Page 1
24-Port Managed Gigabit Switch
Page 2
24-Port Managed Gigabit Switch
Copyright Statement
is the registered trademark of Shenzhen Tenda
Technology Co., Ltd. All the products and product names mentioned
herein are the trademarks or registered trademarks of their respective
holders. Copyright of the whole product as integration, including its
accessories and software, belongs to Shenzhen Tenda Technology Co.,
Ltd. Without the permission of Shenzhen Tenda Technology Co., Ltd,
any individual or party is not allowed to copy, plagiarize, imitate or
translate it into other languages.
All the photos and product specifications mentioned in this guide are for
references only. As the upgrade of software and hardware, there will be
changes. And if there are changes, Tenda is not responsible for
informing in advance. If you want to know more about our product
information, please visit our website at www.tenda.cn.
Hint:
On the included CD-ROM, there are Chinese and English Web and
CLI User Guide. For better operation, the Web User Guide is
printed.
Page 3
24-Port Managed Gigabit Switch
CONTENTS
Chapter 1 Product Introduction ..............................................................1
1.1 Physical Port .............................................................................1
1.2 Layer 2 Features.......................................................................2
1.3 Management ............................................................................. 3
1.4 Package Contents.....................................................................3
1.5 .............................................................................4 Installation
1.5.1 ..........................................4 Desktop/Horizontal Installation
1.5.2 ..................5 Rack-mountable Installation in 19-inch Cabnit
1.5.3 .........................................................6 Power on the Switch
1.6 External Component Description...............................................6
1.6.1 .......................................................................6 Front Panel
1.6.2 ........................................................................7 Rear Panel
1.6.3 Side Panels........................................................................7
1.6.4 LED Indicator Specification ................................................7
Chapter 2 Connecting the Switch ..........................................................9
2.1 ...............................................................9 Switch to End Node
2.2 ....................................................9 Switch to Switch or Router
2.3 ......................................................10 How to Login the Switch
Chapter 3 Switch Configuration ...........................................................14
i
Page 4
24-Port Managed Gigabit Switch
3.1 Web Login...............................................................................14
3.2 Web Configuration Interface....................................................15
3.3 System Configuration.............................................................. 16
3.3.1 System Information Configuration....................................16
3.3.2 IP and Time Configuration ............................................... 17
3.3.3 Account............................................................................19
3.3.4 Power Save Configuration ...............................................20
3.4 Port Configuration ................................................................... 21
3.5 Aggregation Mode Configuration ............................................ 23
3.5.1 Introduction to Link Aggregation ......................................23
3.5.2 Link Aggregation Characteristics .....................................24
3.5.3 Link Aggregation Requirement for Port Settings ..............25
3.5.4 Aggregation Configuration ...............................................27
3.6 Spanning Tree Configuration................................................... 30
3.6.1 STP Introduction .............................................................. 30
3.6.2 802.1d STP......................................................................30
3.6.3 Spanning Tree System Configuration...............................35
3.6.4 RSTP Port Configuration.................................................. 36
3.7 802.1x Configuration ...............................................................39
3.7.1 802.1x Introduction .......................................................... 39
3.7.2 802.1x Configuration........................................................40
3.8 IGMP Snooping.......................................................................44
3.8.1 IGMP Snooping Introduction ............................................44
3.8.2 IGMP Snooping Working Mechanism ..............................45
ii
Page 5
24-Port Managed Gigabit Switch
3.8.3 IGMP Snooping Configuration .........................................47
3.9 LLDP .......................................................................................48
3.9.1 LLDP Introduction ............................................................ 48
3.9.2 LLDP Configuration..........................................................48
3.10 MAC Address Table Configuration ........................................51
3.10.1 ....................................................51 Aging Configuration
3.10.2 ...................................................51 MAC Table Learning
3.10.3 ..................................52 Static MAC Table Configuration
3.11 VLAN.....................................................................................54
3.11.1 What is a VLAN............................................................54
3.11.2 ........................................................54 VLAN Advantages
3.11.3 .............................................56 Several Types of VLANs
3.11.4 VLAN Memberships Configuration ............................... 56
3.11.5 VLAN Port Configuration ..............................................58
3.12 Quality of Sevice (QoS).........................................................60
3.12.1 QoS Introduction ............................................................ 60
3.12.2 Well-known Priority ........................................................60
3.12.3 Scheduling Mechanism ..................................................63
3.12.4 QoS Configuration .........................................................64
3.13 Access Control List (ACL) .....................................................73
3.13.1 ACL Introduction ............................................................ 73
3.13.2 ACL Configuration..........................................................73
3.14 Port Mirroring ......................................................................104
3.14.1 Mirroring Introduction ...................................................104
iii
Page 6
24-Port Managed Gigabit Switch
3.14.2 Mirroring Configuration ................................................105
3.15 Simple Network Management Protocol (SNMP) .................107
3.15.1 SNMP Introduction .......................................................107
3.15.2 SNMP Configuration ....................................................107
Chapter 4 Switch’s Monitor ................................................................ 110
4.1 System .................................................................................. 110
4.1.1 Information ..................................................................... 110
4.1.2 System Log.................................................................... 111
4.1.3 Detailed Log ................................................................... 112
4.2 Ports...................................................................................... 113
4.2.1 Traffic Overview ............................................................. 113
4.2.2 QoS Statictics................................................................. 114
4.2.3 Port Statistics ................................................................. 115
4.3 LACP..................................................................................... 118
4.3.1 LACP System Status...................................................... 118
4.3.2 LACP Port Stauts ........................................................... 119
4.3.3 LACP Statistics ..............................................................120
4.4 Spanning Tree ....................................................................... 121
4.4.1 Bridge Status.................................................................. 121
4.4.2 RSTP Port Status...........................................................122
4.4.3 RSTP Statistics .............................................................. 123
4.5 802.1x ...................................................................................125
4.5.1 Port Status .....................................................................125
iv
Page 7
24-Port Managed Gigabit Switch
v
4.5.2 802.1x Port Statistics .....................................................126
4.6 IGMP Snooping.....................................................................129
4.7 LLDP .....................................................................................131
4.7.1 LLDP Neighbours........................................................... 131
4.7.2 LLDP Port Statistics ....................................................... 132
4.8 MAC Address Table .............................................................. 134
Chapter 5 Switch’s Diagnostics .........................................................136
5.1 ICMP Ping ............................................................................. 136
5.2 VeriPHY ................................................................................137
Chapter 6 Switch’s Maintenance .......................................................138
6.1 System Reboot......................................................................138
6.2 Restore to Factory Default Setting ........................................ 138
6.3 Firmware Update...................................................................139
6.4 Settings Upload.....................................................................140
6.5 Settings Dowload .................................................................. 140
6.6 Syslog Download .................................................................. 141
Chapter 7 Appendix ...........................................................................142
7.1 Product Specification............................................................. 142
7.2 Glossary................................................................................144
7.3 Online Technical Support ......................................................162
7.4 Common Commands ............................................................ 163
7.5 TCP/IP Address Setting (Windows XP as Example) .............164
Page 8
24-Port Managed Gigabit Switch
Chapter 1 Product Introduction
TEG3224T 24-Port Managed Gigabit Switch was designed for
departmental and enterprise connections. It provides 24
10/100/1000Mbps RJ-45 ports, plus 2 Gigabit mini-GBIC (SFP) combo
ports. Supporting IEEE 802.1x authentication standard and IGMP
Snooping, it also supports 802.1Q VLAN, Trunk, Port Mirroring, 802.1d
STP (Spanning Tree Protocol), and provides Web, Telnet, CLI
(Command Line Interface), SNMPv1, SNMPv2c network management
ways. Powerful and versatile, it is a favorable solution for enterprises
and Internet cafes backbone and server connection in enterprises and
Internet cafes. Its main features are made up mainly of the following
parts:
1.1 Physical Port
Provides 24 high-performance 1000BASE-T ports to be
connected with a backbone, servers, and end stations at
10/100/1000M bps.
2 Gigabit SFP combo ports to connect another switch, server
or network backbone with fiber optic media.
1 RS-232 console port for Switch basic management and setup
via a connection to a console terminal or PC using a terminal
emulation program.
1
Page 9
24-Port Managed Gigabit Switch
1.2 Layer 2 Features
Provides Store-and-forward architecture
Supports up to 48Gbps backplane bandwidth
Max. forwarding rate: 1488095pps per port (64 bit for each packet.)
Supports 8K MAC address entries
Supports jumbo frame forwarding
Supports DSCP and 802.1p priority with 4 priority queues per port
Provides frame buffer cache
Supports 802.1QVLAN (1-4094) with up to 64 VLANs
Supports IGMP V1 and V2
Supports 802.1x port-based authentication
Supports IEEE 802.3x for full-duplex and Backpressure for
half-duplex
Supports ACL (Access Control List)
Spanning Tree Algorithm Protocol for creation of alternative
backup paths and prevention of network loops, including
802.1w Rapid Spanning Tree (RSTP) and 802.1d Spanning Tree
Supports link aggregation, including static aggregation mode
and LACP, and supports up to 12 Trunk groups and 16 Trunk
members per group
Supports LLDP (Link Layer Discovery Protocol)
Supports port mirroring
Supports Multicast, Broadcast storm and unknown unicast
control
Supports TFTP and HTTP firmware upgrade methods
Supports CLI, Web, Telnet, SNMP V1 and SNMP V2c
management features
Supports syslog
2
Page 10
24-Port Managed Gigabit Switch
1.3 Management
RS-232 console port for out-of-band network management via
a console terminal
SNMP V1 and V2c network management
Built-in SNMP management:
RFC1213:system, interface, ip, icmp, tcp, udp and snmp
EtherLike-MIB:dot3 StatsTable
Bridge-MIB:dot1Base
IF-MIB:ifXTable
Supports Web-based management
Support remote Telnet management with up to 5 users in the
same time
Supports CLI (Command Line Interface)
1.4 Package Contents
One TEG3224T Managed Gigabit Switch
Four rubber feet, two mounting ears and eights screws
One AC power cord
One Serial cable
One Ethernet network cable
One User Guide
One CD-ROM
3
Page 11
24-Port Managed Gigabit Switch
1.5 Installation
Please follow the following instructions in avoid of incorrect
installation causing device damage and security threat.
Put the Switch on stable place or desktop in case of falling
damage.
Make sure the Switch works in the proper AC input range and
matches the voltage labeled on the Switch.
To keep the Switch free from lightning, do not open the Switch’s
shell even in power failure.
Make sure that there is proper heat dissipation from and
adequate ventilation around the Switch.
Make sure the cabinet to enough back up the weight of the
Switch and its accessories.
1.5.1 Desktop/Horizontal Installation
Sometimes users are not equipped with the 19-inch standard cabnit.
So when installing the Switch on a desktop, please attach these
cushioning rubber feet provided on the bottom at each corner of the
Switch in case of the external vibration. Allow adequate space for
ventilation between the device and the objects around it. Please
refer to the following figure:
4
Page 12
24-Port Managed Gigabit Switch
1.5.2 Rack-mountable Installation in 19-inch Cabnit
The TEG3224T can be mounted in an EIA standard-sized,
19-inch rack, which can be placed in a wiring closet with other
equipment. To install, attach the mounting brackets on the
Switch’s side panels (one on each side) and secure them with
the screws provided.
Then, use the screws provided with the equipment rack to
mount the Switch on the rack and tighten it.
Note:
For safety, please read the installation instruction carefully before
installing the device.
5
Page 13
24-Port Managed Gigabit Switch
1.5.3 Power on the Switch
The Switch is powered on by the AC 100-240V 50/60Hz internal
high-performance power supply. Please follow the next tips to
connect:
1.5.3.1 AC Electrical Outlet
It is recommended to use single-phase three-wire receptacle
with neutral outlet or multifunctional computer professional
receptacle. Please make sure to connect the metal groud
connector to the grounding source on the outlet.
1.5.3.2 AC Power Cord Connection
Step 1: Connect the AC power connector in the back panel of
the Switch to external receptacle with the included
power cord.
Step 2: To check the power indicator is ON or not. When it is
ON, it indicates the power connection is OK.
1.6 External Component Description
1.6.1 Front Panel
The front panel of TEG3224T consists of 24 10/100/1000Mbps
RJ-45 ports, 2 Gigabit SFP combo ports, 1 RS-232 Console port
and a series of LED indicators shown as below.
Front panel view
6
Page 14
24-Port Managed Gigabit Switch
1.6.2 Rear Panel
The rear panel of TEG3224T contains AC power connector and one
marker shown as below.
Rear panel view
1.6.3 Side Panels
The right side panel of the Switch contains two system fans. The left
side panel has heat vents as shown below.
Side panels view
1.6.4 LED Indicator Specification
LED indicator view
7
Page 15
24-Port Managed Gigabit Switch
The LED indicators of the TEG3224T contain one Power, one SYS,
26 Link/Act (including 2 SFP indicators) and 24 10/100/1000Mbps
indicators. You can see their operating situation through these LED
indicators.
The following chart shows the LED indicators of the Switch along
with explanation of each indicator.
LED Indicator Status Description
ON Indicates the Switch is powered on well.
POWER
OFF
Indicates the Switch is not powered on well.
Please make sure the power cord’s correct
connection between connector and recepta-
cle.
ON Indicates the Switch is working well.
OFF
Indicates the Switch does not work or works
abnormally.
SYS
Blinking
Indicates the system’s upgrading is in
progress.
ON Indicates the ports are connected well.
OFF
Indicates the port connection is not
established. Please check if the connections
are OK.
Link/Act
Blinking
Indicates the port is transmitting and/or
receiving data packets.
Green Indicates the transmission speed is 1000Mbps.
Orange Indicates the transmission speed is 100Mbps.
Speed
OFF
Indicates the transmission speed is 10Mbps or
there is no connection.
8
Page 16
24-Port Managed Gigabit Switch
Chapter 2 Connecting the Switch
2.1 Switch to End Node
Use standard Cat.5/5e Ethernet cable (UTP/STP) to connect the
Switch to end nodes as described below. Switch ports will
automatically adjust to the characteristics (MDI/MDI-X, speed,
duplex) of the device to which is connected.
Switch connecting to an end node
Please refer to the LED Indicator Specification. The Link/Act
LEDs for each port lights green when the link is available.
2.2 Switch to Switch or Router
Use the standard Cat.5/5e Ethernet cable (UTP/STP) to uplink the
Switch’s any port to other switch or router as shown below.
Connect to another switch or router
9
Page 17
24-Port Managed Gigabit Switch
Please refer to the LED Indicator Specification. The Link/Act
LEDs for each port lights green when the link is available.
2.3 How to Login the Switch
TEG3224T provides the following login ways as below.
1. By Web-based management interface using such web browser
as Netscape Navigator, Internet Explorer or firefox. More
details refer to the Web Login part of the Switch
Configuration section.
2. By connecting to the Console Port (RS-232 DCE) serial port on
the front panel of the Switch, which needs a computer or
terminal for monitoring and configuring the Switch.
Step1: Connect the Switch’s console port to the serial connector of
a computer with the RS-232 cable and tighen the captive
retaining screws on both ends.
Console port connection
Step2: On the PC run the terminal emulation software (take the
super terminal on Windows XP as example) and follow the
below to configure the parameters.
Select the appropriate serial port.
Set the data rate to 115200bit/s.
Set the data format to 8 data bits, 1 stop bit, and no parity.
Set flow control to none.
10
Page 18
24-Port Managed Gigabit Switch
Figure 3-2 Create a new connection
Figure 3-3 Connected port connection
Figure 3-4 Com1 port configurations
11
Page 19
24-Port Managed Gigabit Switch
Step3: Power on the Switch and the self-test result will be shown
on the terminal device. After the self-test, enter the User
Name and Password (admin/admin by default for
administrator; user/user for common users) and press Enter.
The command prompt will be shown as below.
Figure 3-5 Switch Configuration Interface
3. By Telnet
Step1: Select Start on your computer and click Run.
Step2: In the appearing window enter the command: telnet
192.168.0.1 and press Enter. The following window will
be displayed as below.
12
Page 20
24-Port Managed Gigabit Switch
13
Hint:
How to configure the device via T elnet or Console port please refers
to the CLI User Guide on included CO-ROM.
Page 21
24-Port Managed Gigabit Switch
Chapter 3 Switch Configuration
3.1 Web Login
As TEG3224T provides Web-based management login, you can
configure your computer’s IP address manually to log on to the
Switch. The default seetings of the Switch are shown below.
Parameter Default Value
Default IP address 192.168.0.1
Default user name admin (for administrator)/user (for common users)
Default password admin (for administrator)/user (for common users)
You can log on to the welcome window of the Switch through
following steps:
1. Connect the Switch with the computer NIC interface.
2. Power on the Switch.
3. Check whether the IP address of the computer is within this
network segment: 192.168.0.xxx (“xxx” ranges 2~254), for
example, 192.168.0.100.
4. Open the browser, and enter http://192.168.0.1 and then press
“Enter”. The switch login window appears, as shown below.
14
Page 22
24-Port Managed Gigabit Switch
5. Enter the user name and password, and then click “OK” to log
in to the Switch configuration window as below.
3.2 Web Configuration Interface
The following section will mainly deal with TEG3224T’s
configuration solution for every aspect in Web interface, to assist
users to use and manage the Switch easily. In the Web interface of
the Switch, there are 13 modules as following:
System
Port
Aggregation
Spanning Tree
802.1x
IGMP Snooping
LLDP
MAC Address Table
15
Page 23
24-Port Managed Gigabit Switch
VLANs
QoS
ACL
Mirroring
SNMP
3.3 System Configuration
In System configuration part, there are four sub-menus: Information,
IP&Time, Account.
3.3.1 System Information Configuration
Please select the left meun as TEG3224T→Configuration→
System→ Information to enter the following window.
The switch system information is provided here.
System Contact
The textual identification of the contact person for this
managed node, together with information on how to contact
this person. The allowed string length is 0 to 255. The allowed
string content is NVT ASCII character set (32 - 126).
16
Page 24
24-Port Managed Gigabit Switch
System Name
An administratively-assigned name for this managed node. By
convention, this is the node's fully-qualified domain name. A
domain name is a text string drawn from the alphabet (A-Z, a-z),
digits (0-9), minus sign (-). No blank or space characters are
permitted as part of a name. The first character must be an
alpha character. And the first or last character must not be a
minus sign. The allowed string length is 0 to 255.
System Location
The physical location of this node (e.g., telephone closet, 3rd
floor). The allowed string length is 0 to 255. The allowed string
content is NVT ASCII character set (32 - 126).
3.3.2 IP and Time Configuration
Please select the left meun as TEG3224T→Configuration→
System →IP&Time to enter the following window:
You can configure the switch-managed IP information here. The
17
Page 25
24-Port Managed Gigabit Switch
Configured column is used to view or change the IP configuration.
The Current column is used to show the active IP configuration.
DHCP Client
Enable the DHCP client by checking this box. If DHCP fails and
the configured IP address is zero, DHCP will retry. If DHCP fails
and the configured IP address is non-zero, DHCP will stop and
the configured IP settings will be used. The DHCP client will
announce the configured System Name as hostname to
provide DNS lookup.
IP Address
Provide the IP address of this switch.
IP Mask
Provide the IP mask of this switch.
IP Router
Provide the IP address of the router.
SNTP Server
Provide the IP address of the SNTP Server.
VLAN ID
Provide the managed VLAN ID. The allowed range is 1 through
4094.
T
imezone Offset (minutes):
Provide the timezone offset relative to UTC/GMT. The offset is
given in minutes east of GMT. The valid range is from -720 to
720 minutes.
18
Page 26
24-Port Managed Gigabit Switch
3.3.3 Account
Please select the left meun as TEG3224T→Configuration→
System→Account to enter the following window:
Click “Add” to enter the System Password window as below:
The page allows you to configure the system password required to
access the web pages or log in from CLI.
Old Password
Enter the current system password. If this is incorrect, the new
password will not be set.
New Password
The system password. The up to 32 characters must be taken
from the NVT ASCII character set (32 - 126).
Confirm New Password
The new password must be entered twice to catch typing
errors.
19
Page 27
24-Port Managed Gigabit Switch
3.3.4 Power Save Configuration
Please select the left meun as TEG3224T→Configuration→
System→Power Save to enter the following window:
Power save is used to save the Switch’s system power
consumption. When Power Save Enable is checked, the
unconnected port’s power in the Switch is almost zero, which can
decrease the system’s power consumption. The system default
setting is unchecked. It is recommended to check this option when
the connecting cable is less than 80 meters.
20
Page 28
24-Port Managed Gigabit Switch
3.4 Port Configuration
Please select the left meun as TEG3224T→Configuration→Port
to enter the following window:
This window displays current port configurations. Ports can also be
configured here.
Port
This is the logical port number for this row.
Link
The current link state is displayed graphically. Green indicates
the link is up; red indicates the link is down.
Current Link Speed
Provide the current link speed, duplex and state of the port.
Configured Link Speed
Select any available link speed for the given switch port.
Disabled – disables the switch port operation.
21
Page 29
24-Port Managed Gigabit Switch
Auto – selects the highest speed that is compatible with a link
partner.
1GbpsFDX – Select the link speed as 1000Mbps Full-duplex.
100MbpsFDX – Select the link speed as 100Mbps Full-duplex.
100M bpsHDX – Select the link speed as 100Mbps
Half-duplex.
10M bpsFDX – Select the link speed as 10Mbps Full-duplex.
10M bpsHDX – Select the link speed as 10Mbps Half-duplex.
Flow Control
When Auto Speed is selected for a port, this section indicates
the flo
w control capability that is advertised to the link partner.
When a fixed-speed setting is selected, that is what is used.
Check the configured column to use flow control; this setting is
related to the setting for Configured Link Speed.
Maximum Frame
Enter the maximum frame size allowed for the switch port,
including FCS. The allowed range is 1518 by
tes to 9600 bytes.
Excessive Collision Mode
Configure port transmit collision behavior.
Discard: Discard frame after 16 collisions (default).
Restart: Restart backoff algorithm after 16 collisions.
22
Page 30
24-Port Managed Gigabit Switch
3.5 Aggregation Mode Configuration
3.5.1 Introduction to Link Aggregation
Link Aggregation (also called Trunking), or IEEE 802.3ad, is a
computer networking term which describes using multiple Ethernet
network cables/ports in parallel to increase the bandwidth of
point-to-point connections without changing existing cabling or
switch equipment. In addition, trunking provides point-to-point
redundancy between two devices to prevent looping. The
TEG3224T supports up to 12 trunk groups with 2~16 ports in each
group.
Link Aggregation Topology
23
Page 31
24-Port Managed Gigabit Switch
TEG3224T treats all ports in a trunk group as single port. Data
transmitted to a specific host will always be transmitted over the
same port in a trunk group. This allows packets in a data stream to
arrive in the same order they were sent.
Note
:
If an
y ports within the trunk group become disconnected,
packets intended for the disconnected port will be load
balancing among the other uplinked ports of the port trunking
group.
3.5.2 Link Aggregation Characteristics
Bandwidth Increasing—Trunking allows several ports to be
grouped together and to appear as a single, higher-bandwidth
logical link. This gives a bandwidth that is a multiple of a
single link’s bandwidth. Trunking may also be used in the
enterprise network to build multigigabit backbone links
between Gigabit Ethernet switches or to link a bandwidth
intensive network device or devices, such as a server, to the
backbone of a network. TEG3224T can create up to 12 port
trunking groups with 2~16 ports in each group.
Load Balancing—Link aggregation is sometimes referred to
as load balancing, which provides redundancy and fault
tolerance if each of the aggregated links follows a different
24
Page 32
24-Port Managed Gigabit Switch
physical path. This allows traffic loads to be distributed across
multiple communication links, and a link failure within the
group causes the network traffic to be directed to the
remaining links in the group. The Spanning Tree Protocol will
treat a port trunking group as a single link, on the Switch level.
On the port level, the STP will use the port parameters of the
Master Port in the calculation of port cost and in determining
the state of the port trunking group. If two redundant port
trunking groups are configured on the Switch, STP will block
one entire group; in the same way STP will block a single port
that has a redundant link.
3.5.3 Link Aggregation Requirement for Port Settings
In one link aggregation group, member port should keep the same
settings for mainly STP, QoS, VLAN, etc.
STP Settings:
STP enable/disable
Port’s link property (such as P2P, non-P2P)
STP priority
STP cost
Edge port
QoS Setting:
Default Class
Tag Priority
25
Page 33
24-Port Managed Gigabit Switch
QCL ID
Policer Limiter (Enable/Disable)
Policer Rate
Shaper (Enable/Disable)
Shaper Rate
Mode
Weight
VLAN Setting:
Ports in Trunking can’t be in cross-VLAN.
VLAN Settings for port:
Aware
Pvid
Frametype
Ingressfilter
Port Setting:
Speed, half/full-duplex, auto-negotiation
Note
:
1.
TEG3224T can create up to 12 port trunking groups with 2~16
ports in each group.
2. Port enabling 802.1x can not be the member of Trunking.
3. Mirrored port can not be the member of Trunking.
4. Ports with Static MAC addres, multicast MAC address can not
be the member of Trunking.
5. Port configured with MAC address binding can not be the
member of Trunking.
26
Page 34
24-Port Managed Gigabit Switch
3.5.4 Aggregation Configuration
3.5.4.1 Static Aggregation
Please select the left meun as TEG3224T→Configuration→
Aggregation →Static to enter the following window:
This page is used to configure the Aggregation hash mode and the
aggregation group. The aggregation hash code settings are global.
Hash Code Contributors
In this section, there are four parts: Source MAC Address,
Destination MAC Address, IP Address and TCP/UDP Port
Number. You can select one or more each time.
Source MAC Address
The source MAC address can be used to calculate the
destination port for the frame. Check to enable the use of the
Source MAC address, or uncheck to disable. By default,
source MAC Address is enabled.
Destination MAC Address
The destination MAC Address can be used to calculate the
27
Page 35
24-Port Managed Gigabit Switch
destination port for the frame. Check to enable the use of the
Destination MAC Address, or uncheck to disable. By default,
destination MAC Address is disabled.
IP Address
The IP address can be used to calculate the destination port for
the frame. Check to enable the use of the IP Address, or
uncheck to disable. By default, IP Address is enabled.
TCP/UDP Port Number
The TCP/UDP port number can be used to calculate the
destination port for the frame. Check to enable the use of the
Port Number, or uncheck to disable. By default, port number is
enabled.
Aggregation Group Configuration
Group ID
Indicates the group ID for the settings contained in the same
row. Group ID "Normal" indicates there is no aggregation. Only
one group ID is valid per port.
Port Members
Each switch port is listed for each group ID. Select a radio
button to include a port in an aggregation, or clear the radio
button to remove the port from the aggregation. By default, no
ports belong to any aggregation group.
3.5.4.2 LACP Configuration
Please select the left meun as TEG3224T→Configuration→
Aggregation →LACP to enter the following window:
28
Page 36
24-Port Managed Gigabit Switch
This page allows the user to inspect the current LACP port
configurations, and possibly change them as well.
Port
The switch port number.
LACP Enabled
Whether LACP is enabled on this switch port. LACP will form
an aggregation when 2 or more ports are connected to the
same partner. LACP can form max 12 LLAG's per switch.
Key
The Key value incurred by the port, range 1-65535. The Auto
setting will set the key as appropriate by the physical link speed,
10Mb = 1, 100Mb = 2, 1Gb = 3. Using the Specific setting, a
user-defined value can be entered. Ports with the same Key
value can participate in the same aggregation group, while
ports with different keys can not.
Role
The Role shows the LACP activity status. The Active will
transmit LACP packets each second; while Passive will wait
for a LACP packet from a partner (speak if spoken to).
29
Page 37
24-Port Managed Gigabit Switch
3.6 Spanning Tree Configuration
3.6.1 STP Introduction
Spanning Tree Protocol is a link management protocol that provides
path redundancy while preventing undesirable loops in the network.
TEG3224T supports two versions of the Spanning Tree Protocol:
802.1d STP and 802.1w Rapid STP.
3.6.2 802.1d STP
1. Bridge Protocol Data Units
The main function of the Spanning Tree Protocol (STP) defined by
IEEE 802.1d standard is to remove layer-2 loops from your topology.
For STP to function, the switch will send bridge protocol data units
(BPDUs) as multicast information every two seconds that only other
layer-2 devices are listening to. Switches will use BPDUs to learn
the topology of the network. The BPDU contains the switch’s ID
made up of a priority value and a MAC address.
2. Root Bridge
Actually, the very first step in STP is to elect the root switch. As was
mentioned earlier, when a device advertises a BPDU, it puts its
switch ID in the BPDU to elect the root switch. The switch with the
lowest switch ID is chosen as root. The switch ID is made up of two
components: the switch’s prority (32768 by default) and the switch’s
MAC address. Through the sharing of the BPDUs, the switches will
figure out which swich has the lowest switch ID, and that switch is
30
Page 38
24-Port Managed Gigabit Switch
chosen as the root switch. All the other switches in the layer-2
topology expect to see BPDUs the root switch within the maximum
age time, which defaults to 20 seconds. If the switches do not see a
BPDU message from the root within this period, they assume that
the root switch has failed and will begin a new election process to
choose a new root switch.
3. Root Port
After the root switch is elected, every other switch in the network
needs to choose a single port on itself that it will use to reach the
root. The port is called the root port. With STP, there are a few
factors that are taken into consideration when choosing a root port.
First, each port is assigned a cost, called a port cost. The lower the
cost, the more preferable the port is. A path cost is basically the
accumulated port costs from a switch to the root switch. As the
BPDUs propagate further and further from the root switch, the path
costs become higher and higher. After going through this selection
process, the Switch will have one, and only one, port that will be its
root port.
4. Designated Port
Besides each switch having a root port, each segment also has a
signal port that is uses to reach the root. This port is called a
designated port. If there is a segment with two switches connected
to it. Either one or the other switch will forward traffic from this
segment to the rest of the network. Here are the steps that are
taken by switches to determine the designated port:
31
Page 39
24-Port Managed Gigabit Switch
With the lowest segment accumulated path cost to the root
bridge.
With the lowest switch ID
With the lowest priority
With the physically lowest-numbered port on the switch
After going through these steps for each segment, each segment will
have a signal designated port that it will use to reach the root switch.
There are four major port states in STP: blocking, listening,
learning and forwarding. In blocking and listening states, only
BPDUs are processed. In a learning state, the CAM table is being
built. In a forwarding state, user frames are moved between ports
(see more in Port Transition State).
5. Layer-2 Convergence
For switches, convergence occurs once STP has completed: a root
sitch is elected, root and designated ports have been chosen, the
root and designated ports have been placed in forwarding state,
and all other ports have been placed in blocked state. If a port has
to go through all four states, it can take 30-50 seconds for STP
convergence to take place. So if a user was performing a Telnet
session, and STP was being recalculated, the Telnet session, from
the user’s perspective, would appear stalled, or the connection
would appear lost. Obviously, a user will notice this type of
disruption. However, in today’s networks, this can cause serious
performance problems for networks that use real-time applications,
like Voice over IP (VoIP). To overcome these issues, the Rapid
Spanning Tree Protocol (RSTP) appears.
32
Page 40
24-Port Managed Gigabit Switch
6. 802.1w Rapid Spanning Tree
The Rapid Spanning Tree Protocol (RSTP) is an IEEE standard,
802.1w, that is interoperable with 802.1d and an extension to it.
With RSTP, there are only three port states: discarding, learning
and forwarding. RSTP can operate with legacy equipment
implementing IEEE 802.1d; however the advantages of using RSTP
will be lost. RSTP was developed in order to overcome some
limitations of STP that impede the function of some recent
Switching innovations, in particular, certain Layer 3 functions that
are increasingly handled by Ethernet Switches. The basic function
and much of the terminology is the same as STP. Most of the
settings configured for STP are also used for RSTP. With RSTP,
there are still root and designated ports, performing the same roles
as those in 802.1d. However, RSTP adds two additional port types:
alternate ports and backup ports. An alternate port is port that has
an alternative path or paths to root but is currently in a discarding
state. A backup port is a port on a segment that could be used to
reach the root switch, but there is already an active designated port
for segment. The best way to look at this is that an alternate port is
a secondary, unused root port, and a backup port is a secondary,
unused designated port. Another feature introduced in 802.1w is
rapid transition. Rapid transition can only take place in RSTP for
edge ports and links that are point-to-point.
33
Page 41
24-Port Managed Gigabit Switch
7. Edge Port
The edge port is a designation used for a port that is directly
connected to end stations where bridging loops cannot be created in
the network. Therefore, the edge port directly transitions to the
forwarding state, and skips the listening and learning stages. Edge
ports generate topology changes when the link toggles. So an edge
port that receives a BPDU immediately loses edge port status and
becomes a normal spanning tree port. At this point, there is a
user-configured value and an operational value for the edge port state.
8. P2P Port
RSTP can only achieve rapid transition to the forwarding state on
edge ports and on point-to-point links. The link type is automatically
derived from the duplex mode of a port. A port that operates in
full-duplex is assumed to be point-to-point, while a half-duplex port
is considered as a shared port by default. This automatic link type
setting can be overridden by explicit configuration. In switched
networks today, most links operate in full-duplex mode and are
treated as point-to-point links by RSTP. This makes them
candidates for rapid transition to the forwarding state.
9. Port Transition States
The important differences between the three protocols are in the
way ports transition to a forwarding state and in the way this
transition relates to the role of the port (forwarding or not forwarding)
in the network topology. There are only three port states left in
RSTP that correspond to the three possible operational states. The
34
Page 42
24-Port Managed Gigabit Switch
802.1D disabled, blocking, and listening states are merged into a
unique 802.1w discarding state. In either case, ports would not
forward packets. In other words, in the STP port transition states
disabled, blocking or listening or in the RSTP port state discarding,
there is no functional difference and the port is not active in the
network topology. The table below compares how the three
protocols differ as to the port state transition.
3.6.3 Spanning Tree System Configuration
Please select the left meun as TEG3224T→Configuration→
Spanning Tree→ System to enter the following window:
The page allows you to configure RSTP system settings. The
settings are used by all RSTP Bridge instances in the Switch.
System Priority
A value used to represent the priority component of a Bridge
Identifier. Lower numbers means higher priority.
Max Age
The maximum age of the information transmitted by the Bridge
when it is the Root Bridge. Valid values are in the range 6 to
200 seconds.
Forward Delay
35
Page 43
24-Port Managed Gigabit Switch
The delay used by STP Bridges to transition Root and
Designated Ports to Forwarding (used in STP compatible
mode). Valid values are in the range 4 to 30 seconds.
Protocol Version
The STP compatible and normal mode setting. Compatible
means the Switch works in compatible mode; Normal means
the Switch works in RSTP mode.
Note
:
1. Hell
o time can’t be configured, 2s by default.
2. The Hello Time cannot be longer than the Max. Age. Otherwise
a configuration error will occur. Observe the following formulas
when setting the above parameters:
Max. Age ≤ 2 x (Forward Delay - 1 second)
Max. Age ≥ 2 x (Hello Time + 1 second)
3.6.4 RSTP Port Configuration
Please select the left meun as TEG3224T→Configuration→
Spanning Tree→ Port to enter the following window:
36
Page 44
24-Port Managed Gigabit Switch
This page allows the user to inspect the current RSTP port
configurations, and possibly change them as well. The page
contains settings for aggregations and physical ports.
Port
The switch port number of the logical RSTP port.
RSTP Enabled
Whether RSTP is enabled on this switch port.
Path Cost
The Path Cost incurred by the port. The Auto setting will set the
path cost as appropriate by the physical link speed, using the
802.1D recommended values. Using the Specific setting, a
user-defined value can be entered. The Path Cost is used to
establish the active topology of the network, i.e. which ports to
have forwarding and which to block. Usually 100M port’s cost
value is 200000; 1000M port’s cost value is 20000. Valid
values are in the range 1 to 200000000.
37
Page 45
24-Port Managed Gigabit Switch
Priority
The port priority. This can be used to control priority of ports
having identical port cost. (See above).
Edge
Whether the port is know to connect directly to Edge devices.
(no Bridges attached). The Edge flag is cleared by receipt of
any BPDU's on the port. Edge ports transition faster to
forwarding state. (Physical ports only, aggregations always
Non-Edge).
Point2Point
Whether the port connects to a shared LAN segment or not.
This can be automatically determined, or forced either true or
false. The point-to-point property also affects the speed of
forwarding transitions - non-shared links can transition faster.
(Physical ports only, aggregations always forced
Point2Point).
38
Page 46
24-Port Managed Gigabit Switch
3.7 802.1x Configuration
3.7.1 802.1x Introduction
The TEG3224T provides the port-based 802.1x authentication
function to improve the network security. The IEEE 802.1x standard
defines a client-server-based access control and authentication
protocol that restricts unauthorized clients from connecting to a LAN
through publicly accessible ports. 802.1x can be configured to
authenticate hosts equipped with supplicant software, denying
unauthorized access to the network at the data link layer.
Authentication is usually done by a third-party entity, such as a
RADIUS server. Upon detection of the new client (supplicant), the
port on the switch (authenticator) is enabled and set to the
"unauthorized" state. In this state, only 802.1X traffic is allowed;
other traffic, such as DHCP and HTTP, is blocked at the data link
layer. 802.1x allows only Extensible Authentication Protocol over
LAN (EAPOL) traffic through the port to which the client is
connected. The authenticator sends out the EAP-Request identity
to the supplicant, the supplicant responds with the EAP-response
packet that the authenticator forwards to the authenticating server.
If the authenticating server accepts the request, the authenticator
sets the port to the "authorized" mode and normal traffic is allowed.
When the supplicant logs off, it sends an EAP-logoff message to
the authenticator. The authenticator then sets the port to the
"unauthorized" state, once again blocking all non-EAP traffic.
39
Page 47
24-Port Managed Gigabit Switch
3.7.2 802.1x Configuration
Please select the left meun as TEG3224T→Configuration→
802.1x to enter the following window:
The page allows you to configure the IEEE 802.1X system and port
settings. The IEEE 802.1X standard defines a port-based access
control procedure that prevents unauthorized access to a network
by requiring users to first submit credentials for authentication. The
802.1X configuration consists of two sections, a system- and a
port-wide.
System Configuration:
Mode
Indicates if the 802.1X protocol is globally enabled or disabled
on the switch.
RADIUS IP
The IP address of the RADIUS Server.
RADIUS Secret
40
Page 48
24-Port Managed Gigabit Switch
The secret - up to 29 characters long - shared between the
RADIUS Server and the Switch.
Reauthentication Enabled
If checked, clients are re-authenticated after the interval
specified by the Reauthentication Period. Re-authentication
can be used to detect if a new device is plugged into a switch
port, and to detect if the authenticated clients are connected
well or not.
Reauthentication Period
Determines the period, in seconds, after which a connected
client must be reauthenticated. This is only active if the
Reauthentication Enabled checkbox is checked. Valid values
are in the range 1 to 3600 seconds.
EAP Timeout
Determines the time the switch shall wait for the supplicant
response before re-transmitting a packet. Valid values are in
the range 1 to 255 seconds.
Note
:
The parameters configured on this window must be consistent
with the Authentication server’s; otherwise, the 802.1x client can
not be authenticated.
Port Confi
guration:
The table has one row for each port on the Switch and four columns.
The columns are:
Port
41
Page 49
24-Port Managed Gigabit Switch
The port ID. It cannot be changed.
Admin State
Sets the authentication mode to one of the following options:
Auto: Requires an 802.1X-aware client (supplicant) to be
authorized by the authentication server. Clients that are not
802.1X-aware will be denied access.
Authorized: Forces the port to grant access to all clients,
802.1X-aware or not.
Unauthorized: Forces the port to deny access to all clients,
802.1X-aware or not.
Port State
The current state of the port. It can undertake one of four
values:
802.1X Disabled: The 802.1X protocol is globally disabled.
Link Down: The 802.1X protocol is enabled, but there is no
link on the port.
Authorized: The port is authorized. This is the case when the
802.1X protocol is enabled, the port has link, and the Admin
State is Auto and the supplicant is authenticated or the Admin
State is "Authorized".
Unauthorized: The port is unauthorized. This is the case when
the 802.1X protocol is enabled, the port has link, and the
Admin State is Auto, but the supplicant is not (yet)
authenticated or the Admin State is "Unauthorized".
Restart
Two buttons are available for each row. The buttons are only
enabled when the 802.1X protocol is enabled and the port's
42
Page 50
24-Port Managed Gigabit Switch
Admin State is Auto. Clicking these buttons will not cause
settings changed on the page to take effect.
Reauthenticate: Schedules a reauthentication to whenever
the quiet-period of the port runs out.
Reinitialize: Bypasses the quiet-period of the port and enables
immediate reauthentication regardless of the status for the
quiet-period.
The reason for a “quiet-period” follows: If a reauthentication
fails, the IEEE 802.1X standard enforces a so-called
“quiet-period” in which the authenticator (switch) shall be quiet
and not retry another authentication. Also packets from the
supplicant are discarded, thus preventing “brute-force” attacks.
43
Page 51
24-Port Managed Gigabit Switch
3.8 IGMP Snooping
3.8.1 IGMP Snooping Introduction
IGMP Snooping is the process of listening to IGMP traffic, which
allows the switch to "listen in" on the IGMP conversation between
hosts and routers by processing the layer 3 IGMP packets sent in a
multicast network. When IGMP snooping is enabled in a switch it
analyses all the IGMP packets between hosts connected to the
switch and multicast routers in the network. When hearing an IGMP
report from a host for a given multicast group, the switch adds the
host's port number to the multicast list for that group. IGMP
snooping can very effectively reduce multicast traffic from streaming
and other bandwidth intensive IP applications. A switch using IGMP
snooping will only forward multicast traffic to the hosts interested in
that traffic. This reduction of multicast traffic reduces the packet
processing at the switch and also reduces the workload at the end
hosts since their network cards will not have to receive and filter all
the multicast traffic generated in the network. The following figure
compares enabled and disabled state of the IGMP Snooping.
44
Page 52
24-Port Managed Gigabit Switch
3.8.2 IGMP Snooping Working Mechanism
When IGMP snooping is enabled, the multicast router sends out
periodic IGMP general queries to all VLANs. The switch responds
to the router queriers with only one join request per MAC multicast
group, and the switch creates one entry per VLAN in the Layer 2
forwarding table for each MAC group from which it receives an
IGMP join request. All hosts interested in this multicast traffic send
join requests and are added to thef forwarding table entry.
When the switch receives IGMP Leave Group message from a host,
it removes the host port from the table entry. After it relays the IGMP
queries from the multicast router, it deletes entries periodically if it
does receive any IGMP membership reports from the multicast
clients.
1. Joining a Multicast Group
When a host connected to the Switch wants to join an IP multicast
group, it sends an IGMP join message (IGMP membership report),
specifying the IP multicast group it wants to join. When the Switch
receives this message, it adds the port to the IP multicast group port
address entry in the forwarding table.
2. Leaving a Multicast Group
The router sends periodic IP multicast general queries, and the
switch responds to these queries with one join responsed per MAC
multicast group. As long as at lest one host in the VLAN needs
multicast traffic, the Switch responds to the reouter queries, and
45
Page 53
24-Port Managed Gigabit Switch
ther router continues forwarding the multicast traffic to the VLAN.
The switch only forwards IP multicast group traffic to those hosts
listed in the forwarding table for that IP multicast group.
When hosts need to leave a multicast group, they can either ignore
the periodic general-query requests sent by the router, or they can
send a leave message. When the swith receives a leave message
from a host, it sends out a group-specific query to determine if any
devices behind that interface are interested in traffic for the specific
multicast group. If, after a mumber of queries, the router process or
receives no reports from a VLAN, it removes the group for the
VLAN from its multicast forwarding table.
46
Page 54
24-Port Managed Gigabit Switch
3.8.3 IGMP Snooping Configuration
Please select the left meun as TEG3224T→Configuration→
IGMP Snooping to enter the following window:
The page provides IGMP Snooping related configuration. Most of
the settings are global.
Snooping Enabled
Enable the Global IGMP Snooping.
Unregistered IPMC Flooding enabled
Make the unregistered IPMC traffic flooding.
IGMP Snooping Enabled
Enable the per-VLAN IGMP Snooping.
IGMP Querier
Enable the IGMP Querier in the VLAN.
Router Port
Specify which ports act as router port. A router port is a port on
the Ethernet switch that leads switch towards the Layer 3
multicast devices or IGMP querier.
If any one of aggregation member ports is selected as router
port in this page, this aggregation will act as a Router port.
47
Page 55
24-Port Managed Gigabit Switch
3.9 LLDP
3.9.1 LLDP Introduction
The Link Layer Discovery Protocol or LLDP is a vendor-neutral
Layer 2 protocol, defined in IEEE 802.1ab, that allows a network
device to advertise its identity and capabilities on the local network.
Link layer discovery allows a network management system to
model the topology of the network by interrogating the MIB
databases in the devices. The required transport type field in LLDP
is Type Length Value (TLV). LLDP usage makes the network trouble
shooting become easier, keeps high capability of network topology
maintenance and searching.
3.9.2 LLDP Configuration
Please select the left meun as TEG3224T→Configuration→LLDP
to enter the following window:
48
Page 56
24-Port Managed Gigabit Switch
This page allows the user to inspect and configure the current LLDP
port settings.
1. LLDP Parameters
Tx Interval
The switch is periodically transmitting LLDP frames to its
neighbors for having the network discovery information
up-to-date. The interval between each LLDP frame is
determined by the Tx Interval value. Valid values are restricted
to 5 - 32768 seconds.
Tx Hold
Each LLDP frame contains information about how long time the
information in the LLDP frame shall be considered valid. The
LLDP information valid period is set to Tx Hold multiplied by Tx
Interval seconds. Valid values are restricted to 2 - 10 times.
Tx Delay
If some configuration is changed (e.g. the IP address) a new
LLDP frame is transmitted, but the time between the LLDP
frames will always be at least the value of Tx Delay seconds.
Tx Delay cannot be larger than 1/4 of the Tx Interval value.
Valid values are restricted to 1 - 8192 seconds.
Tx Reinit
When a port is disabled, LLDP is disabled or the switch is
rebooted a LLDP shutdown frame is transmitted to the
neighbor units for signalling that the LLDP information isn't
valid anymore. Tx Reinit controls the amount of seconds
between the shutdown frame and a new LLDP initialisation.
49
Page 57
24-Port Managed Gigabit Switch
Valid values are restricted to 1 - 10 seconds.
2. LLDP Port Configuration
Port
The switch port number of the logical LLDP port.
Mode
Select LLDP mode.
Rx only The switch will not send out LLDP information, but
LLDP
information from neighbor units is analyzed.
Tx only The switch will drop LLDP information received from
nei
ghbors, but will send out LLDP information.
Disabled The switch will not send out LLDP information, and
will drop LLDP information received from neighbors.
Enabled The switch will send out LLDP information, and will
ana
lyze LLDP information received from neighbors.
50
Page 58
24-Port Managed Gigabit Switch
3.10 MAC Address Table Configuration
Please select the left meun as TEG3224T→Configuration→MAC
Address Table to enter the following window:
The MAC Address Table is configured on this page. Set timeouts for
entries in the dynamic MAC Table and configure the static MAC
table here.
3.10.1 Aging Configuration
By default, dynamic entries are removed from the MAC after 300
seconds. This removal is also called aging. Configure aging time by
entering a value here in seconds; for example, Age time seconds.
The allowed range is 10 to 1000000 seconds. Disable the automatic
agi
ng of dynamic entries by checking Disable automatic aging.
3.10.2 MAC Table Learning
Each port can do learning based upon the following settings:
51
Page 59
24-Port Managed Gigabit Switch
Auto
Learning is done automatically as soon as a frame with
unknown SMAC is received.
Disable
No learning is done.
Secure
Only static MAC entries are learned, all other frames are
dropped.
Note
:
Make sure that the link used for managing the switch is added to
the Static MAC Table before changing to secure learning mode,
otherwise the management link is lost and can only be restored
by using another non-secure port or by connecting to the switch
via the serial interface.
3.10.3 Static MAC Table Configuration
The static entries in the MAC table are shown in this table. The
static MAC table can contain 64 entries. The MAC table is sorted
first by VLAN ID and then by MAC address.
Delete
Check to delete the entry. It will be deleted during the next
save.
VLAN ID
52
Page 60
24-Port Managed Gigabit Switch
The VLAN ID for the entry.
MAC Address
The MAC address for the entry.
Port Members
Checkmarks indicate which ports are members of the entry.
Check or uncheck as needed to modify the entry.
Adding a New Static Entry
Click to add a new entry to the static MAC table. Specify the
VLAN ID, MAC address, and port members for the new entry.
Click "Save".
53
Page 61
24-Port Managed Gigabit Switch
3.11 VLAN
3.11.1 What is a VLAN?
A Virtual Local Area Network (VLAN) defined in the IEEE802.1Q
standard, as can be inferred from the name allows you to create a
virtual LAN as which as far as the users are concerned behaves the
same way as a regular LAN does. It is a logical local area network
(or LAN) and a group of networking devices in the same broadcast t
domain that extends beyond a single traditional LAN to a group of
LAN segments. As a VLAN is a logical entity, its creation and
configuration is done completely in software. Logically speaking,
VLANs are also subnets.
Traditional network designs use routers to create broadcast
domains and limit broadcasts between multiple subnets. A VLAN
prevents broadcast floods in larger networks from consuming
resources, or causing unintentional denials of service unnecessarily.
With broadcast domain separation, VLANs can conserve bandwidth
and improve the network security by limiting traffic to specific
domains.
3.11.2 VLAN Advantages
Comparing with the traditional Ethernet network, VLAN has the
following advantages:
Broadcast Storm Control- Since each VLAN is an
independent collision domain as far as the network layer is
concerned, you could decrease the size of each VLAN when
54
Page 62
24-Port Managed Gigabit Switch
using a shared link so that there will be much less collision. In
addition, it is possible to also group a large LAN based on
some logic to smaller VLANs and reduce broadcast traffic
overall as each broadcast will be sent on to the relevant VLAN
only.
High Security- VLANs provide inherent security to the
network by delivering the frames only within the destined
VLANs when sending broadcasts and to the specific recipient
within the destined VLAN when a regular frame. Hosts in
different VLANs can not communicate each other directly, and
traffics sent by the host should be forworded through the
layer-3 switches or devices in network layer. Furthermore
when dividing user by VLANs it is possible to make the
division according to some security policy and offer sensitive
data only to users on a given VLAN without exposing the
information to the entire network.
Location Independence- since VLANs are a logical construct,
a user can be located anywhere in the switched network and
still belong to the same broadcast domain. Moving from one
switch to another switch in the same switched network, you
can still keep the user in his original VLAN, including a move
from one floor of a building to another floor, or from one part of
the campus to another.
Easy Management- an administrator is able to manage the
entire global network from a single location where the main
switching is done. Additionally it requires very little overhead if
using a VLAN based on ports which reduce the managerial
55
Page 63
24-Port Managed Gigabit Switch
burden even more for some networks.
Low Cost- Using a network switched with VLANs is cheaper
than creating a routed network with expensive routers as
routers cost a lot more than switches in general.
3.11.3 Several Types of VLANs
1. Port Based VLANs- all the traffic which arrives at a given port
of a switch is associated with some VLAN. If you use port
based VLANs the data frame received on a given port is not
altered but is simply forwarded to the correct output port as
configured in the switch.
2. MAC Based VLANs- all the traffic received is inspected for the
source and destination MAC addresses and the appropriate
VLANs are determined by them. This type of VLAN allows
connecting all the computers to all the ports of a switch and the
switch will associate each one to the appropriate VLAN as it is
defined.
3. Protocol Based VLANs- this type of VLANs is based on the
protocol transmitted, each protocol can be assigned a different
port for example IP traffic will go through port 1 and all other
traffic through a different port.
4. IP Subnet Based VLANs- all the traffic in this type of VLAN is
split according to the IP subnet of each source/destination.
3.11.4 VLAN Memberships Configuration
Please select the left meun as TEG3224T→Configuration→
VLANs→ VLAN Memberships to enter the following window:
56
Page 64
24-Port Managed Gigabit Switch
The VLAN membership configurations for the Switch can be
monitored and modified here. Up to 64 VLANs are supported. This
page allows for adding and deleting VLANs as well as adding and
deleting port members of each VLAN.
Delete
To delete a VLAN entry, check this box. The entry will be
deleted on the Switch during the next Save. The default VLAN
1 can’t be deleted.
VLAN ID
Indicates the ID of this particular VLAN.
Port Members
A row of check boxes for each port is displayed for each VLAN
ID. To include a port in a VLAN, check the box. To remove or
exclude the port from the VLAN, make sure the box is
unchecked. By default, no ports are members, and all boxes
are unchecked.
Adding a New VLAN
Click to add a new VLAN ID. An empty row is added to the
table, and the VLAN can be configured as needed. Legal
values for a VLAN ID are
1 through 4094. The VLAN is
ena
bled when you click on "Save".
57
Page 65
24-Port Managed Gigabit Switch
3.11.5 VLAN Port Configuration
Please select the left meun as TEG3224T→Configuration→
VLANs→ Port to enter the following window:
This page is used for configuring the switch port VLAN.
Port
This is the logical port number for this row.
VLAN Aware
Enable VLAN awareness for a port by checking the box. This
parameter affects VLAN ingress processing. If VLAN
awareness is enabled, the tag is removed from tagged frames
received on the port. Furthermore, VLAN tagged frames are
classified to the VLAN ID in the tag.
If VLAN awareness is disabled, all frames are classified to the
Port VLAN ID and tags are not removed. By default, VLAN
awareness is disabled (no checkmark).
Ingress Filtering
Enable ingress filtering for a port by checking the box. This
parameter affects VLAN ingress processing. If ingress filtering
is enabled and the ingress port is not a member of the
58
Page 66
24-Port Managed Gigabit Switch
classified VLAN of the frame, the frame is discarded. By default,
ingress filtering is disabled (no checkmark).
Frame Type
Determine whether the port accepts all frames or only tagged
frames. This parameter affects VLAN ingress processing. If the
port only accepts tagged frames, untagged frames received on
the port are discarded. By default, the field is set to All.
Port VL
AN Mode
Configures the Port VLAN Mode. The allowed values are None
or Specific. This parameter affects VLAN ingress and egress
process
ing.
If None is selected, a VLAN tag with the classified VLAN ID is
inserte
d in frames transmitted on the port. This mode is
normally used for ports connected to VLAN aware switches.
If Specific (the default value) is selected, a Port VLAN ID can
be co
nfigured (see below). Untagged frames received on the
port are classified to the Port VLAN ID. If VLAN awareness is
disabled, all frames received on the port are classified to the
Port VLAN ID. If the classified VLAN ID of a frame transmitted
on the port is different from the Port VLAN ID, a VLAN tag with
the classified VLAN ID is inserted in the frame.
Port VLAN ID
Configures the VLAN identifier for the port. The allowed values
are 1 through 4094. The default value is 1.
Note:
T
he port must be a member of the same VLAN as the Port
VLAN ID.
59
Page 67
24-Port Managed Gigabit Switch
3.12 Quality of Sevice (QoS)
3.12.1 QoS Introduction
QoS stands for Quality of Service. QoS is a generic name for a set
of algorithms which attempt to provide different levels of quality to
ensure high-quality performance for critical applications as VoIP
packets. So the goal of QoS is to provide preferential delivery
service for the applications that need it by ensuring sufficient
bandwidth, controlling latency and forwarding sequence, and
reducing data loss.
Traditionally, the concept of quality in networks meant that all
network traffic was treated equally. The result was that all network
traffic received the network’s best effort, with no guarantees for
reliability, delay, variation in delay, or other performance
characteristics. With best-effort delivery service, however, a single
bandwidth-intensive application can result in poor or unacceptable
performance for all applications. The QoS concept of quality is one
in which the requirements of some applications and users are more
critical than others, which means that some traffic needs
preferential treatment.
3.12.2 Well-known Priority
1. 802.1Q VLAN Frame
The figure below shows the 802.1Q VLAN frame structure. There
60
Page 68
24-Port Managed Gigabit Switch
are four additional octets inserted after the source MAC address.
Their presence is indicated by a value of 0x8100 in the EtherType
field. When a packet's EtherType field is equal to 0x8100, the
packet carries the IEEE 802.1Q/802.1p tag (see IEEE 802.1p
Priority section). The tag is contained in the following two octets
and consists of 3 bits of user priority, 1 bit of Canonical Format
Identifier (CFI - used for encapsulating Token Ring packets so they
can be carried across Ethernet backbones and 802.3 source
routing information), and 12 bits of VLAN ID (VID).
The first 3 bits of the VLAN tag indicate the priority of the traffic
which is included in the packet to allow for some basic QoS to
ensure that critical data can pass through the network quickly with
as little delays as possible. The value of this field can be generated
at the end station and updated on every switch (VLAN aware) on
the way as well. More on the usage of these 3 bits can be found in
IEEE 802.1p standard. The VID is the VLAN identifier and is used
by the 802.1Q standard. Because the VID is 12 bits long, 4094
unique VLANs can be identified. The tag is inserted into the packet
header making the entire packet longer by 4 octets. All of the
information originally contained in the packet is retained.
61
Page 69
24-Port Managed Gigabit Switch
2. IEEE 802.1p Priority
Priority tagging is a function defined by the IEEE 802.1p standard,
which provides a means of managing traffic on a network where
many different types of data may be transmitted simultaneously.
Network devices compliant with the IEEE 802.1p standard have the
ability to recognize the priority level of data packets. These devices
can also assign a priority label or tag to packets. Compliant devices
can also strip priority tags from packets. This priority tag determines
the packet's handling degree and determines the queue to which it
will be assigned.
Priority tag values range from 0 to 7 with 0 being assigned to the
lowest priority data and 7 assigned to the highest. The highest
priority tag 7 is generally only used for data associated with video or
audio applications sensitive to even slight delays. TEG3224T allows
you to further tailor how priority tagged data packets are handled on
your network. Using queues to manage priority tagged data allows
you to specify its relative priority to cater for the needs of your
network. There may be circumstances where it would be
advantageous to group two or more differently tagged packets into
the same queue. Generally, however, it is recommended that the
highest priority queue, Queue 4 (High), be reserved for data
packets with a priority value of 4. Packets that have not been given
any priority value are placed in Queue 1 (Low) and thus given the
lowest priority for delivery.
3. DSCP (Differentiated Services Code Point) Priority
In QoS, a modification of the type of service byte, six bits of this
byte are being reallocated for use as the DSCP field, where each
62
Page 70
24-Port Managed Gigabit Switch
DSCP specifies a particular per-hop behavior that is applied to a
packet. The first 3 bits means IP precedence with the range of 0~7;
and the next 4 bits means ToS priority with the range of 0~15.
RFC2474 redefines the ToS field in the IP header as DS field. So
DSCP utilizes the first six bit in this field from (0~5bit) with the
available value of 0~63, and the last two bits (6, 7 bit) are reserved.
DS field and ToS byte
3.12.3 Scheduling Mechanism
When the network traffic is congestive, usually scheduling mechanism is
deployed to solve the traffic order. TEG3224T supports two ways: SP
(Strict-Priority) and WFQ (Weighted Fair Queuing). This part allows you
to select WFQ or Strict scheduling mechanism for emptying the priority
classes. When the Strict scheduling mechanism is used, the packets will
be emptied by the priority order, For example, key applications as VoIP,
on-line gaming, etc configured with high priority are transmitted first.
When the WFQ (Weighted Fair Queuing) is used, WFQ will sort out
packets by different application, IP priority and Hash mode into different
queues (Low, Normal, Medium, High). Dring times of peak network
traffic, high queue traffic will share the network bandwidth with other
traffics by the slected proportion.
63
Page 71
24-Port Managed Gigabit Switch
3.12.4 QoS Configuration
3.12.4.1 QCL Configuration Wizard
Please select the left meun as TEG3224T→Configuration→
QoS→ Wizard to enter the following window:
This handy wizard helps you set up a QCL quickly in void of
complicate settings. The wizard consists of:
1. Set up Port Policies:
Group ports into several types according to different QCL policies.
QCL ID
Frames that hit this QCE are set to match this specific QCL.
Port Members
A row of radio buttons for each port is displayed for each QCL
ID. To include a port in a QCL member, click the radio button.
2. Set up Typical Network Application Rules
Set up the specific QCL for different typical network application
quality control.
64
Page 72
24-Port Managed Gigabit Switch
Audio and Video
Indicates the common servers that apply to the specific QCE.
The common servers are: QuickTime 4 Server, MSN
Messenger Phone, Yahoo Messenger Phone, Napster, Real
Audi
o.
Games
Indicates the common games that apply to the specific QCE.
User Definition
Indicates the user definition that applies to the specific QCE.
The user definitions are:
Ethernet Type: Specify the Ethernet Type filter for this QCE.
T
he allowed range is 0x600 to 0xFFFF.
VLAN ID: VLAN ID filter for this QCE. The allowed range is 1 to
4094.
UDP/TCP Port: Specify the TCP/UDP port filter for this QCE.
T
he allowed range is 0 to 65535.
DSCP: Specify the DSCP filter for this QCE. The allowed range
is 0 to 63.
3. Set
up ToS Precedence Mapping
Set up the traffic class mapping to the precedence part of ToS (3
bits) when receiving IPv4/IPv6 packets.
QCL ID:
Select the QCL ID to which this QCE applies.
ToS Precedence Class
Select a traffic class of Low, Normal, Medium, or High to apply
to the QCE.
65
Page 73
24-Port Managed Gigabit Switch
4. Set up VLAN Tag Priority Mapping
Set up the traffic class mapping to the User Priority value (3 bits)
when receiving VLAN tagged packets.
QCL ID:
Select the QCL ID to which this QCE applies.
VLAN Priority Class:
Select a traffic class of Low, Normal, Medium, or High to apply
to the QCE.
3.12.4.2 Port QoS Configuration
Please select the left meun as TEG3224T→Configuration→
QoS→Port to enter the following window:
This page allows you to configure QoS settings for each port.
Frames can be classified by 4 different QoS classes: Low, Normal,
Medium, and High. The classification is controlled by a QCL that is
assigned to each port. A QCL consists of an ordered list of up to 12
66
Page 74
24-Port Managed Gigabit Switch
QCEs. Each QCE can be used to classify certain frames to a
specific QoS class. This classification can be based on parameters
such as VLAN ID, UDP/TCP port, IPv4/IPv6 DSCP or Tag Priority.
Frames not matching any of the QCEs are classified to the default
QoS class for the port.
Number of Classes:
Configure the number of traffic classes as "1", "2", or "4". The
default value is "4".
Default Class Configuration
Port
The logical port for the settings contained in the same row.
Default Class
Configure the default QoS class for the port, that is, the QoS
class for frames not matching any of the QCEs in the QCL.
QCL #
Select which QCL to use for the port.
User Priority
Select the default user priority for this port when adding a Tag
to the untagged frames.
Queuing Mode
Select which Queuing mode for this port.
Queue Weighted
Setting Queue weighted (Low: Normal: Medium: High) if the
"Queuing Mode" is "Weighted".
67
Page 75
24-Port Managed Gigabit Switch
3.12.4.3 QoS Control List Configuration
Please select the left meun as TEG3224T→Configuration→
QoS→QoS Control List to enter the following window:
QCL #
Select a QCL to display a table that lists all the QCEs for that
particular QCL.
QCE Type
Specifies which frame field the QCE processes to determine
the QoS class of the frame. The following QCE types are
supported:
Ethernet Type:
The Ethernet Type field. If frame is tagged, this
is the Ethernet Type that follows the tag header.
VLAN ID: VLAN ID. Only applicable if the frame is VLAN
t
agged.
TCP/UDP Port: IPv4 TCP/UDP source/destination port.
DSCP: IPv4 and IPv6 DSCP
.
ToS: The 3 precedence bit in the ToS byte of the IPv4/IPv6
hea
der (also known as DS field).
Tag Priority: User Priority. Only applicable if the frame is VLAN
68
Page 76
24-Port Managed Gigabit Switch
tagged or priority tagged.
Type Value
Indicates the value according to its QCE type.
Ethernet Type: The field shows the Ethernet Type value.
VLAN ID: The field shows the VLAN ID.
TCP/UDP Port: The field shows the TCP/UDP port range.
DSCP: The field shows the IPv4/IPv6 DSCP value.
Traffic Class
The QoS class associated with the QCE.
Modification Buttons
You can modify each QCE in the table using the following
buttons
“+”: Inserts a new QCE before the current row.
“e”: Edits the QCE.
“↑”: Moves the QCE up the list.
“↓”: Moves the QCE down the list.
“x”: Deletes the QCE.
“+”: The lowest plus sign adds a new entry at the bottom of
the list of QCL.
69
Page 77
24-Port Managed Gigabit Switch
3.12.4.4 Rate Limit Configuration
Please select the left meun as TEG3224T→Configuration→
QoS→Rate Limiters to enter the following window:
Configure the switch port rate limit for Policers and Shapers on this
page.
Port
The logical port for the settings contained in the same row.
Policer Enabled
Enable or disable the port policer. The default value is
"Disabled".
Policer Rate
Configure the rate for the port policer. The default value is
"500". This value is restricted to 500-1000000 when the
"Policer Unit" is "kbps", and it is restricted to 1-1000 when the
"Policer Unit" is "Mbps"
Policer Unit
Configure the unit of measure for the port policer rate as kbps
or Mbps. The default value is "kbps".
70
Page 78
24-Port Managed Gigabit Switch
Shaper Enabled
Enable or disable the port shaper. The default value is
"Disabled".
Shaper Rate
Configure the rate for the port shaper. The default value is
"500". This value is restricted to 500-1000000 when the
"Policer Unit" is "kbps", and it is restricted to 1-1000 when the
"Policer Unit" is "Mbps"
Shaper Unit
Configure the unit of measure for the port shaper rate as kbps
or Mbps. The default value is "kbps".
3.12.4.5 Storm Control Configuration
Please select the left meun as TEG3224T→Configuration→
QoS→Storm Control to enter the following window:
Storm control for the switch is configured on this page. There is a
unicast storm rate control, multicast storm rate control, and a
broadcast storm rate control. The rate is 2^n, where n is equal to or
71
Page 79
24-Port Managed Gigabit Switch
less than 15, or "No Limit". The unit of the rate can be either pps
(packets per second) or kpps (kilopackets per second). The
configuration indicates the permitted packet rate for unicast,
multicast, or broadcast traffic across the switch.
Frame Type
The settings in a particular row apply to the frame type listed
here: unicast, multicast, or broadcast.
Status
Enable or disable the storm control status for the given frame
type.
Rate
The rate unit is packet per second (pps), configure the rate as 1,
2, 4, 8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K,
64K, 128K, 256K, 512K, or 1024K. The 1 kpps is actually
1002.1 pps.
72
Page 80
24-Port Managed Gigabit Switch
3.13 Access Control List (ACL)
3.13.1 ACL Introduction
With the booming increase of network scale and traffic, it becomes
more and more important to implement network security and
bandwidth distribution. Usually by packet filtering, you can prevent
the unauthorized users to access the Internet, control the traffic and
save network resources.
ACL (Access Control List) is used to specify the traffic filtering rules
to control the user’s access rights. When the port receives the
packets, the port configured rules will analyze and decide which ones
would be forwarded or filtered. Generally speaking, ACL is deployed
to control access rights by destination MAC address, source MAC
address, destination IP address, source IP address, protocol and port
number and so on.
3.13.2 ACL Configuration
3.13.2.1. ACL Configuration
Please select the left meun as TEG3224T→Configuration→
ACL→ Wizard to enter the following window:
73
Page 81
24-Port Managed Gigabit Switch
This handy wizard helps you set up an ACL quickly.
1. Set up Policy Rules
Set up the default policy rules for Client ports, Server ports, Network
ports and Guest ports. Select “Next” to enter the following window:
In this window set up the default policy rules for Client ports, Server
ports, Network ports, and Guest ports.
Policy 2 for client ports: Limit the allowed rate of broadcast and
multicast frames.
Policy 3 for server ports: Common server access only. (DHCP,
FTP, Mail, and WEB server)
Policy 4 for network ports: Limit the allowed rate of TCP SYN
74
Page 82
24-Port Managed Gigabit Switch
flooding and ICMP flooding.
Policy 5 for guest ports: Internet access only.
2. Set up Port Policies
Group ports into several types according to different ACL policies.
Click “Next” to enter the following window:
Policy ID
Frames that hit this ACE are set to match this specific policy.
Port Members
A row of radio buttons for each port is displayed for each Policy
ID. To include a port in a policy member, click the radio button.
3. Set up Typical Network Application Rules
Set up the specific ACL for different typical network application
access control. Click “Next” to enter the following window:
75
Page 83
24-Port Managed Gigabit Switch
Common Servers
Indicates the common servers that applies to the specific ACE.
The common servers are: DHCP, DNS, FTP, HTTP, IMAP,
NFS, POP3, SAMBA, SMTP, TELNET, TFTP.
In
stant Messaging
Indicates the instant messaging service that applies to the
specific ACE. The instant messengers are: Google Talk, MSN
Messenger, Yahoo Messenger.
Use
r Definition
Indicates the user definition that applies to the specific ACE.
The user definitions are:
Ethernet Type: S
pecify the Ethernet Type filter for this ACE.
The allowed range is 0x600 to 0xFFFF.
UDP Port: Specify the UDP destination port filter for this ACE.
The allowed range is 0 to 65535.
TCP Port: S
pecify the TCP destination port filter for this ACE.
The allowed range is 0 to 65535.
Others
Indicates the other application that applies to the specific ACE.
The other applications are: HTTPS, ICMP, Multicast IP Stream,
NetBIOS, PING Request, Ping Reply, SNMP, SNMP Traps.
76
Page 84
24-Port Managed Gigabit Switch
Click “Next” to enter the next window:
According to your decision on the previous page, this wizard will
create specific ACEs (Access Control Entries) automatically. First
select the ingress port for the ACEs, and then select the action, rate
limiter ID, logging and shutdown. Different parameter options are
displayed depending on the frame type that you selected.
Ingress Port
Select the ingress port to which this ACE applies.
Any: The ACE applies to any port.
Port n: The ACE applies to this port number, where n is the
number of the switch port.
Policy n: The ACE applies to this policy number, where n can
range from 1 through 8.
Switch
Select the switch to which this ACE applies.
Any: The ACE applies to any port.
Switch n: The ACE applies to this switch number, where n is
the number of the switch.
Action
77
Page 85
24-Port Managed Gigabit Switch
Specify the action to take with a frame that hits this ACE.
Permit: The frame that hits this ACE is granted permission for
the ACE operation.
Deny: The frame that hits this ACE is dropped.
Rate Limiter
Specify the rate limiter in number of base units. The allowed
range is 1 to 15. Disabled indicates that the rate limiter
operation is disabled.
Logging
Specify the logging operation of the ACE. The allowed values
are:
Enabled: Frames matching the ACE are stored in the System
Log.
Disabled: Frames matching the ACE are not logged.
Please note that the System Log memory size and logging rate
is limited.
Shutdown
Specify the port shut down operation of the ACE. The allowed
values are:
Enabled: If a frame matches the ACE, the ingress port will be
disabled.
Disabled: Port shut down is disabled for the ACE.
4. Set up Source MAC and Source IP Binding
Strictly control the network traffic by only allowing incoming frames
that match the source IP and source MAC on specific port. Click
“Next” to enter the following window:
78
Page 86
24-Port Managed Gigabit Switch
Port
The logical port for the settings contained in the same row.
Binding Enabled
Enable or disable the source IP and source MAC binding status
for the given logical port.
Source MAC Address
The source MAC address for the source IP and source MAC
binding.
Source IP Address
The source IP address for the source IP and source MAC
binding.
5. Set up DoS Attack Detection Rules
Set up the specific ACL for different typical network application
access control. Click “Next” to enter the following window:
79
Page 87
24-Port Managed Gigabit Switch
UDP DoS - Fraggle
A malicious attacker sending a large number of UDP packets
with random ports to the target system. When the target system
receives these packets, it will determine what application is
waiting on the destination port. When it realizes that there is no
application that is waiting on the port, it will generate an ICMP
packet of destination unreachable to the spoofed source
address. Eventually leading it to be unreachable by other
clients and the system will go down.
ICMP DoS - Ping of Death
A malicious attacker sending a malformed ICMP request
packet larger than the 65,536 bytes to the target system. Some
target systems cannot handle the packet larger than the
maximum IP packet size, which often causes target system
froze, crashed or rebooted.
ICMP DoS - Smurf
A malicious attacker sending a malformed ICMP request
packet with broadcast destination addresses to the target
system. After receiving the packet, all reachable hosts send an
ICMP echo reply packet back to the spoofed source address.
Thus, the target host will suffer from a larger amount of traffic
80
Page 88
24-Port Managed Gigabit Switch
generated.
Click “Next”, to enter the next window:
According to your decision on the previous page, this wizard will
create specific ACEs (Access Control Entries) automatically. First
select the ingress port for the ACEs, and then select the action, rate
limiter ID, logging and shutdown. Different parameter options are
displayed depending on the frame type that you selected.
Ingress Port
Select the ingress port to which this ACE applies.
Any: The ACE applies to any port.
Port n: The ACE applies to this port number, where n is the
number of the switch port.
Policy n: The ACE applies to this policy number, where n can
range from 1 through 8.
Switch
Select the switch to which this ACE applies.
Any: The ACE applies to any port.
Switch n: The ACE applies to this switch number, where n is
the number of the switch.
Action
81
Page 89
24-Port Managed Gigabit Switch
Specify the action to take with a frame that hits this ACE.
Permit: The frame that hits this ACE is granted permission for
the ACE operation.
Deny: The frame that hits this ACE is dropped.
Rate Limiter
Specify the rate limiter in number of base units. The allowed
range is 1 to 15. Disabled indicates that the rate limiter
operation is disabled.
Logging
Specify the logging operation of the ACE. The allowed values
are:
Enabled: Frames matching the ACE are stored in the System
Log.
Disabled: Frames matching the ACE are not logged.
Please note that the System Log memory size and logging rate
is limited.
Shutdown
Specify the port shut down operation of the ACE. The allowed
values are:
Enabled: If a frame matches the ACE, the ingress port will be
disabled.
Disabled: Port shut down is disabled for the ACE.
3.13.2.2 ACL Ports Configuration
Please select the left meun as TEG3224T→Configuration→
ACL→Port to enter the following window:
82
Page 90
24-Port Managed Gigabit Switch
Configure the ACL parameters (ACE) of each switch port. These
parameters will affect frames received on a port unless the frame
matches a specific ACE.
Port
The logical port for the settings contained in the same row.
Policy ID
Select the policy to apply to this port. The allowed values are 1
through 8. The default value is 1.
Action
Select whether forwarding is permitted ("Permit") or denied
("Deny"). The default value is "Permit".
Rate Limiter ID
Select which rate limiter to apply to this port. The allowed
values are Disabled or the values 1 through 15. The default
value is "Disabled".
Port Copy
Select which port frames are copied to. The allowed values are
Disabled or a specific port number. The default value is
"Disabled".
Logging
83
Page 91
24-Port Managed Gigabit Switch
Specify the logging operation of this port. The allowed values
are:
Enabled: Frames received on the port are stored in the
System Log.
Disabled: Frames received on the port are not logged.
The default value is "Disabled". Please note that the System
Log memory size and logging rate is limited.
Shutdown
Specify the port shut down operation of this port. The allowed
values are:
Enabled: If a frame is received on the port, the port will be
disabled.
Port shut down is disabled.
The default value is "Disabled".
Counter
Counts the number of frames that match this ACE.
3.13.2.3 ACL Rate Limiter Configuration
Please select the left meun as TEG3224T→Configuration→
ACL→Tate Limiters to enter the following window:
84
Page 92
24-Port Managed Gigabit Switch
Configure the rate limiter for the ACL of the switch.
Rate Limiter ID
The rate limiter ID for the settings contained in the same row.
Rate
The rate unit is packet per second (pps), configure the rate as 1,
2, 4, 8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K,
64K, 128K, 256K, 512K, or 1024K. The 1 kpps is actually
1002.1 pps.
3.13.2.4 ACL Access Control List Configuration
Please select the left meun as TEG3224T→Configuration→
ACL→ Access Control List to enter the following window:
85
Page 93
24-Port Managed Gigabit Switch
86
This page shows the Access Control List (ACL), which is made up
of the ACEs defined for this switch. Each row describes the ACE
that is defined. The maximum number of ACEs is 128. Click on the
lowest plus sign to add a new ACE to the list.
Ingress Port
Indicates the ingress port of the ACE. Possible values are:
Any: T
he ACE will match any ingress port.
Policy: The ACE will match ingress ports with a specific policy.
Port: The ACE will match a specific ingress port.
F
rame Type
Indicates the frame type of the ACE. Possible values are:
Any: The ACE will match any frame type.
EType: The ACE will match Ethernet Type frames.
ARP: The ACE will match ARP/RARP frames.
IPv4: The ACE will match all IPv4 frames.
IPv4/ICMP: The ACE will match IPv4 frames with ICMP
protoco
l.
IPv4/UDP: The ACE will match IPv4 frames with UDP protocol.
IPv4/TCP: The ACE will match IPv4 frames with TCP protocol.
IPv4/Other: The ACE will match IPv4 frames, which are not
Page 94
24-Port Managed Gigabit Switch
ICMP/UDP/TCP.
Action
Indicates the forwarding action of the ACE.
Permit: F
rames matching the ACE may be forwarded and
learned.
Deny: Frames matching the ACE are dropped.
Rate Limiter
Indicates the rate limiter number of the ACE. The allowed
range is 1 to 15. When Disabled is displayed, the rate limiter
oper
ation is disabled.
Port Copy
Indicates the port copy operation of the ACE. Frames matching
the ACE are copied to the port number. The allowed values are
Disabled or a specific port number. When Disabled is displayed,
the port cop
y operation is disabled.
Logging
Indicates the logging operation of the ACE. Possible values are:
Enabled: Frames matching the ACE are stored in the System
Log.
Disabled: Frames matching the ACE are not logged.
Pleas
e note that the System Log memory size and logging rate
is limited.
Shutdown
Indicates the port shut down operation of the ACE. Possible
values are:
Enabled: If a frame matches
the ACE, the ingress port will be
disabled.
87
Page 95
24-Port Managed Gigabit Switch
Disabled: Port shut down is disabled for the ACE.
Counter
The counter indicates the number of times the ACE was hit by
a frame.
Modification Buttons
You can modify each ACE (Access Control Entry) in the table
using the following buttons:
“+”: Inserts a new ACE before the current row.
“e”: Edits the ACE row.
“↑”: Moves the ACE up the list.
“↓”: Moves the ACE down the list.
“x” : Deletes the ACE.
“+”: The lowest plus sign adds a new entry at the bottom of the
ACE listings. Click it to enter the next window:
Configure an ACE (Access Control Entry) on this page.An ACE
consists of several parameters. These parameters vary according
to the frame type that you select. First select the ingress port for the
ACE, and then select the frame type. Different parameter options
are displayeddepending on the frame type that you selected. A
88
Page 96
24-Port Managed Gigabit Switch
frame that hits this ACE matches the configuration that is defined
here.
Ingress Port
Select the ingress port for which this ACE applies.
Any: The ACE applies to any port.
Port n: T
he ACE applies to this port number, where n is the
number of the switch port.
Policy n: The ACE applies to this policy number, where n can
range from 1 through 8.
Switch
Select the switch to which this ACE applies.
Any: T
he ACE applies to any port.
Switch n: The ACE applies to this switch number, where n is
the number of the switch.
Frame Type
Select the frame type for this ACE.
Any: An
y frame can match this ACE.
Ethernet Type: Onl
y Ethernet Type frames can match this
ACE.
ARP: Only ARP frames can match this ACE.
IPv4: Only
IPv4 frames can match this ACE.
Action
Specify the action to take with a frame that hits this ACE.
Permit:
The frame that hits this ACE is granted permission for
the ACE operation.
Deny: The frame that hits this ACE is dropped.
89
Page 97
24-Port Managed Gigabit Switch
Rate Limiter
Specify the rate limiter in number of base units. The allowed
range is 1 to 15. Disabled indicates that the rate limiter
operation is disabled.
Port Copy
Frames that hit the ACE are copied to the port number
specified here. The allowed range is the same as the switch
port number range. Disabled indicates that the port copy
oper
ation is disabled.
Logging
Specify the logging operation of the ACE. The allowed values
are:
Enabled: F
rames matching the ACE are stored in the System
Log.
Disabled: Frames matching the ACE are not logged.
Please note that the System Log memory size and logging rate
is limited.
Shutdown
Specify the port shut down operation of the ACE. The allowed
values are:
Enabled: If a frame matches
the ACE, the ingress port will be
disabled.
Disabled: Port shut do
wn is disabled for the ACE.
Counter
The counter indicates the number of times the ACE was hit by
a frame.
MAC Parameters
90
Page 98
24-Port Managed Gigabit Switch
SMAC Filter
(Only displayed when the frame type is Ethernet Type or
ARP.)
Specify the source MAC filter for this ACE.
Any: No SM
AC filter is specified. (SMAC filter status is
"don't-care".)
Specific: If y
ou want to filter a specific source MAC address
with this ACE, choose this value. A field for entering an SMAC
value appears.
SMAC Value
When "Specific" is selected for the SMAC filter, you can enter a
specific source MAC address. The legal format is
"xx-xx-xx-xx-xx-xx". A frame that hits this ACE matches this
SMAC value.
DMAC Filter
Specify the destination MAC filter for this ACE.
Any: No DM
AC filter is specified. (DMAC filter status is
"don't-care".)
MC: F
rame must be multicast.
BC: Frame must be broadcast.
UC: Frame must be unicast.
Specific: If you
want to filter a specific destination MAC
address with this ACE, choose this value. A field for entering a
DMAC value appears.
DMAC Value
When "Specific" is selected for the DMAC filter, you can enter a
specific destination MAC address. The legal format is
91
Page 99
24-Port Managed Gigabit Switch
"xx-xx-xx-xx-xx-xx". A frame that hits this ACE matches this
DMAC value.
VLAN Parameters
VLAN ID Filter
Specify the VLAN ID filter for this ACE.
Any: No VLA
N ID filter is specified. (VLAN ID filter status is
"don't-care".)
Specific: If yo
u want to filter a specific VLAN ID with this ACE,
choose this value. A field for entering a VLAN ID number
appears.
VLAN ID
When "Specific" is selected for the VLAN ID filter, you can enter
a specific VLAN ID number. The allowed range is 1 to 4094. A
frame that hit
s this ACE matches this VLAN ID value.
Tag Priority
Specify the tag priority for this ACE. A frame that hits this ACE
matches this tag priority. The allowed number range is 0 to 7.
T
he value Any means that no tag priority is specified (tag
priority is "don't-care".)
ARP Parameters
The ARP parameters can be configured when Frame Type
"ARP" is selected.
92
Page 100
24-Port Managed Gigabit Switch
ARP/RARP
Specify the available ARP/RARP opcode (OP) flag for this ACE.
Any: No ARP/RARP OP flag is specified. (OP is "don't-care".)
ARP: F
rame must have ARP/RARP opcode set to ARP.
RARP: Frame must have ARP/RARP opcode set to RARP.
Other: Frame has unknown ARP/RARP Opcode flag.
Request/Reply
Specify the available ARP/RARP opcode (OP) flag for this ACE.
Any: No
ARP/RARP OP flag is specified. (OP is "don't-care".)
Request: F
rame must have ARP Request or RARP Request
OP flag set.
Reply: Frame must have ARP Reply or RARP Reply OP flag.
Sender IP Filter
Specify the sender IP filter for this ACE.
Any: No sen
der IP filter is specified. (Sender IP filter is
"don't-care".)
Host: Send
er IP filter is set to Host. Specify the sender IP
address in the SIP Address field that appears.
Network: Se
nder IP filter is set to Network. Specify the sender
IP address and sender IP mask in the SIP Address and SIP
Mask fields that appear.
Sender IP Address
When "Host" or "Network" is selected for the sender IP filter,
you can enter a specific sender IP address.
Sender IP Mask
When "Network" is selected for the sender IP filter, you can
enter a specific sender IP mask in.
93
Loading...