Embedded Web System User Guide TL-SG3109 9-port Gigabit Managed Switch TL-SL3428 24+4G Gigabit Managed Switch TL-SL3452 48+4G Gigabit Managed Switch Rev: 1.
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK Technologies Co., Ltd. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK Technologies Co., Ltd. Copyright © 2006 TP-LINK Technologies Co., Ltd.
TABLE OF CONTENTS Preface ............................................................................................................... 1 Guide Overview.................................................................................................................................1 Intended Audience............................................................................................................................2 Section 1. Getting Started.........................................................
.3 Viewing Flash Logs................................................................................................................ 18 4.4 Defining System Log Servers................................................................................................ 19 Section 5. Configuring Device Security..................................................... 21 5.1 Configuring Management Security....................................................................................... 21 5.1.
Section 7. Configuring Interfaces................................................................ 45 7.1 Configuring Ports................................................................................................................... 45 7.2 Configuring LAGs................................................................................................................... 47 7.2.1 Defining LAG Members......................................................................................................
11.3.1 Defining SNMP Global Parameters................................................................................. 71 11.3.2 Defining SNMP Views....................................................................................................... 71 11.3.3 Defining SNMP Group Profiles......................................................................................... 72 11.3.4 Defining SNMP Group Members..................................................................................... 73 11.3.
13.4 Copying System Files.......................................................................................................... 88 Section 14. Performing Device Diagnostics.............................................. 90 14.1 Configuring Port Mirroring................................................................................................... 90 14.2 Viewing Integrated Cable Tests........................................................................................... 91 14.
Preface The Embedded Web System (EWS) is a network management system. The TP-Link Embedded Web Interface configures, monitors, and troubleshoots network devices from a remote web browser. The TP-Link Embedded Web Interface web pages are easy-to-use and easy-to-navigate. In addition, the TP-Link Embedded Web Inter-face provides real time graphs and RMON statistics to help system administrators monitor network performance. This preface provides an overview to the TP-Link Embedded Interface User Guide.
Section 14. Performing Device Diagnostics — Provides information about port mirroring configuration, copper and fiber cables testing, and viewing device health information. Section 15. Viewing Statistics — Provides information about viewing device statistics, including Remote Monitoring On Network (RMON) statistics, and device history events. Intended Audience This guide is intended for network administrators familiar with IT concepts and network terminology.
Section 1. Getting Started This section provides an introduction to the user interface, and includes the following topics: Configuring the device to use TP-Link Embedded Web Interface Starting the TP-Link Embedded Web Interface Understanding the TP-Link Embedded Web Interface Using Screen and Table Options Resetting the Device Logging Off from the Device 1.
To access the TP-Link user interface: 1. Open an Internet browser. 2. Ensure that pop-up blockers are disabled. If pop-up blockers are enable, modify, add, and device information messages may not open. 3. Enter the device IP address in the address bar and press Enter. The Login Page opens: Figure 1: Login Page 4. Enter your user name and password. Note: Passwords are case sensitive. To operate the device, disable all pop-ups with a popup blocker.
This section provides the following additional information: Device Representation — Provides an explanation of the TP-Link user interface buttons, including both management buttons and task icons. Using the TP-Link Embedded Web Interface Management Buttons — Provides instructions for adding, modifying, and deleting configuration parameters. 1.3.1 Device Representation The TP-Link Embedded Web Interface Home Page contains a graphical representation of the device.
1.4 Using Screen and Table Options The TP-Link Embedded Web Interface contains screens and tables for configuring devices. This section contains the following topics: Adding Configuration Information Modifying Configuration Information Deleting Configuration Information 1.4.1 Adding Configuration Information User-defined information can be added to specific TP-Link Web Interface pages, by opening a new Add page. To add information to tables or TP-Link Web Interface pages: 1.
Figure 6: IP Addressing Page 2. Select the Remove checkbox in the row of the item to delete. 3. Click . The information is deleted, and the device is updated. 1.6 Resetting the Device The Reset page enables resetting the device from a remote location. Note: To prevent the current configuration from being lost, save all changes from the running configuration file to the startup configuration file before resetting the device. For instructions, see Managing System Files "Copying System Files" on page 171.
Section 2. Defining Device Information This section contains information for viewing and setting general system information. The System Description Page contains parameters for configuring general device information, including the system name, location, and contact, the system MAC Address, System Object ID, System Up Time, System IP and MAC addresses, and both software and hardware versions. To view and define the system description: 1. Click System Info > General > Description.
Section 3. Setting the System Time This section provides information for configuring system time parameters, including: Configuring Daylight Savings Time Configuring SNTP 3.1 Configuring Daylight Savings Time The System Information Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock. If the system time is kept using an external SNTP clock, and the external SNTP clock fails, the system time reverts to the local hardware clock.
Latvia — From the last weekend of March until the last weekend of October. Lebanon — From the last weekend of March until the last weekend of October. Lithuania — From the last weekend of March until the last weekend of October. Luxembourg — From the last weekend of March until the last weekend of October. Macedonia — From the last weekend of March until the last weekend of October. Mexico — From the first Sunday in April at 02:00 to the last Sunday in October at 02:00.
The DST can be set according to unique start and end dates for a particular year or as a recurring period for any year. For a specific setting in a particular year, complete the fields in the Daylight Savings area; for a recurring setting, complete the fields in the Recurring area. Daylight Savings: – USA — The device switches to DST at 2:00 a.m. on the first Sunday of April, and reverts to standard time at 2:00 a.m. on the last Sunday of October.
4. Click . The DST settings are saved, and the device is updated. 3.2 Configuring SNTP This section contains the following topics: SNTP Overview Defining SNTP Global Settings Configuring SNTP Authentication Defining SNTP Servers Defining SNTP Interface Settings 3.2.1 SNTP Overview The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time synchronization up to the millisecond. Time synchronization is performed by a network SNTP server.
server, the SNTP client listens for the response. The SNTP client neither sends time information requests nor receives responses from the Broadcast server. Message Digest 5 (MD5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies the integrity of the communication, authenticates the origin of the communication. 3.2.
To configure SNTP authentication: 1. Click System > System Info > SNTP > Authentication. The SNTP Authentication Page opens: Figure 13: SNTP Authentication Page The SNTP Authentication Page contains the following fields: Enable SNTP Authentication — Indicates if authenticating an SNTP session between the device and an SNTP server is enabled on the device. The possible field values are: – Checked — Authenticates SNTP sessions between the device and SNTP server.
Figure 15: SNTP Servers Page The SNTP Servers Page contains the following fields: SNTP Server — Displays user-defined SNTP server IP addresses. Up to eight SNTP servers can be defined. Poll Interval — Indicates whether or not the device polls the selected SNTP server for system time information. Encryption Key ID — Displays the encryption key identification used to communicate between the SNTP server and device. The field range is 1-4294967295.
Figure 17: SNTP Interface Settings Page The SNTP Interface Settings Page contains the following fields: Interface — Indicates the interface on which SNTP can be enabled. The possible field values are: – Port — Indicates the specific port number on which SNTP is enabled. – LAG — Indicates the specific LAG number on which SNTP is enabled. – VLAN — Indicates the specific VLAN number on which SNTP is enabled. Receive Servers Updates — Enables the server to receive or not receive updates.
Section 4. Configuring System Logs This section provides information for managing system logs. The system logs enable viewing device events in real time, and recording the events for later usage. System logs record and manage events and report errors and informational messages. Event messages have a unique format, as per the Syslog protocols recommended message format for all error reporting.
Figure 19: Syslog Properties Page The Syslog Properties Page contains the following fields: Enable Logging — Indicates if device global logs for Cache, File, and Server Logs are enabled. Console logs are enabled by default. The possible field values are: – Checked — Enables device logs. – Unchecked — Disables device logs. Severity — – Notice — Provides device information. – Informational — Provides device information. – Debug — Provides debugging messages.
To view Flash memory logs: 1. Click System > System Info > Syslog > Flash. The Syslog Flash Page opens: Figure 21: Syslog Flash Page The Syslog Flash Page contains the following information: Log Index — Lists the log index number. Log Time — Lists the date and time that the log was entered. Severity — Lists the severity of the event for which the log was created in Flash memory. Description — Lists the event description. 2. To remove current Flash memory logs, click 3. Click . .
Figure 23: Add Syslog Server Page 3. Define the IP Address, UDP Port, Facility, Description, and Minimum Severity fields. 4. Click . The Log server is defined and the device is updated.
Section 5. Configuring Device Security This section describes pages that contain fields for setting security parameters for ports, device management methods, users, and server security for the TP-Link device. This section contains the following topics: Configuring Management Security Configuring Network Security 5.1 Configuring Management Security This section provides information for configuring device management security.
Figure 24: Access Profile Page The Access Profile Page contains the following fields: Access Profile Name — Defines the access profile name. The access profile name can contain up to 32 characters. Active Profile — Defines the access profile currently active. Remove — Removes the selected access profile. The possible field values are: – Checked — Removes the selected access profile. Access Profiles cannot be removed when Active. – Unchecked — Maintains the access profiles.
– Prefix Length — Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address. Action —Defines the action attached to the access rule. The possible field values are: – Permit — Permits access to the device. – Deny — Denies access to the device. This is the default. 3. Click . The access profile is saved and the device is updated. 5.1.1.
Prefix Length — Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address. Action — Defines the action attached to the rule. The possible field values are: – Permit — Permits access to the device. – Deny — Denies access to the device. This is the default. Remove — Removes rules from the selected access profiles. The possible field values are: – Checked — Removes the selected rule from the access profile.
Each of the tables contains the following fields: Profile Name — Contains a list of user-defined authentication profile lists to which user-defined authentication profiles are added. Methods — Defines the user authentication methods. The possible field values are: – None — Assigns no authentication method to the authentication profile. – Local — Authenticates the user at the device level. The device checks the user name and password for authentication.
Figure 32: Authentication Mapping Page The Authentication Mapping Page contains the following fields: Console — Indicates that authentication profiles are used to authenticate console users. Telnet — Indicates that authentication profiles are used to authenticate Telnet users. Secure Telnet (SSH) — Indicates that authentication profiles are used to authenticate Secure Shell (SSH) users. SSH provides clients secure and encrypted remote connections to a device.
session is permitted. 2. Define the Console, Telnet, and Secure Telnet (SSH) fields. 3. Map the authentication method in the Secure HTTP selection box. 4. Map the authentication method in the HTTP selection box. 5. Click . The authentication mapping is saved, and the device is updated. 5.1.1.5 Defining TACACS+ Host Settings Terminal Access Controller Access Control System (TACACS+) provides centralized security user access validation. The system supports up-to 4 TACACS+ servers.
Timeout for Reply — Defines the amount of time in seconds that passes before the connection between the device and the TACACS+ times out. The field range is 1-1000 seconds. Single Connection — Maintains a single open connection between the device and the TACACS+ server. The possible field values are: – Checked — Enables a single connection. – Unchecked — Disables a single connection. Status — Indicates the connection status between the device and the TACACS+ server.
Figure 36: Radius Page The Default Parameters section of the Radius Page contains the following fields: Retries — Defines the number of transmitted requests sent to the RADIUS server before a failure occurs. Possible field values are 1-10. The default value is 3. Timeout for Reply — Defines the amount of time (in seconds) the device waits for an answer from the RADIUS server before retrying the query, or switching to the next server. Possible field values are 1-30. The default value is 3.
1. Click . The RADIUS Server Settings Page opens: Figure 38: RADIUS Server Settings Page 2. Modify the fields. 3. Click . The RADIUS server settings are saved, and the device is updated. 5.1.2 Configuring Passwords This section contains information for defining device passwords, and includes the following topics. Defining Local Users Defining Line Passwords Defining Enable Passwords 5.1.2.
5.1.2.2 Defining Line Passwords Network administrators can define line passwords in the Line Password Page. After the line password is defined, a management method is assigned to the password. The device can be accessed using the following methods: Console Passwords Telnet Passwords Secure Telnet Passwords To configure line passwords: 1. Click System > Management Security > Passwords > Line Password.
Network Security Overview Defining Network Authentication Properties Configuring Traffic Control 5.2.1 Network Security Overview This section provides an overview of network security and contains the following topics: Port-Based Authentication Advanced Port-Based Authentication 5.2.1.1 Port-Based Authentication Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and approved system users can transmit and receive data.
parameters. In addition, Guest VLANs are enabled from the Network Security Authentication Properties Page. To define the network authentication properties: 1. Click System > Network Security > Authentication > Properties.
Current Port Control — Displays the current port authorization state. The possible field values are: – Auto — Enables port-based authentication on the device. The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client. – Authorized — Indicates the interface is in an authorized state without being authenticated. The interface re-sends and receives normal traffic without client port-based authentication.
Figure 46: Multiple Hosts Page The Multiple Hosts Page contains the following fields: Port — Displays the port number for which advanced port-based authentication is enabled. Multiple Hosts — Indicates whether multiple hosts are enabled. Multiple hosts must be enabled in order to either disable the ingress-filter, or to use port-lock security on the selected port. The possible field values are: – Multiple — Multiple hosts are enabled. – Disable — Multiple hosts are disabled.
Figure 48: Authenticated Hosts Page The Authenticated Hosts Page contains the following fields: User Name — Lists the supplicants that were authenticated, and are permitted on each port. Port — Displays the port number. Session Time — Displays the amount of time (in seconds) the supplicant was logged on the port. Authentication Method — Displays the method by which the last session was authenticated. The possible field values are: – Remote — 802.
Figure 49: Port Security Page The Port Security Page contains the following fields: Interface — Displays the Port or LAG name. Interface Status — Indicates the host status. The possible field values are: – Unauthorized — Indicates that the port control is Force Unauthorized, the port link is down or the port control is Auto, but a client has not been authenticated via the port. – Not in Auto Mode — Indicates that the port control is Forced Authorized, and clients have full port access.
A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port. Forwarded message responses are heaped onto the network, straining network resources or causing the network to time out. Storm control is enabled for all Gigabit ports by defining the packet type and the rate the packets are transmitted.
Section 6. Defining IP Addresses This section provides information for defining IP addresses on the device using DHCP and ARP. In addition, this section contains parameters for defining device default gateways, and Domain Name Servers. This section contains the following topics: Defining IP Addressing Defining Domain Name System 6.1 Defining IP Addressing This section provides information for assigning interface and default gateway IP addresses, and defining ARP and DHCP parameters for the interfaces.
Figure 54: Add IP Interface Page 3. Define the IP Address, Network Mask, Prefix Length and Interface (Port, LAG or VLAN). 4. Click . The new interface is added and the device is updated. To modify IP interface settings: 1. Click System > System Info > IP Configuration > IP Addressing. The IP Interface Page opens. 2. Click . The IP Interface Settings Page opens: Figure 55: IP Interface Settings Page 3. Modify the IP Address and Interface fields. 4. Click .
Figure 57: DHCP Page The DHCP Page contains the following fields: Interface — Displays the IP address of the interface which is connected to the DHCP server. Host Name — Displays the system name. Remove — Removes DHCP interfaces. The possible field values are: – Checked — Removes the selected DHCP interface. – Unchecked — Maintains the DHCP interfaces. 2. Click . The Add IP Interface Page page opens: Figure 58: Add IP Interface Page 3. Select the Interface (Port, LAG or VLAN). 4.
IP Address - Indicates the station IP address, which is associated with the MAC address filled in below. MAC Address - Displays the station MAC address, which is associated in the ARP table with the IP address. Status - Displays the ARP table entry type. Possible field values are: – Dynamic — Indicates the ARP entry is learned dynamically. – Static — Indicates the ARP entry is a static entry. Remove — Removes a specific ARP entry.
field values are: – Dynamic — The IP address is dynamically created. – Static — The IP address is a static IP address. Remove — Removes DNS servers. The possible field values are: – Checked — Removes the selected DNS server – Unchecked — Maintains the current DNS server list. DNS Server — Displays the DNS server IP address. DNS servers are added in the Add DNS Server Page. Active Server — Specifies the DNS server that is currently active.
Figure 64: Add DNS Host Page 3. Enter the Host Name and IP Address. 4. Click . The new DNS host is added to the hosts list in the Host Mapping Page.
Section 7. Configuring Interfaces This section contains the following topics: Configuring Ports Configuring LAGs Configuring VLANs 7.1 Configuring Ports The Interface Configuration Page contains fields for defining port parameters. To define port parameters: 1. Click System > Bridging Config > Interface > Interface Configuration.
– 1000 Half — Indicates that the port advertises for a 1000 Mbps speed port and half duplex mode setting. Back Pressure — Displays the back pressure mode on the port. Back pressure mode is used with half duplex mode to disable ports from receiving messages. Flow Control — Displays the flow control status on the port. Operates when the port is in full duplex mode. MDI/MDIX — Displays the MDI/MDIX status on the port.
7.2 Configuring LAGs Link Aggregation optimizes port usage by linking a group of ports together to form a single LAG. Aggregating ports multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. The TP-Link device supports both static LAGs and Link Aggregation Control Protocol (LACP) LAGs. LACP LAGs negotiate aggregating port links with other LACP ports located on a different device.
Figure 68: LAG Membership Settings Page The LAG Membership Settings Page contains the following fields: LAG — Contains a user-defined drop-down LAG list. Lag Name — Displays the user-defined LAG name. LACP — Indicates if LACP is defined on the LAG. The possible field values are: – Enable — Enables LACP on the LAG. – Disable — Disables LACP on the LAG. This is the default value. Port List — Displays a list of ports. Ports in the Port List can be added to the LAG.
Figure 70: LACP Parameters Settings Page 3. Define the Port Priority and LACP Timeout settings. 4. Click . The LACP settings are saved and the device is updated. 7.3 Configuring VLANs VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network traffic to flow more efficiently within subgroups.
Figure 71: VLAN Member Properties Page The VLAN Member Properties Page contains the following fields: Select VLAN ID — Displays the properties of the selected VLAN in the VLANs table below. Show All — Displays the properties of all defined VLANS in the VLANs table below. VLAN ID — Displays the VLAN ID. Name — Displays the user-defined VLAN name. Type— Displays the VLAN type. The possible field values are: – Dynamic — Indicates the VLAN was dynamically created through GARP.
To define VLAN membership: 1. Click System > Bridging Config > VLAN >Membership > Membership. The VLAN Member Membership Page opens: Figure 74: VLAN Member Membership Page The VLAN Member Membership Page contains the following fields: VLAN ID — Displays the user-defined VLAN ID. VLAN Name — Displays the name of the VLAN VLAN Type — Indicates the VLAN type. The possible field values are: – Dynamic — Indicates the VLAN was dynamically created through GARP.
disabled on an access port. – Trunk — Indicates the port belongs to VLANs in which all ports are tagged, except for one port that can be untagged. – PVE - Promiscuous — Indicates the port is part of a PV Promiscuous VLAN. – PVE - Isolated — Indicates the port is part of a PV Isolated VLAN. – PVE - Community — Indicates the port is part of a PV Community VLAN. Dynamic — Assigns a port to a VLAN based on the host source MAC address connected to the port. PVID — Assigns a VLAN ID to untagged packets.
1. Click System > Bridging Config > VLAN > GARP. The GARP Parameters Page opens: Figure 77: GARP Parameters Page The GARP Parameters Page contains the following fields: Copy from Entry Number — Indicates the row number from which GARP parameters are copied. To Entry Number — Indicates the row number to which GARP parameters are copied. Interface — Displays the port or LAG on which GARP is enabled. Join Timer— Indicates the amount of time, in centiseconds, that PDUs are transmitted.
Figure 79: GVRP Parameters Page The GVRP Parameters Page is divided into port and LAG parameters. The field definitions are the same. The GVRP Parameters Page contains the following fields: GVRP Global — Indicates if GVRP is enabled on the device. The possible field values are: – Enable — Enables GVRP on the selected device. – Disable — Disables GVRP on the selected device. Interface — Displays the port on which GVRP is enabled.
Section 8. Defining the Forwarding Database Packets addressed to destinations stored in either the Static or Dynamic databases are immediately forwarded to the port. The Dynamic MAC Address Table can be sorted by interface, VLAN, or MAC Address, whereas MAC addresses are dynamically learned as packets from sources that arrive at the device. Static addresses are configured manually.
2. Click opens: . The Add Forwarding Database Page Figure 82: Add Forwarding Database Page 3. Define the Interface, MAC Address, VLAN ID or VLAN Name, and Status fields. 4. Click . The forwarding database information is modified, and the device is updated. 8.2 Configuring Dynamic Forwarding Addresses The Dynamic Addresses Page contains parameters for querying information in the Dynamic MAC Address Table, including the interface type, MAC addresses, VLAN, and table storing.
1. Click System > Bridging Config > Forwarding Database > Dynamic Addresses. The Dynamic Addresses Page opens. 2. Select the Interface, the MAC Address, and the VLAN ID. 3. Select an Address Table Sort Key. 4. Click 57 . The Dynamic MAC Address Table is queried, and the results are displayed in the Current Address Table.
Section 9. Configuring the Spanning Tree Protocol The Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides a single path between end stations on a network, eliminating loops. Loops occur when alternate routes exist between hosts. Loops in an extended network can cause bridges to forward traffic indefinitely, resulting in increased traffic and reducing network efficiency.
– Rapid STP — Enables Rapid STP on the device. – Multiple STP — Enables Multiple STP on the device. BPDU Handling — Determines how BPDU packets are managed when STP is disabled on the port or device. BPDUs are used to transmit spanning tree information. The possible field values are: – Filtering — Filters BPDU packets when spanning tree is disabled on an interface. This is the default value. – Flooding — Floods BPDU packets when spanning tree is disabled on an interface.
Figure 85: STP Interface Settings Page The STP Interface Settings Page contains the following fields: Interface — The interface for which the information is displayed. STP Status — Indicates if STP is enabled on the port. The possible field values are: – Enabled — Enables the STP on the port. – Disabled — Disables the STP on the port. Fast Link — Indicates if Fast Link is enabled on the port.
9.2 Configuring the Rapid STP While Classic STP prevents Layer 2 forwarding loops in a general network topology, convergence can take between 30-60 seconds. This time may delay detecting possible loops and propagating status topology changes. Rapid Spanning Tree Protocol (RSTP) detects and uses network topologies that allow a faster STP convergence without creating forwarding loops. The Global System LAG information displays the same field information as the ports, but represent the LAG RSTP information.
Point-to-Point Operational Status — Displays the point-to-point operating state. LAG — Displays the LAG to which the interface is attached. 2. Click . The RSTP Settings Page opens: Figure 88: RSTP Settings Page The RSTP Settings Page contains the following fields in addition to the settings listed in the RSTP Page: Activate Protocol Migration — Indicates whether sending Link Control Protocol (LCP) packets to configure and test the data link is enabled.
Figure 89: MSTP Properties Page The MSTP Properties Page contains the following fields: Region Name — Indicates the name of the userdefined STP region. Revision — Indicates that an unsigned 16-bit number that identifies the revision of the current MSTP configuration. The revision number is required as part of the MSTP configuration. The possible range is 0-65535. Max Hops — Specifies the total number of hops that occur in a specific region before the BPDU is discarded.
3. Click . The MSTP settings are saved and the device is updated. 9.3.3 Configuring MSTP VLAN Instances Network Administrator can assign MSTP for VLAN instances. To define MSTP for VLAN instances: 1. Click System > Bridging Info > Spanning Tree > MSTP > Instance Settings > VLAN Instance Configuration.
The possible field values are: – Root — Provides the lowest cost path to forward packets to the root device. – Designated — Indicates the port or LAG through which the designated device is attached to the LAN. – Alternate — Provides an alternate path to the root device from the root interface. – Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves.
Section 10. Configuring Multicast Forwarding Multicast forwarding enables transmitting packets from either a specific multicast group to a source, or from a nonspecific source to a multicast group. This section contains the following topics: Enabling IGMP Snooping Defining Multicast Bridging Groups Defining Multicast Forward All Parameters 10.1 Configuring Multicast Forwarding When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU.
The default value is 300 seconds. Leave Timeout — Indicates the amount of time the host waits, after requesting to leave the IGMP group and not receiving a Join message from another station, before timing out. If a Leave Timeout occurs, the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user-defined, or an immediate leave value. The default timeout is 10 seconds. 2. Click the Enable IGMP Snooping Status checkbox. 3. Click .
Bridge Multicast Address — Identifies the Multicast group MAC address/IP address. Port — Displays the port that can be added to a Multicast service. LAG — Displays the LAG that can be added to a Multicast service. The following table contains the IGMP port and LAG members management settings: Table 5: IGMP Port/LAG Members Table Control Settings Port Control Definition D Dynamically joins ports/LAG to the Multicast group in the Current Row.
10.3 Defining Multicast Forward All Parameters The Multicast Forward All Page contains fields for attaching ports or LAGs to a device that is attached to a neighboring Multicast router/switch. Once IGMP Snooping is enabled, Multicast packets are forwarded to the appropriate port or VLAN. Unless LAGs are defined, only a Multicast Forward All table displays. To define Multicast Forward All settings: 1. Click System > Bridging Config > Multicast Support > Bridge Multicast > Multicast Forward All.
Section 11. Configuring SNMP Management Simple Network Management Protocol (SNMP) provides a method for managing network devices. The device supports the following SNMP versions: SNMP version 1 SNMP version 2c SNMP version 3 11.1 SNMP v1 and v2c The SNMP agents maintain a list of variables, which are used to manage the device. The variables are defined in the Management Information Base (MIB).
Defining SNMP Group Members Defining SNMP Communities 11.3.1 Defining SNMP Global Parameters The SNMP Security Global Parameters Page permits the enabling of both SNMP and Authentication notifications. To define SNMP security global parameters: 1. Click System > SNMP Management > Security > Global Parameters.
SNMP view. Remove — Deletes the currently selected view. The possible field values are: – Checked — Removes the selected view. – Unchecked — Maintains the list of views. 2. Click . The Add SNMP View Page opens: Figure 102: Add SNMP View Page 3. Define the View Name field. 4. Define the view using and . 5. Define the View Type field. 6. Click updated. . The view is defined, and the device is 11.3.
. The Add SNMP Group Profile Page opens: 2. Click Figure 104: Add SNMP Group Profile Page 3. Define the Group Name, Security Model, Security Level, and Operation fields. 4. Click . The SNMP group profile is added, and the device is updated. To modify the SNMP Group settings: 1. Click System > SNMP Management > Security > Group Profile. The SNMP Security Group Profile Page opens. 2. Click . The SNMP Group Profile Settings Page opens: Figure 105: SNMP Group Profile Settings Page 3.
– SHA Password — Users are authenticated using the HMAC-SHA-96 authentication level. The user should enter a password. – No Authentication — No user authentication is used. Remove — Removes users from a specified group. The possible field values are: – Checked — Removes the selected user. – Unchecked — Maintains the list of users. 2. Click .
11.3.5 Defining SNMP Communities Access rights are managed by defining communities in the SNMP Communities Page. When the community names are changed, access rights are also changed. SNMP communities are defined only for SNMP v1 and SNMP v2c. To define SNMP communities: 1. Click System > SNMP Management > Security > Communities.
the device is updated. To modify SNMP Group Membership settings: 1. Click System > SNMP Management > Security > Communities. The SNMP Community Settings Page opens: Figure 111: SNMP Community Settings Page 2. Modify the SNMP Management Station, Community String, and Basic or Advanced fields. 3. Click . The SNMP community is modified, and the device is updated. 11.
1. Click System > SNMP Management > Notification > Notification Filter. The SNMP Notification FiIter Page opens: Figure 113: SNMP Notification FiIter Page The SNMP Notification FiIter Page contains the following fields: Filter Name — Contains a list of user-defined notification filters. Object ID Subtree — Displays the OID for which notifications are sent or blocked. If a filter is attached to an OID, traps or informs are generated and sent to the trap recipients.
Figure 115: SNMP Notification Receiver Page The SNMP Notification Receiver Page c is divided into the following tables: SNMPv1,2c Notification Recipient SNMPv3 Notification Recipient 11.4.3.1 SNMPv1,2c Notification Recipient The SNMP v1, v2c Recipient table contains the following fields: Recipients IP — Displays the IP address to which the traps are sent. Notification Type — Displays the type of notification sent. The possible field values are: – Trap — Indicates traps are sent.
– Unchecked — Maintains the list of recipients. 2. Click . The Add SNMP Notification Receiver Page opens: Figure 116: Add SNMP Notification Receiver Page 3. Define the Recipient IP, Notification Type, SNMPV1,v2c or SNMPv3, UPD Port, Filter Name, Timeout, and Retries fields. 4. Click . The SNMP Notification recipients are defined, and the device is updated. To modify SNMP notification recipients: 1. Click System > SNMP Management > Notification > Notification Receiver.
Section 12. Configuring Quality of Service This section contains the following topics: Quality of Service Overview Enabling Quality of Service Mapping Queues 12.1 Quality of Service Overview Network traffic is usually unpredictable, and the only basic assurance that can be offered is best effort traffic delivery. To overcome this challenge, Quality of Service (QoS) is applied throughout the network.
The following table contains the VPT to Queue default settings: Table 7: VPT Default Mapping Table VPT Value Queue Number 0 2 1 1 2 1 3 2 4 3 5 3 6 4 7 4 Mapping of the VPT to the output queue is performed on a system-wide basis, and can be enabled or disabled per port. Default CoS— Packets arriving untagged are assigned to a default VPT, which can be set by the user on a per port basis. Once the VPT is assigned, the packet is treated as if it had arrived with this tag.
Note: When moving to and from basic and advanced QoS modes, some settings may be lost. 12.1.2.1 Basic QoS Mode Basic Mode supports activating one of the following Trust settings: VLAN Point Tag DiffServ Code Point None In addition, a single IP-based ACL can be attached directly to the interface (see section on network security for more information). Only packets that have a Forward action are assigned to the output queue, based on the specified classification.
Figure 118: CoS Settings Page The CoS Settings Page contains the following fields: Quality of Service— Indicates if QoS is enabled on the interface. The possible values are: – Enable — Enables QoS on the interface. – Disable — Disables QoS on the interface. Trust Mode — Selects the trust mode. If a packet’ s CoS tag and DSCP tags are mapped to different queues, the Trust mode determines the queue to which the packet is assigned. The possible field values are: – None — Sets the Trust mode to none.
Figure 120: QoS Queue Settings Page The QoS Queue Settings Page contains the following fields: Queue — Indicates the queue number. Scheduling – Strict Priority — Indicates that traffic scheduling for the selected queue is based strictly on the queue priority. – WRR — Indicates that traffic scheduling for the selected queue is based strictly on the WRR. – WWR Weight — If WRR is selected, indicates the predetemined weights 8, 2, 4, and 1 for queues 4,3,2 and 1.
1. Click System > Quality of Service > Queue Mapping > DSCP to Queue. The DSCP to Queue Page opens: Figure 122: DSCP to Queue Page The CoS Settings Page page contains the following fields: DSCP In — Displays the incoming packet’s DSCP value. Queue — Defines the traffic forwarding queue to which the DSCP priority is mapped. Four traffic priority queues are supported. 2. Modify the Queue values. 3. Click updated. 85 .
Section 13. Managing System Files File maintenance on the device includes configuration file management and device access. The configuration file structure consists of the following configuration files: Startup configuration file — Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted. The Startup file is created by copying the configuration commands from the Running Configuration file or the Backup Configuration file.
13.1.2 Firmware Download The Firmware Download section contains the following fields: TFTP Server IP Address — Specifies the address of the TFTP server from which files are downloaded. Source File Name — Specifies the file to be downloaded. Destination File — Specifies the destination file to which system file is downloaded. The possible field values are: – Software Image — Downloads the Image file. – Boot Code — Downloads the Boot file.
13.2.2 Software Image Upload The Software Image Upload section contains the following fields: TFTP Server IP Address — Specifies the address of the TFTP server to which the Software Image is uploaded. Destination File Name — Specifies the name of the software image file to which the Software Image is uploaded. 13.2.
Figure 126: Copy Files Page The Copy Files Page contains the following fields: Copy Configuration — Copies the Running Configuration file to the Startup Configuration file. Source — Indicates the Running Configuration file is selected. Destination — Indicates the Startup Configuration file is selected. Restore Configuration Factory Defaults — Resets the Configuration file to the factory defaults. The factory defaults are reset after the device is reset.
Section 14. Performing Device Diagnostics This section contains the following topics: Configuring Port Mirroring Viewing Integrated Cable Tests Viewing Optical Transceivers 14.1 Configuring Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port. Port mirroring can be used as a diagnostic tool as well as a debugging feature. Port mirroring also enables switch performance monitoring.
To modify port mirroring settings: 1. Click . The Port Mirroring Settings Page opens. Figure 129: Port Mirroring Settings Page 2. Modify the Type field. 3. Click . Port mirroring settings are modified, and the device is updated. To remove port mirroring: 1. Click Maintenance > Diagnostics > Port Mirroring. The Port Mirroring Page opens. 2. Click the Remove checkbox for selected item, and click . 14.
14.3 Viewing Optical Transceivers The Optical Transceivers Page allows network managers to perform tests on fiber-optic cables. Note: Optical transceiver diagnostics can be performed only when the link is present. To test cables: Click System > Maintenance > Diagnostics > Optical Transceivers. The Optical Transceivers Page opens: Figure 131: Optical Transceivers Page The Optical Transceivers Page contains the following fields: Port — Displays the port IP address on which the cable is tested.
Section 15. Viewing Statistics This section describes how to view and manage device statistics for interfaces, GVRP, EAP, and Etherlike and how to view and define as RMON statistics, history and alarms. This section contains the following topics: Viewing Interface Statistics Managing RMON Statistics 15.1 Viewing Interface Statistics This section contains the following topics: Viewing Device Interface Statistics Viewing Etherlike Statistics Viewing GVRP Statistics Viewing EAP Statistics 15.1.
Packets with Errors — Displays the number of error packets received from the selected interface. Transmit Statistics Total Bytes (Octets) — Displays the number of octets transmitted from the selected interface. Unicast Packets — Displays the number of Unicast packets transmitted from the selected interface. Multicast Packets — Displays the number of Multicast packets transmitted from the selected interface.
To update the refresh time: To change the refresh rate for statistics, select another rate from the Refresh Rate dropdown list. To reset Etherlike interface statistics counters: 1. Open the Etherlike Statistics Page. 2. Click . The Etherlike interface statistics counters are cleared. 15.1.3 Viewing GVRP Statistics The GVRP Statistics Page contains device statistics for GVRP. To view GVRP interface statistics: 1. Click System > Statistics > Interface Statistics > GVRP.
1. Open the GVRP Statistics Page. 2. Click . The GVRP interface statistics counters are cleared. 15.1.4 Viewing EAP Statistics The EAP Statistics Page contains information about EAP packets received on a specific port. To view the EAP Statistics: 1. Click System > Statistics > Interface Statistics > EAP. The EAP Statistics Page opens: Figure 135: EAP Statistics Page The EAP Statistics Page contains the following fields: Port — Indicates the port, which is polled for statistics.
Configuring RMON History Defining RMON Alarms 15.2.1 Viewing RMON Statistics The RMON Statistics Page contains fields for viewing information about device utilization and errors that occurred on the device. To view RMON statistics: 1. Click System > Statistics > RMON > Statistics. The RMON Statistics Page opens: Figure 136: RMON Statistics Page The RMON Statistics Page contains the following fields: Interface — Indicates the device for which statistics are displayed.
Frames of xx Bytes — Number of xx-byte frames received on the interface since the device was last refreshed. 2. Select an interface (Port or LAG) in the Interface field. The RMON statistics are displayed. To update the refresh time: To change the refresh rate for statistics, select another rate from the Refresh Rate dropdown list. To reset RMON statistics counters: 1. Open the RMON Statistics Page. 2. Click . The RMON statistics counters are cleared. 15.2.
Figure 138: Add History Entry User Page 3. Define the fields. 4. Click . The entry is added to the RMON History Control Page, and the device is updated. To modify a history entry user: 1. Open the RMON History Control Page. 2. Click . The Edit Local History Entry User Page opens: Figure 139: Edit Local History Entry User Page 3. Define the fields. 4. Click .The entry is updated in the RMON History Control Page, and the device is updated. 15.2.2.
the device was last refreshed. Oversize Packets — Displays the number of oversized packets (over 1518 octets) received on the interface since the device was last refreshed. Fragments — Displays the number of fragments (packets with less than 64 octets, excluding framing bits, but including FCS octets) received on the interface since the device was last refreshed. Jabbers — Displays the total number of received packets that were longer than 1518 octets.
Figure 142: Add RMON Event User Page 3. Define the fields. 4. Click . The entry is added to the RMON Events Control Page, and the device is updated. To modify an RMON Event user: 1. Click System > Statistics > RMON > Events. The RMON Events Control Page opens, displaying defined event entries. 2. Click next to an entry. The Edit RMON Event User Page opens: Figure 143: Edit RMON Event User Page 3. Modify the local user properties fields. 4. Click .
Interface — Displays interface for which RMON statistics are displayed. The possible field values are: – Port — Displays the RMON statistics for the selected port. – LAG — Displays the RMON statistics for the selected LAG. Counter Value — Displays the selected MIB variable value. Sample Type — Defines the sampling method for the selected variable and comparing the value against the thresholds. The possible field values are: – Delta — Subtracts the last sampled value from the current value.
Figure 147: Edit RMON Alarm User Page 2. Modify the fields. 3. Click . The entry is updated in the RMON Alarm Page, and the device is updated.
Glossary This glossary contains terms commonly used in Embedded Web System documentation. Term Definition A Access Mode Specifies the method by which user access is granted to the system. Allows network managers to define profiles and rules for accessing the device. Access to Access Profile management functions can be limited to user groups, which are defined by the following criteria: • Ingress interfaces. • Source IP address and/or Source IP subnets.
Term Definition Backplane The main BUS that carries information in the device. Bandwidth Specifies the amount of data that can be transmitted in a fixed amount of time. For digital devices, bandwidth is defined in Bits per Second (bps) or Bytes per Second. Bandwidth Assignment Indicates the amount of bandwidth assigned to a specific application, user, and/or interface. Baud Indicates the number of signaling elements transmitted each second.
Term Definition CLI Command Line Interface. A set of line commands used to configure the system. Client CLL Collision Combo Port Community CPU A computer system or process that requires services or processes for another computer, typically a server. Classification Control Lists. Devices that grant, deny, or limit access to devices, features, or applications in QoS. A overlapping transmission of two or more packets that collide. The data transmitted cannot be used, and the session is restarted.
Term Definition Uses a bus or star topology and supports data transfer rates of Mpbs. A newer version Ethernet called Fast Ethernet supports 100 Mbps. Ethernet is standardized as per IEEE 802.3. Ethernet is the most commonly implemented LAN standard. EWS Embedded Web Server. Provides device management via a standard web browser. Embedded Web Servers are used in addition to or in place of a CLI or NMS. F FE Fast Ethernet. Fast Ethernet transmits at 100 Mbps rather than 10 Mbps. Fast Forward Table.
Term Definition I IAD IC ICMP IDRP IEEE IEEE 802.1d IEEE 802.1p EEE 802.1q IGMP IGP Image File Ingress Port IP IP Address IPM Integrated Access Device. Device that multiplexes varied communication technologies onto a single telephone line for transmission to the carrier. Integrated Circuit. Small electronic devices composed from semiconductor material. Internet Control Message Protocol. Allows the gateway or destination host to communicate with the source host. For example, to report a processing error.
Term L2TP LAG LAN Definition Layer 2 Tunnel Protocol. Helps build virtual private networks in the dial access space, and provides Layer 2 Forwarding L2F) protocol and Point-to-Point Tunneling Protocol (PPTP). Link Aggregated Group. Aggregates ports or VLANs into a single virtual port or VLAN. Local Area Network. A network contained within a single room, building, campus or other limited geographical area. Data Link Layer or MAC Layer. Contains the physical address of a client or server station.
Term NMS Definition Network Management System. An interface that provides a method of managing a system. A network connection endpoint or a common junction for multiple network lines. Nodes include: Node • Processors. • Controllers. • Workstations. O Object Identifier. Used by SNMP to identify managed objects. In the SNMP Manager/ OID Agent network management paradigm, each managed object must have an OID to identify it. OSPF Open Shortest Path First.
Term Redundancy Relay Agent RIP RJ-11 Connector RJ-45 Connector RMON ROS Router RSTP Running Configuration File RVSP Definition Provides duplication of devices, services, or events. If a device, service, or event fails, redundancy provides a backup that can replace the lost functionality. An Internet host or router that passes DHCP messages between DHCP clients and DHCP servers. Routing Information Protocol. Stipulates how routing table information is exchanged between routers. Grips up to four wires.
Term Subnet Mask Definition Used to mask all or part of an IP address used in a subnet address. Switch Filters and forwards packets between LAN segments. Switches support any packet protocol type. T Transmissions Control Protocol. Enables two hosts to communicate and exchange data TCP/IP streams. TCP guarantees packet delivery, and guarantees packets are transmitted and received in the order the are sent. Telnet TFTP Trap Trunking Terminal Emulation Protocol.
71035590 TP-LINK TECHNOLOGIES CO., LTD. E-mail: support@tp-link.com Website: http://www.tp-link.com Add: 3/F., Building R1-B, Hi-tech Industrial Park, Shennan Rd., Shenzhen, P.R.
