T2700G-28TQ JetStream 28-Port Gigabit Stackable L2+ Managed Switch REV1.0.
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation, transformation, or adaptation without permission from TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2015 TP-LINK TECHNOLOGIES CO., LTD.
Safety Information When product has power button, the power button is one of the way to shut off the product; When there is no power button, the only way to completely shut off power is to disconnect the product or the power adapter from the power source. Don’t disassemble the product, or make repairs yourself. You run the risk of electric shock and voiding the limited warranty. If you need service, please contact us. Avoid water and wet locations.
CONTENTS Package Contents ............................................................................................................................ 1 Chapter 1 About This Guide ........................................................................................................... 2 1.1 Intended Readers........................................................................................................... 2 1.2 Conventions .........................................................................
Chapter 5 Stack ............................................................................................................................ 36 5.1 5.2 Stack Management ...................................................................................................... 42 5.1.1 Stack Info ........................................................................................................... 42 5.1.2 Stack Config .....................................................................................
7.5.3 Protocol Template.............................................................................................. 84 7.6 Application Example for Protocol VLAN ...................................................................... 86 7.7 VLAN VPN.................................................................................................................... 88 7.7.1 VPN Config ........................................................................................................ 89 7.7.
9.4.2 9.5 Profile Binding ................................................................................................. 140 Packet Statistics ......................................................................................................... 141 Chapter 10 Routing ...................................................................................................................... 143 10.1 Interface ...............................................................................................
10.9.10 Neighbor Table ................................................................................................ 207 10.9.11 Link State Database ........................................................................................ 209 10.9.12 Application Example for OSPF ....................................................................... 209 10.10 VRRP (License Required) ...........................................................................................211 10.10.1 Basic Config ........
11.5.3 Application Example for Static Mroute ............................................................ 263 Chapter 12 QoS ............................................................................................................................ 266 12.1 12.2 12.3 DiffServ ....................................................................................................................... 269 12.1.1 Port Priority ...................................................................................
14.2 14.3 14.1.2 Manual Binding................................................................................................ 297 14.1.3 ARP Scanning ................................................................................................. 299 DHCP Snooping ......................................................................................................... 301 14.2.1 Global Config...................................................................................................
16.4 LLDP-MED ................................................................................................................. 350 16.4.1 Global Config................................................................................................... 351 16.4.2 Port Config ...................................................................................................... 352 16.4.3 Local Info .........................................................................................................
Appendix B: Configuring the PCs................................................................................................. 395 Appendix C: 802.1X Client Software ............................................................................................ 397 Appendix D: Glossary...................................................................................................................
Package Contents The following items should be found in your box: One T2700G-28TQ switch One Power Cord One Console Cable One Power Supply Module Slot Cover Two mounting brackets and other fittings Installation Guide Resource CD for T2700G-28TQ switch, including: • This User Guide • The Command Line Interface Guide • SNMP Mibs • 802.1X Client Software • Other Helpful Information Note: Make sure that the package contains the above items.
Chapter 1 About This Guide This User Guide contains information for setup and management of T2700G-28TQ switch. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for network managers familiar with IT concepts and network terminologies. 1.2 Conventions In this Guide the following conventions are used: The switch or T2700G-28TQ mentioned in this Guide stands for T2700G-28TQ JetStream 28-Port Gigabit Stackable L2+ Managed Switch without any explanation.
Chapter Introduction Chapter 4 System This module is used to configure system properties of the switch. Here mainly introduces: System Info: Configure the description, system time and network parameters of the switch. User Management: Configure the user name and password for users to manage the switch with a certain access level. System Tools: Manage the license and configuration files of the switch.
Chapter Introduction Chapter 8 Spanning Tree This module is used to configure spanning tree function of the switch. Here mainly introduces: STP Config: Configure and view the global settings of spanning tree function. Port Config: Configure CIST parameters of ports. MSTP Instance: Configure MSTP instances. STP Security: Configure protection function to prevent devices from any malicious attack against STP features.
Chapter Introduction Chapter 12 QoS This module is used to configure QoS function to provide different quality of service for various network applications and requirements. Here mainly introduces: DiffServ: Configure priorities, port priority, 802.1P priority and DSCP priority. Bandwidth Control: Configure rate limit feature to control the traffic rate on each port; configure storm control feature to filter broadcast, multicast and UL frame in the network.
Chapter Introduction Chapter 17 Cluster This module is used to configure cluster function to centrally manage the scattered devices in the network. Here mainly introduces: NDP: Configure NDP function to get the information of the directly connected neighbor devices. NTDP: Configure NTDP function for the commander switch to collect NDP information. Cluster: Configure cluster function to establish and maintain cluster.
Chapter 2 Introduction Thanks for choosing the T2700G-28TQ JetStream 28-Port Gigabit Stackable L2+ Managed Switch! 2.1 Overview of the Switch T2700G-28TQ is TP-LINK’s JetStream Layer 2+ Stackable Switch, supporting up to 4 SFP+ slots. T2700G-28TQ is ideal for large enterprises, campuses or SMB networks requiring an outstanding, reliable and affordable 10 Gigabit solution. T2700G-28TQ supports stacking of up to 8 units, thus providing flexible scalability and protective redundancy for your networks.
• Layer 2 Switching + GVRP (GARP VLAN Registration Protocol) allows automatic learning and dynamic assignment of VLANs. + Supports up to 4K VLANs simultaneously (out of 4K VLAN IDs). • Quality of Service + Supports L2/L3 granular CoS with 8 priority queues per port. + Rate limiting confines the traffic flow accurately according to the preset value. • Security + Supports multiple industry standard user authentication methods such as 802.1x, RADIUS. + IP Source Guard prevents IP spoofing attacks.
2.3 Appearance Description 2.3.1 Front Panel Figure 2-1 Front Panel The following parts are located on the front panel of the switch: Console Port: Designed to connect with the serial port of a computer or terminal for monitoring and configuring the switch.
LED Status Indication On Green Flashing Link/Act (Port 1-24) On Yellow Flashing 21F-24F 25, 26 A 1000Mbps device is connected to the corresponding port, but no activity Data is being transmitted or received A 10/100Mbps device is connected to the corresponding port, but no activity Data is being transmitted or received On An SFP transceiver is connected to the corresponding port, and it is connected to a device, but no activity Flashing A 1000Mbps device is connected to the corresponding port
card (TX432 of TP-LINK for example). If TX432 is installed, you get another two 10Gbps SFP+ ports. Unit ID LED: Designed to display the stack unit number of the switch. For the switch that does not join any stack system, it displays its default unit number. To modify the default unit number, please logon to the GUI of the switch and go to Stack→Stack Management→Switch Renumber page. 2.3.2 Rear Panel The rear panel of T2700G-28TQ is shown as the following figure.
Chapter 3 Login to the Switch 3.1 Login 1) To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP address of your PC should be set in the same subnet addresses of the switch. The IP address is 192.168.0.x ("x" is any number from 2 to 254), Subnet Mask is 255.255.255.0.
3.2 Configuration After a successful login, the main page will appear as Figure 3-3, and you can configure the function by clicking the setup menu on the left side of the screen. Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Save Config.
Chapter 4 System The System module is mainly for system configuration of the switch, including four submenus: System Info, User Management, System Tools and Access Security. 4.1 System Info The System Info, mainly for basic properties configuration, can be implemented on System Summary, Device Description, System Time, License Info and Daylight Saving Time pages. 4.1.1 System Summary On this page you can view the port connection status and the system information.
Indicates the 1000Mbps port is at the speed of 1000Mbps. Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. Indicates the SFP port is not connected to a device. Indicates the SFP port is at the speed of 1000Mbps. Indicates the SFP+ port is not connected to a device. Indicates the SFP+ port is at the speed of 10000Mbps. When the cursor moves on the port, the detailed information of the port will be displayed.
Bandwidth Utilization Rx: Select Rx to display the bandwidth utilization of receiving packets on this port. Tx: Select Tx to display the bandwidth utilization of sending packets on this port. 4.1.2 Device Description On this page you can configure the description of the switch, including device name, device location and system contact. Choose the menu System → System Info → Device Description to load the following page.
Choose the menu System → System Info → System Time to load the following page. Figure 4-5 System Time The following entries are displayed on this screen: Time Info Current System Time: Displays the current date and time of the switch. Current Time Source: Displays the current time source of the switch. Time Config Manual: When this option is selected, you can set the date and time manually.
4.1.4 License Info This page displays the status of the license and the features it supports. Choose the menu System → System Info → License Info to load the following page. Figure 4-6 License Info The following entries are displayed on this screen: License Info License Copy: The information about the number of license. License Status: Displays whether License is Active or Inactive. “Inactive” means that the switch is unauthenticated with the Layer 3 license.
4.1.5 Daylight Saving Time Here you can configure the Daylight Saving Time of the switch. Choose the menu System → System Info → Daylight Saving Time to load the following page. Figure 4-7 Daylight Saving Time The following entries are displayed on this screen: DST Config DST Status: Enable or Disable DST. Predefined Mode: Select a predefined DST configuration: Recurring Mode: USA: Second Sunday in March, 02:00 ~ First Sunday in November, 02:00.
Date Mode: Specify the DST configuration in Date mode. This configuration is one-off in use: Offset: Specify the time adding in minutes when Daylight Saving Time comes. Start/End Time: Select starting time and ending time of Daylight Saving Time. Note: 1. When the DST is disabled, the predefined mode, recurring mode and date mode cannot be configured. 2. When the DST is enabled, the default daylight saving time is of Europe in predefined mode. 4.
Choose the menu System → User Management → User Config to load the following page. Figure 4-9 User Config The following entries are displayed on this screen: User Info User Name: Create a name for users’ login. Access Level: Select the access level to login. User Status: Select Enable/Disable the user configuration. Password: Type a password for users’ login. Confirm Password: Retype the password.
Operation: Click the Edit button of the desired entry, and you can edit the corresponding user information. After modifying the settings, please click the Modify button to make the modification effective. Access level and user status of the current user information can’t be modified. 4.
Current Startup Image: Displays the current startup image. Next Startup Image: Select the next startup image. Backup Image: Select the backup boot image. Current Startup Config: Displays the current startup config filename. Next Startup Config: Input the next startup config filename. Backup Config: Input the backup config filename. Restore: Set the boot parameter to default. 4.3.
4.3.3 Config Backup On this page you can download the current configuration of the specified unit in the stack and save it as a file to your computer for your future configuration restore. Choose the menu System → System Tools → Config Backup to load the following page. Figure 4-12 Config Backup The following entries are displayed on this screen: Config Backup Target Unit: Select the desired unit in the stack to backup its configuration file.
Note: 1. Don’t interrupt the upgrade. 2. Please select the proper software version matching with your hardware to upgrade. 3. To avoid damage, please don't turn off the device while upgrading. 4. After upgrading, the device will reboot automatically. 5. You are suggested to backup the configuration before upgrading. 4.3.5 License Load On this page you can load a license file to upgrade the switch and activate the layer 3 routing capabilities.
Note: To avoid damage, please do not turn off the device while rebooting. 4.3.7 System Reset On this page you can reset the specified unit in the stack to the default. All the settings will be cleared after the switch is reset. Choose the menu System→System Tools→System Reset to load the following page. Figure 4-16 System Reset Note: After the system is reset, the switch will be reset to the default and all the settings will be cleared. 4.
Choose the menu System→Access Security→Access Control to load the following page. Figure 4-17 Access Control The following entries are displayed on this screen: Access Control Config Control Mode: Select the control mode for users to log on to the Web management page. IP Address& Mask: These fields can be available for configuration only when IP-based mode is selected. Only the users within the IP-range you set here are allowed for login.
Admin Number: Enter the maximum number of the users logging on to the Web management page as Admin. Guest Number: Enter the maximum number of the users logging on to the Web management page as Guest. 4.4.2 SSL Config SSL (Secure Sockets Layer), a security protocol, is to provide a secure connection for the application layer protocol (e.g. HTTP) communication based on TCP. SSL is widely used to secure the data transmission between the Web browser and servers.
The following entries are displayed on this screen: Global Config SSL: Certificate Download Certificate File: Select Enable/Disable the SSL function on the switch. Select the desired certificate to download to the switch. The certificate must be BASE64 encoded. Key Download Key File: Select the desired SSL Key to download to the switch. The key must be BASE64 encoded. Note: 1. The SSL certificate and key downloaded must match each other; otherwise the HTTPS connection will not work. 2.
Choose the menu System→Access Security→SSH Config to load the following page. Figure 4-19 SSH Config The following entries are displayed on this screen: Global Config SSH: Select Enable/Disable SSH function. Protocol V1: Select Enable/Disable SSH V1 to be the supported protocol. Protocol V2: Select Enable/Disable SSH V2 to be the supported protocol. Idle Timeout: Specify the idle timeout time. The system will automatically release the connection when the time is up.
2. After the Key File is downloaded, the user’s original key of the same type will be replaced. The wrong uploaded file will result in the SSH access to the switch via Password authentication. Application Example 1 for SSH: Network Requirements 1. Log on to the switch via password authentication using SSH and the SSH function is enabled on the switch. 2. PuTTY client software is recommended. Configuration Procedure 1. Open the software to log on to the interface of PuTTY.
2. PuTTY client software is recommended. Configuration Procedure 1. Select the key type and key length, and generate SSH key. Note: 1. The key length is in the range of 256 to 3072 bits. 2. During the key generation, randomly moving the mouse quickly can accelerate the key generation.
2. After the key is successfully generated, please save the public key and private key to the computer. 3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Note: 1. The key type should accord with the type of the key file. 2. The SSH key downloading cannot be interrupted.
4. After the public key is downloaded, please log on to the interface of PuTTY and enter the IP address for login. 5. Click Browse to download the private key file to SSH client software and click Open.
After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded. Note: Following the steps above, you have already entered the User EXEC Mode of the switch. However, to configure the switch, you need a password to enter the Privileged EXEC Mode first. For a switch with factory settings, the Privileged EXEC Mode password can only be configured through the console connection.
Chapter 5 Stack The stack technology is to connect multiple stackable devices through their StackWise ports, forming a stack which works as a unified system and presents as a single entity to the network in Layer 2 and Layer 3 protocols. It enables multiple devices to collaborate and be managed as a whole, which improves the performance and simplifies the management of the devices efficiently. Advantages The stack delivers the following benefits: 1. Simplified management.
In a ring connected stack, it can still operate normally by transforming into a daisy chained stack when link failure occurs, which further ensures the normal operation of load distribution and backup across devices and links as Figure 5-2 shows. Figure 5-2 Load Distribution and Backup across Devices 3. Network scalability.
Stack Introduction 1. Stack Elements 1) Stack Role Each device in the stack system is called stack member. Each stack member processes services packets and plays a role which is either master or slave in the stack system. The differences between master and slave are described as below: • Master: Indicates the device is responsible for managing the entire stack system. • Slave: Indicates the device provides backup for the master.
1) Connecting the stack members To establish a stack, please physically connect the stack ports of the member devices with cables. The stack ports of T2700-28TQ can be used for stack connection or as normal Ethernet Gigabit port. When you want to establish a stack, the stack mode of the related ports should be configured as "Enable". If the stack mode of the port is "Disable", then the port will work as a normal Ethernet port.
The master is elected based on the following rules and in the order listed: 1. The switch that is currently the stack master. 2. The switch with the highest stack member priority value. 3. The switch with the lowest MAC address. After master election, the stack forms and enters into stack management and maintenance stage. Note: 1. The priority value ranges from 1 to 15. The higher the value is, the more likely the member will be elected as the master.
• Port Number Format: The format of port number should be Unit Number/Slot Number/Port Number. Among them: (1) Unit Number: The default unit number of the switch is 1. If a device has joined stack system, the unit number which the device possesses in the stack system will be kept using as its unit number after the device leaves the stack system. (2) Slot Number: Indicates the number of the slot the interface card is in. For T2700G-28TQ, the front panel ports belong to slot 0.
5.1 Stack Management Before configuring the stack, we highly recommend you to prepare the configuration planning with a clear set of the role and function of each member device. Some configuration needs device reboot to take effect, so you are kindly recommended to configure the stack at first, next connect the devices physically after powering off them, then you can power them on and the devices will join the stack automatically.
Role: Displays the stack role of the member switch in the stack. There are two options: Master and Slave. MAC Address: Displays the MAC address of the member switch. Priority: Displays the member priority of the member switch. The higher the value is, the more likely the member will be elected as the master. Version: Displays the current firmware version of the member switch. Status: Displays the stack status of the member switch. Stack Port Info: Stack Port: Displays the stack port number.
The following entries are displayed on this screen: Stack Config Stack Name: Enter the name of the stack. The length of this field should be 1-30 characters. After the stack is established, the name of master determines the stack name. Stack Auth Mode: Select the authentication mode used in stack creation. There are three options: "None", "Simple" and "MD5". • None: Indicates no authentication mode is adopted in stack creation.
Choose the menu Stack Management→Switch Renumber to load the following page. Figure 5-9 Switch Renumber The following entries are displayed on this screen: Switch Renumber Select: Select the desired entry. It is multi-optional. Current Unit: Displays the current unit number of the member switch. Designated Unit: Configure the unit number of the member switch. • Auto: With this option selected, the member switch will be assigned a free unit number automatically.
Configuration Procedure Configure switch A, B, C and D before physically connecting them: Step Operation 1 Configure name. the stack Optional. On Stack Management→Stack Config page, configure the stack name. 2 Configure mode. stack port Required. On Stack Management→Stack Config page, configure the stack port status as "Enable". 3 Configure authentication mode and authentication password. Optional.
Chapter 6 Switching Switching module is used to configure the basic functions of the switch, including four submenus: Port, LAG, Traffic Monitor and MAC Address. 6.1 Port The Port function, allowing you to configure the basic features for the port, is implemented on the Port Config, Port Mirror, Port Security, Port Isolation and Loopback Detection pages. 6.1.1 Port Config On this page, you can configure the basic parameters for the ports.
Description: Give a description to the port for identification. Status: Allows you to Enable/Disable the port. When Enable is selected, the port can forward the packets normally. Speed: Select the Speed mode for the port. The device connected to the switch should be in the same Speed and Duplex mode with the switch. When 'Auto' is selected, the Speed mode will be determined by auto negotiation. Duplex: Select the Duplex mode for the port.
The following entries are displayed on this screen. Mirror Session List Session: This column displays the mirror session number. Destination: This column displays the mirroring port. Mode: This column displays the mirror mode. Source: This column displays the mirrored ports. Operation: You can configure the mirror session by clicking the Edit, or clear the mirror session configuration by clicking the Clear.
The following entries are displayed on this screen. Mirror Session Session: Destination Port Destination Port: Displays session number. Input or select a physical port from the port panel as the mirroring port. Source Port Select: Select the desired port as a mirrored port. It is multi-optional. Port: Displays the port number. Ingress: Select Enable/Disable the Ingress feature.
Choose the menu Switching→Port→Port Security to load the following page. Figure 6-4 Port Security The following entries are displayed on this screen: Port Security UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for Port Security configuration. It is multi-optional. Port: Displays the port number. Max Learned MAC: Specify the maximum number of MAC addresses that can be learned on the port.
Learn Mode: Select the Learn Mode for the port. • Dynamic: When Dynamic mode is selected, the learned MAC address will be deleted automatically after the aging time. • Static: When Static mode is selected, the learned MAC address will be out of the influence of the aging time and can only be deleted manually. The learned entries will be cleared after the switch is rebooted.
Click the Edit button to configure the port isolation list in the following page: Figure 6-6 Port Isolation Config Port Isolation Config UNIT: Select the unit ID of the desired member in the stack. Port: Select the port number to set its forward list. It is multi-optional. Forward Portlist: Select the port that to be forwarded to. It is multi-optional. Click the Back button to go back to the port isolation list. 6.1.
Choose the menu Switching → Port → Loopback Detection to load the following page. Figure 6-7 Loopback Detection Config The following entries are displayed on this screen: Global Config LoopbackDetection Status: Here you can enable or disable Loopback Detection function globally. Detection Interval: Set a Loopback Detection interval between 1 and 1000 seconds. By default, it’s 30 seconds. Automatic Recovery Time: Time after which the blocked port would automatically recover to normal status.
Port Config Select: Select the desired port for Loopback Detection configuration. It is multi-optional. Port: Displays the port number. Status: Enable or disable Loopback Detection function for the port. Operation Mode: Select the mode how the switch processes the detected loops. Alert: When a loop is detected, display an alert. Port based: When a loop is detected, display an alert and block the port. Recovery Mode: Select the mode how the blocked port recovers to normal status.
Tips: 1. Calculate the bandwidth for a LAG: If a LAG consists of the four ports in the speed of 1000Mbps Full Duplex, the whole bandwidth of the LAG is up to 8000Mbps (2000Mbps * 4) because the bandwidth of each member port is 2000Mbps counting the up-linked speed of 1000Mbps and the down-linked speed of 1000Mbps. 2. The traffic load of the LAG will be balanced among the ports according to the Aggregate Arithmetic.
Operation: Allows you to view or modify the information for each LAG. • • Edit: Click to modify the settings of the LAG. Detail: Click to get the information of the LAG. Click the Detail button for the detailed information of your selected LAG. Figure 6-9 Detail Information 6.2.2 Static LAG On this page, you can manually configure the LAG. The LACP feature is disabled for the member ports of the manually added Static LAG. Choose the menu Switching→LAG→Static LAG to load the following page.
The following entries are displayed on this screen: LAG Config Group Number: Select a Group Number for the LAG. Description: Displays the description of the LAG for identification. Member Port UNIT: Select the unit ID of the desired member in the stack. Member Port: Select the port as the LAG member. Clearing all the ports of the LAG will delete this LAG. Tips: 1. The LAG can be deleted by clearing its all member ports. 2. A port can only be added to a LAG.
Choose the menu Switching→LAG→LACP Config to load the following page. Figure 6-11 LACP Config The following entries are displayed on this screen: Global Config System Priority: Specify the system priority for the switch. The system priority and MAC address constitute the system identification (ID). A lower system priority value indicates a higher system priority.
member. The port with smaller Port Priority will be considered as the preferred one. If the two port priorities are equal; the port with smaller port number is preferred. Mode: Specify LACP mode for your selected port. Status: Enable/Disable the LACP feature for your selected port. LAG: Displays the LAG number which the port belongs to. 6.3 Traffic Monitor The Traffic Monitor function, monitoring the traffic of each port, is implemented on the Traffic Summary and Traffic Statistics pages. 6.3.
The following entries are displayed on this screen: Auto Refresh Auto Refresh: Allows you to Enable/Disable refreshing the Traffic Summary automatically. Refresh Rate: Enter a value in seconds to specify the refresh interval. Traffic Summary UNIT: Select the unit ID of the desired member in the stack. Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Port: Displays the port number.
Choose the menu Switching→Traffic Monitor→Traffic Statistics to load the following page. Figure 6-13 Traffic Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Allows you to Enable/Disable refreshing the Traffic Summary automatically. Refresh Rate: Enter a value in seconds to specify the refresh interval. Port Select UNIT: Select the unit ID of the desired member in the stack.
Statistics Port: Enter a port number and click the Select button to view the traffic statistics of the corresponding port. Received: Displays the details of the packets received on the port. Sent: Displays the details of the packets transmitted on the port. Broadcast: Displays the number of good broadcast packets received or transmitted on the port. The error frames are not counted in. Multicast: Displays the number of good multicast packets received or transmitted on the port.
The address filtering feature allows the switch to filter the undesired packets and forbid its forwarding so as to improve the network security. The types and the features of the MAC Address Table are listed as the following: Type Configuration Way Being kept after reboot Relationship between bound MAC Aging out (if the configuration is the address and the port saved) Static Manually configuring Address Table No Yes The bound MAC address cannot be learned by the other ports in the same VLAN.
Choose the menu Switching→MAC Address→Address Table to load the following page. Figure 6-14 Address Table The following entries are displayed on this screen: Search Option MAC Address: Enter the MAC address of your desired entry. VLAN ID: Enter the VLAN ID of your desired entry. Port: Select the corresponding port number or link-aggregation number of your desired entry. Type: Select the type of your desired entry.
MAC Address: Displays the MAC address learned by the switch. VLAN ID: Displays the corresponding VLAN ID of the MAC address. Port: Displays the corresponding port number or link-aggregation number of the MAC address. Type: Displays the Type of the MAC address. Aging Status: Displays the Aging status of the MAC address. 6.4.2 Static Address The static address table maintains the static address entries which can be added or removed manually, independent of the aging time.
UNIT: Select the unit ID of the desired member in the stack. Port: Select a port to be bound. Search Option Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in the Static Address Table. • MAC: Enter the MAC address of your desired entry. • • VLAN ID: Enter the VLAN ID number of your desired entry. Port: Enter the Port number of your desired entry.
Choose the menu Switching→MAC Address→Dynamic Address to load the following page. Figure 6-16 Dynamic Address The following entries are displayed on this screen: Aging Config Auto Aging: Allows you to Enable/Disable the Auto Aging feature. Aging Time: Enter the Aging Time for the dynamic address. Search Option Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in the Dynamic Address Table.
Aging Status: Displays the Aging Status of the MAC address. Bind: Click the Bind button to bind the MAC address of your selected entry to the corresponding port statically. Tips: Setting aging time properly helps implement effective MAC address aging. The aging time that is too long or too short results in a decrease of the switch performance. If the aging time is too long, excessive invalid MAC address entries maintained by the switch may fill up the MAC address table.
Search Option Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in the Filtering Address Table. • MAC Address: Enter the MAC address of your desired entry. • VLAN ID: Enter the VLAN ID number of your desired entry. Filtering Address Table Select: Select the entry to delete the corresponding filtering address. It is multi-optional. MAC Address: Displays the filtering MAC Address. VLAN ID: Displays the corresponding VLAN ID.
Chapter 7 VLAN The traditional Ethernet is a data network communication technology basing on CSMA/CD (Carrier Sense Multiple Access/Collision Detect) via shared communication medium. Through the traditional Ethernet, the overfull hosts in LAN will result in serious collision, flooding broadcasts, poor performance or even breakdown of the Internet.
packets with the MAC VLAN, Protocol VLAN and 802.1Q VLAN in turn. If a packet is matched, the switch will add a corresponding VLAN tag to it and forward it in the corresponding VLAN. 7.1 802.1Q VLAN VLAN tags in the packets are necessary for the switch to identify packets of different VLANs.
(3) GENERAL: The GENERAL port can be added in multiple VLANs and set various egress rules according to the different VLANs. The default egress rule is UNTAG. The PVID can be set as the VID number of any valid VLAN. PVID PVID (Port Vlan ID) is the default VID of the port. When the switch receives an un-VLAN-tagged packet, it will add a VLAN tag to the packet according to the PVID of its received port and forward the packets.
Choose the menu VLAN→802.1Q VLAN→VLAN Config to load the following page. Figure 7-3 VLAN Table To ensure the normal communication of the factory switch, the default VLAN of all ports is set to VLAN1. The following entries are displayed on this screen: VLAN Table Select: Select the desired entry to delete the corresponding VLAN. It is multi-optional. VLAN ID: Displays the ID number of VLAN. Name: Displays the user-defined name of VLAN. Members: Displays the port members in the VLAN.
Figure 7-4 Create or Modify 802.1Q VLAN The following entries are displayed on this screen: VLAN Info VLAN ID: Enter the ID number of VLAN. Name: Displays the user-defined name of VLAN. Untagged port: Displays the untagged port which is ACCESS, TRUNK or GENERAL. UNIT: Select the unit ID of the desired member in the stack. Tagged port: Displays the tagged port which is TRUNK or GENERAL. 7.1.2 Port Config Before creating the 802.
Choose the menu VLAN→802.1Q VLAN→Port Config to load the following page. Figure 7-5 802.1Q VLAN – Port Config The following entries are displayed on this screen: VLAN Port Config UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. Link Type: Select the Link Type from the pull-down list for the port.
LAG: Displays the LAG to which the port belongs. VLAN: Click the Detail button to view the information of the VLAN to which the port belongs. Click the Detail button to view the information of the corresponding VLAN. Figure 7-6 View the Current VLAN of Port The following entries are displayed on this screen: VLAN of Port VLAN ID: Displays the ID number of VLAN. VLAN Name: Displays the user-defined description of VLAN. Operation: Allows you to remove the port from the current VLAN.
Network Diagram Configuration Procedure Configure switch A Step Operation Description 1 Configure the Link Type of the ports Required. On VLAN→802.1Q VLAN→Port Config page, configure the link type of Port 2, Port 3 and Port 4 as ACCESS, TRUNK and ACCESS respectively 2 Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 2 and Port 3. 3 Create VLAN20 Required. On VLAN→802.
The packet in MAC VLAN is processed in the following way: 1. When receiving an untagged packet, the switch matches the packet with the current MAC VLAN. If the packet is matched, the switch will add a corresponding MAC VLAN tag to it. If no MAC VLAN is matched, the switch will add a tag to the packet according to the PVID of the received port. Thus, the packet is assigned automatically to the corresponding VLAN for transmission. 2.
Operation: Click the Edit button to modify the settings of the entry. And click the Modify button to apply your settings. 7.3.2 Port Enable On this page, you can enable the port for the MAC VLAN feature. Only the port is enabled, can the configured MAC VLAN take effect. Choose the menu VLAN→MAC VLAN→Port Enable to load the following page. Figure 7-8 Enable Port for MAC VLAN UNIT: Select the unit ID of the desired member in the stack. Select your desired port for MAC VLAN function.
The MAC address of Notebook A is 00-19-56-8A-4C-71, Notebook B’s MAC address is 00-19-56-82-3B-70. Network Diagram Configuration Procedure Configure switch A Step Operation Description 1 Configure the Link Type of the ports Required. On VLAN→802.1Q VLAN→Port Config page, configure the link type of Port 11 and Port 12 as GENERAL and TRUNK respectively. 2 Create VLAN10 Required. On VLAN→802.
Configure switch B Step Operation Description 1 Configure the Link Type of the ports Required. On VLAN→802.1Q VLAN→Port Config page, configure the link type of Port 21 and Port 22 as GENERAL and TRUNK respectively. 2 Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 21 and Port 22, and configure the egress rule of Port 21 as Untag. 3 Create VLAN20 Required. On VLAN→802.
Protocol Type Type value IPX 0x8137 IS-IS 0x8000 LACP 0x8809 802.1X 0x888E Table 7-2 Protocol types in common use The packet in Protocol VLAN is processed in the following way: 1. When receiving an untagged packet, the switch matches the packet with the current Protocol VLAN. If the packet is matched, the switch will add a corresponding Protocol VLAN tag to it. If no Protocol VLAN is matched, the switch will add a tag to the packet according to the PVID of the received port.
7.5.2 Protocol Group On this page, you can configure the Protocol Group. Choose the menu VLAN→Protocol VLAN→Protocol Group to load the following page. Figure 7-10 Enable Protocol VLAN for Port Protocol Group Config Protocol Name: Select the defined protocol template. VLAN ID: Enter the ID number of the Protocol VLAN. This VLAN should be one of the 802.1Q VLANs the ingress port belongs to. Protocol Group Member UNIT: Select the unit ID of the desired member in the stack. 7.5.
Choose the menu VLAN→Protocol VLAN→Protocol Template to load the following page. Figure 7-11 Create and View Protocol Template The following entries are displayed on this screen: Create Protocol Template Protocol Name: Give a name for the Protocol Template. Frame Type: Select a Frame Type for the Protocol Template. Ether Type: Enter the Ethernet protocol type field in the protocol template. DSAP: Enter the DSAP field when selected LLC. SSAP: Enter the SSAP field when selected LLC.
Step Operation Description 2 Create VLAN. Required. On the VLAN→802.1Q VLAN→VLAN Config page, click the Create button to create a VLAN. Enter the VLAN ID and the description for the VLAN. Meanwhile, specify its member ports. 3 Create Protocol Template. Required. On the VLAN→Protocol VLAN→Protocol Template page, create the Protocol Template before configuring Protocol VLAN. 4 Create Protocol VLAN. Required.
Network Diagram Configuration Procedure Configure switch A Step Operation Description 1 Configure the Link Type of the ports Required. On VLAN→802.1Q VLAN→Port Config page, configure the link type of Port 11 and Port 13 as ACCESS, and configure the link type of Port 12 as GENERAL. 2 Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 12 and Port 13, and configure the egress rule of Port 12 as Untag. 3 Create VLAN20 Required.
Step Operation Description 4 Create Protocol Template Required. On VLAN→Protocol VLAN→Protocol Template page, configure the protocol template practically. E.g. the Ether Type of IP network packets is 0800 and that of AppleTalk network packets is 809B. 5 Create Protocol VLAN 10 On VLAN→Protocol VLAN→Protocol Group page, create protocol VLAN 10 with Protocol as IP. Select and enable Port 3, Port 4 and Port 5 for Protocol VLAN feature.
Protocol type Value LACP 0x8809 802.1X 0x888E Table 7-3 Values of Ethernet frame protocol type in common use This VLAN VPN function is implemented on the VPN Config, VLAN Mapping and Port Enable pages. 7.7.1 VPN Config This page allows you to enable the VPN function, adjust the global TPID for VLAN-VPN packets and enable the VPN up-link port. When VPN mode is enabled, the switch will add a tag to the received tagged packet basing on the VLAN mapping entries.
Figure 7-13 Enable Port for VLAN Mapping VPN Port Enable UNIT: Select the unit ID of the desired member in the stack. Select your desired port for VLAN Mapping function. All the ports are disabled for VLAN Mapping function by default. 7.7.3 VLAN Mapping VLAN Mapping function allows the VLAN TAG of the packets to be replaced with the new VLAN TAG according to the VLAN Mapping entries. And these packets can be forwarded in the new VLAN.
The following entries are displayed on this screen: Global Config VLAN Mapping: Enable/Disable the VLAN mapping function. Enable/Disable the VLAN mapping function. If VLAN mapping is disabled and VLAN VPN is enabled, the packet will be encapsulated with an outer tag according to the PVID of its arriving port. VLAN Mapping Config Port: Select/Input the port number. C VLAN: Enter the ID number of the Customer VLAN. C VLAN refers to the VLAN to which the packet received by switch belongs.
Configuration Procedure of VLAN VPN Function: Step Operation Description 1 Enable VPN mode. Required. On the VLAN→VLAN VPN→VPN Config page, enable the VPN mode. 2 Configure the global TPID. Optional. On the VLAN→VLAN VPN→VPN Config page, configure the global TPID basing on the devices connected to the up-link port. 3 Set the VPN up-link port. Required. On the VLAN→VLAN VPN→VPN Config page, specify the desired port to be the VPN up-link port.
• Join Message: When a GARP entity expects other switches to register certain attribute information of its own, it sends out a Join message. And when receiving the Join message from the other entity or configuring some attributes statically, the device also sends out a Join message in order to be registered by the other GARP entities. • Leave Message: When a GARP entity expects other switches to deregister certain attribute information of its own, it sends out a Leave message.
In this switch, only the port with TRUNK link type can be set as the GVRP application entity to maintain the VLAN registration information. GVRP has the following three port registration modes: Normal, Fixed, and Forbidden. • Normal: In this mode, a port can dynamically register/deregister a VLAN and propagate the dynamic/static VLAN information. • Fixed: In this mode, a port cannot register/deregister a VLAN dynamically. It only propagates static VLAN information.
Port Config Unit: Select the unit ID of the desired member in the stack. Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. Status: Enable/Disable the GVRP feature for the port. The port type should be set to TRUNK before enabling the GVRP feature. Registration Mode: Select the Registration Mode for the port. • Normal: In this mode, a port can dynamically register/deregister a VLAN and propagate the dynamic/static VLAN information.
7.9 Private VLAN Private VLANs, designed to save VLAN resources of uplink devices and decrease broadcast, are sets of VLAN pairs that share a common primary identifier. To guarantee user information security, the ease with which to manage and account traffic for service providers, in campus network, service providers usually require that each individual user is Layer-2 separated. VLAN feature can solve this problem. However, as stipulated by IEEE 802.1Q protocol, a device can only support up to 4094 VLANs.
4. A Primary VLAN can be associated with multi-Secondary VLANs to create multi-Private VLANs. Private VLAN Implementation To hide Secondary VLANs from uplink devices and save VLAN resources, Private VLAN containing one Primary VLAN and one Secondary VLAN requires the following characteristics: Packets from different Secondary VLANs can be forwarded to the uplink device via promiscuous port and carry no corresponding Secondary VLAN information.
Search Option Search Option: Select a Search Option from the pull-down list and click the Search button to find your desired entry in Private VLAN. All: Enter either the Primary VLAN ID or Secondary VLAN ID of the desired Private VLAN. Primary VLAN ID: Enter the Primary VLAN ID number of the desired Private VLAN. Secondary VLAN ID: Enter the Secondary VLAN ID number of the desired Private VLAN. Private VLAN Table Select: Select the entry to delete. It is multi-optional.
The following entries are displayed on this screen: Port Config Port selected: Select the desired port for configuration. You can input one or select from the port table down the blank. Port Type: Select the Port Type from the pull-down list for the port. Primary VLAN: Specify the Primary VLAN the port belongs to. Secondary VLAN: Specify the Secondary VLAN the port belongs to. UNIT: Select the unit ID of the desired member in the stack. Private VLAN Port Table 1. 2. 3.
Network Diagram Configuration Procedure Step 1 Step Configure Switch C Operation Description Create VLAN6 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 6, owning Port 1/0/1. Configure switch A Operation Description 1 Create VLANs. Private Required. On the VLAN→Private VLAN→PVLAN Config page, Enter the Primary VLAN 6 and Secondary VLAN 4-5, select one type of secondary VLAN and then click the Create button.
Step Configure switch B Operation Description 1 Create VLANs. Private Required. On the VLAN→Private VLAN→PVLAN Config page, enter the Primary VLAN 6 and Secondary VLAN 5 and 8, select one type of secondary VLAN and then click the Create button. 2 Add Promiscuous port to Private VLANs Required. On the VLAN→Private VLAN→Port Config page, configure the port type of Port 1/0/3 as Promiscuous, enter Primary VLAN 6 and Secondary VLAN 5, and click the Apply button.
Chapter 8 Spanning Tree STP (Spanning Tree Protocol), subject to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network and block ports by exchanging information, in that way, a ring network can be disbranched to form a tree-topological ring-free network to prevent packets from being duplicated and forwarded endlessly in the network. BPDU (Bridge Protocol Data Unit) is the protocol data that STP and RSTP use.
Port: Port 3 is the root port of switch B and port 5 is the root port of switch C; port 1 and 2 are the designated ports of switch A and port 4 is the designated port of switch B; port 6 is the blocked port of switch C. Figure 8-1 Basic STP diagram STP Timers Hello Time: Hello Time ranges from 1 to 10 seconds. It specifies the interval to send BPDU packets. It is used to test the links. Max Age: Max. Age ranges from 6 to 40 seconds.
Comparing BPDUs Each switch sends out configuration BPDUs and receives a configuration BPDU on one of its ports from another switch. The following table shows the comparing operations. Step Operation 1 If the priority of the BPDU received on the port is lower than that of the BPDU if of the port itself, the switch discards the BPDU and does not change the BPDU of the port.
The condition for the root port to transit its port state rapidly: The old root port of the switch stops forwarding data and the designated port of the upstream switch begins to forward data. The condition for the designated port to transit its port state rapidly: The designated port is an edge port or connecting to a point-to-point link.
Figure 8-2 Basic MSTP diagram MSTP MSTP divides a network into several MST regions. The CST is generated between these MST regions, and multiple spanning trees can be generated in each MST region. Each spanning trees is called an instance. As well as STP, MSTP uses BPDUs to generate spanning tree. The only difference is that the BPDU for MSTP carries the MSTP configuration information on the switches.
Figure 8-3 Port roles The Spanning Tree module is mainly for spanning tree configuration of the switch, including four submenus: STP Config, Port Config, MSTP Instance and STP Security. 8.1 STP Config The STP Config function, for global configuration of spanning trees on the switch, can be implemented on STP Config and STP Summary pages. 8.1.1 STP Config Before configuring spanning trees, you should make clear the roles each switch plays in each spanning tree instance.
The following entries are displayed on this screen: Global Config Spanning Tree: Select Enable/Disable STP function globally on the switch. Mode: Select the desired STP version on the switch. STP: Spanning Tree Protocol. RSTP: Rapid Spanning Tree Protocol. MSTP: Multiple Spanning Tree Protocol. Parameters Config CIST Priority: Enter a value from 0 to 61440 to specify the priority of the switch for comparison in the CIST.
turn handicaps spanning trees being regenerated in time and makes the network less adaptive. The default value is recommended. 4. If the TxHold Count parameter is too large, the number of MSTP packets being sent in each hello time may be increased with occupying too much network resources. The default value is recommended. 8.1.2 STP Summary On this page you can view the related parameters for Spanning Tree function. Choose the menu Spanning Tree→STP Config→STP Summary to load the following page.
8.2 Port Config On this page you can configure the parameters of the ports for CIST Choose the menu Spanning Tree→Port Config to load the following page. Figure 8-6 Port Config The following entries are displayed on this screen: Port Config UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for STP configuration. It is multi-optional. Port: Displays the port number of the switch. Status: Select Enable /Disable STP function for the desired port.
Port Role: Displays the role of the port played in the STP Instance. Port Status: Displays the working status of the port. LAG: Root Port: Indicates the port that has the lowest path cost from this bridge to the Root Bridge and forwards packets to the root. Designated Port: Indicates the port that forwards packets to a downstream network segment or switch. Master Port: Indicates the port that connects a MST region to the common root.
Choose the menu Spanning Tree→MSTP Instance→Region Config to load the following page. Figure 8-7 Region Config The following entries are displayed on this screen: Region Config Region Name: Create a name for MST region identification using up to 32 characters. Revision: Enter the revision from 0 to 65535 for MST region identification. 8.3.2 Instance Config Instance Configuration, a property of MST region, is used to describe the VLAN to Instance mapping configuration.
VLAN ID: Enter the desired VLAN ID. Click 'Add' button, the new VLAN ID will be added to the corresponding instance ID and the previous VLAN ID won't be replaced. Click 'Delete' button, the VLAN ID will be delete from the corresponding instance ID. Instance Config Select: Select the desired Instance ID for configuration. It is multi-optional. Instance ID: Displays Instance ID of the switch. Status: Displays status of the instance. Priority: Enter the priority of the switch in the instance.
Choose the menu Spanning Tree→MSTP Instance→Instance Port Config to load the following page. Figure 8-9 Instance Port Config The following entries are displayed on this screen: Instance ID Select Instance ID: Select the desired instance ID for its port configuration. Instance Port Config UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port to specify its priority and path cost. It is multi-optional. Port: Displays the port number of the switch.
Path Cost: Path Cost is used to choose the path and calculate the path costs of ports in an MST region. It is an important criterion on determining the root port. The lower value has the higher priority. Port Role: Displays the role of the port played in the MSTP Instance. Port Status: Displays the working status of the port. LAG: Displays the LAG number which the port belongs to. Note: The port status of one port in different spanning tree instances can be different.
spanning trees being regenerated and roles of ports being reselected, and causes the blocked ports to transit to forwarding state. Therefore, loops may be incurred in the network. The loop protect function can suppresses loops. With this function enabled, a port, regardless of the role it plays in instances, is always set to blocking state, when the port does not receive BPDU packets from the upstream switch and spanning trees are regenerated, and thereby loops can be prevented.
Choose the menu Spanning Tree→STP Security→Port Protect to load the following page. Figure 8-10 Port Protect The following entries are displayed on this screen: Port Protect UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for port protect configuration. It is multi-optional. Port: Displays the port number of the switch.
8.4.2 TC Protect When TC Protect is enabled for the port on Port Protect page, the TC threshold and TC protect cycle need to be configured on this page. Choose the menu Spanning Tree→STP Security→TC Protect to load the following page. Figure 8-11 TC Protect The following entries are displayed on this screen: TC Protect TC Threshold: Enter a number from 1 to 100. It is the maximum number of the TC-BPDUs received by the switch in a TC Protect Cycle. The default value is 20.
Network Diagram Configuration Procedure Configure switch A: Step Operation Description 1 Configure ports On VLAN→802.1Q VLAN page, configure the link type of the related ports as Trunk, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function On Spanning Tree→STP Config→STP Config page, enable STP function and select MSTP version. On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port.
Step 2 Operation Description Enable STP function On Spanning Tree→STP Config→STP Config page, enable STP function and select MSTP version. On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port. 3 Configure the region name and the revision of MST region On Spanning Tree→MSTP Instance→Region Config page, configure the region as TP-LINK and keep the default revision setting.
Configure switch D: Step Operation Description 1 Configure ports On VLAN→802.1Q VLAN page, configure the link type of the related ports as Trunk, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function On Spanning Tree→STP Config→STP Config page, enable STP function and select MSTP version. On Spanning Tree→Port Config→Port Config page, enable MSTP function for the port.
For Instance 2 (VLAN 102, 104 and 106), the blue paths in the following figure are connected links; the gray paths are the blocked links. Suggestion for Configuration Enable TC Protect function for all the ports of switches. Enable Root Protect function for all the ports of root bridges. Enable Loop Protect function for the non-edge ports. Enable BPDU Protect function or BPDU Filter function for the edge ports which are connected to the PC and server.
Chapter 9 Multicast Multicast Overview In the network, packets are sent in three modes: unicast, broadcast and multicast. In unicast, the source server sends separate copy information to each receiver. When a large number of users require this information, the server must send many pieces of information with the same content to the users. Therefore, large bandwidth will be occupied. In broadcast, the system transmits information to all users in a network.
Multicast Address 1. Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination addresses of multicast packets. The multicast IP addresses range from 224.0.0.0~239.255.255.255. The following table displays the range and description of several special multicast IP addresses. Multicast IP address range Description 224.0.0.0~224.0.0.255 Reserved multicast addresses for routing protocols and other network protocols 224.0.1.0~224.0.1.
IGMP Snooping In the network, the hosts apply to the near Router for joining (leaving) a multicast group by sending IGMP (Internet Group Management Protocol) messages. When the up-stream device forwards down the multicast data, the switch is responsible for sending them to the hosts. IGMP Snooping is a multicast control mechanism, which can be used on the switch for dynamic registration of the multicast group.
3. IGMP Leave Message The host, running IGMPv1, does not send IGMP leave message when leaving a multicast group, as a result, the switch cannot get the leave information of the host momentarily. However, after leaving the multicast group, the host does not send IGMP report message any more, so the switch will remove the port from the corresponding multicast address table when its member port time times out.
Choose the menu Multicast→IGMP Snooping→Snooping Config to load the following page. Figure 9-4 Basic Config The following entries are displayed on this screen: Global Config IGMP Snooping: Select Enable/Disable IGMP Snooping function globally on the switch. Unknown Multicast: Select the operation for the switch to process unknown multicast, Forward or Discard. IGMP Snooping Status Description: Displays IGMP Snooping status. Member: Displays the member of the corresponding status.
9.1.2 Port Config On this page you can configure the IGMP feature for ports of the switch. Choose the menu Multicast→IGMP Snooping→Port Config to load the following page. Figure 9-5 Port Config The following entries are displayed on this screen: Port Config UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired port for IGMP Snooping feature configuration. It is multi-optional. Port: Displays the port of the switch.
9.1.3 VLAN Config Multicast groups established by IGMP Snooping are based on VLANs. On this page you can configure different IGMP parameters for different VLANs. Choose the menu Multicast→IGMP Snooping→VLAN Config to load the following page. Figure 9-6 VLAN Config The following entries are displayed on this screen: VLAN Config VLAN ID: Enter the VLAN ID to enable IGMP Snooping for the desired VLAN. Router Port Time: Specify the aging time of the router port.
Router Port Time: Displays the router port time of the VLAN. Member Port Time: Displays the member port time of the VLAN. Leave Time: Displays the leave time of the VLAN. Static Router Ports: Displays the static router ports of the VLAN. Dynamic Ports: Displays the dynamic router ports of the VLAN. Router Note: The settings here will be invalid when multicast VLAN is enabled Configuration procedure: Step Operation Description 1 Enable IGMP function Snooping Required.
Choose the menu Multicast→IGMP Snooping→Multicast VLAN to load the following page. Figure 9-7 Multicast VLAN The following entries are displayed on this screen: Multicast VLAN Multicast VLAN: Select Enable/Disable Multicast VLAN feature. VLAN ID: Enter the VLAN ID of the multicast VLAN. Router Port Time: Specify the aging time of the router port. Within this time, if the switch doesn’t receive IGMP query message from the router port, it will consider this port is not a router port any more.
Static Router Ports: Select the desired port as the static router port which is mainly used in the network with stable topology. Note: 1. The router port should be in the multicast VLAN, otherwise the member ports cannot receive multicast streams. 2. The Multicast VLAN won't take effect unless you first complete the configuration for the corresponding VLAN owning the port on the 802.1Q VLAN page. 3. It is recommended to choose GENERAL as the link type of the member ports in the multicast VLAN. 4.
Choose the menu Multicast→IGMP Snooping→Querier Config to load the following page. Figure 9-8 Packet Statistics The following entries are displayed on this screen: IGMP Snooping Querier Config VLAN ID: Enter the ID of the VLAN that enables IGMP Snooping Querier. Query Interval: Enter the time interval of sending a general query frame by IGMP Snooping Querier. Max Response Time: Enter the maximal time for the host to respond to a general query frame sent by IGMP Snooping Querier.
VLAN ID: Displays the ID of the VLAN that enables IGMP Snooping Querier. Query Interval: Displays the Query Interval of the IGMP Snooping Querier. Max Response Time: Displays the maximal time for the host to respond to a general query frame sent by IGMP Snooping Querier. General Query Source IP: Displays the source IP of the general query frame sent by IGMP Snooping Querier. Last Listener Query Interval: Displays the time interval of sending specific query frames by IGMP Snooping Querier.
Configuration Procedure Step Operation Description 1 Create VLANs Create three VLANs with the VLAN ID 3, 4 and 5 respectively, and specify the description of VLAN3 as Multicast VLAN on VLAN→802.1Q VLAN page. 2 Configure ports On VLAN→802.1Q VLAN function pages. For port 3, configure its link type as GENERAL and its egress rule as TAG, and add it to VLAN3, VLAN4 and VLAN5. For port 4, configure its link type as GENERAL and its egress rule as UNTAG, and add it to VLAN3 and VLAN 4.
The following entries are displayed on this screen: Search Option Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly. All: Displays all multicast IP entries. Multicast IP: Enter the multicast IP address the desired entry must carry. VLAN ID: Enter the VLAN ID the desired entry must carry. Forward Port: Enter the forward port number the desired entry must carry. Multicast IP Table Multicast IP Displays multicast IP address.
Choose the menu Multicast→Multicast IP→Static Multicast IP to load the following page. Figure9-10 Static Multicast IP Table The following entries are displayed on this screen: Create Static Multicast Multicast IP: Enter static multicast IP address. VLAN ID: Enter the VLAN ID of the multicast IP. Forward Port: Select the forward port of the multicast group. UNIT: Select the unit ID of the desired member in the stack.
Static Multicast IP Table Multicast IP: Displays the multicast IP. VLAN ID: Displays the VLAN ID of the multicast group. Forward Port: Displays the forward port of the multicast group. 9.4 Multicast Filter When IGMP Snooping is enabled, you can specified the multicast IP-range the ports can join so as to restrict users ordering multicast programs via configuring multicast filter rules. When applying for a multicast group, the host will send IGMP report message.
Mode: The attributes of the profile. Permit: Only permit the IP address within the IP range and deny others. Deny: Only deny the IP address within the IP range and permit others. Search Option All: Displays all the profile entries. Profile ID: Enter the profile ID the desired entry must carry. IGMP Profile Info Select: Select the desired entry for configuration. Profile ID: Displays the profile ID. Mode: Displays the attribute of the profile.
Mode: Configure the filter mode of the profile. ADD IP-range: Start IP: Enter the start IP address of the IP-range to the selected profile. End IP: Enter the end IP address of the IP-range to the selected profile. IP-range Table: Select: Select to delete the IP-range entry from the profile. Index: Displays the Index of the IP-range entry. Start IP: Displays the start IP address of the IP-range. End IP: Displays the end IP address of the IP-range. 9.4.
The following entries are displayed on this screen: Profile and Max Group Binding UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration. Port: It is multi-optional. Displays the port number. Profile ID: The existing Profile ID bound to the selected port. Max Group: The maximum multicast group a port can join. Overflow Action: The policy should be taken when the number of multicast group a port has joined reach the maximum.
Choose the menu Multicast→Packet Statistics to load the following page. Figure 9-14 Packet Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Select Enable/Disable auto refresh feature. Refresh Period: Enter the time from 3 to 300 in seconds to specify the auto refresh period. IGMP Statistics UNIT: Select the unit ID of the desired member in the stack. Port: Displays the port number of the switch.
Chapter 10 Routing Routing is the method by which the host or gateway decides where to send the datagram. Routing is the task of finding a path from a sender to a desired destination. It may be able to send the datagram directly to the destination, if that destination is on one of the networks that are directly connected to the host or gateway. However, what if the destination is not directly reachable? The host or gateway will attempt to send the datagram to a gateway that is nearer to the destination.
Admin Status: Specify interface administrator status. Choose 'Disable' to disable the interface's Layer 3 capabilities. Interface Name: Specify the name of the network interface. Interface List Select : Select the interfaces to modify or delete. ID: Displays the ID of the interface. Mode: Display IP address allocation mode. None: without ip. Static: setup manually. DHCP: allocated through DHCP. BOOTP: allocated through BOOTP. IP Address: Displays the IP address of the interface.
Admin Status: View and modify the Admin status. Choose 'Disable' to disable the interface's Layer 3 capabilities. Interface Name: View and modify the interface name. Click Detail to display the following figure: Figure 10-3 Detail Information Detail Information Interface ID: Displays ID of the interface, including VLAN ID, loopback interface and routed port. IP Address Mode: Displays the IP address allocation mode. None: without ip. Static: setup manually. DHCP: allocated through DHCP.
Interface Setting Detail Information Displays the detailed setting information of the interface. 10.2 Routing Table This page displays the routing information summary generated by different routing protocols. Choose the menu Routing→Routing Table→Routing Table to load the following page. Figure 10-4 Routing Table Routing Information Summary Protocol Displays the protocol of the route. Destination/Mask: Displays the destination and subnet of the route.
The following entries are displayed on this screen: Static Routing Config Destination: Specify the destination IP address of the packets. Subnet Mask: Specify the subnet mask of the destination IP address. Next Hop: Enter the IP address to which the packet should be sent next. Distance: Enter the distance metric of route. The smaller the distance is, the higher the priority is. Static Route Table Select: Specify the static route entries to modify.
Configuration Procedure Configure Switch A Steps Operation Note 1 Add interface VLAN 10 Required. On page Routing→Interface→Interface Config, add interface VLAN 10 with the mode as static, the IP address as 192.168.0.1, the mask as 255.255.255.0 and the interface name as VLAN10. 2 Add interface VLAN 20 Required. On page Routing→Interface→Interface Config, add interface VLAN 20 with the mode as static, the IP address as 192.168.1.1, the mask as 255.255.255.0 and the interface name as VLAN20.
additional configuration options. DHCP captures the behavior of DHCP participants so the administrator can manage the parameters of the host in the network. As workstations and personal computers proliferate on the Internet, the administrative complexity of maintaining a network is increased by an order of magnitude. The assignment of local network resources to each client represents one such difficulty.
fixed format section of the message and appending tagged data items in the variable length option area. The process is shown as follows. Figure 10-7 The Process of DHCP 1) DHCP discover: the client broadcasts messages on the physical subnet to discover available DHCP servers in the LAN. Network administrators can configure a local router (e.g. a relay agent) to forward DHCP-DISCOVER messages to a DHCP server in a different subnet.
The names for the fields given in the figure will be used throughout this document to refer to the fields in DHCP messages. Figure 10-8 The Format of DHCP Message 1) op:Message type, ‘1’ = BOOT-REQUEST, ‘2’ = BOOT-REPLY. 2) htype:Hardware address type, '1' for ethernet. 3) hlen:Hardware address length, '6' for ethernet. 4) hops:Clients set this field to zero and broadcast the DHCP-REQUEST message , optionally used by relay-agents when booting via a relay-agent.
14) file:Boot file name, null terminated string, "generic" name or null in DHCPDISCOVER, fully qualified directory-path name in DHCPOFFER. 15) options:Optional parameters field. See the options documents (RFC 2132) for a list of defined options. We will introduce some familiar options in the next section. DHCP Option This section defines a generalized use of the 'options' field for giving information useful to a wide class of machines, operating systems and configurations.
9) option 55:Parameter Request List option. This option is used by a DHCP client to request values for specified configuration parameters. 10) option 61:Client hardware address. 11) option 66:TFTP server name option. This option is used to identify a TFTP server. 12) option 67:Boot-file name option. This option is used to identify a boot-file. 13) option 150:TFTP server address option. This option is used to specify the address of the TFTP server which assigns the boot-file to the client.
With a DHCP Relay running between the client and the server, when receiving a DHCP-DISCOVER packet transmitting from the Relay, the switch will choose the IP from the IP pool in the same subnet with the Relay’s IP to assign to the client. If the IP pool is not configured on the switch or the configured IP pool doesn’t match the Relay’s network segment, the client may not get network parameters successfully. The switch can detect the IP address automatically before assigning it to avoid conflict.
Choose the menu Routing→DHCP Server→DHCP Server to load the following page. Figure10-11 DHCP Server The following entries are displayed on this screen: Global Config DHCP Server: Enable/Disable the switch as a DHCP server. Ping Time Config Ping Packets: The number of packets to be sent. Ping Timeout: The time it takes to determine the specific IP not exist. Excluded IP Address Configure the Excluded IP Address which cannot be assigned by the switch.
10.4.2 Pool Setting This page shows you how to configure the IP pool in which the IP address can be assigned to the clients in the network. Choose the menu Routing→DHCP Server→DHCP Server Pool to load the following page. Figure 10-12 Pool Setting The following entries are displayed on this screen: DHCP Server Pool Pool Name: Enter the name of the pool. Network Address: Specify the network number of the IP addresses in the pool.
Operation: Allows you to view or modify the information of the corresponding IP Pool. Edit: Click to modify the settings of the Pool. Detail: Click to get the information of the Pool. 10.4.3 Manual Binding In this page, you can specify the IP address for specific clients, and then the switch will supply these specified parameters to them only for ever. Choose the menu Routing→DHCP Server→Manual Binding to load the following page.
Choose the menu Routing→DHCP Server→Binding Table to load the following page. Figure 10-14 DHCP Server Binding Table DHCP Server Binding Table ID: Displays the ID of the client. IP Address: Displays the IP address that the Switch has allocated to the client. Client ID / Hardware Address: Displays the MAC address of the client. Type: Displays the type of this binding entry. Lease Time Left(s): Displays the lease time of the client left. Click Delete to delete the selected entry. 10.4.
The following entries are displayed on this screen: Packets Received BOOTREQUEST: Displays the Bootp Request packet received. DHCPDISCOVER: Displays the Discover packet received. DHCPREQUEST: Displays the Request packet received. DHCPDECLINE: Displays the Decline packet received. DHCPRELEASE: Displays the Release packet received. DHCPINFORM: Displays the Inform packet received. Packets Sent BOOTREPLY: Displays the Bootp Reply packet sent. DHCPOFFER: Displays the Offer packet sent.
10.4.6 Application Example for DHCP Server and Relay Network Requirements Every building in the campus belongs to separate VLANs with different network segments. The access points in each building are divided into two parts. One part is the fixed computers with static IP addresses in the teachers’ offices; the other is the classroom, in which most clients are laptops with dynamic IP addresses obtained from the DHCP server. DNS Server is in VLAN 1and its IP address is 160.20.30.2.
Step Operation Note 4 Configure the IP address pool Required. On page Routing→DHCP Server→Pool Setting, configure IP address pool parameters for each VLAN interface. Take VLAN10 as an example, configure its Network Address as 192.168.10.0, Subnet Mask as 255.255.255.0, Default gateway as 192.168.10.1 (the IP address of the VLAN interface), DNS Server as 160.20.30.2, and customize the Pool Name and Lease Time. 5 Configure the reserved addresses Required.
Figure 10-16 DHCP Relay Application To allow all clients in different VLAN request IP address from one server successfully, the DHCP Relay function can transmit the DHCP packet between clients and server in different VLANs, and all clients in different VLANs can share one DHCP Server.
2) Specify the DHCP Server which assigns IP addresses actually. Option 82 On this switch, Option 82 is used to record the location of the DHCP Client, the ethernet port and the VLAN, etc. Upon receiving the DHCP-REQUEST packet, the switch adds the Option 82 field to the packet and then transmits the packet to DHCP Server.
Choose the menu Routing→DHCP Relay→Global Config to load the following page. Figure 10-19 Global Config The following entries are displayed on this screen: Option 82 configuration Configure the Option 82 which cannot be assigned by the switch. Option 82 Support: Enable or disable the Option 82 feature. Existed Option 82 Field: Select the operation for the existed Option 82 field of the DHCP request packets from the Host. Keep: Indicates to keep the Option 82 field of the packets.
Choose the menu Routing→DHCP Relay→DHCP Server to load the following page. Figure 10-20 DHCP Server The following entries are displayed on this screen: Add DHCP Server Address Interface ID: Select the interface type and enter the interface ID. Server Address: Enter the DHCP server IP address. DHCP Server List Select: Select the desire DHCP server item. Interface ID: Displays the interface ID. Server Address: Displays the DHCP server address.
Within the same network segment, hosts connecting with different VLAN interfaces can communicate with each other through Layer 3 forwarding by using proxy ARP function. The following example simply illustrates how proxy ARP works. Figure 10-21 ARP Application As shown in the figure above, PC A and PC B are in the same network segment but belong to different VLANs respectively. When PC A wants to contact PC B, PC A will broadcast its ARP request with Destination IP address of PC B in its ARP packet.
Proxy ARP Information Select: Select the desired item for configuration. It is multi-optional. IP Address: Displays the interface's IP address. Subnet Mask: Displays the interface's subnet mask. Interface: Displays the interface. Interface Name: Displays the name of the interface. Status: Enable/Disable the items selected. 10.6.2 Application Example for Proxy ARP Network Requirements 1. PC A and PC B are in the same network segment but belong to VLAN2 and VLAN3 respectively. 2.
10.7 ARP This page displays the ARP table information. Choose the menu Routing→ARP→ARP Table to load the following page. Figure 10-23 ARP Table The following entries are displayed on this screen: ARP Table Interface: Displays the network interface of arp entry. IP Address: Enter the DHCP server IP address. MAC Address: Displays the MAC address of ARP entry. Type: Displays the type of ARP entry, e.g. Static, Dynamic. Age Time(min): Displays the live time left before arp entry be deleted. 10.
Next hop: IP address of the adjacent router’s interface to reach the destination. Egress interface: Packet outgoing interface. Metric: Cost from the local router to the destination. Route time: Time elapsed since the routing entry was last updated. The time is reset to 0 every time the routing entry is updated. RIP timers RIP employs three timers: update, timeout and garbage-collect. Update timer: defines the interval between routing updates.
information of natural networks such as Class A, B, and C. That is why RIPv1 does not support discontinuous subnets. RIPv2 is a classless routing protocol. Compared with RIPv1, RIPv2 has the following advantages. Supporting route tags. Route tags are used in routing policies to flexibly control routes. Supporting masks, route summarization and Classless Inter-Domain Routing (CIDR). Supporting designated next hops to select the best next hops on broadcast networks.
Figure 10-25 RIPv2 Message Format The detailed explanations of each field are stated as following: Version: Version of RIP. For RIPv2 the value is 0x02. Route Tag: Route Tag. IP Address: Destination IP address. It can be a natural network address, subnet address or host address. Subnet Mask: Mask of the destination address. Next Hop: If set to be 0.0.0.
Choose the menu Routing→RIP→Basic Config to load the following page. Figure 10-27 RIP Basic Config The following entries are displayed on this screen: RIP Enable RIP Protocol: Choose to enable or disable the RIP function. By default is disable. Global Config RIP Version: Choose the global RIP version. Default: send with RIP version 1 and receive with both RIP version 1 and 2. RIPv1:send and receive RIP version 1 formatted packets via broadcast.
RIP Distance: Set the RIP router distance. Auto Summary: If you select enable groups of adjacent routes will be summarized into single entries, in order to reduce the total number of entries The default is disable. Default Metric: Set the default metric for the redistributed routes. The valid values are (1 to 15). Redistribute Static: Choose to distribute Static router entries to RIP, the default is disable.
Status: The interface RIP status(up or down) is decided by the network status. You can't change it here. Send Version: Select the version of RIP control packets the interface should send from the pulldown menu. RIPv1:send RIP version 1 formatted packets via broadcast. RIPv2:send RIP version 2 packets using multicast. Receive Version: Select what RIP control packets the interface will accept from the pulldown menu. RIPv1:accept only RIP version 1 formatted packets.
Choose the menu Routing→RIP→RIP Database to load the following page. Figure 10-29 RIP Database The following entries are displayed on this screen: RIP Route Table Destination Network: The destination IP address and subnet mask. Next Hop: The Next hop IP address. Metric: The metric to reach the destination IP address. Interface Name: The gateway interface name. Timer(s): The time of the route entry.
Configure Switch B Steps Operation Note 1 Enable RIP Required. On page Routing→ RIP→ Basic Config, enable RIP, select RIPv2 as RIP version. 2 Enable the network segments where the interfaces are located Required. On page Routing→ RIP→ Basic Config Network Enable part, add network segments 1.1.1.0, 10.1.1.0, 11.1.1.0, and enable RIP in these network segments. These network segments will be displayed in RIP Network List after they are successfully added. 10.
Figure 10-30 Common Scenario for OSPF routing protocol The network topology is more prone to changes in an autonomous system of larger size. The network adjustment of any one router could destabilize the whole network and cause massive OSPF packets to be forward repeatedly, and all the routers need to recalculate the routes, which would waste lots of network resources. In this case, area partition would be an effective solution.
In the automatic election, the router would in the first place select the highest loopback interface IP address as the router ID. If the router doesn’t pre-define the loopback interfaces, it would select the highest physical interface IP address as the router ID. 3. OSPF Network Types OSPF, a dynamic routing protocol running in the network layer, would apply different working mechanism according to the features of different data link layers.
Figure 10-31 Diagram of DR/BDR Adjacency Relation DR or BDR is determined by the interface priority and router ID. First of all, whether a router could be the DR or BDR on a network is decided by its interface priority. The one of highest priority would be elected as DR or BDR; while if all the interfaces are of the same priority, it would then be decided by the router ID.
5) After two routers have finished the synchronization of link state database, a complete adjacency relation will be established. 6) When the intra-area routers have an identical link state database, each of them will calculate a loop-free topology through SPF algorithm with itself as the root thus to describe the shortest forward path to every network node it knows, and create a routing table according to the topology of shortest forward path and provide a basis for data forwarding.
Figure 10-32 Steps to Establish a Complete Adjacency Relation 2. Flooding As Figure 10-32 shows, two random routers will synchronize the link state database via LSA request, LSA update and LSA acknowledgement packets. But in the actual module of router network, how do the routers flood the change of local network to the entire network through LSA update packets? Figure 10-33 will introduce in details the flooding of the LSA update packets on the broadcast network.
Figure 10-33 Flooding of the LSA 1) DROthers multicast the LSA update of its directly-connected network to DR and BDR. 2) After receiving the LSA update, DR floods it to all the adjacent routers. 3) After receiving the LSA update from DR, the adjacent routers flood it to the other OSPF interfaces in their own areas.
network connectivity at all time. The non-backbone Area 1 and Area 2 cannot communicate directly with each other, but they can exchange routing information through the backbone Area 0. On large-scale networks, an appropriate area partition can help greatly to save network resources and enhance the speed of the routing. After the area partition in the network, routers of different type need to accomplish different tasks.
Figure 10-36 Virtual Link Sketch As in Figure 10-36, ABR of Area 2 has no physical link to connect directly with the backbone area, in which case Area 2 could not communicate with others without configuring a virtual link. Then a virtual link between ABR1 and ABR2, passing through Area 1, could provide a logical link for Area 2 to connect with the backbone area. A virtual link is a point-to-point connection between two ABRs.
learn about the routing information from other areas, the size of the routing table of the routers in the stub area as well as the number of the routing message transferred would be reduced greatly. NSSA (Not-So-Stubby-Area) has a lot in common with stub area, but is not completely the same. NSSA doesn’t allow ABR to import the external routing information described by AS-External LSA, either.
Figure 10-38 Discontinuous Network Segment Link State Database When the routers in the network completely synchronize the link state database through LSA exchanges, they can calculate the shortest path tree by basing themselves as the root node. The OSPF protocol routing calculation is simply presented as below. 1) Each OSPF router would generate LSA according to its own link state or routing information, and then send it through the update packets to the other OSPF routers in the network.
Figure 10-39 OSPF Header 1) Version: The version number of OSPF run by this device. For instance, the OSPF run by our IPv4 devices is of Version 2, and that run by IPv6 devices is of Version 3. 2) Type: The type of this packet. There are totally five types of OSPF packets, as shown in the table below.
Type Code Authentication Features Name 0 Non-Authentication The 64-bit authentication information fields behind are all 0. 1 Plain-text Authentication The 64-bit authentication information behind is the password to authenticate. 2 MD5 Ciphertext Authentication The Key ID, authentication data length and encryption serial number work together to perform MD5 Ciphertext Authentication Table 10-4 Authentication Type 2.
4) Router Dead Interval: When the receiving router doesn’t receive another Hello packet update from the advertising router within the specified age time, it will delete the advertising router from its neighbor table. Only routers with the coincident dead interval can be neighbors. 5) Designated Router ID: The interface IP of the router specified by the advertising router in the advertising interface network.
4. LSR Packet During the synchronization of the link state database between two routers, if one router finds an updated LSA or an LSA it doesn’t have in the DD packet forwarded, it could send a LSR packet to request for a complete LSA. Figure 10-42 LSR Packet 1) Link State Type: The type of LSA. There are 11 types of LSA in total: Router LSA, Network LSA, Network Summarization LSA, ASBR Summarization LSA, and so on. In the following, all these would be introduced in details.
Figure 10-43 LSU Packet 1) LSA Quantity: The quantity of LSA included in the LSU. 2) LSA: A complete description of LSA. 6. LSAck Packet When receiving a LSU, the router will send to the router forwarding the LSU packet a LSAck packet including the LSA header it receives to confirm whether the data received is correct. 7. LSA OSPF protocol defines area and multiple router types. Via various sorts of LSA, different types of router complete routing update caused by network changes.
Type Code Name 1 Router LSA 2 Network LSA 3 Network Summary LSA 4 ASBR Summary LSA 5 AS External LSA 7 NSSA External LSA Features Originates from all the routers, and describes the router interface which itself has already run the OSPF features and then spreads in its advertising area. Originates from DR, and describes the link state of all routers in its connected network segment and then diffuses in its advertising area.
8) Configuration of Stub Area and NSSA. 9) ABR route summarization – to summarize the intra-area routing information with the same prefix with a single route and then distribute it to other areas. 10) ASBR route summarization – to summarize the external routing information with the same prefix with a single route and then distribute it to the autonomous system. 10.9.1 Process Choose the menu Routing→OSPF→Process to load the following page.
10.9.2 Basic Choose the menu Routing→OSPF→Basic to load the following page. Figure 10-46 OSPF Base The following entries are displayed on this screen: Select Current Process Current Process: Select the desired OSPF process for configuration. Default Route Advertise Config Originate: When this parameter is Enable, OSPF originates an AS-External LSA advertising a default route (0.0.0.0/0.0.0.0).
OSPF Config ASBR Mode: The router is an Autonomous System Boundary Router if it is configured to redistribute routes from another protocol, or if it is configured to originate an AS-External LSA advertising the default route. ABR Status: The router is an Area Border Router if it has active non-virtual interfaces in two or more OSPF areas. Distance: Specify OSPF route distance.
Passive Default: Configure the global passive mode settings for all OSPF interfaces. Configuring this field will overwrite any present interface level passive mode settings. OSPF does not form adjacencies on passive interfaces, but does advertise attached networks as stub networks. The default value is 'Disable'. 10.9.3 Network You can configure networks contained by an area on this page. The interfaces, whose IP address fall into the networks, will be imported to the associated area.
Area ID: Displays the area to which the network belongs. 10.9.4 Interface Choose the menu Routing→OSPF→Interface to load the following page. Figure10-48 OSPF Interface The following entries are displayed on this screen: Interface Table Select: Select the desired item for configuration. It is multi-optional. Interface: The interface for which data is to be displayed or configured. IP Address/Mask: The IP address and subnet mask of the interface.
Passive Mode: Make an interface passive to prevent OSPF from forming an adjacency on an interface. OSPF advertises networks attached to passive interfaces as stub networks. Interfaces are not passive by default. MTU Ignore: Disables OSPF MTU mismatch detection on received database description packets. Default value is Disable (MTU mismatch detection is enabled). Database Filter: To prevent outgoing link-state advertisements (LSAs) flooding out of an OSPF interface.
The router establishes adjacencies to all other routers attached to the network. The Backup Designated Router performs slightly different functions during the Flooding Procedure, as compared to the Designated Router. DR Other: The interface is connected to a broadcast on which other routers have been selected to be the Designated Router and Backup Designated Router either. The router attempts to form adjacencies to both the Designated Router and the Backup Designated Router.
Retransmit Interval: The retransmit interval for the specified interface. This is the number of seconds between link-state advertisements for adjacencies belonging to this router interface. This value is also used when retransmitting database descriptions and link-state request packets. The valid value ranges from 1 to 65535 seconds and the default is 5 seconds. Hello Interval: The hello interval for the specified interface in seconds.
10.9.5 Area Choose the menu Routing→OSPF→Area to load the following page. Figure10-50 OSPF Area The following entries are displayed on this screen: Area Config Process ID: Select the desired OSPF process for configuration. Area ID: The 32 bit unsigned integer that uniquely identifies the area. It can be in decimal format or dotted decimal format. Area Description: One simple string to describe the area. No more than 20 characters. Area Type: OSPF area type: Normal, Stub, or NSSA.
Metric Type: Set the OSPF metric type of the default route. Two types are supported: External Type 1 and External Type 2. The default value is External Type 2. Metric: Specify the metric of the default route. The valid value ranges from 1 to 16777214 and the default is 1. Area Table Process: Select one OSPF Process to display its area list. Select: Select the desired item for configuration. It is multi-optional. Area ID: Displays the configured area.
Choose the menu Routing→OSPF→Area Aggregation to load the following page. Figure10-51 OSPF Area Aggregation The following entries are displayed on this screen: Area Aggregation Config Process ID: Select the desired OSPF process for configuration. Area ID: The 32 bit unsigned integer that uniquely identifies the area. It can be in decimal format or dotted decimal format. IP Address: The IP address of the address range. Subnet Mask: The subnet mask of the address range.
10.9.7 Virtual Link Choose the menu Routing→OSPF→Virtual Link to load the following page. Figure10-52 Virtual Link The following entries are displayed on this screen: Virtual Link Creation Process ID: Select the desired OSPF process for configuration. Transit Area ID: The ID of the transit area. Virtual links can be configured between any pair of area border routers having interfaces to a common (non-backbone) area. Here the common area is named Transit Area.
Transmit Delay: The Transit Delay for the specified interface. This specifies the estimated number of seconds it takes to transmit a link state update packet over the selected interface. The valid value ranges from 1 to 65535 seconds and the default is 1 second. Authentication Type: You may select an authentication type other than none by clicking on the 'Authentication Type' button. The choices are: default: Uses the authentication type of the backbone area. null: No authentication.
Metric: Set the metric value to be used as the metric of redistributed routes. The valid value ranges from 1 to 16777214 and the default is equal to Default Metric configured on Basic page. Metric Type: Set the OSPF metric type of redistributed routes. The default is External Type 2. Tag: Set the tag field in routes redistributed. The valid value ranges from 0 to 4294967295 and the default is 0. NSSA Only: Set whether or not to limit redistributed routes to NSSA areas. The default is Disable. 10.9.
Advertise: Set whether or not the address range will be redistributed to OSPF domain via an AS-External LSA. The default is Enable. ASBR Aggregation Table Process: Select one OSPF Process to display its address range list. Select: Select the desired item for configuration. It is multi-optional. IP Address: Displays the IP address of the address range. Subnet Mask: Displays the subnet mask of the address range. Tag: Displays the tag value in redistributed address range and it can be modified.
State: The state of the neighbor: Down: This is the initial state of a neighbor conversation. It indicates that there has been no recent information received from the neighbor. On NBMA networks, Hello packets may still be sent to 'Down' neighbors, although at a reduced frequency. Attempt: This state is only valid for neighbors attached to NBMA networks. It indicates that no recent information has been received from the neighbor, but that a more concerted effort should be made to contact the neighbor.
10.9.11 Link State Database Choose the menu Routing→OSPF→Link State Database to load the following page. Figure10-56 Link State Database The following entries are displayed on this screen: Link State Database Process: Select one OSPF Process to display its link state database. Area ID: Displays the ID of the area to which the LSA belongs. Advertising Router: Displays the ID of the router that advertising the LSA. LSA Type: The format and function of the link state advertisement.
Network Diagram Configuration Procedure Configure Switch A Step Operation Description 1 Create routing interfaces and their IP addresses Required. On page Routing→Interface→Interface Config, create routed port 1/0/1 with the IP 1.10.1.1/24 and routed port 1/0/2 with the IP 1.20.1.1/24. 2 Create OSPF process Required. On page Routing→OSPF→Process, Create OPSF process 1 and configure the Router ID as 1.1.1.1. 3 Create networks in the area Required.
Configure Switch C Step Operation Description 1 Create routing interfaces and their IP addresses Required. On page Routing→Interface→Interface Config, create routed port 1/0/1 with the IP 1.20.2.1/24 and routed port 1/0/2 with the IP 1.20.1.2/24. 2 Create OSPF process Required. On page Routing→OSPF→Process, Create OPSF process 1 and configure the Router ID as 3.3.3.3. 3 Create networks in the area Required. On page Routing→OSPF→Network, configure network 1.20.0.0/16 in area 1.
still be provided and network interruption can be avoided after a single link fails without reconfiguration of dynamic routing or router discovery protocols, or default gateway configuration on every end-host. 2. Small network overhead. The single message that VRRP defines is the VRRP advertisement, which can only be sent by the master router. Typical Networking Application Diagram Figure 10-57 Typical Networking Application Diagram VRRP Operating Principle 1.
The VRRP priority ranges from 0 to 255 (the bigger the number is, the higher the priority is). Configurable range is 1-254. The priority value 0 is reserved for the current master when it gives up its role as master router. For example, when master router receives shutdown message, it would send VRRP packet with priority 0 to the backup group which the interface belongs to. The priority of the IP address owner must be 255.
interfaces and better performance can be elected as master router; and the stability of backup group is increased. When the router interface connecting the uplink fails, the backup group cannot recognize uplink breakdown. If this router is in Master state, hosts in the LAN cannot visit external network. This problem can be solved with the help of interface tracking function.
VRRP Configuration Before configuring VRRP, users should plan well to specify the role and function of the devices in backup groups. Every switch in backup group should be configured, which is the precondition to construct a backup group. 10.10.1 Basic Config VRRP (Virtual Routing Redundancy Protocol) is a function on the Switch that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.
Virtual IP: Displays the primary Virtual IP associated with the VRRP. Priority: Displays the priority associated with the VRRP. Status: Displays the status associated with the VRRP. Other: Displays more information about the VRRP. Select All: Select all the VRRP items. Delete: Delete the selected items. Refresh: Update the status of the VRRP table.
Running Priority: Displays the running priority associated with the VRRP. It ranges from 1 to 255. Advertise Timer: Displays the advertise timer associated with the VRRP. It ranges from 1 to 255. Preempt Delay Timer: Displays the preempt delay timer associated with the VRRP. It ranges from 0 to 255. Preempt Mode: Displays the preempt mode associated with the VRRP. Authentication Type: Displays the authentication type associated with the VRRP.
Description: Enter the description associated with the VRRP. Numbers, characters and '_' are the only valid inputs, and the maximal length of the inputs is 8. Priority: Enter the Priority associated with the VRRP. It ranges from 1 to 254. Advertise Timer: Enter the advertise timer associated with the VRRP. It ranges from 1 to 255. Preempt Mode: Select Enable or disable the preempt Mode from the pull-down list.
The following entries are displayed on this screen: Add Virtual IP This filed is used to add virtual IP addresses associated with the VRRP. Up to five virtual IP addresses can be added for every VRRP. VRID: Select the VRID From the from the pull-down list. Interface: Select the Interface ID from the pull-down list. Virtual IP: Enter an IP address for the VRRP. Create: Click the button if you want to add a Virtual IP to the VRRP. VRRP Virtual IP Table Select: Select one or more items.
The following entries are displayed on this screen: Add Track This filed is used for adding track information associated with the VRRP. Up to 5 interfaces can be tracked for every VRRP. IP owner cannot track any interface. Interface: Select the Interface ID from the pull-down list. VRID: Select the VRID From the from the pull-down list. Tracked Interface: Specify the interface to be tracked. Reduced Priority: Enter the priority to reduce if the associated interface is down.
The following entries are displayed on this screen: Global Statistics Router Checksum Errors: Displays the total number of VRRP packets received with an invalid VRRP checksum value. Router Version Errors: Displays the total number of VRRP packets received with an unknown or unsupported version number. Router VRID Errors: Displays the total number of VRRP packets received with an invalid VRID for this virtual router. Statistics Displays specified virtual router statistics.
Packet Length Errors: Displays the number of packets received with a packet length less than the length of the VRRP header. Clear: Clear the statistics displayed on the web. Refresh: Refreshes the web page to show the latest VRRP information. Configuration Procedure: Step Operation Note 1 Configure interface and its IP address. Required. On page Routing→ Interface→ Interface Config, create a routing interface (either interface VLAN or routed port) and specify its IP address and subnet mask.
Network Diagram Configuration Procedure Configure Switch A Step Operation Note 1 Configure the interface and its IP address. On page Routing→Interface→Interface Config, create the interface VLAN2, and configure its IP address as 192.168.1.1 and Subnet Mask as 255.255.255.0. 2 Add port to the interface. On page VLAN→802.1Q VLAN→VLAN Config, add port 5 to interface VLAN 2.
Chapter 11 Multicast Routing (License Required) Overview of Multicast Routing Protocols Note: The router and router icon mentioned in this chapter represent the router in general or the switch that runs the layer 3 multicast routing protocols. The multicast routing protocols run in layer 3 multicast devices and they create and maintain multicast routes to forward the multicast packets correctly and efficiently.
Multicast Router (or the Layer 3 Multicast Device): The router or switch that supports the layer 3 multicast functions, which contains the multicast routing function and the management function of the multicast group members. The multicast model divides into two types depending on whether there is an exact multicast source: ASM (Any-Source Multicast) and SSM (Source-Specific Multicast).
11.1.2 Mroute Table On this page you can get the desired mroute information through different search options. Choose the menu Multicast Routing→Global Config→Mroute Table to load the following page. Figure 11-2 Mroute Table The following entries are displayed on this screen: Search Option All: Select All to display all entries. Group: Select Group and enter the group of desired entry. Source: Select Source and enter the source of desired entry.
11.2 IGMP Brief Introduction of IGMP IGMP stands for Internet Group Management Protocol. It is responsible for the management of IP multicast members in IPv4, and is used to establish and maintain the multicast member relationships between the IP host and its directly neighboring multicast routers.
(3) After receiving the IGMP query message, the host that is interested in multicast group G1, either Host B or Host C (depending on whose latency timer runs out first) — for example Host B, will firstly multicast IGMP membership report message to G1 to declare it belongs to G1.
2. Leave-Group Mechanism When a host leaves a multicast group in IGMPv2: (1) The host will send leave group message to all the multicast routers in the local network with the multicast address 224.0.0.2. (2) After receiving this leave group message, the querier will send group-specific query message to the multicast group that the host announces to leave. (The querying multicast group address is filled in the destination address field and the group address field of this group-specific query message.
Figure 11-4 IGMPv3 Multicast Source Filtering If the IGMP protocol running between the hosts and the multicast routers is IGMPv1 or IGMPv2, Host B will be unable to select its expecting sources when it joins the multicast group G. Thus whether needed or not, the multicast data from Source 1 and Source 2 will be transferred to Host B.
IS_EX: indicating the mapping relationship between the multicast group and the multicast source list is EXCLUDE, which means the host will only receive the multicast data sending to this multicast group with its source not in the specified source list. TO_IN: indicating the mapping relationship between the multicast group and the multicast source list changes from EXCLUDE to INCLUDE.
Robustness: Specify the robustness of the selected interface, ranging from 1 to 255. The default is 2. The robustness variable determines the aging time of the member port after it receives the report message. The aging time = robustness* general-query-interval + query-max-response-time. Query Interval: Specify the IGMP query interval at which IGMP router sends out a general query, ranging from 1 to 3600. The default is 60.
Routed Port: Enter the routed port the desired entry must carry. Interface State Table Interface: The interface for which data is to be displayed or configured. IP Address: The IP address of the selected interface. Querier IP: The address of the IGMP querier on the IP subnet to which the selected interface is attached. Querier State: Indicates whether the selected interface is in querier or non-querier mode.
Choose the menu Multicast Routing→IGMP→Static Multicast Group to load the following page. Figure 11-7 Static Multicast Group The following entries are displayed on this screen: IGMP Static Multicast Group Interface: Enter the ID of the interface corresponds to, VLAN ID or routed port. Multicast IP: Enter the multicast IP address the desired entry must carry. Source IP: Displays the Source IP of the entry. Forward Ports: Select the forward ports.
Search Option Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly. All: Displays all static multicast IP entries. Multicast IP: Enter the multicast IP address the desired entry must carry. Interface VLAN: Enter the VLAN ID the desired entry must carry. Port: Select the port the desired entry must carry. Routed Port: Select the routed port the desired entry must carry.
The following entries are displayed on this screen: Search Option Search Option: Select the rules for displaying multicast IP table to find the desired entries quickly. All: Displays all multicast IP entries. Multicast IP: Enter the multicast IP address the desired entry must carry. Interface VLAN: Enter the VLAN ID the desired entry must carry. Port: Enter the port the desired entry must carry. Routed Port: Select the routed port the desired entry must carry.
Choose the menu Multicast Routing→IGMP→Profile Binding to load the following page. Figure 11-9 Profile Binding The following entries are displayed on this screen: Profile and Max Group Binding UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration. Port: The port to be bound. Profile ID: The existing Profile ID bound to the selected port. Max Group: The maximum multicast group a port can join.
Profile: Click the Profile button to create new IGMP profiles. 11.2.6 Packet Statistics On this page you can view multicast packet statistics over each interface of the switch, which facilitates you monitor the IGMP packets in the network. Choose the menu Multicast Routing→IGMP→Packet Statistics to load the following page. Figure 11-10 Packet Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Select Enable/Disable auto refresh feature.
11.2.7 Application Example for IGMP Network Requirements 1. Receivers of different organizations form the stub networks N1 and N2, and Host A and Host C are the multicast information receivers in N1 and N2 respectively. They receive the Video-On-Demand information through multicast. 2. In the PIM network, Switch A connects to N1; Switch B and Switch C connect to N2. 3. Switch A connects N1 through its interface VLAN 10, and connects the other devices in the PIM network through interface VLAN 11.
Configure Switch A Steps Operation Note 1 Enable IP multicast routing. On page Multicast Routing→ Global Config→ Global Config, enable the multicast routing function. 2 Enable IGMP on user-side interface. On page Multicast Routing→ IGMP→ Interface Config, enable IGMP (version 3) on interface VLAN 10. Configure Switch B Steps Operation Note 1 Enable IP multicast routing. On page Multicast Routing→ Global Config→ Global Config, enable the multicast routing function.
RPF Mechanism PIM uses the unicast routing table to perform the RPF check. RPF mechanism ensures the multicast packets being forwarded correctly according to the multicast routing configuration, and avoids loops causing by various reasons. 1. RPF Check The RPF check relies on unicast route or static multicast route.
If the check result shows that the RPF interface is the different from the input interface in the current (S, G) entry, which indicates that the (S, G) entry is invalid and the router will correct the input interface to the packet’s actual arriving interface, and forward this packet to all the output interfaces. (3) If the corresponding entry (S, G) doesn’t exist, the router will still perform the RPF check on this multicast packet.
Neighbor Discovering In PIM domain, routers periodically sends PIM Hello packets to all the PIM routers with the multicast address 224.0.0.13 to discover PIM neighbors, maintain the PIM neighboring relationships between the routers, thus to build and maintain the SPT.
Grafting When a new receiver on a previously pruned branch of the tree joins a multicast group, the PIM DM takes the Graft mechanism to actively resume this node’s function of forwarding multicast data, thus reducing the time it takes to resume to the forwarding state.
(2) The router with the unicast route of the smaller cost to the multicast source; (3) The router with the local interface of the higher IP address. 11.3.1 PIM DM Interface Choose the menu Multicast Routing→PIM DM→PIM DM Interface to load the following page. Figure 11-13 PIM DM Interface The following entries are displayed on this screen: PIM DM Interface Config The L3 interfaces can be configured as PIM DM mode by this page. Select: Select the desired PIM DM interface entry to modify.
Choose the menu Multicast Routing→PIM DM→PIM DM neighbor to load the following page. Figure 11-14 PIM DM neighbor The following entries are displayed on this screen: PIM DM Interface Config The L3 interfaces can be configured as PIM DM mode by this page. Search Option: ALL: Displays all entries. Interface Vlan: Select Interface and enter the interface ID of your desired entry. Neighbor: Select Neighbor and enter the neighbor address of your desired entry.
Step 4 Operation Description Enable IGMP Required. Enable IGMP on the routing interfaces which connect to the receivers on Multicast Routing→IGMP→Interface Config page. 11.3.3 Application Example for PIM DM Network Requirements 1. Receivers receive VOD data through multicast. The whole network runs PIM DM as multicast routing protocol. 2. Host A and Host D act as multicast receivers. 3. Switch A connects to Switch B in VLAN 2, connects to Switch C in VLAN 3.
Configuration Procedure Configure Switch A: Step Operation Description 1 Configure interface. Configure IP addresses and subnet masks of VLAN interfaces 1, 2 and 3 on Routing→ Interface→Interface Config page. 2 Configure routing protocol. Configure the routing entries via static route or dynamic routing protocol like OSPF, and make sure all the switches can communicate with each other and update the routing information through a unicast routing protocol dynamically.
The router connected to the receiver sends the join message to the RP of a certain multicast group. The path along which the join message is sent to the RP hop-by-hop forms a branch of RPT. When the multicast source is sending multicast data to a multicast group, the router directly connected to the multicast source firstly registers to the RP by sending the Register Message to the RP in unicast mode. The arrival of the register message at the RP triggers the establishment of the SPT.
Figure 11-15 DR Elect As shown in Figure 11-15, the DR election process is illustrated below: (1) Routers in the shared network sends Hello message carrying DR-election priority to each other, and the router with the highest priority will be elected as the DR; (2) If the routers have the same priorities, or at least one route in the network doesn’t support carrying the DR-election priority in the Hello packet, the routers with the highest IP address will be elected as the DR.
Figure 11-16 The Locations of C-RP, C-BSR and BSR RPT Building Figure 11-17 RPT Topology in PIM SM As shown in Figure 11-17, the establishing process of RPT is illustrated below: (1) When a receiver joins a multicast group G, it informs the directly connected DR with IGMP message; (2) After receiving the IGMP message from multicast group G, the DR sends PIM join message toward the corresponding root, also known as the RP; (3) The join message travels router-by-router toward the root, constructing a bran
check if there are other receivers of this group. If there are no more receivers, the prune message will be sent upstream. Multicast Source Registering The multicast source register is to inform its presence to the RP.
(2) The receiver-side DR sends prune message toward the RP hop-by-hop. The RP will forward the received prune message toward the multicast source. The switching process from RPT to SPT is then accomplished. After the switching from RPT to SPT, the multicast data will be sent from multicast source to the receivers directly. Through this switching process from RPT to SPT, PIM SM constructs the SPT in a more economical way than PIM DM does. Asserting The assert mechanism of PIM SM and PIM DM is the same.
The multicast messages (such as C-RP Hello Message and BSR BootStrap Message) of each BSR administrative domain can’t pass through the domain border. 11.4.1 PIM SM Interface Choose the menu Multicast Routing→PIM SM→PIM SM Interface to load the following page. Figure11-20 PIM SM Interface The following entries are displayed on this screen: PIM SM Interface Config The L3 interfaces can be configured as PIM SM mode by this page. Select: Select the desired interface to configure.
Choose the menu Multicast Routing→PIM SM→PIM SM Neighbor to load the following page. Figure 11-21 PIM SM neighbor The following entries are displayed on this screen: Search Option Search Option: ALL: Displays all entries. Interface: Select Interface and enter the interface ID of your desired entry. Neighbor: Select Neighbor and enter the neighbor address of your desired entry. PIM SM Neighbor Interface: The physical interface on which PIM DM is enabled.
Choose the menu Multicast Routing→PIM SM→BSR to load the following page. Figure 11-22 BSR The following entries are displayed on this screen: PIM SM Candidate BSR Config Configure the candidate BSR of current device. Interface: Select the interface on this switch from which the BSR address is derived to make it a candidate. This interface must be enabled with PIM SM. Hash Mask Length: specify the mask length that is to be ANDed with the group address before the hash function is called.
PIM SM Candidate BSR Information Candidate Address: BSR Displays the Candidate BSR address. Priority: Displays the priority of the Candidate BSR. Hash Mask Length: Displays the hash mask length of the Candidate BSR. 11.4.4 RP In the PIM SM mode, RP receives multicast data from the source and transmits the data down the shared tree to the multicast group members.
Priority: Specify the priority of the candidate RP. The default value is 192. Interval: Specify the interval of advertisement message of the candidate RP in seconds. The default value is 60. PIM SM Candidate RP Table Interface: Displays the VLAN interface of the candidate RP. Priority: Displays the priority of the candidate RP. Interval: Displays the interval of the candidate RP. Next advertisement time: Displays the remaining advertisement packet. time to send the next RP 11.4.
11.4.6 RP Info Choose the menu Multicast Routing→PIM SM→RP Info to load the following page. Figure 11-25 RP Info The following entries are displayed on this screen: Search Option Search Option: ALL: Select All to display all entries. Group: Select Group and enter the group IP address of desired entry. RP: Select RP and enter the RP IP address of desired entry. RP Information Group: Displays the group address. RP: Displays the RP address.
11.4.7 Application Example for PIM SM Network Requirements 1. Receivers receive VOD data through multicast. The whole network runs PIM SM as multicast routing protocol. 2. Host A and Host D act as multicast receivers. 3. Switch A connects to Switch B in VLAN 2, connects to Switch C in VLAN 3. The Source server connects to Switch A in VLAN 1. 4. Host A and B connect to Switch B in VLAN 4. Host C and D connect to Switch C in VLAN 5. 5. All switches run PIM SM.
Configuration Procedure Step Configure Switch A: Operation Description 1 Configure interface. Configure IP addresses and subnet masks of VLAN interfaces 1, 2 and 3 on Routing→ Interface→Interface Config page. 2 Configure routing protocol. Configure the routing entries via static route or dynamic routing protocol like OSPF, and make sure all the switches can communicate with each other and update the routing information through a unicast routing protocol dynamically.
The static multicast routing is an important foundation for the RPF check. In the RPF check process, with static multicast routing configured, the router will choose one as the RPF route after comparing the optimal unicast route and the static multicast route selected respectively from the unicast routing table and the static multicast routing table.
The following entries are displayed on this screen: Static Mroute Config Source: Enter the IP address that identifies the multicast source of the entry you are creating. Source Mask: Enter the subnet mask to be applied to the Source. RPF Neighbor: Enter the IP address of the neighbor router on the path to the mroute source. Distance: Enter the Administrative distance of static mroute. The range is 0-255 and default is 0. The lower the distance, the better the preference.
3. In normal circumstances, Receiver receives multicast data from Source through the path Switch A-Switch B, which is the same as the unicast route. 4. After the configuration takes effect, Receiver will receive multicast data from Source through the path Switch A-Switch C-Switch B.
Step Operation Note 3 Enable IGMP Required. On page Multicast Routing→IGMP→Interface Config, enable the IGMP function on VLAN interface 100. 4 Configure static multicast routing Required. On page Multicast Routing→Static Mroute→Static Mroute Config, configure a static multicast routing entry with the Source as 50.1.1.100, the Source Mask as 255.255.255.0 and the RPF Neighbor as 20.1.1.2. Configure Switch C Step Operation Note 1 Enable IP multicast routing Required.
Chapter 12 QoS QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality. QoS This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function.
2. 802.1P Priority Figure 12-2 802.1Q frame As shown in the figure above, each 802.1Q Tag has a Pri field, comprising 3 bits. The 3-bit priority field is 802.1p priority in the range of 0 to 7. 802.1P priority determines the priority of the packets based on the Pri value. On the Web management page of the switch, you can configure different priority tags mapping to the corresponding priority levels, and then the switch determine which packet is sent preferentially when forwarding packets.
Figure 12-4 SP-Mode 2. WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues with lower priority cannot get service for a long time.
12.1 DiffServ This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms. The port priorities are labeled as CoS0, CoS1… CoS7. The DiffServ function can be implemented on Port Priority, Schedule Mode, 802.1P Priority and DSCP Priority pages. 12.1.
LAG: Displays the LAG number which the port belongs to. Note: To complete QoS function configuration, you have to go to the Schedule Mode page to select a schedule mode after the configuration is finished on this page. Configuration Procedure: Step Operation Description 1 Select the port priority Required. On QoS→DiffServ→Port Priority page, configure the port priority. 2 Configure the relation between priority and TC Required. On QoS→DiffServ→802.
SP+WRR-Mode: Strict-Priority + Weight Round Robin Mode. In this mode, this switch provides two scheduling groups, SP group and WRR group. Queues in SP group and WRR group are scheduled strictly based on strict-priority mode while the queues inside WRR group follow the WRR mode. In SP+WRR mode, TC7 is in the SP group; TC0, TC1, TC2 to TC6 belong to the WRR group and the weight value ratio of TC0, TC1, TC2 to TC6 is 1:2:4:8:16:32:64.
Priority and CoS-mapping Config Tag-id/CoS-id: Indicates the precedence level defined by IEEE 802.1P and the CoS ID. Queue TC-id: Indicates the priority level of egress queue the packets with tag and CoS-id are mapped to. The priority levels of egress queue are labeled as TC0, TC1, TC2 to TC7. Note: To complete QoS function configuration, you have to go to the Schedule Mode page to select a schedule mode after the configuration is finished on this page.
Choose the menu QoS→DiffServ→DSCP Priority to load the following page. Figure 12-9 DSCP Priority The following entries are displayed on this screen: DSCP Priority Config DSCP Priority: Select Enable or Disable DSCP Priority. Priority Level DSCP: Indicates the priority determined by the DiffServ region of IP datagram. It ranges from 0 to 63. Priority: Indicates the priority the packets with tag are mapped to. The priority are labeled as COS0, COS1, COS2...COS7.
12.2 Bandwidth Control Bandwidth function, allowing you to control the traffic rate and broadcast flow on each port to ensure network in working order, can be implemented on Rate Limit and Storm Control pages. 12.2.1 Rate Limit Rate limit functions to control the ingress/egress traffic rate on each port via configuring the available bandwidth of each port. In this way, the network bandwidth can be reasonably distributed and utilized.
Note: 1. If you enable ingress rate limit feature for the storm control-enabled port, storm control feature will be disabled for this port. 2. When egress rate limit feature is enabled for one or more ports, you are suggested to disable the flow control on each port to ensure the switch works normally. 12.2.2 Storm Control Storm Control function allows the switch to filter broadcast, multicast and UL frame in the network.
UL-Frame Rate : Select the bandwidth for receiving UL-Frame on the port. The packet traffic exceeding the bandwidth will be discarded. Select Disable to disable the UL-Frame control function for the port. LAG: Displays the LAG number which the port belongs to. Note: If you enable storm control feature for the ingress rate limit-enabled port, ingress rate limit feature will be disabled for this port. 12.3 Voice VLAN Voice VLANs are configured specially for voice data stream.
the aging time, the switch will remove this port from voice VLAN. Voice ports are automatically added into or removed from voice VLAN. Manual Mode: You need to manually add the port of IP phone to voice VLAN, and then the switch will assign ACL rules and configure the priority of the packets through learning the source MAC address of packets and matching OUI address. In practice, the port voice VLAN mode is configured according to the type of packets sent out from voice device and the link type of the port.
source MAC addresses do not match OUI addresses. If security mode is not enabled, the port forwards all the packets. Security Mode Packet Type Processing Mode UNTAG packet Enable When the source MAC address of the packet is the OUI address that can be identified, the packet can be Packet with voice transmitted in the voice VLAN. Otherwise, the packet will VLAN TAG be discarded.
Aging Time: Specifies the living time of the member port in auto mode after the OUI address is aging out. Priority: Select the priority of the port when sending voice data. 12.3.2 Port Config Before the voice VLAN function is enabled, the parameters of the ports in the voice VLAN should be configured on this page. Choose the menu QoS→Voice VLAN→Port Config to load the following page.
Port Mode: Select the mode for the port to join the voice VLAN. Auto: In this mode, the switch automatically adds a port to the voice VLAN or removes a port from the voice VLAN by checking whether the port receives voice data or not. Manual: In this mode, you can manually add a port to the voice VLAN or remove a port from the voice VLAN. Security Mode: Configure the security mode for forwarding packets. Disable: All packets are forwarded. Enable: Only voice data are forwarded.
OUI Table Select: Select the desired entry to view the detailed information. OUI: Displays the OUI address of the voice device. Mask: Displays the OUI address mask of the voice device. Description: Displays the description of the OUI. Configuration Procedure of Voice VLAN: Step Operation Description 1 Configure the link type of the port Required. On VLAN→802.1Q VLAN→Port Config page, configure the link type of ports of the voice device. 2 Create VLAN Required. On VLAN→802.
Chapter 13 ACL ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and secured access control policy and facilitates you to control the network security.
13.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figure 13-2 Time-Range Create Note: To successfully configure time-ranges, please firstly specify time-slices and then time-ranges. The following entries are displayed on this screen: Create Time-Range Name: Enter the name of the time-range for time identification. Holiday: Select Holiday you set as a time-range.
End Time: Displays the end time of the time-slice. Delete: Click the Delete button to delete the corresponding time-slice. 13.1.3 Holiday Config Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays according to your work arrangement. Choose the menu ACL→Time-Range→Holiday Config to load the following page.
13.2.1 ACL Summary On this page, you can view the current ACLs configured in the switch. Choose the menu ACL→ACL Config→ACL Summary to load the following page. Figure 13-4 ACL Summary The following entries are displayed on this screen: Search Option Select ACL: Select the ACL you have created ACL Type: Displays the type of the ACL you select. Rule Order: Displays the rule order of the ACL you select. Rule Table Here you can view the information about the ACL rule you select. 13.2.
13.2.3 MAC ACL MAC ACLs analyze and process packets based on a series of match conditions, which can be the source MAC addresses, destination MAC addresses and EtherType carried in the packets. Choose the menu ACL→ACL Config→MAC ACL to load the following page. Figure 13-6 Create MAC Rule The following entries are displayed on this screen: Create MAC-Rule ACL ID: Select the desired MAC ACL for configuration. Rule ID: Enter the rule ID.
Choose the menu ACL→ACL Config→Standard-IP ACL to load the following page. Figure 13-7 Create Standard-IP Rule The following entries are displayed on this screen: Create Standard-IP Rule ACL ID: Select the desired Standard-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: Select the operation for the switch to process packets which match the rules. Permit: Forward packets. Deny: Discard Packets. S-IP: Enter the source IP address contained in the rule.
Choose the menu ACL→ACL Config→Extend-IP ACL to load the following page. Figure 13-8 Create Extend-IP Rule The following entries are displayed on this screen: Create Extend-IP Rule ACL ID: Select the desired Extend-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: Select the operation for the switch to process packets which match the rules. Permit: Forward packets. Deny: Discard Packets. S-IP: Enter the source IP address contained in the rule.
IP Pre: Enter the IP Precedence contained in the rule. Time-Range: Select the time-range for the rule to take effect. 13.3 Policy Config A Policy is used to control the data packets those match the corresponding ACL rules by configuring ACLs and actions together for effect. The operations here include stream mirror, stream condition, QoS remarking and redirect. The Policy Config can be implemented on Policy Summary, Police Create and Action Create pages. 13.3.
Choose the menu ACL→Policy Config→Policy Create to load the following page. Figure 13-10 Create Policy The following entries are displayed on this screen: Create Policy Policy Name: Enter the name of the policy. 13.3.3 Action Create On this page you can add ACLs and create corresponding actions for the policy. Choose the menu ACL→Policy Config→Action Create to load the following page.
S-Condition: Select S-Condition to limit the transmission rate of the data packets in the policy. Redirect: Select Redirect to change the forwarding direction of the data packets in the policy. QoS Remark: Rate: Specify the forwarding rate of the data packets those match the corresponding ACL. Out of Band: Specify the disposal way of the data packets those are transmitted beyond the rate. Destination Port: Forward the data packets those match the corresponding ACL to the specific port.
The following entries are displayed on this screen: Search Options Show Mode: Select a show mode appropriate to your needs. Policy Vlan-Bind Table Select: Select the desired entry to delete the corresponding binding policy. Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy. Interface: Displays the VLAN ID bound to the policy. Direction: Displays the binding direction.
The following entries are displayed on this screen: Port-Bind Config Policy Name: Select the name of the policy you want to bind. Port: Enter the number of the port you want to bind. Port-Bind Table Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy. Port: Displays the number of the port bound to the corresponding policy. Direction: Displays the binding direction. 13.4.3 VLAN Binding On this page you can bind a policy to a VLAN.
Configuration Procedure: Step Operation Description 1 Configure time-range 2 Configure ACL rules Required. On ACL→ACL Config configuration pages, configure ACL rules to match packets. 3 Configure Policy Required. On ACL→Policy Config configuration pages, configure the policy to control the data packets those match the corresponding ACL rules. 4 Bind the port/VLAN effective policy to the Required. On ACL→Time-Range configuration pages, configure the effective time-ranges for ACLs. Required.
Step Operation Description 2 Configure for requirement 1 On ACL→ACL Config→ACL Create page, create ACL 11. On ACL→ACL Config→MAC ACL page, select ACL 11, create Rule 1, configure the operation as Permit, configure the S-MAC as 00-64-A5-5D-12-C3 and mask as FF-FF-FF-FF-FF-FF, and configure the time-range as No Limit. On ACL→Policy Config→Policy Create page, create a policy named manager. On ACL→Policy Config→Action Create page, add ACL 11 to Policy manager.
Chapter 14 Network Security Network Security module is to provide the multiple protection measures for the network security, including five submenus: IP-MAC Binding, DHCP Snooping, ARP Inspection, IP Source Guard, DoS Defend and 802.1X. Please configure the functions appropriate to your need. 14.1 IP-MAC Binding The IP-MAC Binding function allows you to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together.
The following entries are displayed on this screen: Search Source: Displays the Source of the entry. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. Scanning: Only the entries formed via ARP Scanning will be displayed. • • IP Select Snooping: Only the entries formed via DHCP Snooping will be displayed. Click the Select button to quick-select the corresponding entry based on the IP address you entered.
Choose the menu Network Security→IP-MAC Binding→Manual Binding to load the following page. Figure 14-2 Manual Binding The following entries are displayed on this screen: Manual Binding Option Host Name: Enter the Host Name. IP Address: Enter the IP Address of the Host. MAC Address: Enter the MAC Address of the Host. VLAN ID: Enter the VLAN ID. Protect Type: Select the Protect Type for the entry. Port: Select the number of port connected to the Host.
Protect Type: Displays the Protect Type of the entry. Source: Displays the source of the entry. Collision: Displays the Collision status of the entry. • Warning: Indicates that the collision may be caused by the MSTP function. • Critical: Indicates that the entry has a collision with the other entries. 14.1.3 ARP Scanning ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly.
Choose the menu Network Security→IP-MAC Binding→ARP Scanning to load the following page. Figure 14-4 ARP Scanning The following entries are displayed on this screen: Scanning Option Start IP Address: Specify the Start IP Address. End IP Address: Specify the End IP Address. VLAN ID: Enter the VLAN ID. Scan: Click the Scan button to scan the Hosts in the LAN. Scanning Result UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry to be deleted or bound.
14.2 DHCP Snooping Nowadays, the network is getting larger and more complicated. The amount of the PCs always exceeds that of the assigned IP addresses. The wireless network and the laptops are widely used and the locations of the PCs are always changed. Therefore, the corresponding IP address of the PC should be updated with a few configurations.
The most Clients obtain the IP addresses dynamically, which is illustrated in the following figure. Figure 14-6 Interaction between a DHCP client and a DHCP server (1) DHCP-DISCOVER Stage: The Client broadcasts the DHCP-DISCOVER packet to find the DHCP Server.
Option 82 can contain 255 sub-options at most. If Option 82 is defined, at least a sub-option should be defined. This switch supports two sub-options: Circuit ID and Remote ID. Since there is no universal standard about the content of Option 82, different manufacturers define the sub-options of Option 82 to their need. For this switch, the sub-options are defined as the following: The Circuit ID is defined to be the number of the port which receives the DHCP Request packets and its VLAN number.
14.2.1 Global Config Choose the menu Network Security→DHCP Snooping→Global Config to load the following page. Figure 14-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. The following entries are displayed on this screen: DHCP Snooping Configuration DHCP Snooping: Enable/Disable the DHCP Snooping function globally.
Option 82 Config Option 82 Support: Enable/Disable the Option 82 feature. Existed Option 82 field: Select the operation for the Option 82 field of the DHCP request packets from the Host. • Keep: Indicates to keep the Option 82 field of the packets. • Replace: Indicates to replace the Option 82 field of the packets with the switch defined one. • Drop: Indicates to discard the packets including the Option 82 field. Customization: Enable/Disable the switch to define the Option 82.
Trusted Port: Select Enable/Disable the port to be a Trusted Port. Only the Trusted Port can receive the DHCP packets from DHCP servers. MAC Verify: Select Enable/Disable the MAC Verify feature. There are two fields of the DHCP packet containing the MAC address of the Host. The MAC Verify feature is to compare the two fields and discard the packet if the two fields are different.
encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication. Cheating Gateway The attacker sends the wrong IP address-to-MAC address mapping entries of Hosts to the Gateway, which causes that the Gateway cannot communicate with the legal terminal Hosts normally. The ARP Attack implemented by cheating Gateway is illustrated in the following figure.
Figure 14-12 ARP Attack – Cheating Terminal Hosts As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication.
2. Upon receiving the ARP response packets, Host A and Host B updates the ARP table of their own. 3. When Host A communicates with Host B, it will send the packets to the false destination MAC address, i.e. to the attacker, according to the updated ARP table. 4. After receiving the communication packets between Host A and Host B, the attacker processes and forwards the packets to the correct destination MAC address, which makes Host A and Host B keep a normal-appearing communication. 5.
Choose the menu Network Security→ARP Inspection→ARP Detect to load the following page. Figure 14-14 ARP Detect The following entries are displayed on this screen: ARP Detect ARP Detect: Enable/Disable the ARP Detect function, and click the Apply button to apply. Trusted Port UNIT: Select the unit ID of the desired member in the stack. Trusted Port: Select the port for which the ARP Detect function is unnecessary as the Trusted Port.
Step 4 Operation Description Enable ARP Detect feature. Required. On the Network Security→ARP Inspection→ARP Detect page, enable the ARP Detect feature. 14.3.2 ARP Defend With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the legal ARP packet on the port exceeds the defined value so as to avoid ARP Attack flood. Choose the menu Network Security→ARP Inspection→ARP Defend to load the following page.
Note: It’s not recommended to enable the ARP Defend feature for the LAG member port. 14.3.3 ARP Statistics ARP Statistics feature displays the number of the illegal ARP packets received on each port, which facilitates you to locate the network malfunction and take the related protection measures. Choose the menu Network Security→ARP Inspection→ARP Statistics to load the following page.
Illegal ARP Packet: Displays the number of the received illegal ARP packets. 14.4 IP Source Guard IP Source Guard is to filter the IP packets based on the IP-MAC Binding entries. Only the packets matched to the IP-MAC Binding rules can be processed, which can enhance the bandwidth utility. Choose the menu Network Security→IP Source Guard to load the following page.
Security Type: Select Security Type for the port. LAG: • Disable: Select this option to disable the IP Source Guard feature for the port. • SIP: Only the packets with its source IP address and port number matched to the IP-MAC binding rules can be processed. • SIP+MAC: Only the packets with its source IP address, source MAC address and port number matched to the IP-MAC binding rules can be processed. Displays the LAG to which the port belongs to. 14.
DoS Attack Type Description Ping Flooding The attacker floods the destination system with Ping broadcast storm packets to forbid the system to respond to the legal communication. SYN/SYN-ACK Flooding The attacker uses a fake IP address to send TCP request packets to the Server. Upon receiving the request packets, the Server responds with SYN-ACK packets. Since the IP address is fake, no response will be returned. The Server will keep on sending SYN-ACK packets.
14.6 802.1X The 802.1X protocol was developed by IEEE802 LAN/WAN committee to deal with the security issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to solve mainly authentication and security problems. 802.1X is a port-based network access control protocol. It authenticates and controls devices requesting for access in terms of the ports of LAN access control devices. With the 802.
3. When a supplicant system passes the authentication, the authentication server passes the information about the supplicant system to the authenticator system. The authenticator system in turn determines the state (authorized or unauthorized) of the controlled port according to the instructions (accept or reject) received from the RADIUS server. 802.1X Authentication Procedure An 802.1X authentication can be initiated by supplicant system or authenticator system.
(4) Upon receiving the user name from the switch, the RADIUS server retrieves the user name, finds the corresponding password by matching the user name in its database, encrypts the password using a randomly-generated key, and sends the key to the switch through an RADIUS Access-Challenge packet. The switch then sends the key to the 802.1X client program.
802.1X Timer In 802.1 x authentication, the following timers are used to ensure that the supplicant system, the switch, and the RADIUS server interact in an orderly way: 1. Supplicant system timer (Supplicant Timeout): This timer is triggered by the switch after the switch sends a request packet to a supplicant system. The switch will resend the request packet to the supplicant system if the supplicant system fails to respond in the specified timeout period. 2.
Choose the menu Network Security→802.1X→Global Config to load the following page. Figure 14-22 Global Config The following entries are displayed on this screen: Global Config 802.1X: Enable/Disable the 802.1X function. Auth Method: Select the Authentication Method from the pull-down list. • • EAP-MD5: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client.
Quiet Period: Specify a value for Quiet Period. Once the supplicant failed to the 802.1X Authentication, then the switch will not respond to the authentication request from the same supplicant during the Quiet Period. Retry Times: Specify the maximum transfer times of the repeated authentication request. Supplicant Timeout: Specify the maximum time for the switch to wait for the response from supplicant before resending a request to the supplicant.
Control Mode: Specify the Control Mode for the port. • • • Control Type: Auto: In this mode, the port will normally work only after passing the 802.1X Authentication. Force-Authorized: In this mode, the port can work normally without passing the 802.1X Authentication. Force-Unauthorized: In this mode, the port is forbidden working for its fixed unauthorized status. Specify the Control Type for the port. • • MAC Based: Any client connected to the port should pass the 802.1X Authentication for access.
Auth Port: Set the UDP port of authentication server(s). The default port is 1812 Auth Key: Set the shared password for the switch and the authentication servers to exchange messages. Accounting Config Accounting: Enable/Disable the accounting feature. Primary IP: Enter the IP address of the accounting server. Secondary IP: Enter the IP address of the alternate accounting server. Accounting Port: Set the UDP port of accounting server(s). The default port is 1813.
Chapter 15 SNMP SNMP Overview SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the network devices. It is used for automatically managing the various network devices no matter the physical differences of the devices. Currently, the most network management systems are based on SNMP.
SNMP v1: SNMP v1 adopts Community Name authentication. The community name is used to define the relation between SNMP Management Station and SNMP Agent. The SNMP packets failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password. SNMP v2c: SNMP v2c also adopts community name authentication. It is compatible with SNMP v1 while enlarges the function of SNMP v1.
3. Create SNMP User The User configured in an SNMP Group can manage the switch via the client program on management station. The specified User Name and the Auth/Privacy Password are used for SNMP Management Station to access the SNMP Agent, functioning as the password. SNMP module is used to configure the SNMP function of the switch, including three submenus: SNMP Config, Notification and RMON. 15.
Note: The amount of Engine ID characters must be even. 15.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to manage MIB objects. Choose the menu SNMP→SNMP Config→SNMP View to load the following page.
15.1.3 SNMP Group On this page, you can configure SNMP Group to control the network access by providing the users in various groups with different management rights via the Read View, Write View and Notify View. Choose the menu SNMP→SNMP Config→SNMP Group to load the following page. Figure15-5 SNMP Group The following entries are displayed on this screen: Group Config Group Name: Enter the SNMP Group name. The Group Name, Security Model and Security Level compose the identifier of the SNMP Group.
Write View: Select the View to be the Write View. The management access is writing only and changes can be made to the assigned SNMP View. The View defined both as the Read View and the Write View can be read and modified. Notify View: Select the View to be the Notify View. The management station can receive notification messages of the assigned SNMP view generated by the switch's SNMP agent. Group Table Select: Select the desired entry to delete the corresponding group. It's multi-optional.
Choose the menu SNMP→SNMP Config→SNMP User to load the following page. Figure15-6 SNMP User The following entries are displayed on this screen: User Config User Name: Enter the User Name here. User Type: Select the type for the User. • • Local User: Indicates that the user is connected to a local SNMP engine. Remote User: Indicates that the user is connected to a remote SNMP engine. Group Name: Select the Group Name of the User.
User Table Select: Select the desired entry to delete the corresponding User. It is multi-optional. User Name: Displays the name of the User. User Type: Displays the User Type. Group Name: Displays the Group Name of the User. Security Model: Displays the Security Model of the User. Security Level: Displays the Security Level of the User. Auth Mode: Displays the Authentication Mode of the User. Privacy Mode: Displays the Privacy Mode of the User.
Access: Defines the access rights of the community. • • MIB View: read-only: Management right of the Community is restricted to read-only, and changes cannot be made to the corresponding View. read-write: Management right of the Community is read-write and changes can be made to the corresponding View. Select the MIB View for the community to access. Community Table Select: Select the desired entry to delete the corresponding Community. It is multi-optional.
If SNMPv1 or SNMPv2c is employed, please take the following steps: Step Operation Description 1 Enable SNMP function globally. Required. On the SNMP→SNMP Config→Global Config page, enable SNMP function globally. 2 Create SNMP View. Required. On the SNMP→SNMP Config→SNMP View page, create SNMP View of the management agent. The default View Name is viewDefault and the default OID is 1. 3 Create SNMP Required alternatively. Community Create SNMP Community directly. directly.
Choose the menu SNMP→Notification→Notification Config to load the following page. Figure15-8 Notification Config The following entries are displayed on this screen: Host Config IP Address: Enter the IP Address of the management Host. User: Enter the User name of the management station. Security Model: Select the Security Model of the management station. Type: Select the type for the notifications. • Trap: Indicates traps are sent. • Inform: Indicates informs are sent.
Type: Displays the type of the notifications. Retry: Displays the maximum time for the switch to wait for the response from the management station before resending a request. Timeout: Displays the amount of times the switch resends an inform request. Operation: Click the Edit button to modify the corresponding entry and click the Modify button to apply. 15.3 RMON RMON (Remote Monitoring) basing on SNMP (Simple Network Management Protocol) architecture, functions to monitor the network.
Choose the menu SNMP→RMON→Statistics to load the following page. Figure 15-9 Statistics The following entries are displayed on this screen: Statistics Config ID: Enter the ID number of statistics entry, ranging from 1 to 65535. Port: Enter or choose the Ethernet interface from which to collect the statistics. Owner: Enter the owner name. Status: Choose the status of statistics entry. • • valid: The entry exists and is valid. underCreation: The entry exists, but is not valid.
Choose the menu SNMP→RMON→History to load the following page. Figure 15-10 History Control The following entries are displayed on this screen: History Control Table Select: Select the desired entry for configuration. Index: Displays the index number of the entry. Port: Specify the port from which the history samples were taken, in format as 1/0/1. Interval: Specify the interval to take samplings from the port, ranging from 10 to 3600 seconds. The default is 1800 seconds.
Choose the menu SNMP→RMON→Event to load the following page. Figure15-11 Event Config The following entries are displayed on this screen: Event Table Select: Select the desired entry for configuration. Index: Displays the index number of the entry. User: Enter the name of the User or the community to which the event belongs. Description: Give a description to the event for identification. Type: Select the event type, which determines the act way of the network device in response to an event.
Choose the menu SNMP→RMON→Alarm to load the following page. Figure 15-12 Alarm Config The following entries are displayed on this screen: Alarm Table Select: Select the desired entry for configuration. Index: Displays the index number of the entry. Variable: Select the alarm variables from the pull-down list. Statistics Select the RMON statistics entry from which we get the value of the selected alarm variable.
Interval: Enter the alarm interval time in seconds, ranging from 10 to 3600. Owner: Enter the name of the device or user that defined the entry. Status: Select Enable/Disable the corresponding alarm entry.
Chapter 16 LLDP LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used for network devices to advertise their own device information periodically to neighbors on the same IEEE 802 local area network. The advertised information, including details such as device identification, capabilities and configuration settings, is represented in TLV (Type/Length/Value) format according to the IEEE 802.1ab standard, and these TLVs are encapsulated in LLDPDU (Link Layer Discovery Protocol Data Unit).
Disable: the port cannot transmit or receive LLDPDUs. 2) LLDPDU transmission mechanism If the ports are working in TxRx or Tx mode, they will advertise local information by sending LLDPDUs periodically. If there is a change in the local device, the change notification will be advertised.
TLV Type TLV Name Description Usage in LLDPDU 2 Port ID Identifies the specific port that transmitted the LLDP frame. When the device does not advertise MED TLV, this field displays the port name of the port; when the device advertises MED TLV, this field displays the MAC address of the port. Mandatory 3 Time To Live Indicates the number of seconds that the neighbor device is to regard the local information to be valid.
System Description TLV The System Description TLV allows network management to advertise the system's description, which should include the full name and version identification of the system's hardware type, software operating system, and networking software. System Name TLV The System Name TLV allows network management to advertise the system's assigned name, which should be the system's fully qualified domain name.
Choose the menu LLDP→Basic Config→Global Config to load the following page. Figure 16-1 Global Configuration The following entries are displayed on this screen: Global Config LLDP: Choose to enable/disable LLDP. Parameters Config Transmit Interval: This parameter indicates the interval at which LLDP frames are transmitted on behalf of this LLDP agent. Hold Multiplier: This parameter is a multiplier on the Transmit Interval that determines the actual TTL (Time To Live) value used in an LLDPDU.
Choose the menu LLDP→Basic Config→Port Config to load the following page. Figure 16-2 Port Configuration The following entries are displayed on this screen: Port Config UNIT: Select the unit ID of the desired member in the stack. Select: Select the desired entry for configuration. It is multi-optional. Port: Displays the port number to be configured. Admin Status: Configure the ports' LLDP state. Notification Mode: Enable/Disable the ports' SNMP notification.
16.2.1 Local Info On this page you can see all ports' configuration and system information. Choose the menu LLDP→Device Info→Local Info to load the following page. Figure 16-3 Local Information The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Local Info Select the desired port to display the information of the corresponding port.
Chassis ID Subtype: Indicates the basis for the chassis ID, and the default subtype is MAC address. Chassis ID: Indicates the specific identifier for the particular chassis in local device. Port ID Subtype: Indicates the basis for the port ID, and the default subtype is interface name. Port ID: Indicates the specific identifier for the port in local device.
The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Neighbor(s) Info Select the desired port to display the information of the corresponding port. UNIT: Select the unit ID of the desired member in the stack. System Name: Displays the system name of the neighbor device. Chassis ID: Displays the Chassis ID of the neighbor device.
The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Configure the auto refresh rate. Global Statistics Last Update: Display latest update time of the statistics. Total Inserts: Display the number of neighbors during latest update time. Total Deletes: Displays the number of neighbors deleted by local device. Total Drops: Displays the number of neighbors dropped by local device.
Media Endpoint Device (Class II): The class of Endpoint Device that supports media stream capabilities. Communication Device Endpoint (Class III): The class of Endpoint Device that directly supports end users of the IP communication system. Network Policy TLV The Network Policy TLV allows both Network Connectivity Devices and Endpoints to advertise VLAN configuration and associated Layer 2 and Layer 3 attributes that apply for a set of specific applications on that port.
The following entries are displayed on this screen: LLDP-MED Parameters Config Fast Start Count: When LLDP-MED fast start mechanism is activated, multiple LLDP-MED frames will be transmitted (the number of frames equals this parameter). The default value is 4. Device Class: LLDP-MED devices are comprised of two primary device types: Network Connectivity Devices and Endpoint Devices. In turn, Endpoint Devices are composed of three defined Classes: Class I, Class II and Class III.
Detail: Click the Detail button to display the included TLVs and select the desired TLVs. Figure 16-8 Configure TLVs of LLDP-MED Port Included TLVs Select TLVs to be included in outgoing LLDPDU. Location Identification Parameters Configure the Location Identification TLV's content in outgoing LLDPDU of the port. Emergency Number: Civic Address: Emergency number is Emergency Call Service ELIN identifier, which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP.
should not be used unless it is known that the DHCP client is in close physical proximity to the server or network element. • • Country Code: The two-letters ISO 3166 country code in capital ASCII letters, e.g., CN or US. Language, Province/State, etc.: a part of civic address. 16.4.3 Local Info On this page you can see all ports' LLDP-MED configuration. Choose the menu LLDP→LLDP-MED→Local Info to load the following page.
Application Type: Application Type indicates the primary function of the applications defined for the network policy. Unknown Policy Flag: Displays whether the local device will explicitly advertise the policy required by the device but currently unknown. VLAN tagged: Indicates the VLAN type the specified application type is using, 'tagged' or 'untagged'. Media Policy VLAN ID: Displays the application (eg. Voice VLAN) VLAN identifier (VID) for the port.
Unit: Select the unit ID of the desired member in the stack. Device Type: Displays the device type of the neighbor. Application Type: Displays the application type of the neighbor. Application Type indicates the primary function of the applications defined for the network policy. Local Data Format: Displays the location identification of the neighbor. Power Type: Displays the power type of the neighbor device, either Power Sourcing Entity (PSE) or Powered Device (PD).
Chapter 17 Cluster With the development of network technology, the network scale is getting larger and more network devices are required, which may result in a more complicated network management system. As a large number of devices need to be assigned different network addresses and every management device needs to be respectively configured to meet the application requirements, manpower are needed. The Cluster Management function can solve the above problem.
The commander switch becomes to be the candidate switch only when the cluster is deleted. Introduction to Cluster Cluster functions to configure and manage the switches in the cluster based on three protocols, NDP, NTDP and CMP (Cluster Management Protocol). NDP: All switches get neighbor information by collecting NDP.
The following entries are displayed on this screen: Neighbor Search Option: Select the information the desired entry should contain and then click the Search button to display the desired entry in the following Neighbor Information table. Neighbor Info Native Port: Displays the port number of the switch. Remote Port: Displays the port number of the neighbor switch which is connected to the corresponding port. Device Name: Displays the name of the neighbor switch.
Aging Time: Displays the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Displays the interval to send NDP packets. Port Status UNIT: Select the unit ID of the desired member in the stack. Port: Displays the port number of the switch. NDP: Displays the NDP status (enabled or disabled) for the current port. Send NDP Packets: Displays the count of currently sent NDP packets. Receive NDP Packets: Displays the count of currently received NDP packets.
The following entries are displayed on this screen: Global Config NDP: Select Enable/Disable NDP function globally. Aging Time: Enter the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Enter the interval to send NDP packets. Port Config UNIT: Select the unit ID of the desired member in the stack. Selected Port(s): Select a port will enable NDP function of the port. Unselected Port(s): Unselect a port will disable NDP function of the port. Note: 1.
Choose the menu Cluster→NTDP→Device Table to load the following page. Figure17-5 Device Table The following entries are displayed on this screen: Device Table Device Name: Displays the device type collected through NTDP. Device MAC: Displays the MAC address of this device. Cluster Name: Displays the cluster name of this device. Role: Displays the role this device plays in the cluster. Commander: Indicates the device that can configure and manage all the devices in a cluster.
Click the Detail button to view the complete information of this device and its neighbors. Figure17-6 Information of the Current Device 17.2.2 NTDP Summary On this page you can view the NTDP configuration. Choose the menu Cluster→NTDP→NTDP Summary to load the following page.
The following entries are displayed on this screen: Global Config NTDP: Displays the NTDP status (enabled or disabled) of the switch globally. NTDP Interval Time: Displays the interval to collect topology information. NTDP Hops: Displays the hop count the switch topology collects. NTDP Hop Delay: Displays the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time.
NTDP Interval Time: Enter the interval to collect topology information. NTDP Hops: Enter the hop count the switch topology collects. NTDP Hop Delay: Enter the time between the switch receiving NTDP request packets and the switch forwarding NTDP request packets for the first time. NTDP Port Delay: Enter the time between the port forwarding NTDP request packets and its adjacent port forwarding NTDP request packets over.
Cluster Role: Displays the role the switch plays in the cluster. Cluster Management-vlan VLAN ID: Displays the management VLAN ID of the switch. For a commander switch,the following page is displayed: Figure 17-10 Cluster Summary for Commander Switch The following entries are displayed on this screen: Global Config Cluster: Displays the cluster status (enabled or disabled) of the switch. Cluster Role: Displays the role the switch plays in the cluster.
TFTP Server: Displays the IP address of TFTP server. Member Info Device Name: Displays the description of the member switch. Device MAC: Displays the MAC address of the member switch. IP Address: Displays the IP address of the member switch used in the cluster. Status: Displays the connection status of the member switch. Role: Displays the role the switch plays currently. Online Time: Displays the time when the member switch is added to the cluster.
For an individual switch, the following page is displayed: Figure17-12 Cluster Summary for Individual Switch The following entries are displayed on this screen: Global Config Cluster: Displays the cluster status (enabled or disabled) of the switch. Cluster Role: Displays the role the switch plays in the cluster. Cluster Management-vlan VLAN ID: Displays the management VLAN ID of the switch. 17.3.2 Cluster Config On this page you can configure the status of the cluster the switch belongs to.
The following entries are displayed on this screen: Current Role Role: Cluster management-vlan VLAN ID: Displays the role the current switch plays in the cluster. Enter the cluster management-vlan id. Role Change Individual: Select this option to change the role of the switch to be individual switch.
Cluster Config Hold Time: Enter the time for the switch to keep the cluster information. Interval Time: Enter the interval to send handshake packets. For a member switch, the following page is displayed. Figure17-15 Cluster Configuration for Member Switch The following entries are displayed on this screen: Current Role Role: Cluster management-vlan VLAN ID: Displays the role the current switch plays in the cluster. Enter the cluster management-vlan id.
For an individual switch, the following page is displayed. Figure 17-16 Cluster Configuration for Individual Switch The following entries are displayed on this screen: Current Role Role: Cluster management-vlan VLAN ID: Displays the role the current switch plays in the cluster. Enter the cluster management-vlan id. Role Change Candidate: Select this option to change the role of the switch to be candidate switch. 17.3.
The following entries are displayed on this screen: Create Member Member MAC: Enter the MAC address of the candidate switch. Member Info Select: Select the desired entry to manage/delete the corresponding member switch. Device Name: Display the description of the member switch. Member MAC: Displays the MAC address of the member switch. IP Address: Displays the IP address of the member switch used in the cluster. Status: Displays the connection status of the member switch.
The following entries are displayed on this screen: Graphic Show Collect Topology: Click the Collect Topology button to display the cluster topology. Refresh: Click the Refresh button to refresh the cluster topology. Manage: If the current device is the commander switch in the cluster and the selected device is a member switch in the cluster, you can click the Manage button to log on to Web management page of the corresponding switch.
Step Operation Description 2 Enable the NTDP function globally and for the port, and then configure NTDP parameters Optional. On Cluster→NTDP→NTDP Config page, enable the NTDP function on the switch. 3 Manually collect information Optional. On Cluster→NTDP→Device Table page, click the Collect Topology button to manually collect NTDP information. NTDP Or On Cluster→Cluster→Cluster Topology page, click the Collect Topology button to manually collect NTDP information.
Configuration Procedure Configure the member switch Step Operation Description 1 Enable NDP function on the switch and for port 1 On Cluster→NDP→NDP Config page, enable NDP function. 2 Enable NTDP function on the switch and for port 1 On Cluster→NTDP→NTDP Config page, enable NTDP function. Configure the commander switch Step Operation Description 1 Enable NDP function on the switch and for ports 1-3 On Cluster→NDP→NDP Config page, enable NDP function.
Chapter 18 Maintenance Maintenance module, assembling the commonly used system tools to manage the switch, provides the convenient method to locate and solve the network problem. (1) System Monitor: Monitor the utilization status of the memory and the CPU of switch. (2) Log: View the configuration parameters of the switch and find out the errors via the Logs. (3) Cable Test: Test the connection status of the cable to locate and diagnose the trouble spot of the network.
18.1.1 CPU Monitor Choose the menu Maintenance→System Monitor→CPU Monitor to load the following page. Figure18-1 CPU Monitor UNIT: Select the unit ID of the desired member in the stack. Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds.
18.1.2 Memory Monitor Choose the menu Maintenance→System Monitor→Memory Monitor to load the following page. Figure18-2 Memory Monitor UNIT: Select the unit ID of the desired member in the stack. Click the Monitor button to enable the switch to monitor and display its Memory utilization rate every four seconds. 18.
Severity Level Description warnings 4 Warnings conditions notifications 5 Normal but significant conditions informational 6 Informational messages debugging 7 Debug-level messages Table 18-1 Log Level The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages. 18.2.1 Log Table The switch supports logs output to two directions, namely, log buffer and log file.
Time: Displays the time when the log event occurs. The log can get the correct time after you configure on the System→System Info→System Time Web management page. Module: Displays the module which the log information belongs to. You can select a module from the drop-down list to display the corresponding log information. Severity: Displays the severity level of the log information. You can select a severity level to display the log information whose severity level value is the same or smaller.
Severity: Specify the severity level of the log information output to each channel. Only the log with the same or smaller severity level value will be output. Status: Enable/Disable the channel. Sync-Periodic Specify how frequent the log information would be synchronized to the log file. 18.2.3 Remote Log Remote log feature enables the switch to send system logs to the Log Server.
18.2.4 Backup Log Backup Log feature enables the system logs saved in the switch to be output as a file for device diagnosis and statistics analysis. When a critical error results in the breakdown of the system, you can export the logs to get some related important information about the error for device diagnosis after the switch is restarted. Choose the menu Maintenance→Log→Backup Log to load the following page.
Choose the menu Maintenance→Device Diagnostics→Cable Test to load the following page. Figure18-7 Cable Test The following entries are displayed on this screen: Cable Test Port: Select the port for cable testing. UNIT: Select the unit ID of the desired member in the stack. Pair: Displays the Pair number. Status: Test the connection status of the cable connected to the port. Length: If the connection status is normal, here displays the length range of the cable.
18.3.2 Loopback Loopback test function, looping the sender and the receiver of the signal, is used to test whether the port of the switch is available as well as to check and analyze the physical connection status of the port to help you locate and solve network malfunctions. Choose the menu Maintenance→Device Diagnostics→Loopback to load the following page.
Choose the menu Maintenance→Network Diagnostics→Ping to load the following page. Figure18-9 Ping The following entries are displayed on this screen: Ping Config Destination IP: Enter the IP address of the destination node for Ping test. Ping Times: Enter the amount of times to send test data during Ping testing. The default value is recommended. Data Size: Enter the size of the sending data during Ping testing. The default value is recommended.
Choose the menu Maintenance→Network Diagnostics→Tracert to load the following page. Figure18-10 Tracert The following entries are displayed on this screen: Tracert Config Destination IP: Enter the IP address of the destination device. Max Hop: Specify the maximum number of the route hops the test data can pass through. Tracert Result Here you can view the Tracert result.
Chapter 19 System Maintenance via FTP The firmware can be downloaded to the switch via FTP function. FTP (File Transfer Protocol), a protocol in the application layer, is mainly used to transfer files between the remote server and the local PCs. It is a common protocol used in the IP network for files transfer. If there is something wrong with the firmware of the switch and the switch cannot be launched, the firmware can be downloaded to the switch again via FTP function. 1.
1) Select Start→All Programs→Accessories→Communications→Hyper Terminal to open hyper terminal. Figure 19-2 Open Hyper Terminal 2) The Connection Description Window will prompt shown as Figure 19-3. Enter a name into the Name field and click OK.
3) Select the port to connect in Figure 19-4 and click OK. Figure 19-4 Select the port to connect 4) Configure the port selected in the step above shown as the following Figure 19-5. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK. Figure 19-5 Port Settings 3.
2) Power off and restart the switch. When you are prompted that “Press CTRL-B to enter the bootutil” in the hyper terminal, please press CTRL-B key to enter into bootutil menu shown as Figure 19-6. Figure 19-6 bootutil Menu As the prompt is displayed for a short time, you are suggested not to release the CTRL-B key until you enter into bootutil menu after powering on the switch. 3) After entering into bootutil menu, please firstly configure the IP parameters of the switch.
For example: Configure the IP address as 10.10.70.22, mask as 255.255.255.0 and gateway as10.10.70.1. The detailed steps are shown as the figure below. Figure 19-7 Configure the IP parameters of the switch 4) Configure the parameters of the FTP server which keeps the upgrade firmware, and download the firmware to the switch from the FTP server. Store the downloaded firmware in the switch with the name of image1.bin or image2.bin, and specify its attribute as startup image or backup image.
5) Enter 1 and y, the switch will reboot with the startup image. Figure 19-10 Reboot with the startup image 6) Please 3 to start the switch shown as the following figure. After the switch is started, you can login to the CLI command window and manage the switch via CLI command. Figure 19-11 Start the switch When you forget the login user name and password, you can enter 2 after entering into bootutil menu to reset the system.
Appendix A: Specifications IEEE802.3i 10Base-T Ethernet IEEE802.3u 100Base-TX/100Base-FX Fast Ethernet IEEE802.3ab 1000Base-T Gigabit Ethernet IEEE802.3z 1000Base-X Gigabit Ethernet IEEE802.3ae 10GBase-X Ten-Gigabit Ethernet IEEE802.3ad Link Aggregation IEEE802.3x Flow Control IEEE802.1p QoS Standards IEEE802.1q VLAN IEEE802.1d Spanning Tree Protocol IEEE802.1s Multi Spanning Tree Protocol IEEE802.1w Rapid Spanning Tree Protocol IEEE802.1x Port-based Access Authentication ANSI/IEEE 802.
LED Power, System, RPS, FAN, Master, Module, Link/Act, 21F-24F, 25, 26, M1, M2, Unit ID LED Transmission Method Store and Forward Packets Forwarding Rate 10BASE-T: 14881pps/port 100BASE-TX: 148810pps/port 1000Base-T: 1488095pps/port 10Gbase-X: 14880950pps/port Operating Temperature: 0℃ ~ 40℃ Operating Environment Storage Temperature: -40℃ ~ 70℃ Operating Humidity: 10% ~ 90% RH Non-condensing Storage Humidity: 5% ~ 90% RH Non-condensing Return to CONTENTS 394
Appendix B: Configuring the PCs In this section, we’ll introduce how to install and configure the TCP/IP correctly in Windows 2000. First make sure your Ethernet Adapter is working, refer to the adapter’s manual if necessary. Configure TCP/IP component: 1) On the Windows taskbar, click the Start button, and then click Control Panel. 2) Click the Network and Internet Connections icon, and then click on the Network Connections tab in the appearing window.
5) The following TCP/IP Properties window will display and the IP Address tab is open on this window by default. Figure B-3 6) Select Use the following IP address. And the following items will be available. If the switch's IP address is 192.168.0.1, specify IP address as 192.168.0.x (x is from 2 to 254), and Subnet mask as 255.255.255.0. Now: Click OK to save your settings.
Appendix C: 802.1X Client Software In 802.1X mechanism, the supplicant Client should be equipped with the corresponding client software complied with 802.1X protocol standard for 802.1X authentication. When the switch works as the authenticator system, please take the following instructions to install the TpSupplicant provided on the attached CD for the supplicant Client. 1.1 Installation Guide 1. Insert the provided CD into your CD-ROM drive. Open the file folder and double click the icon continue.
3. Then the following screen will appear. Click Next to continue. If you want to stop the installation, click Cancel. Figure C-3 Welcome to the InstallShield Wizard 4. To continue, choose the destination location for the installation files and click Next on the following screen. Figure C-4 Choose Destination Location By default, the installation files are saved on the Program Files folder of system disk. Click the Change button to modify the destination location proper to your need.
5. Till now, The Wizard is ready to begin the installation. Click Install to start the installation on the following screen. Figure C-5 Install the Program 6. The InstallShield Wizard is installing TpSupplicant shown as the following screen. Please wait.
7. On the following screen, click Finish to complete the installation. Figure C-7 InstallShield Wizard Complete Note: Please pay attention to the tips on the above screen. If you have not installed WinPcap 4.0.2 or the higher version on your computer, the 802.1X Client Software TpSupplicant cannot work. It’s recommended to go to http://www.winpcap.org to download the latest version of WinPcap for installation. 1.
2. Then the following screen will appear. If you want to stop the remove process, click Cancel. Figure C-9 Preparing Setup 3. On the continued screen, click Yes to remove the application from your PC. Figure C-10 Uninstall the Application 4. Click Finish to complete.
1.3 1. Configuration After completing installation, double click the icon Software. The following screen will appear. to run the TP-LINK 802.1X Client Figure C-12 TP-LINK 802.1X Client Enter the Name and the Password specified in the Authentication Server. The length of Name and Password should be less than 16 characters. 2. Click the Properties button on Figure D-12 to load the following screen for configuring the connection properties. Figure C-13 Connection Properties Send 802.
Auto reconnect after timeout: Select this option to allow the Client to automatically start the connection again when it does not receive the handshake reply packets from the switch within a period. 3. To continue, click Connect button after entering the Name and Password on Figure D-12. Then the following screen will appear to prompt that the Radius server is being searched. Figure C-14 Authentication Dialog 4. When passing the authentication, the following screen will appear.
1.4 FAQ: Q1: Why does this error dialog box pop up when starting up the TP-LINK 802.1X Client Software? A1: It’s because the supported DLL file is missing. You are suggested to go to http://www.winpcap.org to download WinPcap 4.0.2 or the higher version for installation, and run the client software again. Q2: Is this TP-LINK 802.1X Client Software compliable with the switches of the other manufacturers? A2: No. This TP-LINK 802.1X Client Software is customized for TP-LINK switches.
Appendix D: Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Generic Multicast Registration Protocol (GMRP) GMRP allows network devices to register end stations with multicast groups. GMRP requires that any participating network devices or end stations comply with the IEEE 802.1p standard. Group Attribute Registration Protocol (GARP) See Generic Attribute Registration Protocol. IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol. IEEE 802.
Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and passes on traffic based on MAC addresses. Link Aggregation See Port Trunk. Link Aggregation Control Protocol (LACP) Allows ports to automatically negotiate a trunked link with LACP-configured ports on another device. Management Information Base (MIB) An acronym for Management Information Base.
Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Simple Network Management Protocol (SNMP) The application protocol in the Internet suite of protocols which offers network management services. Simple Network Time Protocol (SNTP) SNTP allows a device to set its internal clock based on periodic updates from a Network Time Protocol (NTP) server.
