Page 1: Managed Switch
T2700G-28TQ JetStream 28-Port Gigabit Stackable L2+ Managed Switch REV1.0.1 1910011208...
Page 2: Fcc Statement
Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD.
Page 3: Safety Information
Safety Information When product has power button, the power button is one of the way to shut off the product;  When there is no power button, the only way to completely shut off power is to disconnect the product or the power adapter from the power source. Don’t disassemble the product, or make repairs yourself.
Page 4: Table Of Contents
CONTENTS Package Contents ..........................1 Chapter 1 About This Guide ......................2 Intended Readers ......................2 Conventions ........................2 Overview of This Guide ....................2 Chapter 2 Introduction ........................7 Overview of the Switch ....................7 Main Features ........................ 7 Appearance Description ....................
Page 5 Chapter 5 Stack ..........................36 Stack Management ...................... 42 5.1.1 Stack Info ......................42 5.1.2 Stack Config ...................... 43 5.1.3 Switch Renumber ....................44 Application Example for Stack ..................45 Chapter 6 Switching ........................47 Port ..........................47 6.1.1 Port Config ......................47 6.1.2 Port Mirror......................
Page 6 7.5.3 Protocol Template ....................84 Application Example for Protocol VLAN ..............86 VLAN VPN ........................88 7.7.1 VPN Config ......................89 7.7.2 Port Enable ......................89 7.7.3 VLAN Mapping ....................90 GVRP ........................... 92 Private VLAN ........................ 96 7.9.1 PVLAN Config ....................97 7.9.2 Port Config ......................
Page 7 9.4.2 Profile Binding ....................140 Packet Statistics ......................141 Chapter 10 Routing ........................143 10.1 Interface ........................143 10.2 Routing Table ......................146 10.3 Static Routing ......................146 10.3.1 Static Routing ....................146 10.3.2 Application Example for Static Routing ............147 10.4 DHCP Server ......................
Page 8 10.9.10 Neighbor Table ....................207 10.9.11 Link State Database ..................209 10.9.12 Application Example for OSPF ............... 209 10.10 VRRP (License Required) ................... 211 10.10.1 Basic Config ....................215 10.10.2 Advanced Config ..................... 217 10.10.3 Virtual IP Config....................218 10.10.4 Track Config ....................219 10.10.5 Virtual Router Statistics ...................
Page 9 11.5.3 Application Example for Static Mroute ............263 Chapter 12 QoS ..........................266 12.1 DiffServ ........................269 12.1.1 Port Priority ...................... 269 12.1.2 Schedule Mode ....................270 12.1.3 802.1P Priority ....................271 12.1.4 DSCP Priority ....................272 12.2 Bandwidth Control ...................... 274 12.2.1 Rate Limit ......................
Page 10 14.1.2 Manual Binding ....................297 14.1.3 ARP Scanning ....................299 14.2 DHCP Snooping ......................301 14.2.1 Global Config ....................304 14.2.2 Port Config ...................... 305 14.3 ARP Inspection ......................306 14.3.1 ARP Detect ...................... 309 14.3.2 ARP Defend...................... 311 14.3.3 ARP Statistics ....................
Page 11 16.4 LLDP-MED ......................... 350 16.4.1 Global Config ....................351 16.4.2 Port Config ...................... 352 16.4.3 Local Info ......................354 16.4.4 Neighbor Info ....................355 Chapter 17 Cluster........................357 17.1 NDP ..........................358 17.1.1 Neighbor Info ....................358 17.1.2 NDP Summary ....................359 17.1.3 NDP Config ......................
Page 12 Appendix B: Configuring the PCs....................395 Appendix C: 802.1X Client Software .................... 397 Appendix D: Glossary ........................405...
Page 13: Package Contents
Package Contents The following items should be found in your box: One T2700G-28TQ switch  One Power Cord  One Console Cable  One Power Supply Module Slot Cover  Two mounting brackets and other fittings  Installation Guide  Resource CD for T2700G-28TQ switch, including: ...
Page 14: Chapter 1 About This Guide
Chapter 1 About This Guide This User Guide contains information for setup and management of T2700G-28TQ switch. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for network managers familiar with IT concepts and network terminologies. 1.2 Conventions In this Guide the following conventions are used: The switch or T2700G-28TQ mentioned in this Guide stands for T2700G-28TQ JetStream...
Page 15 Chapter Introduction Chapter 4 System This module is used to configure system properties of the switch. Here mainly introduces: System Info: Configure the description, system time and  network parameters of the switch. User Management: Configure the user name and password for ...
Page 16 Chapter Introduction Chapter 8 Spanning Tree This module is used to configure spanning tree function of the switch. Here mainly introduces: STP Config: Configure and view the global settings of  spanning tree function. Port Config: Configure CIST parameters of ports. ...
Page 17 Chapter Introduction Chapter 12 QoS This module is used to configure QoS function to provide different quality of service for various network applications and requirements. Here mainly introduces: DiffServ: Configure priorities, port priority, 802.1P priority and  DSCP priority. Bandwidth Control: Configure rate limit feature to control the ...
Page 18 Chapter Introduction Chapter 17 Cluster This module is used to configure cluster function to centrally manage the scattered devices in the network. Here mainly introduces: NDP: Configure NDP function to get the information of the  directly connected neighbor devices. NTDP: Configure NTDP function for the commander switch to ...
Page 19: Chapter 2 Introduction
To obtain the T2700G-28TQ Layer 3 License T2700G-28TQ-L1000: Buy a license key from a TP-LINK authorized distributor. Go to T2700G-28TQ page at TP-LINK website, use the license key together with the switch S/N and MAC address for authentication and download the license T2700G-28TQ-L1000.
Page 20 Layer 2 Switching • + GVRP (GARP VLAN Registration Protocol) allows automatic learning and dynamic assignment of VLANs. + Supports up to 4K VLANs simultaneously (out of 4K VLAN IDs). • Quality of Service + Supports L2/L3 granular CoS with 8 priority queues per port. + Rate limiting confines the traffic flow accurately according to the preset value.
Page 21: Appearance Description
2.3 Appearance Description 2.3.1 Front Panel Figure 2-1 Front Panel The following parts are located on the front panel of the switch:  Console Port: Designed to connect with the serial port of a computer or terminal for monitoring and configuring the switch. ...
Page 22 Status Indication A 1000Mbps device is connected to the corresponding port, but no activity Green Flashing Data is being transmitted or received Link/Act (Port 1-24) A 10/100Mbps device is connected to the corresponding port, but no activity Yellow Flashing Data is being transmitted or received An SFP transceiver is connected to the corresponding port, and it is connected to a device, but no activity A 1000Mbps device is connected to the corresponding port...
Page 23: Rear Panel
(TX432 of TP-LINK for example). If TX432 is installed, you get another two 10Gbps SFP+ ports.  Unit ID LED: Designed to display the stack unit number of the switch. For the switch that does not join any stack system, it displays its default unit number. To modify the default unit number, please logon to the GUI of the switch and go to Stack→Stack Management→Switch...
Page 24: Chapter 3 Login To The Switch
Chapter 3 Login to the Switch 3.1 Login 1) To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP address of your PC should be set in the same subnet addresses of the switch.
Page 25: Configuration
3.2 Configuration After a successful login, the main page will appear as Figure 3-3, and you can configure the function by clicking the setup menu on the left side of the screen. Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Save Config.
Page 26: Chapter 4 System
Chapter 4 System The System module is mainly for system configuration of the switch, including four submenus: System Info, User Management, System Tools and Access Security. 4.1 System Info The System Info, mainly for basic properties configuration, can be implemented on System Summary, Device Description, System Time, License Info and Daylight Saving Time pages.
Page 27 Indicates the 1000Mbps port is at the speed of 1000Mbps. Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. Indicates the SFP port is not connected to a device. Indicates the SFP port is at the speed of 1000Mbps. Indicates the SFP+ port is not connected to a device.
Page 28: Device Description
Bandwidth Utilization  Select Rx to display the bandwidth utilization of receiving packets on this port. Select Tx to display the bandwidth utilization of sending packets on this port. 4.1.2 Device Description On this page you can configure the description of the switch, including device name, device location and system contact.
Page 29 Choose the menu System → System Info → System Time to load the following page. Figure 4-5 System Time The following entries are displayed on this screen: Time Info  Current System Time: Displays the current date and time of the switch. Current Time Source: Displays the current time source of the switch.
Page 30: License Info
4.1.4 License Info This page displays the status of the license and the features it supports. Choose the menu System → System Info → License Info to load the following page. Figure 4-6 License Info The following entries are displayed on this screen: License Info ...
Page 31: Daylight Saving Time
4.1.5 Daylight Saving Time Here you can configure the Daylight Saving Time of the switch. Choose the menu System → System Info → Daylight Saving Time to load the following page. Figure 4-7 Daylight Saving Time The following entries are displayed on this screen: DST Config ...
Page 32: User Management
Date Mode: Specify the DST configuration in Date mode. This configuration is one-off in use: Offset: Specify the time adding in minutes when Daylight  Saving Time comes. Start/End Time: Select starting time and ending time of  Daylight Saving Time. Note: When the DST is disabled, the predefined mode, recurring mode and date mode cannot be configured.
Page 33 Choose the menu System → User Management → User Config to load the following page. Figure 4-9 User Config The following entries are displayed on this screen: User Info  User Name: Create a name for users’ login. Access Level: Select the access level to login.
Page 34: System Tools
Operation: Click the Edit button of the desired entry, and you can edit the corresponding user information. After modifying the settings, please click the Modify button to make the modification effective. Access level and user status of the current user information can’t be modified.
Page 35: Config Restore
Current Startup Displays the current startup image. Image: Next Startup Image: Select the next startup image. Backup Image: Select the backup boot image. Current Startup Displays the current startup config filename. Config: Next Startup Input the next startup config filename. Config: Backup Config: Input the backup config filename.
Page 36: Config Backup
4.3.4 Firmware Upgrade The switch system can be upgraded via the Web management page. To upgrade the system is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware. Choose the menu System→System Tools→Firmware Upgrade to load the following page.
Page 37: License Load
To obtain the T2700G-28TQ Layer 3 License T2700G-28TQ-L1000: 1. Buy a license key from a TP-LINK authorized distributor. 2. Go to T2700G-28TQ page at TP-LINK website, use the license key together with the switch S/N and MAC address for authentication and download the license T2700G-28TQ-L1000.
Page 38: System Reset
Note: To avoid damage, please do not turn off the device while rebooting. 4.3.7 System Reset On this page you can reset the specified unit in the stack to the default. All the settings will be cleared after the switch is reset. Choose the menu System→System Tools→System Reset to load the following page.
Page 39 Choose the menu System→Access Security→Access Control to load the following page. Figure 4-17 Access Control The following entries are displayed on this screen: Access Control Config  Control Mode: Select the control mode for users to log on to the Web management page.
Page 40: Ssl Config
Admin Number: Enter the maximum number of the users logging on to the Web management page as Admin. Guest Number: Enter the maximum number of the users logging on to the Web management page as Guest. 4.4.2 SSL Config SSL (Secure Sockets Layer), a security protocol, is to provide a secure connection for the application layer protocol (e.g.
Page 41: Ssh Config
The following entries are displayed on this screen: Global Config  SSL: Select Enable/Disable the SSL function on the switch. Certificate Download  Certificate File: Select the desired certificate to download to the switch. The certificate must be BASE64 encoded. Key Download ...
Page 42 Choose the menu System→Access Security→SSH Config to load the following page. Figure 4-19 SSH Config The following entries are displayed on this screen: Global Config  SSH: Select Enable/Disable SSH function. Protocol V1: Select Enable/Disable SSH V1 to be the supported protocol. Protocol V2: Select Enable/Disable SSH V2 to be the supported protocol.
Page 43 After the Key File is downloaded, the user’s original key of the same type will be replaced. The wrong uploaded file will result in the SSH access to the switch via Password authentication. Application Example 1 for SSH: Network Requirements ...
Page 44 2. PuTTY client software is recommended. Configuration Procedure  1. Select the key type and key length, and generate SSH key. Note: The key length is in the range of 256 to 3072 bits. During the key generation, randomly moving the mouse quickly can accelerate the key generation.
Page 45 2. After the key is successfully generated, please save the public key and private key to the computer. 3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Note: The key type should accord with the type of the key file.
Page 46 4. After the public key is downloaded, please log on to the interface of PuTTY and enter the IP address for login. 5. Click Browse to download the private key file to SSH client software and click Open.
Page 47 After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded. Note: Following the steps above, you have already entered the User EXEC Mode of the switch. However, to configure the switch, you need a password to enter the Privileged EXEC Mode first.
Page 48: Chapter 5 Stack
Chapter 5 Stack The stack technology is to connect multiple stackable devices through their StackWise ports, forming a stack which works as a unified system and presents as a single entity to the network in Layer 2 and Layer 3 protocols. It enables multiple devices to collaborate and be managed as a whole, which improves the performance and simplifies the management of the devices efficiently.
Page 49 In a ring connected stack, it can still operate normally by transforming into a daisy chained stack when link failure occurs, which further ensures the normal operation of load distribution and backup across devices and links as Figure 5-2 shows. Figure 5-2 Load Distribution and Backup across Devices 3.
Page 50 Stack Introduction  1. Stack Elements 1) Stack Role Each device in the stack system is called stack member. Each stack member processes services packets and plays a role which is either master or slave in the stack system. The differences between master and slave are described as below: Master: Indicates the device is responsible for managing the entire stack system.
Page 51 1) Connecting the stack members To establish a stack, please physically connect the stack ports of the member devices with cables. The stack ports of T2700-28TQ can be used for stack connection or as normal Ethernet Gigabit port. When you want to establish a stack, the stack mode of the related ports should be configured as "Enable".
Page 52 The master is elected based on the following rules and in the order listed: The switch that is currently the stack master. The switch with the highest stack member priority value. The switch with the lowest MAC address. After master election, the stack forms and enters into stack management and maintenance stage.
Page 53 Port Number Format: • The format of port number should be Unit Number/Slot Number/Port Number. Among them: Unit Number: The default unit number of the switch is 1. If a device has joined stack system, the unit number which the device possesses in the stack system will be kept using as its unit number after the device leaves the stack system.
Page 54: Stack Management
5.1 Stack Management Before configuring the stack, we highly recommend you to prepare the configuration planning with a clear set of the role and function of each member device. Some configuration needs device reboot to take effect, so you are kindly recommended to configure the stack at first, next connect the devices physically after powering off them, then you can power them on and the devices will join the stack automatically.
Page 55: Stack Config
Role: Displays the stack role of the member switch in the stack. There are two options: Master and Slave. Displays the MAC address of the member switch. MAC Address： Priority: Displays the member priority of the member switch. The higher the value is, the more likely the member will be elected as the master.
Page 56: Switch Renumber
The following entries are displayed on this screen: Stack Config  Enter the name of the stack. The length of this field should be 1-30 Stack Name： characters. After the stack is established, the name of master determines the stack name. Select the authentication mode used in stack creation.
Page 57: Application Example For Stack
Choose the menu Stack Management→Switch Renumber to load the following page. Figure 5-9 Switch Renumber The following entries are displayed on this screen: Switch Renumber  Select: Select the desired entry. It is multi-optional. Current Unit: Displays the current unit number of the member switch. Designated Unit: Configure the unit number of the member switch.
Page 58 Configuration Procedure  Configure switch A, B, C and D before physically connecting them:  Step Operation Description Configure stack Optional. On Stack Management→Stack Config page, name. configure the stack name. Configure stack port Required. On Stack Management→Stack Config page, mode.
Page 59: Chapter 6 Switching
Chapter 6 Switching Switching module is used to configure the basic functions of the switch, including four submenus: Port, LAG, Traffic Monitor and MAC Address. 6.1 Port The Port function, allowing you to configure the basic features for the port, is implemented on the Port Config, Port Mirror, Port Security, Port Isolation and Loopback Detection pages.
Page 60: Port Mirror
Description: Give a description to the port for identification. Status: Allows you to Enable/Disable the port. When Enable is selected, the port can forward the packets normally. Speed: Select the Speed mode for the port. The device connected to the switch should be in the same Speed and Duplex mode with the switch.
Page 61 The following entries are displayed on this screen. Mirror Session List  Session: This column displays the mirror session number. Destination: This column displays the mirroring port. Mode: This column displays the mirror mode. Source: This column displays the mirrored ports. Operation: You can configure the mirror session by clicking the Edit, or clear the mirror session configuration by clicking the Clear.
Page 62: Port Security
The following entries are displayed on this screen. Mirror Session  Session: Displays session number. Destination Port  Destination Port: Input or select a physical port from the port panel as the mirroring port. Source Port  Select: Select the desired port as a mirrored port. It is multi-optional. Port: Displays the port number.
Page 63 Choose the menu Switching→Port→Port Security to load the following page. Figure 6-4 Port Security The following entries are displayed on this screen: Port Security  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for Port Security configuration. It is multi-optional.
Page 64: Port Isolation
Learn Mode: Select the Learn Mode for the port. • Dynamic: When Dynamic mode is selected, the learned MAC address will be deleted automatically after the aging time. • Static: When Static mode is selected, the learned MAC address will be out of the influence of the aging time and can only be deleted manually.
Page 65: Loopback Detection
Click the Edit button to configure the port isolation list in the following page: Figure 6-6 Port Isolation Config Port Isolation Config  UNIT: Select the unit ID of the desired member in the stack. Port: Select the port number to set its forward list. It is multi-optional. Forward Portlist: Select the port that to be forwarded to.
Page 66 Choose the menu Switching → Port → Loopback Detection to load the following page. Figure 6-7 Loopback Detection Config The following entries are displayed on this screen: Global Config  LoopbackDetection Here you can enable or disable Loopback Detection function Status: globally.
Page 67: Lag
Port Config  Select: Select the desired port for Loopback Detection configuration. It is multi-optional. Port: Displays the port number. Status: Enable or disable Loopback Detection function for the port. Operation Mode: Select the mode how the switch processes the detected loops. Alert: When a loop is detected, display an alert.
Page 68: Lag Table
Tips: Calculate the bandwidth for a LAG: If a LAG consists of the four ports in the speed of 1000Mbps Full Duplex, the whole bandwidth of the LAG is up to 8000Mbps (2000Mbps * 4) because the bandwidth of each member port is 2000Mbps counting the up-linked speed of 1000Mbps and the down-linked speed of 1000Mbps.
Page 69: Static Lag
Operation: Allows you to view or modify the information for each LAG. • Edit: Click to modify the settings of the LAG. • Detail: Click to get the information of the LAG. Click the Detail button for the detailed information of your selected LAG. Figure 6-9 Detail Information 6.2.2 Static LAG On this page, you can manually configure the LAG.
Page 70: Lacp Config
The following entries are displayed on this screen: LAG Config  Group Number: Select a Group Number for the LAG. Description: Displays the description of the LAG for identification. Member Port  UNIT: Select the unit ID of the desired member in the stack. Member Port: Select the port as the LAG member.
Page 71 Choose the menu Switching→LAG→LACP Config to load the following page. Figure 6-11 LACP Config The following entries are displayed on this screen: Global Config  System Priority: Specify the system priority for the switch. The system priority and MAC address constitute the system identification (ID). A lower system priority value indicates a higher system priority.
Page 72: Traffic Monitor
member. The port with smaller Port Priority will be considered as the preferred one. If the two port priorities are equal; the port with smaller port number is preferred. Mode: Specify LACP mode for your selected port. Status: Enable/Disable the LACP feature for your selected port. LAG: Displays the LAG number which the port belongs to.
Page 73: Traffic Statistics
The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Allows you to Enable/Disable refreshing the Traffic Summary automatically. Refresh Rate: Enter a value in seconds to specify the refresh interval. Traffic Summary  UNIT: Select the unit ID of the desired member in the stack. Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered.
Page 74 Choose the menu Switching→Traffic Monitor→Traffic Statistics to load the following page. Figure 6-13 Traffic Statistics The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Allows you to Enable/Disable refreshing the Traffic Summary automatically. Refresh Rate: Enter a value in seconds to specify the refresh interval. Port Select ...
Page 75: Mac Address
Statistics  Port: Enter a port number and click the Select button to view the traffic statistics of the corresponding port. Received: Displays the details of the packets received on the port. Sent: Displays the details of the packets transmitted on the port. Broadcast: Displays the number of good broadcast packets received or transmitted on the port.
Page 76: Address Table
The address filtering feature allows the switch to filter the undesired packets and forbid its forwarding so as to improve the network security. The types and the features of the MAC Address Table are listed as the following: Being kept after reboot Relationship between bound Type...
Page 77 Choose the menu Switching→MAC Address→Address Table to load the following page. Figure 6-14 Address Table The following entries are displayed on this screen: Search Option  MAC Address: Enter the MAC address of your desired entry. VLAN ID: Enter the VLAN ID of your desired entry. Port: Select the corresponding port number or link-aggregation number of your desired entry.
Page 78: Static Address
MAC Address: Displays the MAC address learned by the switch. VLAN ID: Displays the corresponding VLAN ID of the MAC address. Port: Displays the corresponding port number or link-aggregation number of the MAC address. Type: Displays the Type of the MAC address. Aging Status: Displays the Aging status of the MAC address.
Page 79: Dynamic Address
UNIT: Select the unit ID of the desired member in the stack. Port: Select a port to be bound. Search Option  Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in the Static Address Table. MAC: Enter the MAC address of your desired entry.
Page 80 Choose the menu Switching→MAC Address→Dynamic Address to load the following page. Figure 6-16 Dynamic Address The following entries are displayed on this screen: Aging Config  Auto Aging: Allows you to Enable/Disable the Auto Aging feature. Aging Time: Enter the Aging Time for the dynamic address. Search Option ...
Page 81: Filtering Address
Aging Status: Displays the Aging Status of the MAC address. Bind: Click the Bind button to bind the MAC address of your selected entry to the corresponding port statically. Tips: Setting aging time properly helps implement effective MAC address aging. The aging time that is too long or too short results in a decrease of the switch performance.
Page 82 Search Option  Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in the Filtering Address Table. MAC Address: Enter the MAC address of your desired entry. • • VLAN ID: Enter the VLAN ID number of your desired entry.
Page 83: Chapter 7 Vlan
Chapter 7 VLAN The traditional Ethernet is a data network communication technology basing on CSMA/CD (Carrier Sense Multiple Access/Collision Detect) via shared communication medium. Through the traditional Ethernet, the overfull hosts in LAN will result in serious collision, flooding broadcasts, poor performance or even breakdown of the Internet.
Page 84: Q Vlan
packets with the MAC VLAN, Protocol VLAN and 802.1Q VLAN in turn. If a packet is matched, the switch will add a corresponding VLAN tag to it and forward it in the corresponding VLAN. 7.1 802.1Q VLAN VLAN tags in the packets are necessary for the switch to identify packets of different VLANs. The switch works at the data link layer in OSI model and it can identify the data link layer encapsulation of the packet only, so you can add the VLAN tag field into the data link layer encapsulation for identification.
Page 85: Vlan Config
GENERAL: The GENERAL port can be added in multiple VLANs and set various egress rules according to the different VLANs. The default egress rule is UNTAG. The PVID can be set as the VID number of any valid VLAN. PVID ...
Page 86 Choose the menu VLAN→802.1Q VLAN→VLAN Config to load the following page. Figure 7-3 VLAN Table To ensure the normal communication of the factory switch, the default VLAN of all ports is set to VLAN1. The following entries are displayed on this screen: VLAN Table ...
Page 87: Port Config
Figure 7-4 Create or Modify 802.1Q VLAN The following entries are displayed on this screen: VLAN Info  VLAN ID: Enter the ID number of VLAN. Name: Displays the user-defined name of VLAN. Untagged port: Displays the untagged port which is ACCESS, TRUNK or GENERAL.
Page 88 Choose the menu VLAN→802.1Q VLAN→Port Config to load the following page. Figure 7-5 802.1Q VLAN – Port Config The following entries are displayed on this screen: VLAN Port Config  Select the unit ID of the desired member in the stack. UNIT: Select the desired port for configuration.
Page 89: Application Example For 802.1Q Vlan
LAG: Displays the LAG to which the port belongs. VLAN: Click the Detail button to view the information of the VLAN to which the port belongs. Click the Detail button to view the information of the corresponding VLAN. Figure 7-6 View the Current VLAN of Port The following entries are displayed on this screen: VLAN of Port ...
Page 90: Mac Vlan
Network Diagram  Configuration Procedure  Configure switch A  Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure Link Type of the the link type of Port 2, Port 3 and Port 4 as ACCESS, TRUNK and ports ACCESS respectively Required.
Page 91: Mac Vlan
The packet in MAC VLAN is processed in the following way: When receiving an untagged packet, the switch matches the packet with the current MAC VLAN. If the packet is matched, the switch will add a corresponding MAC VLAN tag to it. If no MAC VLAN is matched, the switch will add a tag to the packet according to the PVID of the received port.
Page 92: Port Enable
Operation: Click the Edit button to modify the settings of the entry. And click the Modify button to apply your settings. 7.3.2 Port Enable On this page, you can enable the port for the MAC VLAN feature. Only the port is enabled, can the configured MAC VLAN take effect.
Page 93 The MAC address of Notebook A is 00-19-56-8A-4C-71, Notebook B’s MAC address is  00-19-56-82-3B-70. Network Diagram  Configuration Procedure  Configure switch A  Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the link type of Port 11 and Port 12 as GENERAL and TRUNK respectively.
Page 94: Protocol Vlan
Configure switch B  Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the link type of Port 21 and Port 22 as GENERAL and TRUNK respectively. ports Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 21 and Port 22, and configure the egress rule of Port 21 as Untag.
Page 95: Protocol Group Table
Protocol Type Type value 0x8137 IS-IS 0x8000 LACP 0x8809 802.1X 0x888E Table 7-2 Protocol types in common use The packet in Protocol VLAN is processed in the following way: When receiving an untagged packet, the switch matches the packet with the current Protocol VLAN.
Page 96: Protocol Group
7.5.2 Protocol Group On this page, you can configure the Protocol Group. Choose the menu VLAN→Protocol VLAN→Protocol Group to load the following page. Figure 7-10 Enable Protocol VLAN for Port Protocol Group Config  Protocol Name: Select the defined protocol template. VLAN ID: Enter the ID number of the Protocol VLAN.
Page 97 Choose the menu VLAN→Protocol VLAN→Protocol Template to load the following page. Figure 7-11 Create and View Protocol Template The following entries are displayed on this screen: Create Protocol Template  Protocol Name: Give a name for the Protocol Template. Frame Type: Select a Frame Type for the Protocol Template.
Page 98: Application Example For Protocol Vlan
Step Operation Description Create VLAN. Required. On the VLAN→802.1Q VLAN→VLAN Config page, click the Create button to create a VLAN. Enter the VLAN ID and the description for the VLAN. Meanwhile, specify its member ports. Create Protocol Template. Required. On the VLAN→Protocol VLAN→Protocol Template page, create the Protocol Template before configuring Protocol VLAN.
Page 99 Network Diagram  Configuration Procedure  Configure switch A  Step Operation Description Configure Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the link type of Port 11 and Port 13 as ACCESS, and configure the link type ports of Port 12 as GENERAL.
Page 100: Vlan Vpn
Step Operation Description Create Protocol Required. On VLAN→Protocol VLAN→Protocol Template page, Template configure the protocol template practically. E.g. the Ether Type of IP network packets is 0800 and that of AppleTalk network packets is 809B. Create Protocol On VLAN→Protocol VLAN→Protocol Group page, create protocol VLAN 10 VLAN 10 with Protocol as IP.
Page 101: Vpn Config
Protocol type Value LACP 0x8809 802.1X 0x888E Table 7-3 Values of Ethernet frame protocol type in common use This VLAN VPN function is implemented on the VPN Config, VLAN Mapping and Port Enable pages. 7.7.1 VPN Config This page allows you to enable the VPN function, adjust the global TPID for VLAN-VPN packets and enable the VPN up-link port.
Page 102: Vlan Mapping
Figure 7-13 Enable Port for VLAN Mapping VPN Port Enable  UNIT: Select the unit ID of the desired member in the stack. Select your desired port for VLAN Mapping function. All the ports are disabled for VLAN Mapping function by default. 7.7.3 VLAN Mapping VLAN Mapping function allows the VLAN TAG of the packets to be replaced with the new VLAN TAG according to the VLAN Mapping entries.
Page 103 The following entries are displayed on this screen: Global Config  VLAN Mapping: Enable/Disable the VLAN mapping function. Enable/Disable the VLAN mapping function. If VLAN mapping is disabled and VLAN VPN is enabled, the packet will be encapsulated with an outer tag according to the PVID of its arriving port.
Page 104: Gvrp
Configuration Procedure of VLAN VPN Function: Step Operation Description Enable VPN mode. Required. On the VLAN→VLAN VPN→VPN Config page, enable the VPN mode. Optional. On the VLAN→VLAN VPN→VPN Config page, Configure the global TPID. configure the global TPID basing on the devices connected to the up-link port.
Page 105 • When a GARP entity expects other switches to register certain attribute Join Message: information of its own, it sends out a Join message. And when receiving the Join message from the other entity or configuring some attributes statically, the device also sends out a Join message in order to be registered by the other GARP entities.
Page 106 In this switch, only the port with TRUNK link type can be set as the GVRP application entity to maintain the VLAN registration information. GVRP has the following three port registration modes: Normal, Fixed, and Forbidden. • Normal: In this mode, a port can dynamically register/deregister a VLAN and propagate the dynamic/static VLAN information.
Page 107 Port Config  Unit: Select the unit ID of the desired member in the stack. Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. Status: Enable/Disable the GVRP feature for the port. The port type should be set to TRUNK before enabling the GVRP feature.
Page 108: Private Vlan
7.9 Private VLAN Private VLANs, designed to save VLAN resources of uplink devices and decrease broadcast, are sets of VLAN pairs that share a common primary identifier. To guarantee user information security, the ease with which to manage and account traffic for service providers, in campus network, service providers usually require that each individual user is Layer-2 separated.
Page 109: Pvlan Config
4. A Primary VLAN can be associated with multi-Secondary VLANs to create multi-Private VLANs. Private VLAN Implementation  To hide Secondary VLANs from uplink devices and save VLAN resources, Private VLAN containing one Primary VLAN and one Secondary VLAN requires the following characteristics: Packets from different Secondary VLANs can be forwarded to the uplink device via ...
Page 110: Port Config
Search Option  Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in Private VLAN. All: Enter either the Primary VLAN ID or Secondary VLAN ID of  the desired Private VLAN. Primary VLAN ID: Enter the Primary VLAN ID number of the ...
Page 111: Application Example For Private Vlan
The following entries are displayed on this screen: Port Config  Port selected: Select the desired port for configuration. You can input one or select from the port table down the blank. Port Type: Select the Port Type from the pull-down list for the port. Primary VLAN: Specify the Primary VLAN the port belongs to.
Page 112 Network Diagram  Configuration Procedure  Configure Switch C  Step Operation Description Create VLAN6 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 6, owning Port 1/0/1. Configure switch A  Step Operation Description Create Private Required.
Page 113 Configure switch B  Step Operation Description Create Private Required. On the VLAN→Private VLAN→PVLAN Config page, VLANs. enter the Primary VLAN 6 and Secondary VLAN 5 and 8, select one type of secondary VLAN and then click the Create button. Required.
Page 114: Chapter 8 Spanning Tree
Chapter 8 Spanning Tree STP (Spanning Tree Protocol), subject to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network and block ports by exchanging information, in that way, a ring network can be disbranched to form a tree-topological ring-free network to prevent packets from being duplicated and forwarded endlessly in the network.
Page 115 Port: Port 3 is the root port of switch B and port 5 is the root port of switch C; port 1 and 2 are  the designated ports of switch A and port 4 is the designated port of switch B; port 6 is the blocked port of switch C.
Page 116 Comparing BPDUs  Each switch sends out configuration BPDUs and receives a configuration BPDU on one of its ports from another switch. The following table shows the comparing operations. Step Operation If the priority of the BPDU received on the port is lower than that of the BPDU if of the port itself, the switch discards the BPDU and does not change the BPDU of the port.
Page 117 The condition for the root port to transit its port state rapidly: The old root port of the switch  stops forwarding data and the designated port of the upstream switch begins to forward data. The condition for the designated port to transit its port state rapidly: The designated port is ...
Page 118 Figure 8-2 Basic MSTP diagram MSTP  MSTP divides a network into several MST regions. The CST is generated between these MST regions, and multiple spanning trees can be generated in each MST region. Each spanning trees is called an instance. As well as STP, MSTP uses BPDUs to generate spanning tree. The only difference is that the BPDU for MSTP carries the MSTP configuration information on the switches.
Page 119: Stp Config
Figure 8-3 Port roles The Spanning Tree module is mainly for spanning tree configuration of the switch, including four submenus: STP Config, Port Config, MSTP Instance and STP Security. 8.1 STP Config The STP Config function, for global configuration of spanning trees on the switch, can be implemented on STP Config and STP Summary pages.
Page 120 The following entries are displayed on this screen: Global Config  Spanning Tree: Select Enable/Disable STP function globally on the switch. Mode: Select the desired STP version on the switch. STP: Spanning Tree Protocol.  RSTP: Rapid Spanning Tree Protocol. ...
Page 121: Stp Summary
turn handicaps spanning trees being regenerated in time and makes the network less adaptive. The default value is recommended. If the TxHold Count parameter is too large, the number of MSTP packets being sent in each hello time may be increased with occupying too much network resources. The default value is recommended.
Page 122: Port Config
8.2 Port Config On this page you can configure the parameters of the ports for CIST Choose the menu Spanning Tree→Port Config to load the following page. Figure 8-6 Port Config The following entries are displayed on this screen: Port Config ...
Page 123: Mstp Instance
Port Role: Displays the role of the port played in the STP Instance. Root Port: Indicates the port that has the lowest path cost from  this bridge to the Root Bridge and forwards packets to the root. Designated Port: Indicates the port that forwards packets to a ...
Page 124: Instance Config
Choose the menu Spanning Tree→MSTP Instance→Region Config to load the following page. Figure 8-7 Region Config The following entries are displayed on this screen: Region Config  Region Name: Create a name for MST region identification using up to 32 characters. Revision: Enter the revision from 0 to 65535 for MST region identification.
Page 125: Instance Port Config
VLAN ID: Enter the desired VLAN ID. Click 'Add' button, the new VLAN ID will be added to the corresponding instance ID and the previous VLAN ID won't be replaced. Click 'Delete' button, the VLAN ID will be delete from the corresponding instance ID. Instance Config ...
Page 126 Choose the menu Spanning Tree→MSTP Instance→Instance Port Config to load the following page. Figure 8-9 Instance Port Config The following entries are displayed on this screen: Instance ID Select  Instance ID: Select the desired instance ID for its port configuration. Instance Port Config ...
Page 127: Stp Security
Path Cost: Path Cost is used to choose the path and calculate the path costs of ports in an MST region. It is an important criterion on determining the root port. The lower value has the higher priority. Port Role: Displays the role of the port played in the MSTP Instance.
Page 128 spanning trees being regenerated and roles of ports being reselected, and causes the blocked ports to transit to forwarding state. Therefore, loops may be incurred in the network. The loop protect function can suppresses loops. With this function enabled, a port, regardless of the role it plays in instances, is always set to blocking state, when the port does not receive BPDU packets from the upstream switch and spanning trees are regenerated, and thereby loops can be prevented.
Page 129 Choose the menu Spanning Tree→STP Security→Port Protect to load the following page. Figure 8-10 Port Protect The following entries are displayed on this screen: Port Protect  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for port protect configuration.
Page 130: Tc Protect
8.4.2 TC Protect When TC Protect is enabled for the port on Port Protect page, the TC threshold and TC protect cycle need to be configured on this page. Choose the menu Spanning Tree→STP Security→TC Protect to load the following page. Figure 8-11 TC Protect The following entries are displayed on this screen: TC Protect...
Page 131 On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Spanning Tree→MSTP...
Page 132 On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Configure VLAN-to-Instance Spanning Tree→MSTP...
Page 133 On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. Spanning Tree→MSTP Instance→Instance...
Page 134 For Instance 2 (VLAN 102, 104 and 106), the blue paths in the following figure are connected  links; the gray paths are the blocked links. Suggestion for Configuration  Enable TC Protect function for all the ports of switches. ...
Page 135: Chapter 9 Multicast
Chapter 9 Multicast Multicast Overview  In the network, packets are sent in three modes: unicast, broadcast and multicast. In unicast, the source server sends separate copy information to each receiver. When a large number of users require this information, the server must send many pieces of information with the same content to the users.
Page 136 Multicast Address  1. Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination addresses of multicast packets. The multicast IP addresses range from 224.0.0.0~239.255.255.255. The following table displays the range and description of several special multicast IP addresses.
Page 137: Igmp Snooping
IGMP Snooping  In the network, the hosts apply to the near Router for joining (leaving) a multicast group by sending IGMP (Internet Group Management Protocol) messages. When the up-stream device forwards down the multicast data, the switch is responsible for sending them to the hosts. IGMP Snooping is a multicast control mechanism, which can be used on the switch for dynamic registration of the multicast group.
Page 138: Snooping Config
3. IGMP Leave Message The host, running IGMPv1, does not send IGMP leave message when leaving a multicast group, as a result, the switch cannot get the leave information of the host momentarily. However, after leaving the multicast group, the host does not send IGMP report message any more, so the switch will remove the port from the corresponding multicast address table when its member port time times out.
Page 139 Choose the menu Multicast→IGMP Snooping→Snooping Config to load the following page. Figure 9-4 Basic Config The following entries are displayed on this screen: Global Config  IGMP Snooping: Select Enable/Disable IGMP Snooping function globally on the switch. Unknown Multicast: Select the operation for the switch to process unknown multicast, Forward or Discard.
Page 140: Port Config
9.1.2 Port Config On this page you can configure the IGMP feature for ports of the switch. Choose the menu Multicast→IGMP Snooping→Port Config to load the following page. Figure 9-5 Port Config The following entries are displayed on this screen: Port Config ...
Page 141: Vlan Config
9.1.3 VLAN Config Multicast groups established by IGMP Snooping are based on VLANs. On this page you can configure different IGMP parameters for different VLANs. Choose the menu Multicast→IGMP Snooping→VLAN Config to load the following page. Figure 9-6 VLAN Config The following entries are displayed on this screen: VLAN Config ...
Page 142: Multicast Vlan
Router Port Time: Displays the router port time of the VLAN. Member Port Time: Displays the member port time of the VLAN. Leave Time: Displays the leave time of the VLAN. Static Router Ports: Displays the static router ports of the VLAN. Dynamic Router Displays the dynamic router ports of the VLAN.
Page 143 Choose the menu Multicast→IGMP Snooping→Multicast VLAN to load the following page. Figure 9-7 Multicast VLAN The following entries are displayed on this screen: Multicast VLAN  Multicast VLAN: Select Enable/Disable Multicast VLAN feature. VLAN ID: Enter the VLAN ID of the multicast VLAN. Router Port Time: Specify the aging time of the router port.
Page 144: Querier Config
Static Router Ports: Select the desired port as the static router port which is mainly used in the network with stable topology. Note: The router port should be in the multicast VLAN, otherwise the member ports cannot receive multicast streams. The Multicast VLAN won't take effect unless you first complete the configuration for the corresponding VLAN owning the port on the 802.1Q VLAN page.
Page 145 Choose the menu Multicast→IGMP Snooping→Querier Config to load the following page. Figure 9-8 Packet Statistics The following entries are displayed on this screen: IGMP Snooping Querier Config  VLAN ID: Enter the ID of the VLAN that enables IGMP Snooping Querier. Query Interval: Enter the time interval of sending a general query frame by IGMP Snooping Querier.
Page 146: Application Example For Multicast Vlan
VLAN ID: Displays the ID of the VLAN that enables IGMP Snooping Querier. Query Interval: Displays the Query Interval of the IGMP Snooping Querier. Max Response Displays the maximal time for the host to respond to a general Time: query frame sent by IGMP Snooping Querier. General Query Displays the source IP of the general query frame sent by IGMP Source IP:...
Page 147: Multicast Ip
Configuration Procedure  Step Operation Description Create VLANs Create three VLANs with the VLAN ID 3, 4 and 5 respectively, and specify the description of VLAN3 as Multicast VLAN on VLAN→802.1Q VLAN page. Configure ports On VLAN→802.1Q VLAN function pages. For port 3, configure its link type as GENERAL and its egress rule as TAG, and add it to VLAN3, VLAN4 and VLAN5.
Page 148: Static Multicast Ip
The following entries are displayed on this screen: Search Option  Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly. All: Displays all multicast IP entries.  Multicast IP: Enter the multicast IP address the desired entry ...
Page 149 Choose the menu Multicast→Multicast IP→Static Multicast IP to load the following page. Figure9-10 Static Multicast IP Table The following entries are displayed on this screen: Create Static Multicast  Multicast IP: Enter static multicast IP address. VLAN ID: Enter the VLAN ID of the multicast IP. Forward Port: Select the forward port of the multicast group.
Page 150: Multicast Filter
Static Multicast IP Table  Multicast IP: Displays the multicast IP. VLAN ID: Displays the VLAN ID of the multicast group. Forward Port: Displays the forward port of the multicast group. 9.4 Multicast Filter When IGMP Snooping is enabled, you can specified the multicast IP-range the ports can join so as to restrict users ordering multicast programs via configuring multicast filter rules.
Page 151 Mode: The attributes of the profile. Permit: Only permit the IP address within the IP range and  deny others. Deny: Only deny the IP address within the IP range and  permit others. Search Option  All: Displays all the profile entries. Profile ID: Enter the profile ID the desired entry must carry.
Page 152: Profile Binding
Mode: Configure the filter mode of the profile. ADD IP-range:  Start IP: Enter the start IP address of the IP-range to the selected profile. End IP: Enter the end IP address of the IP-range to the selected profile. IP-range Table: ...
Page 153: Packet Statistics
The following entries are displayed on this screen: Profile and Max Group Binding  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration. Port: It is multi-optional. Displays the port number. Profile ID: The existing Profile ID bound to the selected port.
Page 154 Choose the menu Multicast→Packet Statistics to load the following page. Figure 9-14 Packet Statistics The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Select Enable/Disable auto refresh feature. Refresh Period: Enter the time from 3 to 300 in seconds to specify the auto refresh period.
Page 155: Chapter 10 Routing
Chapter 10 Routing Routing is the method by which the host or gateway decides where to send the datagram. Routing is the task of finding a path from a sender to a desired destination. It may be able to send the datagram directly to the destination, if that destination is on one of the networks that are directly connected to the host or gateway.
Page 156 Admin Status: Specify interface administrator status. Choose 'Disable' to disable the interface's Layer 3 capabilities. Interface Name: Specify the name of the network interface. Interface List  Select : Select the interfaces to modify or delete. Displays the ID of the interface. Mode: Display IP address allocation mode.
Page 157 Admin Status: View and modify the Admin status. Choose 'Disable' to disable the interface's Layer 3 capabilities. Interface Name: View and modify the interface name. Click Detail to display the following figure: Figure 10-3 Detail Information Detail Information  Interface ID: Displays ID of the interface, including VLAN ID, loopback interface and routed port.
Page 158: Routing Table
Interface Setting Detail Information  Displays the detailed setting information of the interface. 10.2 Routing Table This page displays the routing information summary generated by different routing protocols. Choose the menu Routing→Routing Table→Routing Table to load the following page. Figure 10-4 Routing Table Routing Information Summary ...
Page 159: Application Example For Static Routing
The following entries are displayed on this screen: Static Routing Config  Specify the destination IP address of the packets. Destination: Subnet Mask: Specify the subnet mask of the destination IP address. Next Hop: Enter the IP address to which the packet should be sent next. Distance: Enter the distance metric of route.
Page 160: Dhcp Server
Configuration Procedure  Configure Switch A  Steps Operation Note Required. On page Routing→Interface→Interface Config, add Add interface VLAN 10 interface VLAN 10 with the mode as static, the IP address as 192.168.0.1, the mask as 255.255.255.0 and the interface name as VLAN10.
Page 161 additional configuration options. DHCP captures the behavior of DHCP participants so the administrator can manage the parameters of the host in the network. As workstations and personal computers proliferate on the Internet, the administrative complexity of maintaining a network is increased by an order of magnitude. The assignment of local network resources to each client represents one such difficulty.
Page 162 fixed format section of the message and appending tagged data items in the variable length option area. The process is shown as follows. igure 10-7 The Process of DHCP DHCP discover: the client broadcasts messages on the physical subnet to discover available DHCP servers in the LAN.
Page 163 The names for the fields given in the figure will be used throughout this document to refer to the fields in DHCP messages. Figure 10-8 The Format of DHCP Message op：Message type, ‘1’ = BOOT-REQUEST, ‘2’ = BOOT-REPLY. htype：Hardware address type, '1' for ethernet. hlen：Hardware address length, '6' for ethernet.
Page 164 14) file：Boot file name, null terminated string, "generic" name or null in DHCPDISCOVER, fully qualified directory-path name in DHCPOFFER. 15) options： Optional parameters field. See the options documents (RFC 2132) for a list of defined options. We will introduce some familiar options in the next section. DHCP Option ...
Page 165 option 55：Parameter Request List option. This option is used by a DHCP client to request values for specified configuration parameters. 10) option 61：Client hardware address. 11) option 66：TFTP server name option. This option is used to identify a TFTP server. 12) option 67：Boot-file name option.
Page 166: Dhcp Server
With a DHCP Relay running between the client and the server, when receiving a  DHCP-DISCOVER packet transmitting from the Relay, the switch will choose the IP from the IP pool in the same subnet with the Relay’s IP to assign to the client. If the IP pool is not configured on the switch or the configured IP pool doesn’t match the Relay’s network segment, the client may not get network parameters successfully.
Page 167 Choose the menu Routing→DHCP Server→DHCP Server to load the following page. Figure10-11 DHCP Server The following entries are displayed on this screen: Global Config  DHCP Server: Enable/Disable the switch as a DHCP server. Ping Time Config  Ping Packets: The number of packets to be sent.
Page 168: Pool Setting
10.4.2 Pool Setting This page shows you how to configure the IP pool in which the IP address can be assigned to the clients in the network. Choose the menu Routing→DHCP Server→DHCP Server Pool to load the following page. Figure 10-12 Pool Setting The following entries are displayed on this screen: DHCP Server Pool ...
Page 169: Manual Binding
Operation: Allows you to view or modify the information of the corresponding IP Pool. Edit: Click to modify the settings of the Pool.  Detail: Click to get the information of the Pool.  10.4.3 Manual Binding In this page, you can specify the IP address for specific clients, and then the switch will supply these specified parameters to them only for ever.
Page 170: Packet Statistics
Choose the menu Routing→DHCP Server→Binding Table to load the following page. Figure 10-14 DHCP Server Binding Table DHCP Server Binding Table  Displays the ID of the client. IP Address: Displays the IP address that the Switch has allocated to the client.
Page 171: Configuration Procedure
The following entries are displayed on this screen: Packets Received  BOOTREQUEST: Displays the Bootp Request packet received. DHCPDISCOVER: Displays the Discover packet received. DHCPREQUEST: Displays the Request packet received. DHCPDECLINE: Displays the Decline packet received. DHCPRELEASE: Displays the Release packet received. DHCPINFORM: Displays the Inform packet received.
Page 172: Application Example For Dhcp Server And Relay
10.4.6 Application Example for DHCP Server and Relay Network Requirements  Every building in the campus belongs to separate VLANs with different network segments.  The access points in each building are divided into two parts. One part is the fixed computers ...
Page 173: Dhcp Relay
Step Operation Note Configure the IP Required. On page Routing→DHCP Server→Pool Setting, address pool configure IP address pool parameters for each VLAN interface. Take VLAN10 as an example, configure its Network Address as 192.168.10.0, Subnet Mask as 255.255.255.0, Default gateway as 192.168.10.1 (the IP address of the VLAN interface), DNS Server as 160.20.30.2, and customize the Pool Name and Lease Time.
Page 174 Figure 10-16 DHCP Relay Application To allow all clients in different VLAN request IP address from one server successfully, the DHCP Relay function can transmit the DHCP packet between clients and server in different VLANs, and all clients in different VLANs can share one DHCP Server. When receiving DHCP-DISCOVER and DHCP-REQUEST packets, the switch will fill the ...
Page 175: Global Config
Specify the DHCP Server which assigns IP addresses actually. Option 82  On this switch, Option 82 is used to record the location of the DHCP Client, the ethernet port and the VLAN, etc. Upon receiving the DHCP-REQUEST packet, the switch adds the Option 82 field to the packet and then transmits the packet to DHCP Server.
Page 176: Dhcp Server
Choose the menu Routing→DHCP Relay→Global Config to load the following page. Figure 10-19 Global Config The following entries are displayed on this screen: Option 82 configuration  Configure the Option 82 which cannot be assigned by the switch. Option 82 Support: Enable or disable the Option 82 feature.
Page 177: Proxy Arp (License Required)
Choose the menu Routing→DHCP Relay→DHCP Server to load the following page. Figure 10-20 DHCP Server The following entries are displayed on this screen: Add DHCP Server Address  Interface ID: Select the interface type and enter the interface ID. Server Address: Enter the DHCP server IP address.
Page 178: Proxy Arp
Within the same network segment, hosts connecting with different VLAN interfaces can communicate with each other through Layer 3 forwarding by using proxy ARP function. The following example simply illustrates how proxy ARP works. Figure 10-21 ARP Application As shown in the figure above, PC A and PC B are in the same network segment but belong to different VLANs respectively.
Page 179: Application Example For Proxy Arp
Proxy ARP Information  Select: Select the desired item for configuration. It is multi-optional. IP Address: Displays the interface's IP address. Subnet Mask: Displays the interface's subnet mask. Interface: Displays the interface. Interface Name: Displays the name of the interface. Status: Enable/Disable the items selected.
Page 180: Arp
10.7 ARP This page displays the ARP table information. Choose the menu Routing→ARP→ARP Table to load the following page. Figure 10-23 ARP Table The following entries are displayed on this screen: ARP Table  Interface: Displays the network interface of arp entry. IP Address: Enter the DHCP server IP address.
Page 181 Next hop: IP address of the adjacent router’s interface to reach the destination.  Egress interface: Packet outgoing interface.  Metric: Cost from the local router to the destination.  Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 ...
Page 182 information of natural networks such as Class A, B, and C. That is why RIPv1 does not support discontinuous subnets. RIPv2 is a classless routing protocol. Compared with RIPv1, RIPv2 has the following advantages. Supporting route tags. Route tags are used in routing policies to flexibly control routes. ...
Page 183: Basic Config
Figure 10-25 RIPv2 Message Format The detailed explanations of each field are stated as following: Version: Version of RIP. For RIPv2 the value is 0x02.  Route Tag: Route Tag.  IP Address: Destination IP address. It can be a natural network address, subnet address ...
Page 184 Choose the menu Routing→RIP→Basic Config to load the following page. Figure 10-27 RIP Basic Config The following entries are displayed on this screen: RIP Enable  RIP Protocol: Choose to enable or disable the RIP function. By default is disable. Global Config ...
Page 185: Interface Config
RIP Distance: Set the RIP router distance. Auto Summary: If you select enable groups of adjacent routes will be summarized into single entries, in order to reduce the total number of entries The default is disable. Default Metric: Set the default metric for the redistributed routes. The valid values are (1 to 15).
Page 186: Rip Database
Status: The interface RIP status(up or down) is decided by the network status. You can't change it here. Send Version: Select the version of RIP control packets the interface should send from the pulldown menu. RIPv1:send RIP version 1 formatted packets via broadcast. ...
Page 187: Application Example For Rip
Choose the menu Routing→RIP→RIP Database to load the following page. Figure 10-29 RIP Database The following entries are displayed on this screen: RIP Route Table  Destination The destination IP address and subnet mask. Network: Next Hop: The Next hop IP address. Metric: The metric to reach the destination IP address.
Page 188: Ospf (License Required)
Configure Switch B  Steps Operation Note Required. On page Routing→ RIP→ Basic Config, enable RIP, Enable RIP select RIPv2 as RIP version. Enable the network Required. On page Routing→ RIP→ Basic Config Network segments where Enable part, add network segments 1.1.1.0, 10.1.1.0, 11.1.1.0, and the interfaces are enable RIP in these network segments.
Page 189 Figure 10-30 Common Scenario for OSPF routing protocol The network topology is more prone to changes in an autonomous system of larger size. The network adjustment of any one router could destabilize the whole network and cause massive OSPF packets to be forward repeatedly, and all the routers need to recalculate the routes, which would waste lots of network resources.
Page 190 In the automatic election, the router would in the first place select the highest loopback interface IP as the router ID. If the router doesn’t pre-define the loopback interfaces, it would select the address as the router ID. highest physical interface IP address 3.
Page 191 Figure 10-31 Diagram of DR/BDR Adjacency Relation DR or BDR is determined by the interface priority and router ID. First of all, whether a router could be the DR or BDR on a network is decided by its interface priority. The one of highest priority would be elected as DR or BDR;...
Page 192 After two routers have finished the synchronization of link state database, a complete adjacency relation will be established. When the intra-area routers have an identical link state database, each of them will calculate a loop-free topology through SPF algorithm with itself as the root thus to describe the shortest forward path to every network node it knows, and create a routing table according to the topology of shortest forward path and provide a basis for data forwarding.
Page 193 Figure 10-32 Steps to Establish a Complete Adjacency Relation Flooding As Figure 10-32 shows, two random routers will synchronize the link state database via LSA request, LSA update and LSA acknowledgement packets. But in the actual module of router network, how do the routers flood the change of local network to the entire network through LSA update packets? Figure 10-33 will introduce in details the flooding of the LSA update packets on the broadcast network.
Page 194 Figure 10-33 Flooding of the LSA DROthers multicast the LSA update of its directly-connected network to DR and BDR. After receiving the LSA update, DR floods it to all the adjacent routers. After receiving the LSA update from DR, the adjacent routers flood it to the other OSPF interfaces in their own areas.
Page 195 network connectivity at all time. The non-backbone Area 1 and Area 2 cannot communicate directly with each other, but they can exchange routing information through the backbone Area 0. On large-scale networks, an appropriate area partition can help greatly to save network resources and enhance the speed of the routing.
Page 196 Figure 10-36 Virtual Link Sketch As in Figure 10-36, ABR of Area 2 has no physical link to connect directly with the backbone area, in which case Area 2 could not communicate with others without configuring a virtual link. Then a virtual link between ABR1 and ABR2, passing through Area 1, could provide a logical link for Area 2 to connect with the backbone area.
Page 197 learn about the routing information from other areas, the size of the routing table of the routers in the stub area as well as the number of the routing message transferred would be reduced greatly. NSSA (Not-So-Stubby-Area) has a lot in common with stub area, but is not completely the same. NSSA doesn’t allow ABR to import the external routing information described by AS-External LSA, either.
Page 198 Figure 10-38 Discontinuous Network Segment Link State Database  When the routers in the network completely synchronize the link state database through LSA exchanges, they can calculate the shortest path tree by basing themselves as the root node. The OSPF protocol routing calculation is simply presented as below. Each OSPF router would generate LSA according to its own link state or routing information, and then send it through the update packets to the other OSPF routers in the network.
Page 199 Figure 10-39 OSPF Header Version: The version number of OSPF run by this device. For instance, the OSPF run by our IPv4 devices is of Version 2, and that run by IPv6 devices is of Version 3. Type: The type of this packet. There are totally five types of OSPF packets, as shown in the table below.
Page 200 Type Authentication Features Code Name Non-Authentication The 64-bit authentication information fields behind are all 0. Plain-text The 64-bit authentication information behind is the Authentication password to authenticate. MD5 Ciphertext The Key ID, authentication data length and Authentication encryption serial number work together to perform MD5 Ciphertext Authentication Table 10-4 Authentication Type HELLO Packet...
Page 201 Router Dead Interval: When the receiving router doesn’t receive another Hello packet update from the advertising router within the specified age time, it will delete the advertising router from its neighbor table. Only routers with the coincident dead interval can be neighbors. Designated Router ID: The interface IP of the router specified by the advertising router in the advertising interface network.
Page 202 LSR Packet During the synchronization of the link state database between two routers, if one router finds an updated LSA or an LSA it doesn’t have in the DD packet forwarded, it could send a LSR packet to request for a complete LSA. Figure 10-42 LSR Packet Link State Type: The type of LSA.
Page 203 Figure 10-43 LSU Packet LSA Quantity: The quantity of LSA included in the LSU. LSA: A complete description of LSA. LSAck Packet When receiving a LSU, the router will send to the router forwarding the LSU packet a LSAck packet including the LSA header it receives to confirm whether the data received is correct. OSPF protocol defines area and multiple router types.
Page 204 Type Name Features Code Originates from all the routers, and describes the router Router LSA interface which itself has already run the OSPF features and then spreads in its advertising area. Originates from DR, and describes the link state of all routers in Network LSA its connected network segment and then diffuses in its advertising area.
Page 205: Process
Configuration of Stub Area and NSSA. ABR route summarization – to summarize the intra-area routing information with the same prefix with a single route and then distribute it to other areas. 10) ASBR route summarization – to summarize the external routing information with the same prefix with a single route and then distribute it to the autonomous system.
Page 206: Basic
10.9.2 Basic Choose the menu Routing→OSPF→Basic to load the following page. Figure 10-46 OSPF Base The following entries are displayed on this screen: Select Current Process  Current Process: Select the desired OSPF process for configuration. Default Route Advertise Config ...
Page 207 OSPF Config  ASBR Mode: The router is an Autonomous System Boundary Router if it is configured to redistribute routes from another protocol, or if it is configured to originate an AS-External LSA advertising the default route. ABR Status: The router is an Area Border Router if it has active non-virtual interfaces in two or more OSPF areas.
Page 208: Network
Passive Default: Configure the global passive mode settings for all OSPF interfaces. Configuring this field will overwrite any present interface level passive mode settings. OSPF does not form adjacencies on passive interfaces, but does advertise attached networks as stub networks. The default value is 'Disable'.
Page 209: Interface
Area ID: Displays the area to which the network belongs. 10.9.4 Interface Choose the menu Routing→OSPF→Interface to load the following page. Figure10-48 OSPF Interface The following entries are displayed on this screen: Interface Table  Select: Select the desired item for configuration. It is multi-optional. Interface: The interface for which data is to be displayed or configured.
Page 210 Passive Mode: Make an interface passive to prevent OSPF from forming an adjacency on an interface. OSPF advertises networks attached to passive interfaces as stub networks. Interfaces are not passive by default. MTU Ignore: Disables OSPF MTU mismatch detection on received database description packets.
Page 211 The router establishes adjacencies to all other routers attached to the network. The Backup Designated Router performs slightly different functions during the Flooding Procedure, as compared to the Designated Router. DR Other: The interface is connected to a broadcast on ...
Page 212 Retransmit Interval: The retransmit interval for the specified interface. This is the number of seconds between link-state advertisements for adjacencies belonging to this router interface. This value is also used when retransmitting database descriptions and link-state request packets. The valid value ranges from 1 to 65535 seconds and the default is 5 seconds.
Page 213: Area
10.9.5 Area Choose the menu Routing→OSPF→Area to load the following page. Figure10-50 OSPF Area The following entries are displayed on this screen: Area Config  Process ID: Select the desired OSPF process for configuration. Area ID: The 32 bit unsigned integer that uniquely identifies the area. It can be in decimal format or dotted decimal format.
Page 214: Area Aggregation
Metric Type: Set the OSPF metric type of the default route. Two types are supported: External Type 1 and External Type 2. The default value is External Type 2. Metric: Specify the metric of the default route. The valid value ranges from 1 to 16777214 and the default is 1.
Page 215 Choose the menu Routing→OSPF→Area Aggregation to load the following page. Figure10-51 OSPF Area Aggregation The following entries are displayed on this screen: Area Aggregation Config  Process ID: Select the desired OSPF process for configuration. Area ID: The 32 bit unsigned integer that uniquely identifies the area. It can be in decimal format or dotted decimal format.
Page 216: Virtual Link
10.9.7 Virtual Link Choose the menu Routing→OSPF→Virtual Link to load the following page. Figure10-52 Virtual Link The following entries are displayed on this screen: Virtual Link Creation  Process ID: Select the desired OSPF process for configuration. Transit Area ID: The ID of the transit area.
Page 217: Route Redistribution
Transmit Delay: The Transit Delay for the specified interface. This specifies the estimated number of seconds it takes to transmit a link state update packet over the selected interface. The valid value ranges from 1 to 65535 seconds and the default is 1 second. Authentication You may select an authentication type other than none by Type:...
Page 218: Asbr Aggregation
Metric: Set the metric value to be used as the metric of redistributed routes. The valid value ranges from 1 to 16777214 and the default is equal to Default Metric configured on Basic page. Metric Type: Set the OSPF metric type of redistributed routes. The default is External Type 2.
Page 219: Neighbor Table
Advertise: Set whether or not the address range will be redistributed to OSPF domain via an AS-External LSA. The default is Enable. ASBR Aggregation Table  Process: Select one OSPF Process to display its address range list. Select: Select the desired item for configuration. It is multi-optional. IP Address: Displays the IP address of the address range.
Page 220 State: The state of the neighbor: Down: This is the initial state of a neighbor conversation.  It indicates that there has been no recent information received from the neighbor. On NBMA networks, Hello packets may still be sent to 'Down' neighbors, although at a reduced frequency.
Page 221: Link State Database
10.9.11 Link State Database Choose the menu Routing→OSPF→Link State Database to load the following page. Figure10-56 Link State Database The following entries are displayed on this screen: Link State Database  Process: Select one OSPF Process to display its link state database. Area ID: Displays the ID of the area to which the LSA belongs.
Page 222 Network Diagram  Configuration Procedure  Configure Switch A  Step Operation Description Create routing Required. On page Routing→Interface→Interface Config, create interfaces and routed port 1/0/1 with the IP 1.10.1.1/24 and routed port 1/0/2 with the their IP IP 1.20.1.1/24. addresses Create OSPF Required.
Page 223: Vrrp (License Required)
Configure Switch C  Step Operation Description Create routing Required. On page Routing→Interface→Interface Config, create interfaces and routed port 1/0/1 with the IP 1.20.2.1/24 and routed port 1/0/2 with the their IP IP 1.20.1.2/24. addresses Create OSPF Required. On page Routing→OSPF→Process, Create OPSF process process 1 and configure the Router ID as 3.3.3.3.
Page 224 still be provided and network interruption can be avoided after a single link fails without reconfiguration of dynamic routing or router discovery protocols, or default gateway configuration on every end-host. 2. Small network overhead. The single message that VRRP defines is the VRRP advertisement, which can only be sent by the master router.
Page 225 The VRRP priority ranges from 0 to 255 (the bigger the number is, the higher the priority is). Configurable range is 1-254. The priority value 0 is reserved for the current master when it gives up its role as master router. For example, when master router receives shutdown message, it would send VRRP packet with priority 0 to the backup group which the interface belongs to.
Page 226 interfaces and better performance can be elected as master router; and the stability of backup group is increased. When the router interface connecting the uplink fails, the backup group cannot recognize uplink breakdown. If this router is in Master state, hosts in the LAN cannot visit external network.
Page 227: Basic Config
VRRP Configuration  Before configuring VRRP, users should plan well to specify the role and function of the devices in backup groups. Every switch in backup group should be configured, which is the precondition to construct a backup group. 10.10.1 Basic Config VRRP (Virtual Routing Redundancy Protocol) is a function on the Switch that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.
Page 228 Virtual IP: Displays the primary Virtual IP associated with the VRRP. Priority: Displays the priority associated with the VRRP. Status: Displays the status associated with the VRRP. Other: Displays more information about the VRRP. Select All: Select all the VRRP items. Delete: Delete the selected items.
Page 229: Advanced Config
Running Priority: Displays the running priority associated with the VRRP. It ranges from 1 to 255. Advertise Timer: Displays the advertise timer associated with the VRRP. It ranges from 1 to 255. Preempt Delay Displays the preempt delay timer associated with the VRRP. It Timer: ranges from 0 to 255.
Page 230: Virtual Ip Config
Description: Enter the description associated with the VRRP. Numbers, characters and '_' are the only valid inputs, and the maximal length of the inputs is 8. Priority: Enter the Priority associated with the VRRP. It ranges from 1 to 254. Advertise Timer: Enter the advertise timer associated with the VRRP.
Page 231: Track Config
The following entries are displayed on this screen: Add Virtual IP  This filed is used to add virtual IP addresses associated with the VRRP. Up to five virtual IP addresses can be added for every VRRP. VRID: Select the VRID From the from the pull-down list. Interface: Select the Interface ID from the pull-down list.
Page 232: Virtual Router Statistics
The following entries are displayed on this screen: Add Track  This filed is used for adding track information associated with the VRRP. Up to 5 interfaces can be tracked for every VRRP. IP owner cannot track any interface. Interface: Select the Interface ID from the pull-down list.
Page 233 The following entries are displayed on this screen: Global Statistics  Router Checksum Displays the total number of VRRP packets received with an Errors: invalid VRRP checksum value. Router Version Displays the total number of VRRP packets received with an Errors: unknown or unsupported version number.
Page 234: Application Example For Vrrp
Packet Length Displays the number of packets received with a packet length Errors: less than the length of the VRRP header. Clear: Clear the statistics displayed on the web. Refresh: Refreshes the web page to show the latest VRRP information. Configuration Procedure：...
Page 235 Network Diagram  Configuration Procedure   Configure Switch A Step Operation Note Configure On page Routing→Interface→Interface Config, create the interface interface and its VLAN2, and configure its IP address as 192.168.1.1 and Subnet Mask IP address. as 255.255.255.0. Add port to the On page VLAN→802.1Q VLAN→VLAN Config, add port 5 to interface.
Page 236: Chapter 11 Multicast Routing (License Required)
Chapter 11 Multicast Routing (License Required) Overview of Multicast Routing Protocols  Note： The router and router icon mentioned in this chapter represent the router in general or the switch that runs the layer 3 multicast routing protocols. The multicast routing protocols run in layer 3 multicast devices and they create and maintain multicast routes to forward the multicast packets correctly and efficiently.
Page 237: Global Config
Multicast Router (or the Layer 3 Multicast Device): The router or switch that supports the layer  3 multicast functions, which contains the multicast routing function and the management function of the multicast group members. The multicast model divides into two types depending on whether there is an exact multicast source: ASM (Any-Source Multicast) and SSM (Source-Specific Multicast).
Page 238: Mroute Table
11.1.2 Mroute Table On this page you can get the desired mroute information through different search options. Choose the menu Multicast Routing→Global Config→Mroute Table to load the following page. Figure 11-2 Mroute Table The following entries are displayed on this screen: Search Option ...
Page 239: Igmp
11.2 IGMP Brief Introduction of IGMP  IGMP stands for Internet Group Management Protocol. It is responsible for the management of IP multicast members in IPv4, and is used to establish and maintain the multicast member relationships between the IP host and its directly neighboring multicast routers. So far, there are three IGMP versions: IGMPv1 (defined in RFC 1112) ...
Page 240 (3) After receiving the IGMP query message, the host that is interested in multicast group G1, either Host B or Host C (depending on whose latency timer runs out first) — for example Host B, will firstly multicast IGMP membership report message to G1 to declare it belongs to G1. As all the hosts and routers can receive this membership report message and the IGMP routers (Router A and Router B) already know there is a host interested in G1, Host C will not send its report message for G1 after it receives the report message of Host B.
Page 241 2. Leave-Group Mechanism When a host leaves a multicast group in IGMPv2: (1) The host will send leave group message to all the multicast routers in the local network with the multicast address 224.0.0.2. (2) After receiving this leave group message, the querier will send group-specific query message to the multicast group that the host announces to leave.
Page 242 Figure 11-4 IGMPv3 Multicast Source Filtering If the IGMP protocol running between the hosts and the multicast routers is IGMPv1 or IGMPv2, Host B will be unable to select its expecting sources when it joins the multicast group G. Thus whether needed or not, the multicast data from Source 1 and Source 2 will be transferred to Host When IGMPv3 is running between the hosts and the multicast routers, Host B will only expect the multicast data sending from Source 1 to G, referred as (S1, G), or refuse to receive the multicast...
Page 243: Interface Config
IS_EX: indicating the mapping relationship between the multicast group and the multicast  source list is EXCLUDE, which means the host will only receive the multicast data sending to this multicast group with its source not in the specified source list. TO_IN: indicating the mapping relationship between the multicast group and the multicast ...
Page 244: Interface State
Robustness: Specify the robustness of the selected interface, ranging from 1 to 255. The default is 2. The robustness variable determines the aging time of the member port after it receives the report message. The aging time = robustness* general-query-interval + query-max-response-time.
Page 245: Static Multicast Config
Routed Port: Enter the routed port the desired entry must carry. Interface State Table  Interface: The interface for which data is to be displayed or configured. IP Address: The IP address of the selected interface. Querier IP: The address of the IGMP querier on the IP subnet to which the selected interface is attached.
Page 246 Choose the menu Multicast Routing→IGMP→Static Multicast Group to load the following page. Figure 11-7 Static Multicast Group The following entries are displayed on this screen: IGMP Static Multicast Group  Interface: Enter the ID of the interface corresponds to, VLAN ID or routed port.
Page 247: Multicast Group Table
Search Option  Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly. All: Displays all static multicast IP entries.  Multicast IP: Enter the multicast IP address the desired entry must carry. Interface VLAN: Enter the VLAN ID the desired entry ...
Page 248: Profile Binding
The following entries are displayed on this screen: Search Option  Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly. All: Displays all multicast IP entries.  Multicast IP: Enter the multicast IP address the desired entry must carry.
Page 249 Choose the menu Multicast Routing→IGMP→Profile Binding to load the following page. Figure 11-9 Profile Binding The following entries are displayed on this screen: Profile and Max Group Binding  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration.
Page 250: Packet Statistics
Profile: Click the Profile button to create new IGMP profiles. 11.2.6 Packet Statistics On this page you can view multicast packet statistics over each interface of the switch, which facilitates you monitor the IGMP packets in the network. Choose the menu Multicast Routing→IGMP→Packet Statistics to load the following page. Figure 11-10 Packet Statistics The following entries are displayed on this screen: Auto Refresh...
Page 251: Application Example For Igmp
11.2.7 Application Example for IGMP Network Requirements  Receivers of different organizations form the stub networks N1 and N2, and Host A and Host C are the multicast information receivers in N1 and N2 respectively. They receive the Video-On-Demand information through multicast. In the PIM network, Switch A connects to N1;...
Page 252: Pim Dm
 Configure Switch A Steps Operation Note On page Multicast Routing→ Global Config→ Global Config, Enable IP multicast routing. enable the multicast routing function. Enable IGMP on On page Multicast Routing→ IGMP→ Interface Config, enable user-side interface. IGMP (version 3) on interface VLAN 10. ...
Page 253 RPF Mechanism  PIM uses the unicast routing table to perform the RPF check. RPF mechanism ensures the multicast packets being forwarded correctly according to the multicast routing configuration, and avoids loops causing by various reasons. 1. RPF Check The RPF check relies on unicast route or static multicast route. The unicast routing table aggregates the shortest paths to each destination network segments, and the static multicast routing table lists specified static RPF routing entries configured by the user manually.
Page 254 If the check result shows that the RPF interface is the different from the input interface in the  current (S, G) entry, which indicates that the (S, G) entry is invalid and the router will correct the input interface to the packet’s actual arriving interface, and forward this packet to all the output interfaces.
Page 255 Neighbor Discovering  In PIM domain, routers periodically sends PIM Hello packets to all the PIM routers with the multicast address 224.0.0.13 to discover PIM neighbors, maintain the PIM neighboring relationships between the routers, thus to build and maintain the SPT. SPT Building ...
Page 256 Grafting  When a new receiver on a previously pruned branch of the tree joins a multicast group, the PIM DM takes the Graft mechanism to actively resume this node’s function of forwarding multicast data, thus reducing the time it takes to resume to the forwarding state. The process is illustrated as below: (1) The branch that needs to receive the multicast data again will send a graft message to its upstream node up the distribution tree towards the source hop-by-hop, applying to rejoin the...
Page 257: Pim Dm Interface
(2) The router with the unicast route of the smaller cost to the multicast source; (3) The router with the local interface of the higher IP address. 11.3.1 PIM DM Interface Choose the menu Multicast Routing→PIM DM→PIM DM Interface to load the following page. Figure 11-13 PIM DM Interface The following entries are displayed on this screen: PIM DM Interface Config...
Page 258 Choose the menu Multicast Routing→PIM DM→PIM DM neighbor to load the following page. Figure 11-14 PIM DM neighbor The following entries are displayed on this screen: PIM DM Interface Config  The L3 interfaces can be configured as PIM DM mode by this page. Search Option: ALL: Displays all entries.
Page 259: Application Example For Pim Dm
Step Operation Description Enable IGMP Required. Enable IGMP on the routing interfaces which connect to the receivers on Multicast Routing→IGMP→Interface Config page. 11.3.3 Application Example for PIM DM Network Requirements  Receivers receive VOD data through multicast. The whole network runs PIM DM as multicast routing protocol.
Page 260: Pim Sm
Configuration Procedure  Configure Switch A:  Step Operation Description Configure interface. Configure IP addresses and subnet masks of VLAN interfaces 1, 2 and 3 on Routing→ Interface→Interface Config page. Configure routing Configure the routing entries via static route or dynamic routing protocol.
Page 261 The router connected to the receiver sends the join message to the RP of a certain multicast  group. The path along which the join message is sent to the RP hop-by-hop forms a branch of RPT. When the multicast source is sending multicast data to a multicast group, the router directly ...
Page 262 Figure 11-15 DR Elect As shown in Figure 11-15, the DR election process is illustrated below: (1) Routers in the shared network sends Hello message carrying DR-election priority to each other, and the router with the highest priority will be elected as the DR; (2) If the routers have the same priorities, or at least one route in the network doesn’t support carrying the DR-election priority in the Hello packet, the routers with the highest IP address will be elected as the DR.
Page 263 Figure 11-16 The Locations of C-RP, C-BSR and BSR RPT Building  Figure 11-17 RPT Topology in PIM SM As shown in Figure 11-17, the establishing process of RPT is illustrated below: (1) When a receiver joins a multicast group G, it informs the directly connected DR with IGMP message;...
Page 264 check if there are other receivers of this group. If there are no more receivers, the prune message will be sent upstream. Multicast Source Registering  The multicast source register is to inform its presence to the RP. As shown in Figure 11-18, the process of the multicast source registering to RP is illustrated below: Figure 11-18 Multicast Source Register Topology in PIM SM (1) When the multicast source S’s directly connected DR receives a multicast packet sent from...
Page 265 (2) The receiver-side DR sends prune message toward the RP hop-by-hop. The RP will forward the received prune message toward the multicast source. The switching process from RPT to SPT is then accomplished. After the switching from RPT to SPT, the multicast data will be sent from multicast source to the receivers directly.
Page 266: Pim Sm Interface
The multicast messages (such as C-RP Hello Message and BSR BootStrap Message) of each BSR administrative domain can’t pass through the domain border. 11.4.1 PIM SM Interface Choose the menu Multicast Routing→PIM SM→PIM SM Interface to load the following page. Figure11-20 PIM SM Interface The following entries are displayed on this screen: PIM SM Interface Config...
Page 267: Bsr
Choose the menu Multicast Routing→PIM SM→PIM SM Neighbor to load the following page. Figure 11-21 PIM SM neighbor The following entries are displayed on this screen: Search Option  Search Option: ALL: Displays all entries.  Interface: Select Interface and enter the interface ID of ...
Page 268 Choose the menu Multicast Routing→PIM SM→BSR to load the following page. Figure 11-22 BSR The following entries are displayed on this screen: PIM SM Candidate BSR Config  Configure the candidate BSR of current device. Interface: Select the interface on this switch from which the BSR address is derived to make it a candidate.
Page 269 PIM SM Candidate BSR Information  Candidate Displays the Candidate BSR address. Address: Priority: Displays the priority of the Candidate BSR. Hash Mask Length: Displays the hash mask length of the Candidate BSR. 11.4.4 RP In the PIM SM mode, RP receives multicast data from the source and transmits the data down the shared tree to the multicast group members.
Page 270: Rp Mapping
Priority: Specify the priority of the candidate RP. The default value is 192. Interval: Specify the interval of advertisement message of the candidate RP in seconds. The default value is 60. PIM SM Candidate RP Table  Interface: Displays the VLAN interface of the candidate RP. Priority: Displays the priority of the candidate RP.
Page 271: Rp Info
11.4.6 RP Info Choose the menu Multicast Routing→PIM SM→RP Info to load the following page. Figure 11-25 RP Info The following entries are displayed on this screen: Search Option  Search Option: ALL: Select All to display all entries.  Group: Select Group and enter the group IP address of ...
Page 272: Application Example For Pim Sm
11.4.7 Application Example for PIM SM Network Requirements  Receivers receive VOD data through multicast. The whole network runs PIM SM as multicast routing protocol. Host A and Host D act as multicast receivers. Switch A connects to Switch B in VLAN 2, connects to Switch C in VLAN 3. The Source server connects to Switch A in VLAN 1.
Page 273: Static Mroute
Configuration Procedure  Configure Switch A:  Step Operation Description Configure interface. Configure IP addresses and subnet masks of VLAN interfaces 1, 2 and 3 on Routing→ Interface→Interface Config page. Configure routing Configure the routing entries via static route or dynamic routing protocol.
Page 274: Static Mroute Config
The static multicast routing is an important foundation for the RPF check. In the RPF check process, with static multicast routing configured, the router will choose one as the RPF route after comparing the optimal unicast route and the static multicast route selected respectively from the unicast routing table and the static multicast routing table.
Page 275: Static Mroute Table
The following entries are displayed on this screen: Static Mroute Config  Source: Enter the IP address that identifies the multicast source of the entry you are creating. Source Mask: Enter the subnet mask to be applied to the Source. RPF Neighbor: Enter the IP address of the neighbor router on the path to the mroute source.
Page 276 In normal circumstances, Receiver receives multicast data from Source through the path Switch A-Switch B, which is the same as the unicast route. After the configuration takes effect, Receiver will receive multicast data from Source through the path Switch A-Switch C-Switch B. Network Diagram ...
Page 277 Step Operation Note Enable IGMP Required. On page Multicast Routing→IGMP→Interface Config, enable the IGMP function on VLAN interface 100. Configure static Required. On page Multicast Routing→Static Mroute→Static Mroute Config, configure a static multicast routing entry with the multicast routing Source as 50.1.1.100, the Source Mask as 255.255.255.0 and the RPF Neighbor as 20.1.1.2.
Page 278: Chapter 12 Qos
Chapter 12 QoS QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality.  This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function.
Page 279 2. 802.1P Priority Figure 12-2 802.1Q frame As shown in the figure above, each 802.1Q Tag has a Pri field, comprising 3 bits. The 3-bit priority field is 802.1p priority in the range of 0 to 7. 802.1P priority determines the priority of the packets based on the Pri value.
Page 280 Figure 12-4 SP-Mode WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues with lower priority cannot get service for a long time.
Page 281: Diffserv
12.1 DiffServ This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms.
Page 282: Schedule Mode
LAG: Displays the LAG number which the port belongs to. Note: To complete QoS function configuration, you have to go to the Schedule Mode page to select a schedule mode after the configuration is finished on this page. Configuration Procedure: Step Operation Description Select the port priority...
Page 283: P Priority
SP+WRR-Mode: Strict-Priority + Weight Round Robin Mode. In this mode, this switch provides two scheduling groups, SP group and WRR group. Queues in SP group and WRR group are scheduled strictly based on strict-priority mode while the queues inside WRR group follow the WRR mode.
Page 284: Dscp Priority
Priority and CoS-mapping Config  Tag-id/CoS-id: Indicates the precedence level defined by IEEE 802.1P and the CoS ID. Queue TC-id: Indicates the priority level of egress queue the packets with tag and CoS-id are mapped to. The priority levels of egress queue are labeled as TC0, TC1, TC2 to TC7.
Page 285 Choose the menu QoS→DiffServ→DSCP Priority to load the following page. Figure 12-9 DSCP Priority The following entries are displayed on this screen: DSCP Priority Config  DSCP Priority: Select Enable or Disable DSCP Priority. Priority Level  DSCP: Indicates the priority determined by the DiffServ region of IP datagram.
Page 286: Bandwidth Control
12.2 Bandwidth Control Bandwidth function, allowing you to control the traffic rate and broadcast flow on each port to ensure network in working order, can be implemented on Rate Limit and Storm Control pages. 12.2.1 Rate Limit Rate limit functions to control the ingress/egress traffic rate on each port via configuring the available bandwidth of each port.
Page 287: Storm Control
Note: If you enable ingress rate limit feature for the storm control-enabled port, storm control feature will be disabled for this port. When egress rate limit feature is enabled for one or more ports, you are suggested to disable the flow control on each port to ensure the switch works normally. 12.2.2 Storm Control Storm Control function allows the switch to filter broadcast, multicast and UL frame in the network.
Page 288: Voice Vlan
UL-Frame Rate : Select the bandwidth for receiving UL-Frame on the port. The packet traffic exceeding the bandwidth will be discarded. Select Disable to disable the UL-Frame control function for the port. LAG: Displays the LAG number which the port belongs to. Note: If you enable storm control feature for the ingress rate limit-enabled port, ingress rate limit feature will be disabled for this port.
Page 289 the aging time, the switch will remove this port from voice VLAN. Voice ports are automatically added into or removed from voice VLAN. Manual Mode: You need to manually add the port of IP phone to voice VLAN, and then the switch will assign ACL rules and configure the priority of the packets through learning the source MAC address of packets and matching OUI address.
Page 290: Global Config
source MAC addresses do not match OUI addresses. If security mode is not enabled, the port forwards all the packets. Security Mode Packet Type Processing Mode UNTAG packet When the source MAC address of the packet is the OUI address that can be identified, the packet can be Packet with voice transmitted in the voice VLAN.
Page 291: Port Config
Aging Time: Specifies the living time of the member port in auto mode after the OUI address is aging out. Priority: Select the priority of the port when sending voice data. 12.3.2 Port Config Before the voice VLAN function is enabled, the parameters of the ports in the voice VLAN should be configured on this page.
Page 292: Oui Config
Port Mode: Select the mode for the port to join the voice VLAN. Auto: In this mode, the switch automatically adds a port to the  voice VLAN or removes a port from the voice VLAN by checking whether the port receives voice data or not. Manual: In this mode, you can manually add a port to the ...
Page 293 OUI Table  Select: Select the desired entry to view the detailed information. OUI: Displays the OUI address of the voice device. Mask: Displays the OUI address mask of the voice device. Description: Displays the description of the OUI. Configuration Procedure of Voice VLAN: Step Operation Description...
Page 294: Chapter 13 Acl
Chapter 13 ACL ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and secured access control policy and facilitates you to control the network security.
Page 295: Time-Range Create
13.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figure 13-2 Time-Range Create Note: To successfully configure time-ranges, please firstly specify time-slices and then time-ranges. The following entries are displayed on this screen: Create Time-Range ...
Page 296: Holiday Config
End Time: Displays the end time of the time-slice. Delete: Click the Delete button to delete the corresponding time-slice. 13.1.3 Holiday Config Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays according to your work arrangement. Choose the menu ACL→Time-Range→Holiday Config to load the following page.
Page 297: Acl Summary
13.2.1 ACL Summary On this page, you can view the current ACLs configured in the switch. Choose the menu ACL→ACL Config→ACL Summary to load the following page. Figure 13-4 ACL Summary The following entries are displayed on this screen: Search Option ...
Page 298: Mac Acl
13.2.3 MAC ACL MAC ACLs analyze and process packets based on a series of match conditions, which can be the source MAC addresses, destination MAC addresses and EtherType carried in the packets. Choose the menu ACL→ACL Config→MAC ACL to load the following page. Create MAC Rule Figure 13-6 The following entries are displayed on this screen:...
Page 299: Extend-Ip Acl
Choose the menu ACL→ACL Config→Standard-IP ACL to load the following page. Figure 13-7 Create Standard-IP Rule The following entries are displayed on this screen: Create Standard-IP Rule  ACL ID: Select the desired Standard-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: Select the operation for the switch to process packets which match the rules.
Page 300 Choose the menu ACL→ACL Config→Extend-IP ACL to load the following page. Figure 13-8 Create Extend-IP Rule The following entries are displayed on this screen: Create Extend-IP Rule  ACL ID: Select the desired Extend-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: Select the operation for the switch to process packets which match the rules.
Page 301: Policy Config
IP Pre: Enter the IP Precedence contained in the rule. Time-Range: Select the time-range for the rule to take effect. 13.3 Policy Config A Policy is used to control the data packets those match the corresponding ACL rules by configuring ACLs and actions together for effect. The operations here include stream mirror, stream condition, QoS remarking and redirect.
Page 302: Action Create
Choose the menu ACL→Policy Config→Policy Create to load the following page. Figure 13-10 Create Policy The following entries are displayed on this screen: Create Policy  Policy Name: Enter the name of the policy. 13.3.3 Action Create On this page you can add ACLs and create corresponding actions for the policy. Choose the menu ACL→Policy Config→Action Create to load the following page.
Page 303: Policy Binding
S-Condition: Select S-Condition to limit the transmission rate of the data packets in the policy. Rate: Specify the forwarding rate of the data packets those match  the corresponding ACL. Out of Band: Specify the disposal way of the data packets those ...
Page 304: Port Binding
The following entries are displayed on this screen: Search Options  Show Mode: Select a show mode appropriate to your needs. Policy Vlan-Bind Table  Select: Select the desired entry to delete the corresponding binding policy. Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy.
Page 305: Vlan Binding
The following entries are displayed on this screen: Port-Bind Config  Policy Name: Select the name of the policy you want to bind. Port: Enter the number of the port you want to bind. Port-Bind Table  Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy.
Page 306: Application Example For Acl
Configuration Procedure: Step Operation Description Configure effective Required. On ACL→Time-Range configuration pages, time-range configure the effective time-ranges for ACLs. Configure ACL rules Required. On ACL→ACL Config configuration pages, configure ACL rules to match packets. Configure Policy Required. On ACL→Policy Config configuration pages, configure the policy to control the data packets those match the corresponding ACL rules.
Page 307 Step Operation Description Configure On ACL→ACL Config→ACL Create page, create ACL 11. requirement 1 On ACL→ACL Config→MAC ACL page, select ACL 11, create Rule 1, configure the operation as Permit, configure the S-MAC as 00-64-A5-5D-12-C3 and mask as FF-FF-FF-FF-FF-FF, and configure the time-range as No Limit.
Page 308: Chapter 14 Network Security
Chapter 14 Network Security Network Security module is to provide the multiple protection measures for the network security, including five submenus: IP-MAC Binding, DHCP Snooping, ARP Inspection, IP Source Guard, DoS Defend and 802.1X. Please configure the functions appropriate to your need. 14.1 IP-MAC Binding The IP-MAC Binding function allows you to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together.
Page 309: Manual Binding
The following entries are displayed on this screen: Search  Source: Displays the Source of the entry. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed.
Page 310 Choose the menu Network Security→IP-MAC Binding→Manual Binding to load the following page. Figure 14-2 Manual Binding The following entries are displayed on this screen: Manual Binding Option  Host Name: Enter the Host Name. IP Address: Enter the IP Address of the Host. MAC Address: Enter the MAC Address of the Host.
Page 311: Arp Scanning
Protect Type: Displays the Protect Type of the entry. Source: Displays the source of the entry. Collision: Displays the Collision status of the entry. • Warning: Indicates that the collision may be caused by the MSTP function. Critical: Indicates that the entry has a collision with the •...
Page 312 Choose the menu Network Security→IP-MAC Binding→ARP Scanning to load the following page. Figure 14-4 ARP Scanning The following entries are displayed on this screen: Scanning Option  Start IP Address: Specify the Start IP Address. End IP Address: Specify the End IP Address. VLAN ID: Enter the VLAN ID.
Page 313: Dhcp Snooping
14.2 DHCP Snooping Nowadays, the network is getting larger and more complicated. The amount of the PCs always exceeds that of the assigned IP addresses. The wireless network and the laptops are widely used and the locations of the PCs are always changed. Therefore, the corresponding IP address of the PC should be updated with a few configurations.
Page 314 The most Clients obtain the IP addresses dynamically, which is illustrated in the following figure. Figure 14-6 Interaction between a DHCP client and a DHCP server DHCP-DISCOVER Stage: The Client broadcasts the DHCP-DISCOVER packet to find the DHCP Server. DHCP-OFFER Stage: Upon receiving the DHCP-DISCOVER packet, the DHCP Server selects an IP address from the IP pool according to the assigning priority of the IP addresses and replies to the Client with DHCP-OFFER packet carrying the IP address and other information.
Page 315 Option 82 can contain 255 sub-options at most. If Option 82 is defined, at least a sub-option should be defined. This switch supports two sub-options: Circuit ID and Remote ID. Since there is no universal standard about the content of Option 82, different manufacturers define the sub-options of Option 82 to their need.
Page 316: Global Config
14.2.1 Global Config Choose the menu Network Security→DHCP Snooping→Global Config to load the following page. Figure 14-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. The following entries are displayed on this screen: DHCP Snooping Configuration ...
Page 317: Port Config
Option 82 Config  Option 82 Support: Enable/Disable the Option 82 feature. Existed Option 82 field: Select the operation for the Option 82 field of the DHCP request packets from the Host. Keep: Indicates to keep the Option 82 field of the packets. •...
Page 318: Arp Inspection
Trusted Port: Select Enable/Disable the port to be a Trusted Port. Only the Trusted Port can receive the DHCP packets from DHCP servers. MAC Verify: Select Enable/Disable the MAC Verify feature. There are two fields of the DHCP packet containing the MAC address of the Host.
Page 319 encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication. Cheating Gateway  The attacker sends the wrong IP address-to-MAC address mapping entries of Hosts to the Gateway, which causes that the Gateway cannot communicate with the legal terminal Hosts normally.
Page 320 Figure 14-12 ARP Attack – Cheating Terminal Hosts As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
Page 321: Arp Detect
Upon receiving the ARP response packets, Host A and Host B updates the ARP table of their own. When Host A communicates with Host B, it will send the packets to the false destination MAC address, i.e. to the attacker, according to the updated ARP table. After receiving the communication packets between Host A and Host B, the attacker processes and forwards the packets to the correct destination MAC address, which makes Host A and Host B keep a normal-appearing communication.
Page 322 Choose the menu Network Security→ARP Inspection→ARP Detect to load the following page. Figure 14-14 ARP Detect The following entries are displayed on this screen: ARP Detect  ARP Detect: Enable/Disable the ARP Detect function, and click the Apply button to apply. Trusted Port ...
Page 323: Arp Defend
Step Operation Description Enable ARP Detect feature. Required. Network Security→ARP Inspection→ARP Detect page, enable the ARP Detect feature. 14.3.2 ARP Defend With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the legal ARP packet on the port exceeds the defined value so as to avoid ARP Attack flood.
Page 324: Arp Statistics
Note: It’s not recommended to enable the ARP Defend feature for the LAG member port. 14.3.3 ARP Statistics ARP Statistics feature displays the number of the illegal ARP packets received on each port, which facilitates you to locate the network malfunction and take the related protection measures. Choose the menu Network Security→ARP Inspection→ARP Statistics to load the following page.
Page 325: Ip Source Guard
Illegal ARP Packet: Displays the number of the received illegal ARP packets. 14.4 IP Source Guard IP Source Guard is to filter the IP packets based on the IP-MAC Binding entries. Only the packets matched to the IP-MAC Binding rules can be processed, which can enhance the bandwidth utility. Choose the menu Network Security→IP Source Guard to load the following page.
Page 326: Dos Defend
Security Type: Select Security Type for the port. Disable: Select this option to disable the IP Source Guard • feature for the port. • SIP: Only the packets with its source IP address and port number matched to the IP-MAC binding rules can be processed.
Page 327: Dos Defend
DoS Attack Type Description Ping Flooding The attacker floods the destination system with Ping broadcast storm packets to forbid the system to respond to the legal communication. SYN/SYN-ACK The attacker uses a fake IP address to send TCP request packets to Flooding the Server.
Page 328: 316
Authenticator System: The authenticator system is usually an 802.1X-supported network device, such as this TP-LINK switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system. Authentication Server System: The authentication server system is an entity that provides authentication service to the authenticator system.
Page 329 802.1X client program to initiate an 802.1X authentication through the sending of an EAPOL-Start packet to the switch, This TP-LINK switch can authenticate supplicant systems in EAP relay mode or EAP terminating mode. The following illustration of these two modes will take the 802.1X authentication procedure initiated by the supplicant system for example.
Page 330 (4) Upon receiving the user name from the switch, the RADIUS server retrieves the user name, finds the corresponding password by matching the user name in its database, encrypts the password using a randomly-generated key, and sends the key to the switch through an RADIUS Access-Challenge packet.
Page 331: Global Config
802.1X Timer  In 802.1 x authentication, the following timers are used to ensure that the supplicant system, the switch, and the RADIUS server interact in an orderly way: Supplicant system timer (Supplicant Timeout): This timer is triggered by the switch after the switch sends a request packet to a supplicant system.
Page 332 Choose the menu Network Security→802.1X→Global Config to load the following page. Figure 14-22 Global Config The following entries are displayed on this screen: Global Config  802.1X: Enable/Disable the 802.1X function. Auth Method: Select the Authentication Method from the pull-down list. EAP-MD5: IEEE 802.1X authentication system •...
Page 333: Port Config
Quiet Period: Specify a value for Quiet Period. Once the supplicant failed to the 802.1X Authentication, then the switch will not respond to the authentication request from the same supplicant during the Quiet Period. Retry Times: Specify the maximum transfer times of the repeated authentication request.
Page 334: Radius Server
Control Mode: Specify the Control Mode for the port. • Auto: In this mode, the port will normally work only after passing the 802.1X Authentication. Force-Authorized: In this mode, the port can work normally • without passing the 802.1X Authentication. •...
Page 335 Auth Port: Set the UDP port of authentication server(s). The default port is 1812 Auth Key: Set the shared password for the switch and the authentication servers to exchange messages. Accounting Config  Accounting: Enable/Disable the accounting feature. Primary IP: Enter the IP address of the accounting server.
Page 336: Chapter 15 Snmp
Chapter 15 SNMP SNMP Overview  SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the network devices. It is used for automatically managing the various network devices no matter the physical differences of the devices.
Page 337 SNMP v1: SNMP v1 adopts Community Name authentication. The community name is used to define the relation between SNMP Management Station and SNMP Agent. The SNMP packets failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password.
Page 338: Snmp Config
3. Create SNMP User The User configured in an SNMP Group can manage the switch via the client program on management station. The specified User Name and the Auth/Privacy Password are used for SNMP Management Station to access the SNMP Agent, functioning as the password. SNMP module is used to configure the SNMP function of the switch, including three submenus: SNMP Config, Notification and RMON.
Page 339: Snmp View
Note: The amount of Engine ID characters must be even. 15.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to manage MIB objects.
Page 340: Snmp Group
15.1.3 SNMP Group On this page, you can configure SNMP Group to control the network access by providing the users in various groups with different management rights via the Read View, Write View and Notify View. Choose the menu SNMP→SNMP Config→SNMP Group to load the following page. Figure15-5 SNMP Group The following entries are displayed on this screen: Group Config...
Page 341: Snmp User
Write View: Select the View to be the Write View. The management access is writing only and changes can be made to the assigned SNMP View. The View defined both as the Read View and the Write View can be read and modified. Notify View: Select the View to be the Notify View.
Page 342 Choose the menu SNMP→SNMP Config→SNMP User to load the following page. Figure15-6 SNMP User The following entries are displayed on this screen: User Config  User Name: Enter the User Name here. User Type: Select the type for the User. •...
Page 343: Snmp Community
User Table  Select: Select the desired entry to delete the corresponding User. It is multi-optional. User Name: Displays the name of the User. User Type: Displays the User Type. Group Name: Displays the Group Name of the User. Security Model: Displays the Security Model of the User.
Page 344 Access: Defines the access rights of the community. read-only: Management right of the Community is • restricted to read-only, and changes cannot be made to the corresponding View. • read-write: Management right of the Community is read-write and changes can be made to the corresponding View.
Page 345: Notification
If SNMPv1 or SNMPv2c is employed, please take the following steps:  Step Operation Description Enable SNMP function globally. Required. On the SNMP→SNMP Config→Global Config page, enable SNMP function globally. Required. On the SNMP→SNMP Config→SNMP Create SNMP View. View page, create SNMP View of the management agent.
Page 346 Choose the menu SNMP→Notification→Notification Config to load the following page. Figure15-8 Notification Config The following entries are displayed on this screen: Host Config  IP Address: Enter the IP Address of the management Host. User: Enter the User name of the management station. Security Model: Select the Security Model of the management station.
Page 347: Rmon
Type: Displays the type of the notifications. Retry: Displays the maximum time for the switch to wait for the response from the management station before resending a request. Timeout: Displays the amount of times the switch resends an inform request. Operation: Click the Edit button to modify the corresponding entry and click the Modify button to apply.
Page 348: History
Choose the menu SNMP→RMON→Statistics to load the following page. Figure 15-9 Statistics The following entries are displayed on this screen: Statistics Config  Enter the ID number of statistics entry, ranging from 1 to 65535. Port: Enter or choose the Ethernet interface from which to collect the statistics.
Page 349: Event
Choose the menu SNMP→RMON→History to load the following page. Figure 15-10 History Control The following entries are displayed on this screen: History Control Table  Select: Select the desired entry for configuration. Index: Displays the index number of the entry. Port: Specify the port from which the history samples were taken, in format as 1/0/1.
Page 350: Alarm
Choose the menu SNMP→RMON→Event to load the following page. Figure15-11 Event Config The following entries are displayed on this screen: Event Table  Select: Select the desired entry for configuration. Index: Displays the index number of the entry. User: Enter the name of the User or the community to which the event belongs.
Page 351 Choose the menu SNMP→RMON→Alarm to load the following page. Figure 15-12 Alarm Config The following entries are displayed on this screen: Alarm Table  Select: Select the desired entry for configuration. Index: Displays the index number of the entry. Variable: Select the alarm variables from the pull-down list.
Page 352 Interval: Enter the alarm interval time in seconds, ranging from 10 to 3600. Owner: Enter the name of the device or user that defined the entry. Status: Select Enable/Disable the corresponding alarm entry. Note: When alarm variables exceed the Threshold on the same direction continuously for several times, an alarm event will only be generated on the first time, that is, the Rising Alarm and Falling Alarm are triggered alternately for that the alarm following to Rising Alarm is certainly a Falling Alarm and vice versa.
Page 353: Chapter 16 Lldp
Chapter 16 LLDP LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used for network devices to advertise their own device information periodically to neighbors on the same IEEE 802 local area network. The advertised information, including details such as device identification, capabilities and configuration settings, is represented in TLV (Type/Length/Value) format according to the IEEE 802.1ab standard, and these TLVs are encapsulated in LLDPDU (Link Layer Discovery Protocol Data Unit).
Page 354 Disable: the port cannot transmit or receive LLDPDUs.  LLDPDU transmission mechanism If the ports are working in TxRx or Tx mode, they will advertise local information by  sending LLDPDUs periodically. If there is a change in the local device, the change notification will be advertised. To ...
Page 355 Maximum Frame TLV are defined by IEEE 802.3. Note: For detailed introduction of TLV, please refer to IEEE 802.1AB standard. In TP-LINK switch, the following LLDP optional TLVs are supported. Port Description TLV The Port Description TLV allows network management to advertise the IEEE 802 LAN station's port description.
Page 356: Basic Config
System Description TLV The System Description TLV allows network management to advertise the system's description, which should include the full name and version identification of the system's hardware type, software operating system, and networking software. System Name TLV The System Name TLV allows network management to advertise the system's assigned name, which should be the system's fully qualified domain name.
Page 357: Port Config
Choose the menu LLDP→Basic Config→Global Config to load the following page. Figure 16-1 Global Configuration The following entries are displayed on this screen: Global Config  LLDP: Choose to enable/disable LLDP. Parameters Config  Transmit Interval: This parameter indicates the interval at which LLDP frames are transmitted on behalf of this LLDP agent.
Page 358: Device Info
Choose the menu LLDP→Basic Config→Port Config to load the following page. Figure 16-2 Port Configuration The following entries are displayed on this screen: Port Config  UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration. It is multi-optional. Port: Displays the port number to be configured.
Page 359: Local Info
16.2.1 Local Info On this page you can see all ports' configuration and system information. Choose the menu LLDP→Device Info→Local Info to load the following page. Figure 16-3 Local Information The following entries are displayed on this screen: Auto Refresh ...
Page 360: Neighbor Info
Indicates the basis for the chassis ID, and the default subtype is Chassis ID Subtype： MAC address. Indicates the specific identifier for the particular chassis in local Chassis ID： device. Indicates the basis for the port ID, and the default subtype is Port ID Subtype：...
Page 361: Device Statistics
The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Neighbor(s) Info  Select the desired port to display the information of the corresponding port. UNIT: Select the unit ID of the desired member in the stack.
Page 362: Lldp-Med
The following entries are displayed on this screen: Auto Refresh  Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Global Statistics  Last Update: Display latest update time of the statistics. Total Inserts: Display the number of neighbors during latest update time. Total Deletes: Displays the number of neighbors deleted by local device.
Page 363: Global Config
Media Endpoint Device (Class II): The class of Endpoint Device that supports media stream capabilities. Communication Device Endpoint (Class III): The class of Endpoint Device that directly supports end users of the IP communication system. Network Policy TLV The Network Policy TLV allows both Network Connectivity Devices and Endpoints to advertise VLAN configuration and associated Layer 2 and Layer 3 attributes that apply for a set of specific applications on that port.
Page 364: Port Config
The following entries are displayed on this screen LLDP-MED Parameters Config  Fast Start Count: When LLDP-MED fast start mechanism is activated, multiple LLDP-MED frames will be transmitted (the number of frames equals this parameter). The default value is 4. Device Class: LLDP-MED devices are comprised of two primary device types: Network Connectivity Devices and Endpoint Devices.
Page 365 Detail: Click the Detail button to display the included TLVs and select the desired TLVs. Figure 16-8 Configure TLVs of LLDP-MED Port Included TLVs  Select TLVs to be included in outgoing LLDPDU. Location Identification Parameters  Configure the Location Identification TLV's content in outgoing LLDPDU of the port. Emergency Emergency number is Emergency Call Service ELIN identifier, Number:...
Page 366: Local Info
should not be used unless it is known that the DHCP client is in close physical proximity to the server or network element. Country Code: The two-letters ISO 3166 country code in • capital ASCII letters, e.g., CN or US. Language, Province/State, etc.: a part of civic address.
Page 367: Neighbor Info
Application Type: Application Type indicates the primary function of the applications defined for the network policy. Unknown Policy Displays whether the local device will explicitly advertise the policy Flag: required by the device but currently unknown. VLAN tagged: Indicates the VLAN type the specified application type is using, 'tagged' or 'untagged'.
Page 368 Unit: Select the unit ID of the desired member in the stack. Device Type: Displays the device type of the neighbor. Application Type: Displays the application type of the neighbor. Application Type indicates the primary function of the applications defined for the network policy.
Page 369: Chapter 17 Cluster
Chapter 17 Cluster With the development of network technology, the network scale is getting larger and more network devices are required, which may result in a more complicated network management system. As a large number of devices need to be assigned different network addresses and every management device needs to be respectively configured to meet the application requirements, manpower are needed.
Page 370: Ndp
The commander switch becomes to be the candidate switch only when the cluster is deleted.  Introduction to Cluster  Cluster functions to configure and manage the switches in the cluster based on three protocols, NDP, NTDP and CMP (Cluster Management Protocol). NDP: All switches get neighbor information by collecting NDP.
Page 371: Ndp Summary
The following entries are displayed on this screen: Neighbor  Search Option: Select the information the desired entry should contain and then click the Search button to display the desired entry in the following Neighbor Information table. Neighbor Info  Native Port: Displays the port number of the switch.
Page 372: Ndp Config
Aging Time: Displays the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Displays the interval to send NDP packets. Port Status  UNIT: Select the unit ID of the desired member in the stack. Port: Displays the port number of the switch.
Page 373: Ntdp
The following entries are displayed on this screen: Global Config  NDP: Select Enable/Disable NDP function globally. Aging Time: Enter the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Enter the interval to send NDP packets. Port Config ...
Page 374 Choose the menu Cluster→NTDP→Device Table to load the following page. Figure17-5 Device Table The following entries are displayed on this screen: Device Table  Device Name: Displays the device type collected through NTDP. Device MAC: Displays the MAC address of this device. Cluster Name: Displays the cluster name of this device.
Page 375: Ntdp Summary
Click the Detail button to view the complete information of this device and its neighbors. Figure17-6 Information of the Current Device 17.2.2 NTDP Summary On this page you can view the NTDP configuration. Choose the menu Cluster→NTDP→NTDP Summary to load the following page. Figure17-7 NTDP Summary...
Page 376: Ntdp Config
The following entries are displayed on this screen: Global Config  NTDP: Displays the NTDP status (enabled or disabled) of the switch globally. NTDP Interval Time: Displays the interval to collect topology information. NTDP Hops: Displays the hop count the switch topology collects. NTDP Hop Delay: Displays the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the...
Page 377: Cluster
NTDP Interval Time: Enter the interval to collect topology information. NTDP Hops: Enter the hop count the switch topology collects. NTDP Hop Delay: Enter the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time.
Page 378 Cluster Role: Displays the role the switch plays in the cluster. Cluster Management-vlan  VLAN ID: Displays the management VLAN ID of the switch. For a commander switch，the following page is displayed:  Figure 17-10 Cluster Summary for Commander Switch The following entries are displayed on this screen: Global Config ...
Page 379 TFTP Server: Displays the IP address of TFTP server. Member Info  Device Name: Displays the description of the member switch. Device MAC: Displays the MAC address of the member switch. IP Address: Displays the IP address of the member switch used in the cluster. Status: Displays the connection status of the member switch.
Page 380: Cluster Config
For an individual switch, the following page is displayed:  Figure17-12 Cluster Summary for Individual Switch The following entries are displayed on this screen: Global Config  Cluster: Displays the cluster status (enabled or disabled) of the switch. Cluster Role: Displays the role the switch plays in the cluster.
Page 381 The following entries are displayed on this screen: Current Role  Role: Displays the role the current switch plays in the cluster. Cluster management-vlan  VLAN ID: Enter the cluster management-vlan id. Role Change  Individual: Select this option to change the role of the switch to be individual switch.
Page 382 Cluster Config  Hold Time: Enter the time for the switch to keep the cluster information. Interval Time: Enter the interval to send handshake packets. For a member switch, the following page is displayed.  Figure17-15 Cluster Configuration for Member Switch The following entries are displayed on this screen: Current Role ...
Page 383: Member Config
For an individual switch, the following page is displayed.  Figure 17-16 Cluster Configuration for Individual Switch The following entries are displayed on this screen: Current Role  Role: Displays the role the current switch plays in the cluster. Cluster management-vlan ...
Page 384: Cluster Topology
The following entries are displayed on this screen: Create Member  Member MAC: Enter the MAC address of the candidate switch. Member Info  Select: Select the desired entry to manage/delete the corresponding member switch. Device Name: Display the description of the member switch. Member MAC: Displays the MAC address of the member switch.
Page 385 The following entries are displayed on this screen: Graphic Show  Collect Topology: Click the Collect Topology button to display the cluster topology. Refresh: Click the Refresh button to refresh the cluster topology. Manage: If the current device is the commander switch in the cluster and the selected device is a member switch in the cluster, you can click the Manage button to log on to Web management page of the corresponding switch.
Page 386: Application Example For Cluster Function
Step Operation Description Enable the NTDP function Optional. On Cluster→NTDP→NTDP Config page, enable globally and for the port, the NTDP function on the switch. and then configure NTDP parameters Manually collect NTDP Optional. On Cluster→NTDP→Device Table page, click the information Collect Topology button to manually collect NTDP information.
Page 387 Configuration Procedure  Configure the member switch  Step Operation Description Enable NDP function on the On Cluster→NDP→NDP Config page, enable NDP switch and for port 1 function. On Cluster→NTDP→NTDP Config page, enable Enable NTDP function on the switch and for port 1 NTDP function.
Page 388: Chapter 18 Maintenance
Chapter 18 Maintenance Maintenance module, assembling the commonly used system tools to manage the switch, provides the convenient method to locate and solve the network problem. System Monitor: Monitor the utilization status of the memory and the CPU of switch. Log: View the configuration parameters of the switch and find out the errors via the Logs.
Page 389: Cpu Monitor
18.1.1 CPU Monitor Choose the menu Maintenance→System Monitor→CPU Monitor to load the following page. Figure18-1 CPU Monitor UNIT: Select the unit ID of the desired member in the stack. Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds.
Page 390: Memory Monitor
18.1.2 Memory Monitor Choose the menu Maintenance→System Monitor→Memory Monitor to load the following page. Figure18-2 Memory Monitor UNIT: Select the unit ID of the desired member in the stack. Click the Monitor button to enable the switch to monitor and display its Memory utilization rate every four seconds.
Page 391: Log Table
Level Description Severity Warnings conditions warnings Normal but significant conditions notifications Informational messages informational Debug-level messages debugging Table 18-1 Log Level The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages. 18.2.1 Log Table The switch supports logs output to two directions, namely, log buffer and log file.
Page 392: Local Log
Time: Displays the time when the log event occurs. The log can get the correct time after configure System→System Info→System Time Web management page. Module: Displays the module which the log information belongs to. You can select a module from the drop-down list to display the corresponding log information.
Page 393: Remote Log
Severity: Specify the severity level of the log information output to each channel. Only the log with the same or smaller severity level value will be output. Status: Enable/Disable the channel. Sync-Periodic Specify how frequent the log information would be synchronized to the log file.
Page 394: Backup Log
18.2.4 Backup Log Backup Log feature enables the system logs saved in the switch to be output as a file for device diagnosis and statistics analysis. When a critical error results in the breakdown of the system, you can export the logs to get some related important information about the error for device diagnosis after the switch is restarted.
Page 395 Choose the menu Maintenance→Device Diagnostics→Cable Test to load the following page. Figure18-7 Cable Test The following entries are displayed on this screen: Cable Test  Port: Select the port for cable testing. UNIT: Select the unit ID of the desired member in the stack. Pair: Displays the Pair number.
Page 396: Loopback
18.3.2 Loopback Loopback test function, looping the sender and the receiver of the signal, is used to test whether the port of the switch is available as well as to check and analyze the physical connection status of the port to help you locate and solve network malfunctions. Choose the menu Maintenance→Device Diagnostics→Loopback to load the following page.
Page 397: Tracert
Choose the menu Maintenance→Network Diagnostics→Ping to load the following page. Figure18-9 Ping The following entries are displayed on this screen: Ping Config  Destination IP: Enter the IP address of the destination node for Ping test. Ping Times: Enter the amount of times to send test data during Ping testing. The default value is recommended.
Page 398 Choose the menu Maintenance→Network Diagnostics→Tracert to load the following page. Figure18-10 Tracert The following entries are displayed on this screen: Tracert Config  Destination IP: Enter the IP address of the destination device. Max Hop: Specify the maximum number of the route hops the test data can pass through.
Page 399: Chapter 19 System Maintenance Via Ftp
Chapter 19 System Maintenance via FTP The firmware can be downloaded to the switch via FTP function. FTP (File Transfer Protocol), a protocol in the application layer, is mainly used to transfer files between the remote server and the local PCs. It is a common protocol used in the IP network for files transfer. If there is something wrong with the firmware of the switch and the switch cannot be launched, the firmware can be downloaded to the switch again via FTP function.
Page 400 1) Select Start→All Programs→Accessories→Communications→Hyper Terminal to open hyper terminal. Figure 19-2 Open Hyper Terminal 2) The Connection Description Window will prompt shown as Figure 19-3. Enter a name into the Name field and click OK. Figure 19-3 Connection Description...
Page 401 3) Select the port to connect in Figure 19-4 and click OK. Figure 19-4 Select the port to connect 4) Configure the port selected in the step above shown as the following Figure 19-5. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK.
Page 402 2) Power off and restart the switch. When you are prompted that “Press CTRL-B to enter the bootutil” in the hyper terminal, please press CTRL-B key to enter into bootutil menu shown as Figure 19-6. Figure 19-6 bootutil Menu As the prompt is displayed for a short time, you are suggested not to release the CTRL-B key until you enter into bootutil menu after powering on the switch.
Page 403 For example: Configure the IP address as 10.10.70.22, mask as 255.255.255.0 and gateway as10.10.70.1. The detailed steps are shown as the figure below. Figure 19-7 Configure the IP parameters of the switch 4) Configure the parameters of the FTP server which keeps the upgrade firmware, and download the firmware to the switch from the FTP server.
Page 404 5) Enter 1 and y, the switch will reboot with the startup image. Figure 19-10 Reboot with the startup image 6) Please 3 to start the switch shown as the following figure. After the switch is started, you can login to the CLI command window and manage the switch via CLI command. Figure 19-11 Start the switch When you forget the login user name and password, you can enter 2 after entering into bootutil menu to reset the system.
Page 405: Appendix A: Specifications
Appendix A: Specifications IEEE802.3i 10Base-T Ethernet IEEE802.3u 100Base-TX/100Base-FX Fast Ethernet IEEE802.3ab 1000Base-T Gigabit Ethernet IEEE802.3z 1000Base-X Gigabit Ethernet IEEE802.3ae 10GBase-X Ten-Gigabit Ethernet IEEE802.3ad Link Aggregation IEEE802.3x Flow Control IEEE802.1p QoS Standards IEEE802.1q VLAN IEEE802.1d Spanning Tree Protocol IEEE802.1s Multi Spanning Tree Protocol IEEE802.1w Rapid Spanning Tree Protocol IEEE802.1x Port-based Access Authentication ANSI/IEEE 802.3 N-Way Auto-Negotiation...
Page 406 Power, System, RPS, FAN, Master, Module, Link/Act, 21F-24F, 25, 26, M1, M2, Unit ID LED Transmission Method Store and Forward 10BASE-T: 14881pps/port 100BASE-TX: 148810pps/port Packets Forwarding Rate 1000Base-T: 1488095pps/port 10Gbase-X: 14880950pps/port Operating Temperature: 0℃ ~ 40℃ Storage Temperature: -40℃ ~ 70℃ Operating Environment Operating Humidity: 10% ~ 90% RH Non-condensing Storage Humidity: 5% ~ 90% RH Non-condensing...
Page 407: Appendix B: Configuring The Pcs
Appendix B: Configuring the PCs In this section, we’ll introduce how to install and configure the TCP/IP correctly in Windows 2000. First make sure your Ethernet Adapter is working, refer to the adapter’s manual if necessary. Configure TCP/IP component: On the Windows taskbar, click the Start button, and then click Control Panel. Click the Network and Internet Connections icon, and then click on the Network Connections tab in the appearing window.
Page 408 The following TCP/IP Properties window will display and the IP Address tab is open on this window by default. Figure B-3 Select Use the following IP address. And the following items will be available. If the switch's IP address is 192.168.0.1, specify IP address as 192.168.0.x (x is from 2 to 254), and Subnet mask as 255.255.255.0.
Page 409: Installation Guide
Appendix C: 802.1X Client Software In 802.1X mechanism, the supplicant Client should be equipped with the corresponding client software complied with 802.1X protocol standard for 802.1X authentication. When the switch works as the authenticator system, please take the following instructions to install the TpSupplicant provided on the attached CD for the supplicant Client.
Page 410 Then the following screen will appear. Click Next to continue. If you want to stop the installation, click Cancel. Figure C-3 Welcome to the InstallShield Wizard To continue, choose the destination location for the installation files and click Next on the following screen.
Page 411 Till now, The Wizard is ready to begin the installation. Click Install to start the installation on the following screen. Figure C-5 Install the Program The InstallShield Wizard is installing TpSupplicant shown as the following screen. Please wait. Figure C-6 Setup Status...
Page 412 If you want to remove the TpSupplicant, please take the following steps: On the Windows taskbar, click the Start button, point to All Programs TP-LINK → TpSupplicant, and then click Uninstall TP-LINK 802.1X, shown as the following figure. → Figure C-8 Uninstall TP-LINK 802.1X...
Page 413 Then the following screen will appear. If you want to stop the remove process, click Cancel. Figure C-9 Preparing Setup On the continued screen, click Yes to remove the application from your PC. Figure C-10 Uninstall the Application Click Finish to complete. Figure C-11 Uninstall Complete...
Page 414 Configuration After completing installation, double click the icon to run the TP-LINK 802.1X Client Software. The following screen will appear. Figure C-12 TP-LINK 802.1X Client Enter the Name and the Password specified in the Authentication Server. The length of Name and Password should be less than 16 characters.
Page 415 Auto reconnect after timeout: Select this option to allow the Client to automatically start the connection again when it does not receive the handshake reply packets from the switch within a period. To continue, click Connect button after entering the Name and Password on Figure D-12. Then the following screen will appear to prompt that the Radius server is being searched.
Page 416 1.4 FAQ: Q1: Why does this error dialog box pop up when starting up the TP-LINK 802.1X Client Software? It’s because the supported DLL file is missing. You are suggested to go to http://www.winpcap.org to download WinPcap 4.0.2 or the higher version for installation, and run the client software again.
Page 417: Appendix D: Glossary
Appendix D: Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 418 Generic Multicast Registration Protocol (GMRP) GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. Group Attribute Registration Protocol (GARP) See Generic Attribute Registration Protocol. IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol.
Page 419 Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses. Link Aggregation See Port Trunk. Link Aggregation Control Protocol (LACP) Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device.
Page 420 Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Simple Network Management Protocol (SNMP) The application protocol in the Internet suite of protocols which offers network management services.

TP-Link JetStream T2700G-28TQ User Manual

Chapter 1 About this Guide

Chapter 2 Introduction

Chapter 3 Login to the Switch

Chapter 4 System

Chapter 5 Stack

Chapter 6 Switching

Chapter 7 VLAN

Chapter 8 Spanning Tree

Chapter 9 Multicast

Chapter 10 Routing

Chapter 11 Multicast Routing (License Required)

Chapter 12 Qos

Chapter 13 ACL

Chapter 14 Network Security

Chapter 15 SNMP

Chapter 16 LLDP

Chapter 17 Cluster

Chapter 18 Maintenance

Chapter 19 System Maintenance Via FTP

Appendix A: Specifications

Appendix B: Configuring the Pcs

Quick Links

Managed Switch

Related Manuals for TP-Link JetStream T2700G-28TQ

Summary of Contents for TP-Link JetStream T2700G-28TQ