types of LSA in total: Router LSA, Network LSA, Network Summarization LSA, ASBR Summarization LSA, and so on. In the following, all these would be introduced in details. Link State ID: It has different meanings for different types of LSA.
Page 200
LSAck Packet When receiving a LSU, the router will send to the router forwarding the LSU packet a LSAck packet including the LSA header it receives to confirm whether the data received is correct. OSPF protocol defines area and multiple router types. Via various sorts of LSA, different types of router complete routing update caused by network changes.
Page 201
Type Name Features Code NSSA Originates from ASBR in the NSSA. The content of this LSA is External LSA the same as that of AS external LSA, but it would be advertised only to NSSA. ABR can transform this type of routing information to AS external LSA and then flood it to the entire AS.
Create the routing interfaces and configure their IP parameters. Plan the areas to which the subnets (routing interfaces) of the switches belong. Configure the OSPF processes on each switch. Configure the routing interfaces and the areas they belong to under the corresponding OSPF processes.
10.9.2 Basic Choose the menu Routing→OSPF→Basic to load the following page. Figure 10-46 OSPF Base The following entries are displayed on this screen: Select Current Process Current Process: Select the desired OSPF process for configuration. Default Route Advertise Config ...
Page 204
OSPF Config ASBR Mode: The router is an Autonomous System Boundary Router if it is configured to redistribute routes from another protocol, or if it is configured to originate an AS-External LSA advertising the default route. ABR Status: The router is an Area Border Router if it has active non-virtual interfaces in two or more OSPF areas.
Passive Default: Configure the global passive mode settings for all OSPF interfaces. Configuring this field will overwrite any present interface level passive mode settings. OSPF does not form adjacencies on passive interfaces, but does advertise attached networks as stub networks. The default value is 'Disable'.
Area ID: Displays the area to which the network belongs. 10.9.4 Interface Choose the menu Routing→OSPF→Interface to load the following page. Figure10-48 OSPF Interface The following entries are displayed on this screen: Interface Table Select: Select the desired item for configuration. It is multi-optional. Interface: The interface for which data is to be displayed or configured.
Page 207
Passive Mode: Make an interface passive to prevent OSPF from forming an adjacency on an interface. OSPF advertises networks attached to passive interfaces as stub networks. Interfaces are not passive by default. MTU Ignore: Disables OSPF MTU mismatch detection on received database description packets.
Page 208
The router establishes adjacencies to all other routers attached to the network. The Backup Designated Router performs slightly different functions during the Flooding Procedure, as compared to the Designated Router. DR Other: The interface is connected to a broadcast on ...
Page 209
Retransmit Interval: The retransmit interval for the specified interface. This is the number of seconds between link-state advertisements for adjacencies belonging to this router interface. This value is also used when retransmitting database descriptions and link-state request packets. The valid value ranges from 1 to 65535 seconds and the default is 5 seconds.
10.9.5 Area Choose the menu Routing→OSPF→Area to load the following page. Figure10-50 OSPF Area The following entries are displayed on this screen: Area Config Process ID: Select the desired OSPF process for configuration. Area ID: The 32 bit unsigned integer that uniquely identifies the area. It can be in decimal format or dotted decimal format.
Page 211
Metric Type: Set the OSPF metric type of the default route. Two types are supported: External Type 1 and External Type 2. The default value is External Type 2. Metric: Specify the metric of the default route. The valid value ranges from 1 to 16777214 and the default is 1.
10.9.6 Area Aggregation You can configure address ranges for an area on this page. The address range is used to consolidate or summarize routes for an area at an area boundary. The result is that a single summary route is advertised to other areas by the ABR. Routing information is condensed at area boundaries, a single route is advertised for each address range.
Cost: Displays the path cost to the address range and it can be modified. Advertise: Displays the Advertise parameter and it can be modified. 10.9.7 Virtual Link Choose the menu Routing→OSPF→Virtual Link to load the following page. Figure10-52 Virtual Link The following entries are displayed on this screen: Virtual Link Creation ...
Dead Interval: The dead interval for the specified interface in seconds. This specifies how long a router will wait to see a neighbor router's Hello packets before declaring that the router is down. This parameter must be the same for all routers attached to a network.
Source: The available source routes for redistribution by OSPF. The valid values are 'Static', 'RIP', and other OSPF processes. Redistribute: This option enables or disables the redistribution for the selected source protocol. Metric: Set the metric value to be used as the metric of redistributed routes.
Tag: Set the tag field in redistributed address range. The valid value ranges from 0 to 4294967295 and the default is 0. NSSA Only: Set whether or not to limit redistributed address range to NSSA areas. The default is Disable. Advertise: Set whether or not the address range will be redistributed to OSPF domain via an AS-External LSA.
Page 217
State: The state of the neighbor: Down: This is the initial state of a neighbor conversation. It indicates that there has been no recent information received from the neighbor. On NBMA networks, Hello packets may still be sent to 'Down' neighbors, although at a reduced frequency.
10.9.11 Link State Database Choose the menu Routing→OSPF→Link State Database to load the following page. Figure10-56 Link State Database The following entries are displayed on this screen: Link State Database Process: Select one OSPF Process to display its link state database. Area ID: Displays the ID of the area to which the LSA belongs.
Page 219
Network Diagram Configuration Procedure Configure Switch A Step Operation Description Create routing Required. On page Routing→Interface→Interface Config, create interfaces and routed port 1/0/1 with the IP 1.10.1.1/24 and routed port 1/0/2 with the their IP IP 1.20.1.1/24. addresses Create OSPF Required.
Configure Switch C Step Operation Description Create routing Required. On page Routing→Interface→Interface Config, create interfaces and routed port 1/0/1 with the IP 1.20.2.1/24 and routed port 1/0/2 with the their IP IP 1.20.1.2/24. addresses Create OSPF Required. On page Routing→OSPF→Process, Create OPSF process process 1 and configure the Router ID as 3.3.3.3.
Page 221
still be provided and network interruption can be avoided after a single link fails without reconfiguration of dynamic routing or router discovery protocols, or default gateway configuration on every end-host. 2. Small network overhead. The single message that VRRP defines is the VRRP advertisement, which can only be sent by the master router.
Page 222
The VRRP priority ranges from 0 to 255 (the bigger the number is, the higher the priority is). Configurable range is 1-254. The priority value 0 is reserved for the current master when it gives up its role as master router. For example, when master router receives shutdown message, it would send VRRP packet with priority 0 to the backup group which the interface belongs to.
Page 223
interfaces and better performance can be elected as master router; and the stability of backup group is increased. When the router interface connecting the uplink fails, the backup group cannot recognize uplink breakdown. If this router is in Master state, hosts in the LAN cannot visit external network.
VRRP Configuration Before configuring VRRP, users should plan well to specify the role and function of the devices in backup groups. Every switch in backup group should be configured, which is the precondition to construct a backup group. 10.10.1 Basic Config VRRP (Virtual Routing Redundancy Protocol) is a function on the Switch that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.
Page 225
Virtual IP: Displays the primary Virtual IP associated with the VRRP. Priority: Displays the priority associated with the VRRP. Status: Displays the status associated with the VRRP. Other: Displays more information about the VRRP. Select All: Select all the VRRP items. Delete: Delete the selected items.
Priority: Displays the running priority associated with the VRRP. It ranges from 1 to 255. Advertise Timer: Displays the advertise timer associated with the VRRP. It ranges from 1 to 255. Preempt Delay Displays the preempt delay timer associated with the VRRP. It Timer: ranges from 0 to 255.
Description: Enter the description associated with the VRRP. Numbers, characters and '_' are the only valid inputs, and the maximal length of the inputs is 8. Priority: Enter the Priority associated with the VRRP. It ranges from 1 to 254. Advertise Timer: Enter the advertise timer associated with the VRRP.
The following entries are displayed on this screen: Add Virtual IP This filed is used to add virtual IP addresses associated with the VRRP. Up to five virtual IP addresses can be added for every VRRP. VRID: Select the VRID From the from the pull-down list. Interface: Select the Interface ID from the pull-down list.
The following entries are displayed on this screen: Add Track This filed is used for adding track information associated with the VRRP. Up to 5 interfaces can be tracked for every VRRP. IP owner cannot track any interface. Interface: Select the Interface ID from the pull-down list.
Page 230
The following entries are displayed on this screen: Global Statistics Router Checksum Displays the total number of VRRP packets received with an Errors: invalid VRRP checksum value. Router Version Displays the total number of VRRP packets received with an Errors: unknown or unsupported version number.
Packet Length Displays the number of packets received with a packet length Errors: less than the length of the VRRP header. Clear: Clear the statistics displayed on the web. Refresh: Refreshes the web page to show the latest VRRP information. Configuration Procedure:...
Page 232
Network Diagram Configuration Procedure Configure Switch A Steps Operation Note Configure On page Routing→Interface→Interface Config, create the interface interface and its VLAN2, and configure its IP address as 192.168.1.1 and Subnet Mask IP address. as 255.255.255.0. Add port to the On page VLAN→802.1Q VLAN→VLAN Config, add port 5 to interface.
Chapter 11 Multicast Routing Overview of Multicast Routing Protocols Note: The router and router icon mentioned in this chapter represent the router in general or the switch that runs the layer 3 multicast routing protocols. The multicast routing protocols run in layer 3 multicast devices and they create and maintain multicast routes to forward the multicast packets correctly and efficiently.
The multicast model divides into two types depending on whether there is an exact multicast source: ASM (Any-Source Multicast) and SSM (Source-Specific Multicast). ASM (Any-Source Multicast): In the ASM model, any sender can be a multicast source sending multicast information to a multicast group address, and receivers can join a multicast group identified by the group address and obtain multicast information addressed to that multicast group.
11.1.2 Mroute Table On this page you can get the desired mroute information through different search options. Choose the menu Multicast Routing→Global Config→Mroute Table to load the following page. Figure 11-2 Mroute Table The following entries are displayed on this screen: Search Option ...
11.2 IGMP Brief Introduction of IGMP IGMP stands for Internet Group Management Protocol. It is responsible for the management of IP multicast members in IPv4, and is used to establish and maintain the multicast member relationships between the IP host and its directly neighboring multicast routers. So far, there are three IGMP versions: IGMPv1(defined in RFC 1112) ...
Page 237
(3) After receiving the IGMP query message, the host that is interested in multicast group G1, either Host B or Host C (depending on whose latency timer runs out first) — for example Host B, will firstly multicast IGMP membership report message to G1 to declare it belongs to G1. As all the hosts and routers can receive this membership report message and the IGMP routers (Router A and Router B) already know there is a host interested in G1, Host C will not send its report message for G1 after it receives the report message of Host B.
Page 238
2. Leave-Group Mechanism When a host leaves a multicast group in IGMPv2: (1) The host will send leave group message to all the multicast routers in the local network with the multicast address 224.0.0.2. (2) After receiving this leave group message, the querier will send group-specific query message to the multicast group that the host announces to leave.
Page 239
Figure 11-4 IGMPv3 Multicast Source Filtering If the IGMP protocol running between the hosts and the multicast routers is IGMPv1 or IGMPv2, Host B will be unable to select its expecting sources when it joins the multicast group G. Thus whether needed or not, the multicast data from Source 1 and Source 2 will be transferred to Host When IGMPv3 is running between the hosts and the multicast routers, Host B will only expect the multicast data sending from Source 1 to G, referred as (S1, G), or refuse to receive the multicast...
IS_EX: indicating the mapping relationship between the multicast group and the multicast source list is EXCLUDE, which means the host will only receive the multicast data sending to this multicast group with its source not in the specified source list. TO_IN: indicating the mapping relationship between the multicast group and the multicast ...
Robustness: Specify the robustness of the selected interface, ranging from 1 to 255. The default is 2. The robustness variable determines the aging time of the member port after it receives the report message. The aging time = robustness* general-query-interval + query-max-response-time.
Routed Port: Enter the routed port the desired entry must carry. Interface State Table Interface: The interface for which data is to be displayed or configured. IP Address: The IP address of the selected interface. Querier IP: The address of the IGMP querier on the IP subnet to which the selected interface is attached.
The following entries are displayed on this screen: IGMP Static Multicast Group Interface: Enter the ID of the interface corresponds to, VLAN ID or routed port. Multicast IP: Enter the multicast IP address the desired entry must carry. Source IP: Displays the Source IP of the entry.
Choose the menu Multicast Routing→IGMP→Multicast Group Table to load the following page. Figure 11-8 Multicast Group Table The following entries are displayed on this screen: Search Option Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly.
Page 245
Choose the menu Multicast Routing→IGMP→Profile Binding to load the following page. Figure 11-9 Profile Binding The following entries are displayed on this screen: Profile and Max Group Binding UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration.
Profile: Click the Profile button to create new IGMP profiles. 11.2.6 Packet Statistics On this page you can view multicast packet statistics over each interface of the switch, which facilitates you monitor the IGMP packets in the network. Choose the menu Multicast Routing→IGMP→Packet Statistics to load the following page. Figure 11-10 Packet Statistics The following entries are displayed on this screen: Auto Refresh...
11.2.7 Application Example for IGMP Network Requirements Receivers of different organizations form the stub networks N1 and N2, and Host A and Host C are the multicast information receivers in N1 and N2 respectively. They receive the Video-On-Demand information through multicast. In the PIM network, Switch A connects to N1;...
Configure Switch A Steps Operation Note On page Multicast Routing→ Global Config→ Global Config, Enable IP multicast routing. enable the multicast routing function. Enable IGMP on On page Multicast Routing→ IGMP→ Interface Config, enable user-side interface. IGMP (version 3) on interface VLAN 10. ...
Page 249
RPF Mechanism PIM uses the unicast routing table to perform the RPF check. RPF mechanism ensures the multicast packets being forwarded correctly according to the multicast routing configuration, and avoids loops causing by various reasons. 1. RPF Check The RPF check relies on unicast route or static multicast route. The unicast routing table aggregates the shortest paths to each destination network segments, and the static multicast routing table lists specified static RPF routing entries configured by the user manually.
Page 250
If the check result shows that the RPF interface is the different from the input interface in the current (S, G) entry, which indicates that the (S, G) entry is invalid and the router will correct the input interface to the packet’s actual arriving interface, and forward this packet to all the output interfaces.
Page 251
Neighbor Discovering In PIM domain, routers periodically sends PIM Hello packets to all the PIM routers with the multicast address 224.0.0.13 to discover PIM neighbors, maintain the PIM neighboring relationships between the routers, thus to build and maintain the SPT. SPT Building ...
Page 252
Grafting When a new receiver on a previously pruned branch of the tree joins a multicast group, the PIM DM takes the Graft mechanism to actively resume this node’s function of forwarding multicast data, thus reducing the time it takes to resume to the forwarding state. The process is illustrated as below: (1) The branch that needs to receive the multicast data again will send a graft message to its upstream node up the distribution tree towards the source hop-by-hop, applying to rejoin the...
(2) The router with the unicast route of the smaller cost to the multicast source; (3) The router with the local interface of the higher IP address. 11.3.1 PIM DM Interface Choose the menu Multicast Routing→PIM DM→PIM DM Interface to load the following page. Figure 11-13 PIM DM Interface The following entries are displayed on this screen: PIM DM Interface Config...
Page 254
Choose the menu Multicast Routing→PIM DM→PIM DM neighbor to load the following page. Figure 11-14 PIM DM neighbor The following entries are displayed on this screen: PIM DM Interface Config The L3 interfaces can be configured as PIM DM mode by this page. Search Option: ALL: Displays all entries.
Step Operation Description Enable IGMP Required. Enable IGMP on the routing interfaces which connect to the receivers on Multicast Routing→IGMP→Interface Config page. 11.3.3 Application Example for PIM DM Network Requirements Receivers receive VOD data through multicast. The whole network runs PIM DM as multicast routing protocol.
Configuration Procedure Configure Switch A: Step Operation Description Configure interface. Configure IP addresses and subnet masks of VLAN interfaces 1, 2 and 3 on Routing→ Interface→Interface Config page. Configure routing Configure the routing entries via static route or dynamic routing protocol.
Page 257
The router connected to the receiver sends the join message to the RP of a certain multicast group. The path along which the join message is sent to the RP hop-by-hop forms a branch of RPT. When the multicast source is sending multicast data to a multicast group, the router directly ...
Page 258
Figure 11-15 DR Elect As shown in Figure 11-15, the DR election process is illustrated below: (1) Routers in the shared network sends Hello message carrying DR-election priority to each other, and the router with the highest priority will be elected as the DR; (2) If the routers have the same priorities, or at least one route in the network doesn’t support carrying the DR-election priority in the Hello packet, the routers with the highest IP address will be elected as the DR.
Page 259
Figure 11-16 The Locations of C-RP, C-BSR and BSR RPT Building Figure 11-17 RPT Topology in PIM SM As shown in Figure 11-17, the establishing process of RPT is illustrated below: (1) When a receiver joins a multicast group G, it informs the directly connected DR with IGMP message;...
Page 260
check if there are other receivers of this group. If there are no more receivers, the prune message will be sent upstream. Multicast Source Registering The multicast source register is to inform its presence to the RP. As shown in Figure 11-18, the process of the multicast source registering to RP is illustrated below: Figure 11-18 Multicast Source Register Topology in PIM SM (1) When the multicast source S’s directly connected DR receives a multicast packet sent from...
Page 261
(2) The receiver-side DR sends prune message toward the RP hop-by-hop. The RP will forward the received prune message toward the multicast source. The switching process from RPT to SPT is then accomplished. After the switching from RPT to SPT, the multicast data will be sent from multicast source to the receivers directly.
The multicast messages (such as C-RP Hello Message and BSR BootStrap Message) of each BSR administrative domain cannot pass through the domain border. 11.4.1 PIM SM Interface Choose the menu Multicast Routing→PIM SM→PIM SM Interface to load the following page. Figure11-20 PIM SM Interface The following entries are displayed on this screen: PIM SM Interface Config...
11.4.2 PIM SM Neighbor PIM SM neighbor is automatically learned by sending and receiving Hello Packets when PIM SM is enabled. Choose the menu Multicast Routing→PIM SM→PIM SM Neighbor to load the following page. Figure 11-21 PIM SM neighbor The following entries are displayed on this screen: Search Option ...
Page 264
Choose the menu Multicast Routing→PIM SM→BSR to load the following page. Figure 11-22 BSR The following entries are displayed on this screen: PIM SM Candidate BSR Config Configure the candidate BSR of current device. Interface: Select the interface on this switch from which the BSR address is derived to make it a candidate.
Page 265
PIM SM Candidate BSR Information Candidate Displays the Candidate BSR address. Address: Priority: Displays the priority of the Candidate BSR. Hash Mask Length: Displays the hash mask length of the Candidate BSR. 11.4.4 RP In the PIM SM mode, RP receives multicast data from the source and transmits the data down the shared tree to the multicast group members.
Priority: Specify the priority of the candidate RP. The default value is 192. Interval: Specify the interval of advertisement message of the candidate RP in seconds. The default value is 60. PIM SM Candidate RP Table Interface: Displays the VLAN interface of the candidate RP. Priority: Displays the priority of the candidate RP.
11.4.6 RP Info Choose the menu Multicast Routing→PIM SM→RP Info to load the following page. Figure 11-25 RP Info The following entries are displayed on this screen: Search Option Search Option: ALL: Select All to display all entries. Group: Select Group and enter the group IP address of ...
11.4.7 Application Example for PIM SM Network Requirements Receivers receive VOD data through multicast. The whole network runs PIM SM as multicast routing protocol. Host A and Host D act as multicast receivers. Switch A connects to Switch B in VLAN 2, connects to Switch C in VLAN 3. The Source server connects to Switch A in VLAN 1.
The static multicast routing is an important foundation for the RPF check. In the RPF check process, with static multicast routing configured, the router will choose one as the RPF route after comparing the optimal unicast route and the static multicast route selected respectively from the unicast routing table and the static multicast routing table.
The following entries are displayed on this screen: Static Mroute Config Source: Enter the IP address that identifies the multicast source of the entry you are creating. Source Mask: Enter the subnet mask to be applied to the Source. RPF Neighbor: Enter the IP address of the neighbor router on the path to the mroute source.
11.5.3 Application Example for Static Mroute Network Requirements The network runs PIM DM and all the switches in the network support multicast features. Switch A, Switch B and Switch C run OSPF protocol. In normal circumstances, Receiver receives multicast data from Source through the path Switch A-Switch B, which is the same as the unicast route.
Page 273
Configure Switch B Step Operation Note Required. On page Multicast Routing→Global Config→Global Enable multicast routing Config, enable the Multicast Routing function globally. Enable PIM DM Required. On page Multicast Routing→PIM DM→PIM DM Interface, enable PIM DM on the VLAN interfaces 100, 101 and 102. Enable IGMP Required.
Chapter 12 QoS QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality. This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function.
Page 275
2. 802.1P Priority Figure 12-2 802.1Q frame As shown in the figure above, each 802.1Q Tag has a Pri field, comprising 3 bits. The 3-bit priority field is 802.1p priority in the range of 0 to 7. 802.1P priority determines the priority of the packets based on the Pri value.
Page 276
Figure 12-4 SP-Mode WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues with lower priority cannot get service for a long time.
12.1 DiffServ This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms.
LAG: Displays the LAG number which the port belongs to. Note: To complete QoS function configuration, you have to go to the Schedule Mode page to select a schedule mode after the configuration is finished on this page. Configuration Procedure: Step Operation Description Select the port priority...
SP+WRR-Mode: Strict-Priority + Weight Round Robin Mode. In this mode, this switch provides two scheduling groups, SP group and WRR group. Queues in SP group and WRR group are scheduled strictly based on strict-priority mode while the queues inside WRR group follow the WRR mode.
Priority and CoS-mapping Config Tag-id/CoS-id: Indicates the precedence level defined by IEEE 802.1P and the CoS ID. Queue TC-id: Indicates the priority level of egress queue the packets with tag and CoS-id are mapped to. The priority levels of egress queue are labeled as TC0, TC1, TC2 to TC7.
Page 281
Choose the menu QoS→DiffServ→DSCP Priority to load the following page. Figure 12-9 DSCP Priority The following entries are displayed on this screen: DSCP Priority Config DSCP Priority: Select Enable or Disable DSCP Priority. Priority Level DSCP: Indicates the priority determined by the DiffServ region of IP datagram.
12.2 Bandwidth Control Bandwidth function, allowing you to control the traffic rate and broadcast flow on each port to ensure network in working order, can be implemented on Rate Limit and Storm Control pages. 12.2.1 Rate Limit Rate limit functions to control the ingress/egress traffic rate on each port via configuring the available bandwidth of each port.
Note: If you enable ingress rate limit feature for the storm control-enabled port, storm control feature will be disabled for this port. When egress rate limit feature is enabled for one or more ports, you are suggested to disable the flow control on each port to ensure the switch works normally. 12.2.2 Storm Control Storm Control function allows the switch to filter broadcast, multicast and UL frame in the network.
UL-Frame Rate : Select the bandwidth for receiving UL-Frame on the port. The packet traffic exceeding the bandwidth will be discarded. Select Disable to disable the UL-Frame control function for the port. LAG: Displays the LAG number which the port belongs to. Note: If you enable storm control feature for the ingress rate limit-enabled port, ingress rate limit feature will be disabled for this port.
Page 285
the aging time, the switch will remove this port from voice VLAN. Voice ports are automatically added into or removed from voice VLAN. Manual Mode: You need to manually add the port of IP phone to voice VLAN, and then the switch will assign ACL rules and configure the priority of the packets through learning the source MAC address of packets and matching OUI address.
source MAC addresses do not match OUI addresses. If security mode is not enabled, the port forwards all the packets. Security Mode Packet Type Processing Mode UNTAG packet When the source MAC address of the packet is the OUI address that can be identified, the packet can be Packet with voice transmitted in the voice VLAN.
Aging Time: Specifies the living time of the member port in auto mode after the OUI address is aging out. Priority: Select the 802.1P priority of the port when sending voice data. 12.3.2 Port Config Before the voice VLAN function is enabled, the parameters of the ports in the voice VLAN should be configured on this page.
Port Mode: Select the mode for the port to join the voice VLAN. Auto: In this mode, the switch automatically adds a port to the voice VLAN or removes a port from the voice VLAN by checking whether the port receives voice data or not. Manual: In this mode, you can manually add a port to the ...
Page 289
OUI Table Select: Select the desired entry to view the detailed information. OUI: Displays the OUI address of the voice device. Mask: Displays the OUI address mask of the voice device. Description: Displays the description of the OUI. Configuration Procedure of Voice VLAN: Step Operation Description Required.
Chapter 13 ACL ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and secured access control policy and facilitates you to control the network security.
13.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figure 13-2 Time-Range Create Note: To successfully configure time-ranges, please firstly specify time-slices and then time-ranges. The following entries are displayed on this screen: Create Time-Range ...
End Time: Displays the end time of the time-slice. Delete: Click the Delete button to delete the corresponding time-slice. 13.1.3 Holiday Config Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays according to your work arrangement. Choose the menu ACL→Time-Range→Holiday Config to load the following page.
13.2.1 ACL Summary On this page, you can view the current ACLs configured in the switch. Choose the menu ACL→ACL Config→ACL Summary to load the following page. Figure 13-4 ACL Summary The following entries are displayed on this screen: Search Option ...
13.2.3 MAC ACL MAC ACLs analyze and process packets based on a series of match conditions, which can be the source MAC addresses, destination MAC addresses and EtherType carried in the packets. Choose the menu ACL→ACL Config→MAC ACL to load the following page. Create MAC Rule Figure 13-6 The following entries are displayed on this screen:...
Choose the menu ACL→ACL Config→Standard-IP ACL to load the following page. Figure 13-7 Create Standard-IP Rule The following entries are displayed on this screen: Create Standard-IP Rule ACL ID: Select the desired Standard-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: Select the operation for the switch to process packets which match the rules.
Page 296
Choose the menu ACL→ACL Config→Extend-IP ACL to load the following page. Figure 13-8 Create Extend-IP Rule The following entries are displayed on this screen: Create Extend-IP Rule ACL ID: Select the desired Extend-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: Select the operation for the switch to process packets which match the rules.
IP Pre: Enter the IP Precedence contained in the rule. Time-Range: Select the time-range for the rule to take effect. 13.3 Policy Config A Policy is used to control the data packets those match the corresponding ACL rules by configuring ACLs and actions together for effect. The operations here include stream mirror, stream condition, QoS remarking and redirect.
Choose the menu ACL→Policy Config→Policy Create to load the following page. Figure 13-10 Create Policy The following entries are displayed on this screen: Create Policy Policy Name: Enter the name of the policy. 13.3.3 Action Create On this page you can add ACLs and create corresponding actions for the policy. Choose the menu ACL→Policy Config→Action Create to load the following page.
S-Condition: Select S-Condition to limit the transmission rate of the data packets in the policy. Rate: Specify the forwarding rate of the data packets those match the corresponding ACL. Out of Band: Specify the disposal way of the data packets those ...
The following entries are displayed on this screen: Search Options Show Mode: Select a show mode appropriate to your needs. Policy Vlan-Bind Table Select: Select the desired entry to delete the corresponding binding policy. Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy.
The following entries are displayed on this screen: Port-Bind Config Policy Name: Select the name of the policy you want to bind. Port: Enter the number of the port you want to bind. Port-Bind Table Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy.
Configuration Procedure: Step Operation Description Configure effective Required. On ACL→Time-Range configuration pages, time-range configure the effective time-ranges for ACLs. Configure ACL rules Required. On ACL→ACL Config configuration pages, configure ACL rules to match packets. Configure Policy Required. On ACL→Policy Config configuration pages, configure the policy to control the data packets those match the corresponding ACL rules.
Page 303
Step Operation Description Configure On ACL→ACL Config→ACL Create page, create ACL 11. requirement 1 On ACL→ACL Config→MAC ACL page, select ACL 11, create Rule 1, configure the operation as Permit, configure the S-MAC as 00-64-A5-5D-12-C3 and mask as FF-FF-FF-FF-FF-FF, and configure the time-range as No Limit.
Chapter 14 Network Security Network Security module is to provide the multiple protection measures for the network security, including five submenus: IP-MAC Binding, DHCP Snooping, ARP Inspection, IP Source Guard, DoS Defend and 802.1X. Please configure the functions appropriate to your need. 14.1 IP-MAC Binding The IP-MAC Binding function allows you to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together.
The following entries are displayed on this screen: Search Source: Displays the Source of the entry. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed.
Page 306
Figure 14-2 Manual Binding The following entries are displayed on this screen: Manual Binding Option Host Name: Enter the Host Name. IP Address: Enter the IP Address of the Host. MAC Address: Enter the MAC Address of the Host. VLAN ID: Enter the VLAN ID.
Source: Displays the source of the entry. Collision: Displays the Collision status of the entry. • Warning: Indicates that the collision may be caused by the MSTP function. • Critical: Indicates that the entry has a collision with the other entries. 14.1.3 ARP Scanning ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.
Page 308
Choose the menu Network Security→IP-MAC Binding→ARP Scanning to load the following page. Figure 14-4 ARP Scanning The following entries are displayed on this screen: Scanning Option Start IP Address: Specify the Start IP Address. End IP Address: Specify the End IP Address. VLAN ID: Enter the VLAN ID.
14.2 DHCP Snooping Nowadays, the network is getting larger and more complicated. The amount of the PCs always exceeds that of the assigned IP addresses. The wireless network and the laptops are widely used and the locations of the PCs are always changed. Therefore, the corresponding IP address of the PC should be updated with a few configurations.
Page 310
The most Clients obtain the IP addresses dynamically, which is illustrated in the following figure. Figure 14-6 Interaction between a DHCP client and a DHCP server DHCP-DISCOVER Stage: The Client broadcasts the DHCP-DISCOVER packet to find the DHCP Server. DHCP-OFFER Stage: Upon receiving the DHCP-DISCOVER packet, the DHCP Server selects an IP address from the IP pool according to the assigning priority of the IP addresses and replies to the Client with DHCP-OFFER packet carrying the IP address and other information.
Option 82 can contain 255 sub-options at most. If Option 82 is defined, at least a sub-option should be defined. This switch supports two sub-options: Circuit ID and Remote ID. Since there is no universal standard about the content of Option 82, different manufacturers define the sub-options of Option 82 to their need.
Page 312
Figure 14-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. The following entries are displayed on this screen: DHCP Snooping Configuration ...
Replace: Indicates to replace the Option 82 field of the • packets with the switch defined one. Drop: Indicates to discard the packets including the Option • 82 field. Customization: Enable/Disable the switch to define the Option 82. Circuit ID: Enter the sub-option Circuit ID for the customized Option 82.
Rate Limit: Select the value to specify the maximum amount of DHCP messages that can be forwarded by the switch of this port per second. The excessive DHCP packets will be discarded. Decline Protect: Select Enable/Disable the Decline Protect feature. LAG: Displays the LAG to which the port belongs to.
Page 315
Figure 14-11 ARP Attack – Cheating Gateway As the above figure shown, the attacker sends the fake ARP packets of Host A to the Gateway, and then the Gateway will automatically update its ARP table after receiving the ARP packets. When the Gateway tries to communicate with Host A in LAN, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
Page 316
Man-In-The-Middle Attack The attacker continuously sends the false ARP packets to the Hosts in LAN so as to make the Hosts maintain the wrong ARP table. When the Hosts in LAN communicate with one another, they will send the packets to the attacker according to the wrong ARP table. Thus, the attacker can get and process the packets before forwarding them.
and unable to learn the ARP entries of legal Hosts, which causes that the legal Hosts cannot access the external network. The IP-MAC Binding function allows the switch to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together when the Host connects to the switch. Basing on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the ARP packets and filter the illegal ARP packet so as to prevent the network from ARP attacks.
Trusted Port UNIT: Select the unit ID of the desired member in the stack. Trusted Port: Select the port for which the ARP Detect function is unnecessary as the Trusted Port. The specific ports, such as up-linked port, routing port and LAG port, should be set as Trusted Port. To ensure the normal communication of the switch, please configure the ARP Trusted Port before enabling the ARP Detect function.
Choose the menu Network Security→ARP Inspection→ARP Defend to load the following page. Figure 14-15 ARP Defend The following entries are displayed on this screen: ARP Defend UNIT: Select the unit ID of the desired member in the stack. Select: Select your desired port for configuration.
Choose the menu Network Security→ARP Inspection→ARP Statistics to load the following page. Figure 14-16 ARP Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the Auto Refresh feature. Refresh Interval: Specify the refresh interval to display the ARP Statistics. Illegal ARP Packet ...
Page 321
Choose the menu Network Security→IP Source Guard to load the following page. Figure 14-17 IP Source Guard The following entries are displayed on this screen: IP Source Guard Config UNIT: Select the unit ID of the desired member in the stack. Select: Select your desired port for configuration.
14.5 DoS Defend DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host, which incurs an abnormal service or even breakdown of the network. With DoS Defend function enabled, the switch can analyze the specific fields of the IP packets and distinguish the malicious DoS attack packets.
14.5.1 DoS Defend On this page, you can enable the DoS Defend type appropriate to your need. Choose the menu Network Security→DoS Defend→DoS Defend to load the following page. Figure 14-18 DoS Defend The following entries are displayed on this screen: Defend Config ...
Page 324
Authenticator System: The authenticator system is usually an 802.1X-supported network device, such as this TP-LINK switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system. Authentication Server System: The authentication server system is an entity that provides authentication service to the authenticator system.
Page 325
EAP Relay Mode This mode is defined in 802.1X. In this mode, EAP-packets are encapsulated in higher level protocol (such as EAPOR) packets to allow them successfully reach the authentication server. This mode normally requires the RADIUS server to support the two fields of EAP: the EAP-message field and the Message-authenticator field.
Page 326
(7) The switch changes the state of the corresponding port to accepted state to allow the supplicant system access the network. And then the switch will monitor the status of supplicant by sending hand-shake packets periodically. By default, the switch will force the supplicant to log off if it cannot get the response from the supplicant for two times.
Quiet-period timer (Quiet Period): This timer sets the quiet-period. When a supplicant system fails to pass the authentication, the switch quiets for the specified period before it processes another authentication request re-initiated by the supplicant system. Guest VLAN Guest VLAN function enables the supplicants that do not pass the authentication to access the specific network resource.
The following entries are displayed on this screen: Global Config 802.1X: Enable/Disable the 802.1X function. Auth Method: Select the Authentication Method from the pull-down list. • EAP-MD5: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client.
Page 329
Figure 14-23 Port Config The following entries are displayed on this screen: Port Config UNIT: Select the unit ID of the desired member in the stack. Select: Select your desired port for configuration. It is multi-optional. Port: Displays the port number. Status: Select Enable/Disable the 802.1X authentication feature for the port.
14.6.3 Radius Server RADIUS (Remote Authentication Dial-In User Service) server provides the authentication service for the switch via the stored client information, such as the user name, password, etc, with the purpose to control the authentication and accounting status of the clients. On this page, you can configure the parameters of the authentication server.
Page 331
Key Modify: Select to modify the accounting key. Accounting Key: Set the shared password for the switch and the accounting servers to exchange messages. Note: 1. The 802.1X function takes effect only when it is enabled globally on the switch and for the port. 2.
Chapter 15 SNMP SNMP Overview SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the network devices. It is used for automatically managing the various network devices no matter the physical differences of the devices.
Page 333
SNMP v1: SNMP v1 adopts Community Name authentication. The community name is used to define the relation between SNMP Management Station and SNMP Agent. The SNMP packets failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password.
3. Create SNMP User The User configured in an SNMP Group can manage the switch via the client program on management station. The specified User Name and the Auth/Privacy Password are used for SNMP Management Station to access the SNMP Agent, functioning as the password. SNMP module is used to configure the SNMP function of the switch, including three submenus: SNMP Config, Notification and RMON.
Note: The amount of Engine ID characters must be even. 15.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to manage MIB objects.
15.1.3 SNMP Group On this page, you can configure SNMP Group to control the network access by providing the users in various groups with different management rights via the Read View, Write View and Notify View. Choose the menu SNMP→SNMP Config→SNMP Group to load the following page. Figure15-5 SNMP Group The following entries are displayed on this screen: Group Config...
Write View: Select the View to be the Write View. The management access is writing only and changes can be made to the assigned SNMP View. The View defined both as the Read View and the Write View can be read and modified. Notify View: Select the View to be the Notify View.
Page 338
Choose the menu SNMP→SNMP Config→SNMP User to load the following page. Figure15-6 SNMP User The following entries are displayed on this screen: User Config User Name: Enter the User Name here. User Type: Select the type for the User. Local User: Indicates that the user is connected to a •...
User Table Select: Select the desired entry to delete the corresponding User. It is multi-optional. User Name: Displays the name of the User. User Type: Displays the User Type. Group Name: Displays the Group Name of the User. Security Model: Displays the Security Model of the User.
Page 340
read-only: Management right of the Community is • restricted to read-only, and changes cannot be made to the corresponding View. • read-write: Management right of the Community is read-write and changes can be made to the corresponding View. MIB View: Select the MIB View for the community to access.
Step Operation Description Create SNMP View. Required. On the SNMP→SNMP Config→SNMP View page, create SNMP View of the management agent. The default View Name is viewDefault and the default OID is 1. Create SNMP Required alternatively. Community Create SNMP Community directly. ...
Page 342
Choose the menu SNMP→Notification→Notification Config to load the following page. Figure15-8 Notification Config The following entries are displayed on this screen: Host Config IP Address: Enter the IP Address of the management Host. User: Enter the User name of the management station. Security Model: Select the Security Model of the management station.
Type: Displays the type of the notifications. Retry: Displays the maximum time for the switch to wait for the response from the management station before resending a request. Timeout: Displays the amount of times the switch resends an inform request. Operation: Click the Edit button to modify the corresponding entry and click the Modify button to apply.
Choose the menu SNMP→RMON→Statistics to load the following page. Figure 15-9 Statistics The following entries are displayed on this screen: Statistics Config Enter the ID number of statistics entry, ranging from 1 to 65535. Port: Enter or choose the Ethernet interface from which to collect the statistics.
Choose the menu SNMP→RMON→History to load the following page. Figure 15-10 History Control The following entries are displayed on this screen: History Control Table Select: Select the desired entry for configuration. Index: Displays the index number of the entry. Port: Specify the port from which the history samples were taken, in format as 1/0/1.
Choose the menu SNMP→RMON→Event to load the following page. Figure15-11 Event Config The following entries are displayed on this screen: Event Table Select: Select the desired entry for configuration. Index: Displays the index number of the entry. User: Enter the name of the User or the community to which the event belongs.
Page 347
Choose the menu SNMP→RMON→Alarm to load the following page. Figure 15-12 Alarm Config The following entries are displayed on this screen: Alarm Table Select: Select the desired entry for configuration. Index: Displays the index number of the entry. Variable: Select the alarm variables from the pull-down list.
Page 348
Interval: Enter the alarm interval time in seconds, ranging from 10 to 3600. Owner: Enter the name of the device or user that defined the entry. Status: Select Enable/Disable the corresponding alarm entry. Note: When alarm variables exceed the Threshold on the same direction continuously for several times, an alarm event will only be generated on the first time, that is, the Rising Alarm and Falling Alarm are triggered alternately for that the alarm following to Rising Alarm is certainly a Falling Alarm and vice versa.
Chapter 16 LLDP LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used for network devices to advertise their own device information periodically to neighbors on the same IEEE 802 local area network. The advertised information, including details such as device identification, capabilities and configuration settings, is represented in TLV (Type/Length/Value) format according to the IEEE 802.1ab standard, and these TLVs are encapsulated in LLDPDU (Link Layer Discovery Protocol Data Unit).
Page 350
Disable: the port cannot transmit or receive LLDPDUs. LLDPDU transmission mechanism If the ports are working in TxRx or Tx mode, they will advertise local information by sending LLDPDUs periodically. If there is a change in the local device, the change notification will be advertised. To ...
Page 351
Maximum Frame TLV are defined by IEEE 802.3. Note: For detailed introduction of TLV, please refer to IEEE 802.1AB standard. In TP-LINK switch, the following LLDP optional TLVs are supported. Port Description TLV The Port Description TLV allows network management to advertise the IEEE 802 LAN station's port description.
System Description TLV The System Description TLV allows network management to advertise the system's description, which should include the full name and version identification of the system's hardware type, software operating system, and networking software. System Name TLV The System Name TLV allows network management to advertise the system's assigned name, which should be the system's fully qualified domain name.
Choose the menu LLDP→Basic Config→Global Config to load the following page. Figure 16-1 Global Configuration The following entries are displayed on this screen: Global Config LLDP: Choose to enable/disable LLDP. Parameters Config Transmit Interval: This parameter indicates the interval at which LLDP frames are transmitted on behalf of this LLDP agent.
Choose the menu LLDP→Basic Config→Port Config to load the following page. Figure 16-2 Port Configuration The following entries are displayed on this screen: Port Config UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration. It is multi-optional. Port: Displays the port number to be configured.
16.2.1 Local Info On this page you can see all ports' configuration and system information. Choose the menu LLDP→Device Info→Local Info to load the following page. Figure 16-3 Local Information The following entries are displayed on this screen: Auto Refresh ...
Indicates the basis for the chassis ID, and the default subtype is Chassis ID Subtype: MAC address. Indicates the specific identifier for the particular chassis in local Chassis ID: device. Indicates the basis for the port ID, and the default subtype is Port ID Subtype:...
Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Neighbor(s) Info Select the desired port to display the information of the corresponding port. UNIT: Select the unit ID of the desired member in the stack. System Name: Displays the system name of the neighbor device.
The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Global Statistics Last Update: Display latest update time of the statistics. Total Inserts: Display the number of neighbors during latest update time. Total Deletes: Displays the number of neighbors deleted by local device.
Media Endpoint Device (Class II): The class of Endpoint Device that supports media stream capabilities. Communication Device Endpoint (Class III): The class of Endpoint Device that directly supports end users of the IP communication system. Network Policy TLV The Network Policy TLV allows both Network Connectivity Devices and Endpoints to advertise VLAN configuration and associated Layer 2 and Layer 3 attributes that apply for a set of specific applications on that port.
The following entries are displayed on this screen LLDP-MED Parameters Config Fast Start Count: When LLDP-MED fast start mechanism is activated, multiple LLDP-MED frames will be transmitted (the number of frames equals this parameter). The default value is 4. Device Class: LLDP-MED devices are comprised of two primary device types: Network Connectivity Devices and Endpoint Devices.
Page 361
Included TLVs: Select TLVs to be included in outgoing LLDPDU. Click the Detail button to display the included TLVs and select the desired TLVs. Figure 16-8 Configure TLVs of LLDP-MED Port Included TLVs Select TLVs to be included in outgoing LLDPDU. Location Identification Parameters ...
should be used, but may not be known. Options (0) and (1) should not be used unless it is known that the DHCP client is in close physical proximity to the server or network element. Country Code: The two-letters ISO 3166 country code in •...
Application Type: Application Type indicates the primary function of the applications defined for the network policy. Unknown Policy Displays whether the local device will explicitly advertise the policy Flag: required by the device but currently unknown. VLAN tagged: Indicates the VLAN type the specified application type is using, 'tagged' or 'untagged'.
Page 364
Unit: Select the unit ID of the desired member in the stack. Device Type: Displays the device type of the neighbor. Application Type: Displays the application type of the neighbor. Application Type indicates the primary function of the applications defined for the network policy.
Chapter 17 Cluster With the development of network technology, the network scale is getting larger and more network devices are required, which may result in a more complicated network management system. As a large number of devices need to be assigned different network addresses and every management device needs to be respectively configured to meet the application requirements, manpower are needed.
The commander switch becomes to be the candidate switch only when the cluster is deleted. Introduction to Cluster Cluster functions to configure and manage the switches in the cluster based on three protocols, NDP, NTDP and CMP (Cluster Management Protocol). NDP: All switches get neighbor information by collecting NDP.
The following entries are displayed on this screen: Neighbor Search Option: Select the information the desired entry should contain and then click the Search button to display the desired entry in the following Neighbor Information table. Neighbor Info Native Port: Displays the port number of the switch.
Aging Time: Displays the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Displays the interval to send NDP packets. Port Status UNIT: Select the unit ID of the desired member in the stack. Port: Displays the port number of the switch.
The following entries are displayed on this screen: Global Config NDP: Select Enable/Disable NDP function globally. Aging Time: Enter the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Enter the interval to send NDP packets. Port Config ...
Page 370
Choose the menu Cluster→NTDP→Device Table to load the following page. Figure17-5 Device Table The following entries are displayed on this screen: Device Table Device Name: Displays the device type collected through NTDP. Device MAC: Displays the MAC address of this device. Cluster Name: Displays the cluster name of this device.
Click the Detail button to view the complete information of this device and its neighbors. Figure17-6 Information of the Current Device 17.2.2 NTDP Summary On this page you can view the NTDP configuration. Choose the menu Cluster→NTDP→NTDP Summary to load the following page. Figure17-7 NTDP Summary...
The following entries are displayed on this screen: Global Config NTDP: Displays the NTDP status (enabled or disabled) of the switch globally. NTDP Interval Time: Displays the interval to collect topology information. NTDP Hops: Displays the hop count the switch topology collects. NTDP Hop Delay: Displays the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the...
NTDP Interval Time: Enter the interval to collect topology information. NTDP Hops: Enter the hop count the switch topology collects. NTDP Hop Delay: Enter the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time.
Page 374
Cluster Role: Displays the role the switch plays in the cluster. Cluster Management-vlan VLAN ID: Displays the management VLAN ID of the switch. For a commander switch,the following page is displayed: Figure 17-10 Cluster Summary for Commander Switch The following entries are displayed on this screen: Global Config ...
Page 375
TFTP Server: Displays the IP address of TFTP server. Member Info Device Name: Displays the description of the member switch. Device MAC: Displays the MAC address of the member switch. IP Address: Displays the IP address of the member switch used in the cluster. Status: Displays the connection status of the member switch.
For an individual switch, the following page is displayed: Figure17-12 Cluster Summary for Individual Switch The following entries are displayed on this screen: Global Config Cluster: Displays the cluster status (enabled or disabled) of the switch. Cluster Role: Displays the role the switch plays in the cluster.
Page 377
The following entries are displayed on this screen: Current Role Role: Displays the role the current switch plays in the cluster. Cluster management-vlan VLAN ID: Enter the cluster management-vlan id. Role Change Individual: Select this option to change the role of the switch to be individual switch.
Page 378
Role Change Candidate: Select this option to change the role of the switch to be candidate switch. Cluster Config Hold Time: Enter the time for the switch to keep the cluster information. Interval Time: Enter the interval to send handshake packets. For a member switch, the following page is displayed.
For an individual switch, the following page is displayed. Figure 17-16 Cluster Configuration for Individual Switch The following entries are displayed on this screen: Current Role Role: Displays the role the current switch plays in the cluster. Cluster management-vlan ...
The following entries are displayed on this screen: Create Member Member MAC: Enter the MAC address of the candidate switch. Member Info Select: Select the desired entry to manage/delete the corresponding member switch. Device Name: Display the description of the member switch. Member MAC: Displays the MAC address of the member switch.
Page 381
The following entries are displayed on this screen: Graphic Show Collect Topology: Click the Collect Topology button to display the cluster topology. Refresh: Click the Refresh button to refresh the cluster topology. Manage: If the current device is the commander switch in the cluster and the selected device is a member switch in the cluster, you can click the Manage button to log on to Web management page of the corresponding switch.
Step Operation Description Enable the NTDP function Optional. On Cluster→NTDP→NTDP Config page, enable globally and for the port, the NTDP function on the switch. and then configure NTDP parameters Manually collect NTDP Optional. On Cluster→NTDP→Device Table page, click the information Collect Topology button to manually collect NTDP information.
Page 383
Configuration Procedure Configure the member switch Step Operation Description Enable NDP function on the On Cluster→NDP→NDP Config page, enable NDP switch and for port 1 function. On Cluster→NTDP→NTDP Config page, enable Enable NTDP function on the switch and for port 1 NTDP function.
Chapter 18 Maintenance Maintenance module, assembling the commonly used system tools to manage the switch, provides the convenient method to locate and solve the network problem. System Monitor: Monitor the utilization status of the memory and the CPU of switch. Log: View the configuration parameters of the switch and find out the errors via the Logs.
UNIT: Select the unit ID of the desired member in the stack. Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds. 18.1.2 Memory Monitor Choose the menu Maintenance→System Monitor→Memory Monitor to load the following page. Figure18-2 Memory Monitor UNIT: Select the unit ID of the desired member in the stack.
Level Description Severity Action must be taken immediately. alerts Critical conditions critical Error conditions errors Warnings conditions warnings Normal but significant conditions notifications Informational messages informational Debug-level messages debugging Table 18-1 Log Level The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages.
The following entries are displayed on this screen: Log Info UNIT: Select the unit ID of the desired member in the stack. Index: Displays the index of the log information. Time: Displays the time when the log event occurs. The log can get the correct time after you configure on the System ->System Info->System Time Web management page.
Log File: Indicates the flash sector for saving system log. The inforamtion in the log file will not be lost after the switch is restarted and can be exported on the Backup Log page. Severity: Specify the severity level of the log information output to each channel.
Note: The Log Server software is not provided. If necessary, please download it on the Internet. 18.2.4 Backup Log Backup Log feature enables the system logs saved in the switch to be output as a file for device diagnosis and statistics analysis. When a critical error results in the breakdown of the system, you can export the logs to get some related important information about the error for device diagnosis after the switch is restarted.
Page 390
Choose the menu Maintenance→Device Diagnostics→Cable Test to load the following page. Figure18-7 Cable Test The following entries are displayed on this screen: Cable Test Port: Select the port for cable testing. UNIT: Select the unit ID of the desired member in the stack. Pair: Displays the Pair number.
18.3.2 Loopback Loopback test function, looping the sender and the receiver of the signal, is used to test whether the port of the switch is available as well as to check and analyze the physical connection status of the port to help you locate and solve network malfunctions. Choose the menu Maintenance→Device Diagnostics→Loopback to load the following page.
Choose the menu Maintenance→Network Diagnostics→Ping to load the following page. Figure18-9 Ping The following entries are displayed on this screen: Ping Config Destination IP: Enter the IP address of the destination node for Ping test. Ping Times: Enter the amount of times to send test data during Ping testing. The default value is recommended.
Page 393
Choose the menu Maintenance→Network Diagnostics→Tracert to load the following page. Figure18-10 Tracert The following entries are displayed on this screen: Tracert Config Destination IP: Enter the IP address of the destination device. Max Hop: Specify the maximum number of the route hops the test data can pass through.
Chapter 19 System Maintenance via FTP The firmware can be downloaded to the switch via FTP function. FTP (File Transfer Protocol), a protocol in the application layer, is mainly used to transfer files between the remote server and the local PCs. It is a common protocol used in the IP network for files transfer. If there is something wrong with the firmware of the switch and the switch cannot be launched, the firmware can be downloaded to the switch again via FTP function.
Page 395
2) The Connection Description Window will prompt shown as Figure 19-3. Enter a name into the Name field and click OK. Figure 19-3 Connection Description 3) Select the port to connect in Figure 19-4 and click OK. Figure 19-4 Select the port to connect...
Page 396
4) Configure the port selected in the step above shown as the following Figure 19-5. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK. Figure 19-5 Port Settings 3.
Page 397
2) Power off and restart the switch. When you are prompted that “Press CTRL-B to enter the bootutil” in the hyper terminal, please press CTRL-B key to enter into bootutil menu shown as Figure 19-6. Figure 19-6 bootutil Menu As the prompt is displayed for a short time, you are suggested not to release the CTRL-B key until you enter into bootutil menu after powering on the switch.
Page 398
For example: Configure the IP address as 10.10.70.22, mask as 255.255.255.0 and gateway as10.10.70.1. The detailed steps are shown as the figure below. 4) Configure the parameters of the FTP server which keeps the upgrade firmware, and download the firmware to the switch from the FTP server. Store the downloaded firmware in the switch with the name of image1.bin or image2.bin, and specify its attribute as startup image or backup image.
Page 399
5) Enter 1 and y, the switch will reboot with the startup image. 6) Please 3 to start the switch shown as the following figure. After the switch is started, you can login to the CLI command window and manage the switch via CLI command. When you forget the login user name and password, you can enter 2 after entering into bootutil menu to reset the system.
Appendix B: Configuring the PCs In this section, we’ll introduce how to install and configure the TCP/IP correctly in Windows 2000. First make sure your Ethernet Adapter is working, refer to the adapter’s manual if necessary. Configure TCP/IP component On the Windows taskbar, click the Start button, and then click Control Panel. Click the Network and Internet Connections icon, and then click on the Network Connections tab in the appearing window.
Page 403
The following TCP/IP Properties window will display and the IP Address tab is open on this window by default. Figure B-3 Select Use the following IP address. And the following items will be available. If the switch's IP address is 192.168.0.1, specify IP address as 192.168.0.x (x is from 2 to 254), and the Subnet mask as 255.255.255.0.
Appendix C: 802.1X Client Software In 802.1X mechanism, the supplicant Client should be equipped with the corresponding client software complied with 802.1X protocol standard for 802.1X authentication. When the switch works as the authenticator system, please take the following instructions to install the TpSupplicant provided on the attached CD for the supplicant Client.
Page 405
Then the following screen will appear. Click Next to continue. If you want to stop the installation, click Cancel. Figure C-3 Welcome to the InstallShield Wizard To continue, choose the destination location for the installation files and click Next on the following screen.
Page 406
Till now, The Wizard is ready to begin the installation. Click Install to start the installation on the following screen. Figure C-5 Install the Program The InstallShield Wizard is installing TpSupplicant shown as the following screen. Please wait. Figure C-6 Setup Status...
Page 407
Uninstall Software If you want to remove the TpSupplicant, please take the following steps: On the Windows taskbar, click the Start button, point to All ProgramsTP-LINK TpSupplicant, and then click Uninstall TP-LINK 802.1X, shown as the following figure. Figure C-8 Uninstall TP-LINK 802.1X...
Page 408
Then the following screen will appear. If you want to stop the remove process, click Cancel. Figure C-9 Preparing Setup On the continued screen, click Yes to remove the application from your PC. Figure C-10 Uninstall the Application Click Finish to complete. Figure C-11 Uninstall Complete...
Page 409
Configuration After completing installation, double click the icon to run the TP-LINK 802.1X Client Software. The following screen will appear. Figure C-12 TP-LINK 802.1X Client Enter the Name and the Password specified in the Authentication Server. The length of Name and Password should be less than 16 characters.
Page 410
Auto reconnect after timeout: Select this option to allow the Client to automatically start the connection again when it does not receive the handshake reply packets from the switch within a period. To continue, click Connect button after entering the Name and Password on Figure D-12. Then the following screen will appear to prompt that the Radius server is being searched.
Page 411
1.4 FAQ: Q1: Why does this error dialog box pop up when starting up the TP-LINK 802.1X Client Software? It’s because the supported DLL file is missing. You are suggested to go to http://www.winpcap.org to download WinPcap 4.0.2 or the higher version for installation, and run the client software again.
Page 412
Appendix D: Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 413
Generic Multicast Registration Protocol (GMRP) GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. Group Attribute Registration Protocol (GARP) See Generic Attribute Registration Protocol. IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 414
Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses. Link Aggregation See Port Trunk. Link Aggregation Control Protocol (LACP) Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device.
Page 415
Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Simple Network Management Protocol (SNMP) The application protocol in the Internet suite of protocols which offers network management services.