This equipment has been tested and found to comply with the limits for a Class A digital
device, pursuant to part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference in which case the user will be required to correct
the interference at his own expense.
This device complies with part 15 of the FCC Rules. Operation is subject to the following
two conditions:
1) This device may not cause harmful interference.
2) This device must accept any interference received, including interference that may
cause undesired operation.
Any changes or modifications not expressly approved by the party responsible for
compliance could void the user’s authority to operate the equipment.
CE Mark Warning
This is a class A product. In a domestic environment, this product may cause radio
interference, in which case the user may be required to take adequate measures.
Продукт сертифіковано згідно с правилами системи УкрСЕПРО на відповідність
вимогам нормативних документів та вимогам, що передбачені чинними законодавчими
актами України.
Safety Information
When product has power button, the power button is one of the way to shut off the
product; When there is no power button, the only way to completely shut off power is to
disconnect the product or the power adapter from the power source.
Don’t disassemble the product, or make repairs yourself. You run the risk of electric
shock and voiding the limited warranty. If you ne ed service, please contact us.
Avoid water and wet locations.
Explanation of the symbols on the product label
SymbolExplanation
AC voltage
RECYCLING
This product bears the selective sorting symbol for Waste electrical and
electronic equipment (WEEE). This means that this product must be handled
pursuant to European directive 2012/19/EU in order to be recycled or
dismantled to minimize its impact on the environment.
User has the choice to give his product to a competent recycling
organization or to the retailer when he buys a new electrical or electronic
equipment.
More Information .................................................................................................................................................................2
Web Interface Access ........................................................................................................................................................5
Save Config Function ..............................................................................................................................................................................6
Disable the Web Server .........................................................................................................................................................................7
Configure the Switch's IP Address and Default Gateway ...................................................................................................8
Command Line Interface Access ............................................................................................................................... 11
Console Login (only for switch with console port) ...............................................................................................................11
Change the Switch's IP Address and Default Gateway .....................................................................................................20
Managing System
System .................................................................................................................................................................................. 22
Supported Features ..............................................................................................................................................................................22
System Info Configurations .......................................................................................................................................... 24
Using the GUI ............................................................................................................................................................................................24
Viewing the System Summary ...........................................................................................................................................24
Specifying the Device Description ..................................................................................................................................26
Setting the System Time ......................................................................................................................................................26
Setting the Daylight Saving Time .....................................................................................................................................27
Using the CLI .............................................................................................................................................................................................29
Viewing the System Summary ...........................................................................................................................................29
Specifying the Device Description ..................................................................................................................................30
Setting the System Time ......................................................................................................................................................31
Setting the Daylight Saving Time .....................................................................................................................................33
User Management Configurations ............................................................................................................................. 36
Using the GUI ............................................................................................................................................................................................36
Creating Accounts of Other Types .................................................................................................................................37
Using the CLI .............................................................................................................................................................................................39
Creating Accounts of Other Types .................................................................................................................................40
System Tools Configurations ...................................................................................................................................... 44
Using the GUI ............................................................................................................................................................................................44
Configuring the Boot File ......................................................................................................................................................44
Restoring the Configuration of the Switch .................................................................................................................45
Backing up the Configuration File ....................................................................................................................................46
Upgrading the Firmware ........................................................................................................................................................46
Rebooting the switch ..............................................................................................................................................................47
Configuring the Reboot Schedule ...................................................................................................................................47
Reseting the Switch .................................................................................................................................................................48
Using the CLI .............................................................................................................................................................................................48
Configuring the Boot File ......................................................................................................................................................48
Restoring the Configuration of the Switch .................................................................................................................49
Backing up the Configuration File ....................................................................................................................................50
Upgrading the firmware .........................................................................................................................................................50
Rebooting the switch ..............................................................................................................................................................51
Configuring the Reboot Schedule ...................................................................................................................................51
Reseting the Switch .................................................................................................................................................................52
Using the GUI ............................................................................................................................................................................................54
Configuring the Access Control Feature .....................................................................................................................54
Configuring the HTTP Function ........................................................................................................................................56
Configuring the HTTPS Function .....................................................................................................................................57
Configuring the SSH Feature .............................................................................................................................................59
Enabling the Telnet Function ..............................................................................................................................................60
Using the CLI .............................................................................................................................................................................................60
Configuring the Access Control .......................................................................................................................................60
Configuring the HTTP Function ........................................................................................................................................62
Configuring the HTTPS Function .....................................................................................................................................63
Configuring the SSH Feature .............................................................................................................................................65
Enabling the Telnet Function ..............................................................................................................................................68
Using the GUI ............................................................................................................................................................................................69
Using the CLI .............................................................................................................................................................................................70
Supported Features ..............................................................................................................................................................................76
Using the GUI ............................................................................................................................................................................................77
Using the CLI .............................................................................................................................................................................................78
Port Mirror Configuration ............................................................................................................................................... 81
Using the GUI ............................................................................................................................................................................................81
Using the CLI .............................................................................................................................................................................................83
Port Security Configuration .......................................................................................................................................... 85
Using the GUI ............................................................................................................................................................................................85
Using the CLI .............................................................................................................................................................................................86
Port Isolation Configurations ....................................................................................................................................... 89
Using the GUI ............................................................................................................................................................................................89
Using the CLI .............................................................................................................................................................................................90
Using the GUI ............................................................................................................................................................................................92
Using the CLI .............................................................................................................................................................................................93
Example for Port Mirror .......................................................................................................................................................................96
Using the GUI ...............................................................................................................................................................................96
Using the CLI ...............................................................................................................................................................................98
Example for Port Isolation ..................................................................................................................................................................98
Using the GUI ...............................................................................................................................................................................99
Using the CLI ............................................................................................................................................................................100
Example for Loopback Detection...............................................................................................................................................101
Using the GUI ............................................................................................................................................................................101
Using the CLI ............................................................................................................................................................................102
LAG ......................................................................................................................................................................................107
Supported Features ...........................................................................................................................................................................107
LAG Configuration ..........................................................................................................................................................108
Using the GUI .........................................................................................................................................................................................109
Configuring Static LAG or LACP....................................................................................................................................110
Using the CLI ..........................................................................................................................................................................................112
Configuring Static LAG or LACP....................................................................................................................................113
Configuration Example .................................................................................................................................................117
Using the GUI .........................................................................................................................................................................................118
Using the CLI ..........................................................................................................................................................................................119
Using the GUI .........................................................................................................................................................................................123
Viewing the Traffic Summary ..........................................................................................................................................123
Viewing the Traffic Statistics in Detail ........................................................................................................................124
Using the CLI ..........................................................................................................................................................................................127
MAC Address Table .......................................................................................................................................................130
Supported Features ...........................................................................................................................................................................130
Using the GUI .........................................................................................................................................................................................132
Adding Static MAC Address Entries ..........................................................................................................................132
Modifying the Aging Time of Dynamic Address Entries...................................................................................134
Adding MAC Filtering Address Entries.......................................................................................................................135
Using the CLI ..........................................................................................................................................................................................136
Adding Static MAC Address Entries ..........................................................................................................................136
Modifying the Aging Time of Dynamic Address Entries...................................................................................137
Adding MAC Filtering Address Entries.......................................................................................................................138
Using the GUI .........................................................................................................................................................................................140
Configuring MAC Notification Traps ...........................................................................................................................140
Limiting the Number of MAC Addresses in VLANs ............................................................................................141
Using the CLI ..........................................................................................................................................................................................143
Configuring MAC Notification Traps ...........................................................................................................................143
Limiting the Number of MAC Addresses in VLANs ............................................................................................144
Example for Security Configurations ......................................................................................................................146
Using the GUI .........................................................................................................................................................................................147
Using the CLI ..........................................................................................................................................................................................148
Using the GUI .........................................................................................................................................................................................152
Configuring the PVID of the Port ...................................................................................................................................152
Configuring the VLAN ..........................................................................................................................................................153
Using the CLI ..........................................................................................................................................................................................154
Creating a VLAN .....................................................................................................................................................................154
Configuring the PVID of the Port ...................................................................................................................................155
Adding the Port to the Specified VLAN .....................................................................................................................156
Configuration Example .................................................................................................................................................158
Using the GUI .........................................................................................................................................................................................159
Using the CLI ..........................................................................................................................................................................................161
MAC VLAN Configuration ............................................................................................................................................166
Using the GUI .........................................................................................................................................................................................166
Binding the MAC Address to the VLAN .....................................................................................................................167
Enabling MAC VLAN for the Port ...................................................................................................................................167
Using the CLI ..........................................................................................................................................................................................168
Binding the MAC Address to the VLAN .....................................................................................................................168
Enabling MAC VLAN for the Port ...................................................................................................................................169
Configuration Example ................................................................................................................................................171
Using the GUI .........................................................................................................................................................................................172
Using the CLI ..........................................................................................................................................................................................175
Using the GUI .........................................................................................................................................................................................181
Using the CLI ..........................................................................................................................................................................................183
Creating a Protocol Template .........................................................................................................................................184
Configuration Example ................................................................................................................................................187
Using the GUI .........................................................................................................................................................................................188
Using the CLI ..........................................................................................................................................................................................192
Spanning Tree ..................................................................................................................................................................198
Using the GUI .........................................................................................................................................................................................206
Configuring STP/RSTP Parameters on Ports .........................................................................................................206
Verifying the STP/RSTP Configurations ....................................................................................................................210
Using the CLI ..........................................................................................................................................................................................211
Configuring STP/RSTP Parameters on Ports .........................................................................................................211
Configuring Global STP/RSTP Parameters .............................................................................................................213
Using the GUI .........................................................................................................................................................................................216
Configuring Parameters on Ports in CIST ................................................................................................................216
Configuring the MSTP Region ........................................................................................................................................218
Verifying the MSTP Configurations .............................................................................................................................225
Using the CLI ..........................................................................................................................................................................................226
Configuring Parameters on Ports in CIST ................................................................................................................226
Configuring the MSTP Region .......................................................................................................................................228
Configuring Global MSTP Parameters .......................................................................................................................231
Enabling Spanning Tree Globally...................................................................................................................................233
Using the GUI .........................................................................................................................................................................................236
Configuring the STP Security ..........................................................................................................................................236
(Optional) Configuring the Threshold and Cycle of TC Protect ...................................................................237
Using the CLI ..........................................................................................................................................................................................238
Configuring the STP Security ..........................................................................................................................................238
Configuring the TC Protect ..............................................................................................................................................240
Configuration Example for MSTP .............................................................................................................................242
Using the GUI .........................................................................................................................................................................................243
Using the CLI ..........................................................................................................................................................................................254
Using the GUI .........................................................................................................................................................................................266
Configuring Router Port Time and Member Port Time .....................................................................267
Configuring IGMP Snooping Last Listener Query ...............................................................................268
Verifying IGMP Snooping Status ...................................................................................................................268
Configuring the Port’s Basic IGMP Snooping Features....................................................................................269
Enabling IGMP Snooping on the Port .........................................................................................................269
(Optional) Configuring Fast Leave ................................................................................................................269
Configuring IGMP Snooping in the VLAN .................................................................................................................270
Configuring IGMP Snooping Globally in the VLAN ..............................................................................270
(Optional) Configuring the Static Router Ports in the VLAN ..........................................................271
(Optional) Configuring the Forbidden Router Ports in the VLAN ................................................271
Configuring the Multicast VLAN ....................................................................................................................................271
Creating Multicast VLAN and Configuring Basic Settings ..............................................................272
(Optional) Creating Replace Source IP ......................................................................................................273
Viewing Dynamic Router Ports in the Multicast VLAN ......................................................................273
(Optional) Configuring the Static Router Ports ......................................................................................273
(Optional) Configuring the Forbidden Router Ports ............................................................................273
(Optional) Configuring the Querier ................................................................................................................................274
Configuring the Querier ......................................................................................................................................274
Viewing Settings of IGMP Querier ................................................................................................................274
Editing IP Range of the Profile ........................................................................................................................276
Binding Profile and Member Ports ................................................................................................................................276
Binding Profile and Member Ports ...............................................................................................................277
Configuring Max Groups a Port Can Join.................................................................................................277
Viewing IGMP Statistics on Each Port ........................................................................................................................278
Configuring Auto Refresh .................................................................................................................................278
Configuring IGMP Authentication on the Port .......................................................................................280
Configuring Static Member Port ....................................................................................................................................280
Configuring Static Member Port ...................................................................................................................281
Viewing IGMP Static Multicast Groups ......................................................................................................281
Using the CLI ..........................................................................................................................................................................................282
Enabling IGMP Snooping on the Port .........................................................................................................................282
Configuring IGMP Snooping Parameters on the Port .......................................................................................285
Configuring Router Port Time and Member Port Time .....................................................................285
Configuring Fast Leave ......................................................................................................................................286
Configuring Max Group and Overflow Action on the Port ..............................................................287
Configuring IGMP Snooping Last Listener Query ...............................................................................................288
Configuring IGMP Snooping Parameters in the VLAN ......................................................................................290
Configuring Router Port Time and Member Port Time .....................................................................290
Configuring Static Router Port .......................................................................................................................291
Configuring Forbidden Router Port .............................................................................................................292
Configuring Static Multicast (Multicast IP and Forward Port)........................................................293
Configuring IGMP Snooping Parameters in the Multicast VLAN ................................................................293
Configuring Router Port Time and Member Port Time .....................................................................293
Configuring Static Router Port .......................................................................................................................294
Configuring Forbidden Router Port .............................................................................................................295
Configuring Replace Source IP ......................................................................................................................296
Configuring the Querier ......................................................................................................................................................297
Binding Profile to the Port .................................................................................................................................300
Enabling IGMP Accounting and Authentication ....................................................................................................302
Enabling IGMP Authentication on the Port ..............................................................................................302
Using the GUI .........................................................................................................................................................................................304
Configuring Router Port Time and Member Port Time .....................................................................305
Configuring MLD Snooping Last Listener Query .................................................................................306
Verifying MLD Snooping Status ....................................................................................................................306
Configuring the Port’s Basic MLD Snooping Features .....................................................................................307
Enabling MLD Snooping on the Port ..........................................................................................................307
(Optional) Configuring Fast Leave ................................................................................................................307
Configuring MLD Snooping in the VLAN ..................................................................................................................308
Configuring MLD Snooping Globally in the VLAN ...............................................................................308
(Optional) Configuring the Static Router Ports in the VLAN ..........................................................309
(Optional) Configuring the Forbidden Router Ports in the VLAN ................................................309
Configuring the Multicast VLAN ....................................................................................................................................309
Creating Multicast VLAN and Configuring Basic Settings ..............................................................310
(Optional) Creating Replace Source IP ......................................................................................................311
Viewing Dynamic Router Ports in the Multicast VLAN ......................................................................311
(Optional) Configuring the Static Router Ports ......................................................................................311
(Optional) Configuring the Forbidden Router Ports ............................................................................311
(Optional) Configuring the Querier ................................................................................................................................312
Configuring the Querier ......................................................................................................................................312
Viewing Settings of MLD Querier ..................................................................................................................312
Editing IP Range of the Profile ........................................................................................................................314
Binding Profile and Member Ports ................................................................................................................................314
Binding Profile and Member Ports ...............................................................................................................315
Configuring Max Groups a Port Can Join.................................................................................................315
Viewing MLD Statistics on Each Port .........................................................................................................................316
Configuring Auto Refresh .................................................................................................................................317
Configuring Static Member Port ....................................................................................................................................317
Configuring Static Member Port ...................................................................................................................318
Viewing MLD Static Multicast Groups ........................................................................................................318
Using the CLI ..........................................................................................................................................................................................318
Enabling MLD Snooping on the Port ...........................................................................................................................318
Configuring MLD Snooping Parameters on the Port .........................................................................................322
Configuring Router Port Time and Member Port Time .....................................................................322
Configuring Fast Leave ......................................................................................................................................323
Configuring Max Group and Overflow Action on the Port ..............................................................324
Configuring MLD Snooping Last Listener Query .................................................................................................325
Configuring MLD Snooping Parameters in the VLAN .......................................................................................326
Configuring Router Port Time and Member Port Time .....................................................................326
Configuring Static Router Port .......................................................................................................................327
Configuring Forbidden Router Port .............................................................................................................328
Configuring Static Multicast (Multicast IP and Forward Port)........................................................329
Configuring MLD Snooping Parameters in the Multicast VLAN ..................................................................330
Configuring Router Port Time and Member Port Time .....................................................................330
Configuring Static Router Port .......................................................................................................................331
Configuring Forbidden Router Port .............................................................................................................332
Configuring Replace Source IP ......................................................................................................................333
Configuring the Querier ......................................................................................................................................................334
Binding Profile to the Port .................................................................................................................................337
Using the GUI .........................................................................................................................................................................................339
Using the CLI ..........................................................................................................................................................................................340
Example for Configuring Basic IGMP Snooping .................................................................................................................343
Using the GUI ............................................................................................................................................................................344
Using the CLI ............................................................................................................................................................................347
Example for Configuring Multicast VLAN ...............................................................................................................................349
Using the GUI ............................................................................................................................................................................350
Using the CLI ............................................................................................................................................................................353
Example for Configuring Unknown Multicast and Fast Leave ....................................................................................355
Using the GUI ............................................................................................................................................................................356
Using the CLI ............................................................................................................................................................................359
Example for Configuring Multicast Filtering ..........................................................................................................................360
Using the GUI ............................................................................................................................................................................361
Using the CLI ............................................................................................................................................................................368
Using the GUI .........................................................................................................................................................................................376
Creating a Layer 3 Interface .............................................................................................................................................376
Configuring IPv4 Parameters of the Interface .......................................................................................................377
Configuring IPv6 Parameters of the Interface .......................................................................................................378
Viewing Detail Information of the Interface .............................................................................................................381
Using the CLI ..........................................................................................................................................................................................381
Creating a Layer 3 Interface .............................................................................................................................................381
Configuring IPv4 Parameters of the Interface .......................................................................................................383
Configuring IPv6 Parameters of the Interface .......................................................................................................384
Using the GUI .........................................................................................................................................................................................390
Using the CLI ..........................................................................................................................................................................................391
Using the GUI .........................................................................................................................................................................................392
Using the CLI ..........................................................................................................................................................................................393
Using the GUI .........................................................................................................................................................................................395
Using the CLI ..........................................................................................................................................................................................396
Example for Static Routing ..........................................................................................................................................398
Using the GUI .........................................................................................................................................................................................398
Using the CLI ..........................................................................................................................................................................................399
Using the GUI .........................................................................................................................................................................................405
Enabling DHCP Relay and Configuring Option 82 ...............................................................................................405
Specifying DHCP Server for the Interface ...............................................................................................................406
Using the CLI ..........................................................................................................................................................................................407
Specifying DHCP Server for the Interface ...............................................................................................................409
Configuration Example ................................................................................................................................................411
Using the GUI .........................................................................................................................................................................................412
Using the CLI ..........................................................................................................................................................................................413
Using the GUI .........................................................................................................................................................................................417
Viewing the ARP Entries .....................................................................................................................................................417
Using the CLI ..........................................................................................................................................................................................418
Configuring ARP Function .................................................................................................................................................418
Supported Features ...........................................................................................................................................................................423
Using the GUI .........................................................................................................................................................................................425
Using CLI ..................................................................................................................................................................................................429
Bandwidth Control Configuration .............................................................................................................................436
Using the GUI .........................................................................................................................................................................................436
Configuring Storm Control ...............................................................................................................................................437
Using the CLI ..........................................................................................................................................................................................438
Configuring Rate Limit on Port .......................................................................................................................................438
Configuring Storm Control ...............................................................................................................................................439
Example for Configuring SP Mode .............................................................................................................................................442
Using the GUI ............................................................................................................................................................................443
Using the CLI ............................................................................................................................................................................444
Example for Configuring WRR Mode ........................................................................................................................................445
Using the GUI ............................................................................................................................................................................446
Using the CLI ............................................................................................................................................................................454
Using the GUI .........................................................................................................................................................................................464
Configuring Voice VLAN Mode on Ports ..................................................................................................................466
Using the CLI .........................................................................................................................................................................................467
Configuration Example .................................................................................................................................................470
Using the GUI .........................................................................................................................................................................................471
Using the CLI ..........................................................................................................................................................................................479
Supported Features ...........................................................................................................................................................................485
PoE Power Management Configurations ..............................................................................................................486
Using the GUI .........................................................................................................................................................................................486
Configuring the PoE Parameters Manually ..............................................................................................................486
Configuring the PoE Parameters Using the Profile .............................................................................................488
Using the CLI ..........................................................................................................................................................................................490
Configuring the PoE Parameters Manually ..............................................................................................................490
Configuring the PoE Parameters Using the Profile .............................................................................................492
Time-Range Function Configurations .....................................................................................................................494
Using the GUI .........................................................................................................................................................................................494
Creating a Time-Range .......................................................................................................................................................494
Configuring the Holiday Parameters ...........................................................................................................................496
Viewing the Time-Range Table ......................................................................................................................................496
Using the CLI ..........................................................................................................................................................................................497
Configuring a Time-Range ................................................................................................................................................497
Configuring the Holiday Parameters ...........................................................................................................................499
Viewing the Time-Range Table ......................................................................................................................................500
Example for PoE Configurations ...............................................................................................................................501
Using the GUI .........................................................................................................................................................................................501
Using the CLI ..........................................................................................................................................................................................503
Supported Features ...........................................................................................................................................................................507
Using the GUI .........................................................................................................................................................................................508
Creating an ACL ......................................................................................................................................................................508
Configuring the ACL Binding and Policy Binding .................................................................................................515
Using the CLI ..........................................................................................................................................................................................519
ACL Binding and Policy Binding .....................................................................................................................................525
Configuration Example for ACL .................................................................................................................................528
Using the GUI .........................................................................................................................................................................................529
Using the CLI ..........................................................................................................................................................................................533
Supported Features ...........................................................................................................................................................................537
Using the GUI .........................................................................................................................................................................................541
Viewing the Binding Entries ..............................................................................................................................................543
Using the CLI ..........................................................................................................................................................................................545
Using the GUI .........................................................................................................................................................................................547
Enabling DHCP Snooping on VLAN .............................................................................................................................547
Configuring DHCP Snooping on Ports ......................................................................................................................548
Using the CLI ..........................................................................................................................................................................................550
Using the GUI .........................................................................................................................................................................................555
Using the CLI ..........................................................................................................................................................................................558
DoS Defend Configuration ..........................................................................................................................................562
Using the GUI .........................................................................................................................................................................................562
Using the CLI ..........................................................................................................................................................................................563
Using the GUI .........................................................................................................................................................................................566
Configuring the RADIUS Server .....................................................................................................................................566
Configuring 802.1X on Ports ...........................................................................................................................................572
Using the CLI ..........................................................................................................................................................................................573
Configuring the RADIUS Server .....................................................................................................................................573
Configuring 802.1X on Ports ...........................................................................................................................................577
Using the GUI .........................................................................................................................................................................................581
Configuring Server Groups ...............................................................................................................................................583
Configuring the Method List ............................................................................................................................................584
Configuring the AAA Application List .........................................................................................................................585
Configuring Login Account and Enable Password .............................................................................................586
Using the CLI ..........................................................................................................................................................................................587
Configuring Server Groups ...............................................................................................................................................590
Configuring the Method List ............................................................................................................................................591
Configuring the AAA Application List .........................................................................................................................592
Configuring Login Account and Enable Password .............................................................................................595
Example for DHCP Snooping and ARP Detection ............................................................................................................597
Using the GUI ............................................................................................................................................................................598
Using the CLI ............................................................................................................................................................................601
Example for 802.1X ............................................................................................................................................................................603
Using the GUI ............................................................................................................................................................................604
Using the CLI ............................................................................................................................................................................607
Example for AAA ..................................................................................................................................................................................609
Using the GUI ............................................................................................................................................................................610
Using the CLI ............................................................................................................................................................................613
Supported Features ...........................................................................................................................................................................621
Using the GUI .........................................................................................................................................................................................622
Global Config ............................................................................................................................................................................622
Port Config .................................................................................................................................................................................624
Using the CLI ..........................................................................................................................................................................................625
Global Config ............................................................................................................................................................................625
Port Config .................................................................................................................................................................................627
Using the GUI .........................................................................................................................................................................................629
Global Config ............................................................................................................................................................................629
Port Config .................................................................................................................................................................................630
Using the CLI ..........................................................................................................................................................................................632
Global Config ............................................................................................................................................................................632
Port Config .................................................................................................................................................................................633
Using GUI ..................................................................................................................................................................................................636
Viewing LLDP Device Info .................................................................................................................................................636
Using CLI ..................................................................................................................................................................................................639
Using GUI ..................................................................................................................................................................................................641
Using CLI ..................................................................................................................................................................................................643
Configuration Example .................................................................................................................................................644
Example for Configuring LLDP ....................................................................................................................................................644
Using the GUI ............................................................................................................................................................................644
Using CLI .....................................................................................................................................................................................645
Example for Configuring LLDP-MED ........................................................................................................................................651
Using the GUI ............................................................................................................................................................................652
Using the CLI ............................................................................................................................................................................656
Supported Features ...........................................................................................................................................................................665
Monitoring the System .................................................................................................................................................666
Using the GUI .........................................................................................................................................................................................666
Monitoring the CPU ..............................................................................................................................................................666
Monitoring the Memory ......................................................................................................................................................667
Using the CLI ..........................................................................................................................................................................................668
Monitoring the CPU ..............................................................................................................................................................668
Monitoring the Memory ......................................................................................................................................................668
System Log Configurations .......................................................................................................................................669
Using the GUI .........................................................................................................................................................................................670
Configuring the Local Log .................................................................................................................................................670
Configuring the Remote Log ...........................................................................................................................................670
Backing up the Log File .....................................................................................................................................................671
Viewing the Log Table .........................................................................................................................................................672
Using the CLI ..........................................................................................................................................................................................672
Configuring the Local Log .................................................................................................................................................672
Configuring the Remote Log ...........................................................................................................................................674
Diagnosing the Device ..................................................................................................................................................676
Using the GUI .........................................................................................................................................................................................676
Using the CLI ..........................................................................................................................................................................................677
Diagnosing the Network ...............................................................................................................................................678
Using the GUI .........................................................................................................................................................................................678
Configuring the Ping Test ..................................................................................................................................................678
Configuring the Tracert Test ...........................................................................................................................................679
Using the CLI ..........................................................................................................................................................................................679
Configuring the Ping Test ..................................................................................................................................................679
Configuring the Tracert Test ...........................................................................................................................................680
Configuration Example for Remote Log .................................................................................................................682
Using the GUI ........................................................................................................................................................................................682
Using the CLI .........................................................................................................................................................................................683
Using the GUI .........................................................................................................................................................................................688
Creating an SNMP View......................................................................................................................................................688
Creating an SNMP Group ..................................................................................................................................................689
Using the CLI ..........................................................................................................................................................................................693
Creating an SNMP View......................................................................................................................................................695
Creating an SNMP Group ..................................................................................................................................................696
Using the GUI .........................................................................................................................................................................................701
Using the CLI ..........................................................................................................................................................................................703
Configuring the Host ............................................................................................................................................................703
Using the GUI .........................................................................................................................................................................................710
Configuring History ...............................................................................................................................................................711
Using the CLI ..........................................................................................................................................................................................715
Configuring History ...............................................................................................................................................................716
Configuration Example ................................................................................................................................................721
Using the GUI .........................................................................................................................................................................................722
Using the CLI ..........................................................................................................................................................................................727
This Configuration Guide provides information for managing T1600G Series Switches.
Please read this guide carefully before operation.
Intended Readers
This Guide is intended for network managers familiar with IT concepts and network
terminologies.
Conventions
When using this guide,please notice that features of the switch may vary slightly
depending on the model and software version you have. All screenshots, images,
parameters and descriptions documented in this guide are used for demonstration only.
The information in this document is subject to change without notice. Every effort has
been made in the preparation of this document to ensure accuracy of the contents, but
all statements, information, and recommendations in this document do not constitute
the warranty of any kind, express or implied. Users must take full responsibility for their
application of any products.
In this Guide, the following conventions are used:
The symbol
make better use of your device.
For GUI:
Menu Name > Submenu Name > Tab page indicates the menu structure. System >
System Info > System Summary means the System Summary page under the System Info
menu option that is located under the System menu.
Bold font indicates a button, a toolbar icon, menu or menu item.
For CLI:
stands for
. Notes contains suggestions or references that helps you
Note
Bold FontAn unalterable keyword.
For example: show logging
Normal FontA constant (several options are enumerated and only one can be
selected).
For example: no bandwidth {all | ingress | egress}
{}Items in braces { } are required.
Configuration Guide 1
About This GuideMore Information
[]Items in square brackets [ ] are optional.
|Alternative items are grouped in braces and separated by vertical bars |.
For example: speed {10 | 100 | 1000}
Italic Font
Common combination:
{[ ][ ][ ]}A least one item in the square brackets must be selected.
A variable (an actual value must be assigned).
For example: bridge aging-time
For example: bandwidth {[ingress
]}
rate
This command can be used on three occasions:
bandwidthingress
bandwidth.
bandwidthegress
bandwidth.
bandwidthingress
restrict ingress and egress bandwidth.
i
ngress-rate
egress-rate
ingress-rate
aging-time
ingress-rate
is used to restrict ingress
is used to restrict egress
egress
egress-rate
] [egress
is used to
More Information
egress-
The latest software and documentations can be found at Download Center at http://
www.tp-link.com/support.
The Installation Guide (IG) can be found where you find this guide or inside the package
of the switch.
Specifications can be found on the product page at http://www.tp-link.com.
A Technical Support Forum is provided for you to discuss our products at http://forum.
tp-link.com.
Our Technical Support contact information can be found at the Contact Technical
Support page at http://www.tp-link.com/support.
Configuration Guide 2
Part 1
Accessing the Switch
CHAPTERS
1. Overview
2. Web Interface Access
3. Command Line Interface Access
Accessing the SwitchOverview
1
Overview
You can access and manage the switch using the GUI (Graphical User Interface, also called
web interface in this text) or using the CLI (Command Line Interface). There are equivalent
functions in the web interface and the command line interface, while web configuration is
easier and more visual than the CLI configuration. You can choose the method according
to their available applications and preference.
Configuration Guide 4
Accessing the SwitchWeb Interface Access
2
Web Interface Access
You can access the switch’s web interface through the web-based authentication.
The switch uses two built-in web servers, HTTP server and HTTPS server, for user
authentication.
The following example shows how to login via the HTTP server.
2.1 Login
To manage your switch through a web browser in the host PC:
1) Make sure that the route between the host PC and the switch is available.
2) Launch a web browser. The supported web browsers include, but are not limited to, the
following types:
IE 8.0, 9.0, 10.0, 11.0
Firefox 26.0, 27.0
Chrome 32.0, 33.0
3) Enter the switch’s IP address in the web browser’s address bar. The switch’s default IP
address is 192.168.0.1.
Figure 2-1 Enter the switch's IP addresss in the browser
4) Enter the username and password in the pop-up login window. Use admin for both
username and password in lower case letters.
Figure 2-2 Login authentication
5) The typical web interface displays below. You can view the switch’s running status and
configure the switch on this interface.
Configuration Guide
5
Accessing the SwitchWeb Interface Access
Figure 2-3 Web interface
2.2 Save Config Function
The switch’s configuration files fall into two types: the running configuration file and the
start-up configuration file.
After you perform configurations on the sub-interfaces and click Apply, the modifications
will be saved in the running configuration file. The configurations will be lost when the
switch reboots.
If you need to keep the configurations after the switch reboots, please user the Save Config
function on the main interface to save the configurations in the start-up configuration file.
Configuration Guide 6
Accessing the SwitchWeb Interface Access
Figure 2-4 Save Config
2.3 Disable the Web Server
You can shut down the HTTP server or HTTPS server to block any access to the web
interface.
System > Access Security > HTTP Config, disable the HTTP server and click Apply.
Go to
Figure 2-5 Shut down HTTP server
Configuration Guide
7
Accessing the SwitchWeb Interface Access
System > Access Security > HTTPS Config, disable the HTTPS server and click Apply.
Go to
Figure 2-6 Disbale the HTTPS Server
2.4 Configure the Switch's IP Address and Default Gateway
If you want to access the switch via a specified port (hereafter referred to as the access
port), you can configure the port as a routed port and specify its IP address, or configure
the IP address of the VLAN which the access port belongs to.
Change the IP Address
By default, all the ports belong to VLAN 1 with the VLAN interface IP 192.168.0.1.
The following example shows how to change the switch’s default access IP address
192.168.0.1.
1) Go to
Routing > Interface > Interface Config
. The default access IP address in VLAN 1 in
the Interface List. Click Edit to modify the VLAN1’s IP address.
Figure 2-7 Change VLAN1's IP address
2) Choose the IP Address Mode as Static. Enter the new access address in the IP
Address field and click Apply. Make sure that the route between the host PC and the
switch’s new IP address is available.
Configuration Guide 8
Accessing the SwitchWeb Interface Access
Figure 2-8 Specify the IP address
3) Enter the new IP address in the web browser to access the switch.
4) Click Save Config to save the settings.
Configure the Default Gateway
The following example shows how to configure the switch’s gateway. By default, the switch
has no default gateway.
Subnet MaskSpecify the subnet mask as 255.255.255.0.
Next HopConfigure your desired default gateway as the next hop’s IP address.
Configuration Guide
9
Accessing the SwitchWeb Interface Access
DistanceSpecify the distance as 1.
2) Click Save Config to save the settings.
3) Check the routing table to verify the default gateway you configured. The entry marked
in red box displays the valid default gateway.
Figure 2-10 View the default gateway
Configuration Guide 10
Accessing the SwitchCommand Line Interface Access
3
Command Line Interface Access
Users can access the switch's command line interface through the console (only for switch
with console port), Telnet or SSH connection, and manage the switch with the command
lines.
Console connection requires the host PC connecting to the switch’s console port directly,
while Telnet and SSH connection support both local and remote access.
The following table shows the typical applications used in the CLI access.
Table 3-1 Method list
MethodUsing PortTypical Applications
ConsoleConsole port (connected
directly)
TelnetRJ-45 portCMD
SSHRJ-45 portPutty
Hyper Terminal
3.1 Console Login (only for switch with console port)
Follow these steps to log in to the switch via the Console port:
1) Connect the PC or terminal to the Console port on the switch with the serial cable.
2) Start the terminal emulation program (such as the Hyper Terminal) on the PC and
configure the terminal emulation program as follows:
·Baud Rate: 38400bps
·Data Bits: 8
·Parity: None
·Stop Bits: 1
·Flow Control: None
3) Press Enter in the main window and Switch> will appear, indicating that you have
successfully logged in to the switch and you can use the CLI now.
Configuration Guide
11
Accessing the SwitchCommand Line Interface Access
Figure 3-1 CLI Main Window
4) Enter enable to enter the User EXEC Mode to further configure the switch.
Figure 3-2 User EXEC Mode
Note:
In Windows XP, go to Start > All Programs > Accessories > Communications > Hyper Terminal to
open the Hyper Terminal and configure the above settings to log in to the switch.
Configuration Guide 12
Accessing the SwitchCommand Line Interface Access
3.2 Telnet Login
The switch supports Login Local Mode for authentication by default.
Login Local Mode: Username and password are required, which are both admin by default.
The following steps show how to manage the switch via the Login Local Mode:
1) Make sure the switch and the PC are in the same LAN (Local Area Network). Click Start
and type in cmd in the Search bar and press Enter.
Figure 3-3 Open the cmd Window
2) Type in telnet 192.168.0.1 in the cmd window and press Enter.
Figure 3-4 Log In to the Switch
3) Type in the login username and password (both admin by default). Press Enter and you
will enter User EXEC Mode.
Figure 3-5 Enter User EXEC Mode
4) Type in enable command and you will enter Privileged EXEC Mode. By default no
password is needed. Later you can set a password for users who want to access the
Privileged EXEC Mode.
Configuration Guide
13
Accessing the SwitchCommand Line Interface Access
Figure 3-6 Enter Privileged EXEC Mode
Now you can manage your switch with CLI commands through Telnet connection.
3.3 SSH Login
SSH login supports the following two modes: Password Authentication Mode and Key
Authentication Mode. You can choose one according to your needs:
Password Authentication Mode: Username and password are required, which are both
admin by default.
Key Authentication Mode (Recommended): A public key for the switch and a private key
for the client software (PuTTY) are required. You can generate the public key and the
private key through the PuTTY Key Generator.
Before logging in via SSH, follow the steps below to enable SSH on the terminal emulation
program:
Figure 3-7 Enable SSH
Password Authentication Mode
1) Open PuTTY and go to the Session page. Enter the IP address of the switch in the Host
Name field and keep the default value 22 in the Port field; select SSH as the Connection
type. Click Open.
Configuration Guide 14
Accessing the SwitchCommand Line Interface Access
Figure 3-8 Configurations in PuTTY
2) Enter the login username and password to log in to the switch, and you can continue to
configure the switch.
Figure 3-9 Log In to the Switch
Key Authentication Mode
1) Open the PuTTY Key Generator. In the Parameters section, select the key type and
enter the key length. In the Actions section, click Generate to generate a public/private
key pair. In the following figure, an SSH-2 RSA key pair is generated, and the length of
each key is 1024 bits.
Configuration Guide
15
Accessing the SwitchCommand Line Interface Access
Figure 3-10 Generate a Public/Private Key Pair
Note:
The key length should be between 512 and 3072 bits.
•
You can accelerate the key generation process by moving the mouse quickly and randomly in
•
the Key section.
2) After the keys are successfully generated, click Save public key to save the public key
to a TFTP server; click Save private key to save the private key to the host PC.
Figure 3-11 Save the Generated Keys
Configuration Guide 16
Accessing the SwitchCommand Line Interface Access
3) On Hyper Terminal, download the public key file from the TFTP server to the switch as
shown in the following figure:
Figure 3-12 Download the Public Key to the Switch
Note:
The key type should accord with the type of the key file. In the above CLI, v1 corresponds to
•
SSH-1 (RSA), and v2 corresponds to SSH-2 RSA and SSH-2 DSA.
The key downloading process cannot be interrupted.
•
4) After the public key is downloaded, open PuTTY and go to the Session page. Enter the
IP address of the switch and select SSH as the Connection type (keep the default value
in the Port field).
Figure 3-13 Configure the Host Name and Connection Type
5) Go to Connection > SSH > Auth. Click Browse to download the private key file to
PuTTY. Click Open to start the connection and negotiation.
Configuration Guide
17
Accessing the SwitchCommand Line Interface Access
Figure 3-14 Download the Private Key to PuTTY
6) After negotiation is completed, enter the username to log in. If you can log in without
entering the password, the key authentication completed successfully.
Figure 3-15 Log In to the Switch
3.4 Disable Telnet login
You can shut down the Telnet function to block any Telnet access to the CLI interface.
Using the GUI:
System > Access Security > Telnet Config, disable the Telnet function and click Apply.
Go to
Figure 3-16 Disable Telnet login
Configuration Guide 18
Accessing the SwitchCommand Line Interface Access
Using the CLI:
Switch#configure
Switch(config)#telnet disable
3.5 Disable SSH login
You can shut down the SSH server to block any SSH access to the CLI interface.
Using the GUI:
System > Access Security > SSH Config, disable the SSH server and click Apply.
Go to
Figure 3-17 Shut down SSH server
Using the CLI:
Switch#configure
Switch(config)#no ip ssh server
3.6 Copy running-config startup-config
The switch’s configuration files fall into two types: the running configuration file and the
start-up configuration file.
After you enter each command line, the modifications will be saved in the running
configuration file. The configurations will be lost when the switch reboots.
If you need to keep he configurations after the switch reboots, please use the command
copy running-config startup-config to save the configurations in the start-up
configuration file.
Switch(config)#end
Switch#copy running-config startup-config
Configuration Guide
19
Accessing the SwitchCommand Line Interface Access
3.7 Change the Switch's IP Address and Default Gateway
If you want to access the switch via a specified port (hereafter referred to as the access
port), you can configure the port as a routed port and specify its IP address, or configure
the IP address of the VLAN which the access port belongs to.
Change the IP Address
By default, all the ports belong to VLAN 1 with the VLAN interface IP 192.168.0.1/24. In
the following example, we will show how to replace the switch’s default access IP address
The System module is mainly used to configure and view the system information of the
switch. It provides controls over the type of the access users and the access security.
1.2 Supported Features
System Info
The System Info is mainly used for the basic properties configuration. You can view the
switch’s port status and system information, and configure the device description, system
time, and daylight saving time.
User management
User Management function is used to configure the user name and password for users to
log into the switch with a certain access level so as to protect the settings of the switch
from being randomly changed.
System Tools
The System Tools are used to manage the configuration file of the switch. With these tools,
you can configure the boot file of the switch, backup and restore the configurations of the
switch, update the firmware, reset the switch, and reboot the switch.
Boot Config function is used to configure the boot file of the switch uploaded before, and
the switch will boot up according to your configuration file.
Reboot Schedule function is used to set a schedule for the switch to reboot.
Access Security
Access Security provides different security measures for accessing the switch remotely
so as to enhance the configuration management security.
Access Control function is used to control the users’ access to the switch by filtering IP
address, MAC address or port.
HTTP Config function is based on the HTTP protocol. It can allow or deny users to access
the switch via a web browser.
HTTPS Config function is based on the SSL or TLS protocol working in transport layer. It
supports a security access via a web browser.
Configuration Guide 22
Managing SystemSystem
SSH Config function is based on the SSH protocol, a security protocol established on
application and transport layers. The function with SSH is similar to a telnet connection, but
SSH can provide information security and powerful authentication.
SDM Template
The switch SDM (Switch Database Management) templates prioritize system resources to
optimize support for certain features. SDM Template function provides three templates for
users to allocate hardware resources for different usage.
Configuration Guide
23
Managing SystemSystem Info Configurations
2
System Info Configurations
With system information configurations, you can:
View the system summary
Specify the device description
Set the system time
Set the daylight saving time
2.1 Using the GUI
2.1.1 Viewing the System Summary
Choose the menu System > System Info > System Summary to load the following page.
Figure 2-1 Viewing the System Summary
Port StatusIndication
Indicates that the corresponding 1000Mbps port is not connected to a device.
Indicates that the corresponding 1000Mbps port is at the speed of 1000Mbps.
Indicates that the corresponding 1000Mbps port is at the speed of 10Mbps or
100Mbps.
Indicates that the corresponding SFP port is not connected to a device.
Configuration Guide 24
Managing SystemSystem Info Configurations
Indicates the SFP port is at the speed of 1000Mbps.
Move the cursor to the port to view the detailed information of the port.
Figure 2-2 Port Information
Port InformationIndication
PortDisplays the port number of the switch.
TypeDisplays the type of the port.
SpeedDisplays the maximum transmission rate of the port.
StatusDisplays the connection status of the port.
Click a port to view the bandwidth utilization on this port.
Figure 2-3 Bnadwidth Utilization
RxSelect Rx to view the bandwidth utilization of receiving packets on this port.
TxSelect Tx to view the bandwidth utilization of sending packets on this port.
Configuration Guide
25
Managing SystemSystem Info Configurations
2.1.2 Specifying the Device Description
Choose the menu System > System Info > Device Description to load the following page.
Figure 2-4 Specifying the Device Description
1) In the Device Description section, specify the following information.
Device NameEnter the name of the switch.
Device LocationEnter the location of the switch.
System ContactEnter the contact information.
2) Click Apply.
2.1.3 Setting the System Time
Choose the menu System > System Info > System Time to load the following page.
Figure 2-5 Setting the System Time
In the Time Info section, view the current time information of the switch.
Configuration Guide 26
Managing SystemSystem Info Configurations
Current System
Time
Current Time
Source
Displays the current date and time of the switch.
Displays the current time source of the switch.
In the Time Config section, follow these steps to configure the system time:
1) Choose one method to set the system time and specify the information.
ManualSet the system time manually.
Date: Specify the date of the system.
Time: Specify the time of the system.
Get Time from
NTP Server
Set the system time by getting time from NTP server. Make sure the NTP server
is accessible on your network. If the NTP server is on the Internet, connect the
switch to the Internet first.
Time Zone: Select your local time zone.
Primary Server: Enter the IP Address of the primary NTP server.
Secondary Server: Enter the IP Address of the secondary NTP server.
Update Rate: Specify the interval the switch fetching time from NTP server, which
ranges from 1 to 24 hours. The default value is 12 hours.
Synchronize
with PC’s Clock
Synchronize the system time of the switch with PC’s clock.
2) Click Apply.
2.1.4 Setting the Daylight Saving Time
Choose the menu System > System Info > Daylight Saving Time to load the following
page.
Configuration Guide
27
Managing SystemSystem Info Configurations
Figure 2-6 Setting the Daylight Saving Time
Follow these steps to configure Daylight Saving Time:
1) In the DST Config section, select Enable to enable the Daylight Saving Time function.
2) Choose one method to set the Daylight Saving Time of the switch and specify the
information.
Predefined
Mode
Recurring ModeIf you select Recurring Mode, specify a cycle time range for the Daylight Saving
If you select Predefined Mode, choose a predefined DST schedule for the switch.
USA: Select the Daylight Saving Time of the USA. It is from 2: 00 a.m. on the
Second Sunday in March to 2:00 a.m. on the First Sunday in November.
Australia: Select the Daylight Saving Time of Australia. It is from 2:00 a.m. on the
First Sunday in October to 3:00 a.m. on the First Sunday in April.
Europe: Select the Daylight Saving Time of Europe. It is from 1: 00 a.m. on the Last
Sunday in March to 1:00 a.m. on the Last Sunday in October.
New Zealand: Select the Daylight Saving Time of New Zealand. It is from 2: 00 a.m.
on the Last Sunday in September to 3:00 a.m. on the First Sunday in April.
Time of the switch. This configuration will be used every year.
Offset: Specify the time to set the clock forward by.
Start Time: Specify the start time of Daylight Saving Time. The interval between
start time and end time should be more than 1 day and less than 1 year(365 days).
End Time: Specify the end time of Daylight Saving Time. The interval between
start time and end time should be more than 1 day and less than 1 year (365 days).
Configuration Guide 28
Managing SystemSystem Info Configurations
Date ModeIf you select Date Mode, specify an absolute time range for the Daylight Saving
Time of the switch. This configuration will be used only one time.
Offset: Specify the time to set the clock forward by.
Start Time: Specify the start time of Daylight Saving Time. The interval between
start time and end time should be more than 1 day and less than 1 year(365 days).
End Time: Specify the end time of Daylight Saving Time. The interval between
start time and end time should be more than 1 day and less than 1 year (365 days).
3) Click Apply.
2.2 Using the CLI
2.2.1 Viewing the System Summary
On privileged EXEC mode or any other configuration mode, you can use the following
command to view the system information of the switch:
show interface status [ fastEthernet
View status of the interface.
: Enter the number of the Ethernet port.
port
show system-info
View the system information including system Description, Device Name, Device Location, System
Contact, Hardware Version, Firmware Version, System Time, Run Time and so on.
| gigabitEthernet
port
| ten-gigabitEthernet
port
port
]
The following example shows how to view the interface status and the system information
of the switch.
Switch#show interface status
Port Status Speed Duplex FlowCtrl Jumbo Active-Medium
System Description - JetStream 48-Port Gigabit Smart Switch with 4 SFP Slots
System Name - T1600G-52TS
System Location - SHENZHEN
Contact Information - www.tp-link.com
Hardware Version - T1600G-52TS 1.0
Software Version - 1.0.3 Build 20160412 Rel.52132(s)
System Time - 2016-01-04 10:07:38
Running Time - 3 day - 2 hour - 8 min - 26 sec
2.2.2 Specifying the Device Description
Follow these steps to specify the device description:
Step 1configure
Enter global configuration mode.
Step 2hostname [
Specify the system name of the switch.
hostname
default, it is the model name of the switch.
Step 3location [
Specify the system location of the switch.
location
it is “SHENZHEN”.
Step 4contact-info [
Specify the system contact Information.
contact-info
default, it is “www.tp-link.com”.
Step 5show system-info
hostname
: Enter the system name. The length of the name ranges from 1 to 32 characters. By
location
: Enter the device location. It should consist of no more than 32 characters. By default,
contact-info
: Enter the contact information. It should consist of no more than 32 characters. By
]
]
]
Verify the system information including system Description, Device Name, Device Location,
System Contact, Hardware Version, Firmware Version, System Time, Run Time and so on.
Step 6end
Return to privileged EXEC mode.
Step 7copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the device name as Switch_A, set the location as
BEIJING and set the contact information as http://www.tp-link.com.
System Description - JetStream 48-Port Gigabit Smart Switch with 4 SFP Slots
System Name - Switch_A
System Location - BEIJING
Contact Information - http://www.tp-link.com
...
Switch(config)#end
Switch#copy running-config startup-config
2.2.3 Setting the System Time
Follow these steps and choose one method to set the system time:
Step 1configure
Enter global configuration mode.
Step 2Use the following command to set the system time manually:
system-time manual
Configure the system time manually.
: Specify the date and time manually in the format of MM/DD/YYYY-HH:MM:SS. The valid
time
value of the year ranges from 2000 to 2037.
Use the following command to set the system time by getting time from the NTP server:
system-time ntp {
Configure the time zone and the NTP server to get time from the NTP server. Ensure the NTP
server is accessible. If the NTP server is on the Internet, connect the switch to the Internet first.
time
timezone
} {
ntp-server
} {
backup-ntp-server
} {
fetching-rate
}
timezone
: Enter your local time-zone, which ranges from UTC-12:00 to UTC+13:00.
Configuration Guide
31
Managing SystemSystem Info Configurations
The detailed information of each time-zone are displayed as follows:
UTC-12:00 —— TimeZone for International Date Line West.
UTC-11:00 —— TimeZone for Coordinated Universal Time-11.
UTC-10:00 —— TimeZone for Hawaii.
UTC-09:00 —— TimeZone for Alaska.
UTC-08:00 —— TimeZone for Pacific Time (US Canada).
UTC-07:00 —— TimeZone for Mountain Time (US Canada).
UTC-06:00 —— TimeZone for Central Time (US Canada).
UTC-05:00 —— TimeZone for Eastern Time (US Canada).
UTC-04:30 —— TimeZone for Caracas.
UTC-04:00 —— TimeZone for Atlantic Time (Canada).
UTC-03:30 —— TimeZone for Newfoundland.
UTC-03:00 —— TimeZone for Buenos Aires, Salvador, Brasilia.
UTC-02:00 —— TimeZone for Mid-Atlantic.
UTC-01:00 —— TimeZone for Azores, Cape Verde Is.
UTC —— TimeZone for Dublin, Edinburgh, Lisbon, London.
UTC+01:00 —— TimeZone for Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.
UTC+02:00 —— TimeZone for Cairo, Athens, Bucharest, Amman, Beirut, Jerusalem.
UTC+03:00 —— TimeZone for Kuwait, Riyadh, Baghdad.
UTC+03:30 —— TimeZone for Tehran.
UTC+04:00 —— TimeZone for Moscow, St.Petersburg, Volgograd, Tbilisi, Port Louis.
UTC+04:30 —— TimeZone for Kabul.
UTC+05:00 —— TimeZone for Islamabad, Karachi, Tashkent.
UTC+05:30 —— TimeZone for Chennai, Kolkata, Mumbai, New Delhi.
UTC+05:45 —— TimeZone for Kathmandu.
UTC+06:00 —— TimeZone for Dhaka,Astana, Ekaterinburg.
UTC+06:30 —— TimeZone for Yangon (Rangoon).
UTC+07:00 —— TimeZone for Novosibrisk, Bangkok, Hanoi, Jakarta.
UTC+08:00 —— TimeZone for Beijing, Chongqing, Hong Kong, Urumqi, Singapore.
UTC+09:00 —— TimeZone for Seoul, Irkutsk, Osaka, Sapporo, Tokyo.
UTC+09:30 —— TimeZone for Darwin, Adelaide.
UTC+10:00 —— TimeZone for Canberra, Melbourne, Sydney, Brisbane.
UTC+11:00 —— TimeZone for Solomon Is., New Caledonia, Vladivostok.
UTC+12:00 —— TimeZone for Fiji, Magadan, Auckland, Welington.
UTC+13:00 —— TimeZone for Nuku’alofa, Samoa.
ntp-server
backup-ntp-server
fetching-rate
: Specify the IP address of the primary NTP server.
: Specify the IP address of the backup NTP server.
: Specify the interval fetching time from the NTP server.
Configuration Guide 32
Managing SystemSystem Info Configurations
Step 3Use the following command to verify the system time information.
show system-time
Verify the system time information.
Use the following command to verify the NTP mode configuration information.
show system-time ntp
Verify the system time information of NTP mode.
Step 4end
Return to privileged EXEC mode.
Step 5copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the system time by Get Time from NTP Server and
set the time zone as UTC+08:00, set the NTP server as 133.100.9.2, set the backup NTP
server as 139.78.100.163 and set the update rate as 11.
Follow these steps and choose one method to set the Daylight Saving Time:
Step 1configure
Enter global configuration mode.
Configuration Guide
33
Managing SystemSystem Info Configurations
Step 2Use the following command to select a predefined Daylight Saving Time configuration:
system-time dst predefined [ USA | Australia | Europe | New-Zealand ]
Specify the Daylight Saving Time using a predefined schedule.
USA | Australia | Europe | New-Zealand: Select one mode of Daylight Saving Time.
USA: 02:00 a.m. on the Second Sunday in March ~ 02:00 a.m. on the First Sunday in November.
Australia: 02:00 a.m. on the First Sunday in October ~ 03:00 a.m. on the First Sunday in April.
Europe: 01:00 a.m. on the Last Sunday in March ~ 01:00 a.m. on the Last Sunday in October.
New Zealand: 02:00 a.m. on the Last Sunday in September ~ 03:00 a.m. on the First Sunday in
April.
Use the following command to set the Daylight Saving Time in recurring mode:
system-time dst recurring {
} [
etime
Specify the Daylight Saving Time in Recuring mode.
: Enter the start week of Daylight Saving Time. There are 5 values showing as follows:
sweek
first, second, third, fourth, last.
: Enter the start day of Daylight Saving Time. There are 7 values showing as follows: Sun,
sday
Mon, Tue, Wed, Thu, Fri, Sat.
smonth
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
: Enter the start time of Daylight Saving Time,in the format of HH:MM.
stime
: Enter the end week of Daylight Saving Time. There are 5 values showing as follows:
eweek
first, second, third, fourth, last.
: Enter the end day of Daylight Saving Time. There are 7 values showing as follows: Sun,
eday
Mon, Tue, Wed, Thu, Fri, Sat.
emonth
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
: Enter the end time of Daylight Saving Time,in the format of HH:MM.
etime
: Enter the offset of Daylight Saving Time. The default value is 60.
offset
]
offset
: Enter the start month of Daylight Saving Time. There are 12 values showing as follows:
: Enter the end month of Daylight Saving Time. There are 12 values showing as follows:
sweek
} {
sday
} {
smonth
} {
stime
} {
eweek
} {
eday
} {
emonth
} {
Use the following command to set the Daylight Saving Time in date mode:
system-time dst date {
]
offset
Specify the Daylight Saving Time in Date mode.
smonth
} {
sday
} {
stime
} {
syear
} {
emonth
} {
eday
Configuration Guide 34
} {
etime
} {
eyear
} [
Managing SystemSystem Info Configurations
: Enter the start month of Daylight Saving Time. There are 12 values showing as follows:
smonth
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
: Enter the start day of Daylight Saving Time, which ranges from 1 to 31.
sday
: Enter the start time of Daylight Saving Time,in the format of HH:MM.
stime
: Enter the start year of Daylight Saving Time.
syear
: Enter the end month of Daylight Saving Time. There are 12 values showing as follows:
emonth
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
: Enter the end day of Daylight Saving Time, which ranges from 1 to 31.
eday
: Enter the end time of Daylight Saving Time,in the format of HH:MM.
etime
: Enter the end year of Daylight Saving Time.
eyear
: Enter the offset of Daylight Saving Time. The default value is 60.
offset
Step 3show system-time dst
Verify the DST information of the switch.
Step 4end
Return to privileged EXEC mode.
Step 5copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the Daylight Saving Time by Date Mode. Set the
start time as 01:00 August 1st, 2016, set the end time as 01:00 September 1st,2016 and
set the offset as 50.
Switch#configure
Switch(config)#system-time dst date Aug 1 01:00 2016 Sep 1 01:00 2016 50
Switch(config)#show system-time dst
DST starts at 01:00:00 on Aug 1 2016
DST ends at 01:00:00 on Sep 1 2016
DST offset is 50 minutes
DST configuration is one-off
Switch(config)#end
Switch#copy running-config startup-config
Configuration Guide
35
Managing SystemUser Management Configurations
3
User Management Configurations
With user management configurations, you can:
Create Admin accounts
Create accounts of other types
3.1 Using the GUI
3.1.1 Creating Admin Accounts
Choose the menu System > User Management > User Config to load the following page.
Figure 3-1 Create Admin Accounts
Follow these steps to create an Admin account:
1) In the User Info section, select Admin from the drop-down list and specify the user
name and password.
User NameCreate a user name for users' login. It contains 16 characters at most,
composed of digits, English letters and underscore only.
Configuration Guide 36
Managing SystemUser Management Configurations
Access LevelSelect the access level as Admin.
Admin: Admin can edit, modify and view all the settings of different
functions.
Operator: Operator can edit, modify and view most of the settings of
different functions.
Power User: Power User can edit, modify and view some of the settings of
different functions.
User: User can only view the settings without the right to edit or modify.
PasswordType a password for users' login. It is a string from 1 to 31 alphanumeric
characters or symbols. You can use digits, English letters (case sensitive),
underscore and sixteen special characters.
Confirm
Password
Retype the password.
2) Click Create.
3.1.2 Creating Accounts of Other Types
You can create accounts with the access level of Operator,Power User and User here. You
also need to go to the AAA section to create an Enable Password for these accounts. The
Enable Password is used to change the users’ access level to Admin.
Creating an Account
Choose the menu System > User Management > User Config to load the following page.
Figure 3-2 Create Accounts of Other Types
Follow these steps to create an account of other types:
1) In the User Info section, select the access level from the drop-down list and specify the
user name and password.
Configuration Guide
37
Managing SystemUser Management Configurations
User NameCreate a user name for users' login. It contains 16 characters at most,
composed of digits, English letters and under dashes only.
Access LevelSelect the access level as Operator, Power User or User.
Admin: Admin can edit, modify and view all the settings of different
functions.
Operater: Operator can edit, modify and view most of the settings of
different functions.
Power User: Power User can edit, modify and view some of the settings of
different functions.
User: User can only view the settings without the right to edit or modify.
PasswordType a password for users' login. It is a string from 1 to 31 alphanumeric
characters or symbols. You can use digits, English letters (case sensitive),
underscore and sixteen special characters.
Confirm
Password
Retype the password.
2) Click Create.
Configuring Enable Password
Choose the menu Network Security > AAA > Global Config to load the following page.
Figure 3-3 Configure the AAA Function
1) Select Enable and Click Apply to enable the AAA function.
2) Specify the Enable Password and Click Apply.
Tips:
The AAA function applies another method to manage the access users' name and
password. For details, refer to
The logged-in users can enter the Enable Password on this page to get the
AAA Configuration
in
Configuring Network Security.
administrative privileges.
Configuration Guide 38
Managing SystemUser Management Configurations
3.2 Using the CLI
3.2.1 Creating Admin Accounts
Follow these steps to create an Admin account:
Step 1configure
Enter global configuration mode.
Step 2Use the following command to create an account unencrypted or symmetric encrypted.
user name
Create an account whose access level is Admin.
: Enter a user name for users’ login. It contains 16 characters at most, composed of
name
digits, English letters and underscore only.
admin: Select the access level for the user. Admin can edit, modify and view all the settings of
different functions.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, and
the password is saved to the configuration file unencrypted. By default, the encryption type is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
7: Specify the encryption type. 7 indicates that the password you entered is symmetric
encrypted, and the password is saved to the configuration file symmetric encrypted.
encrypted-password
copy from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
Use the following command to create an account MD5 encrypted.
user name
: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters
{ privilege admin } password { [ 0 ]
name
: Enter a symmetric encrypted password with fixed length, which you can
{ privilege admin } secret { [ 0 ]
name
password
password
| 7
encrypted-password
| 5
encrypted-password
}
}
Create an account whose access level is Admin.
: Enter a user name for users’ login. It contains 16 characters at most, composed of
name
digits, English letters and underscore only.
admin: Select the access level for the user. Admin can edit, modify and view all the settings of
different functions.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, but
the password is saved to the configuration file MD5 encrypted. By default, the encryption type
is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
5: Specify the encryption type. 5 indicates that the password you entered is MD5 encrypted,
and the password is saved to the configuration file MD5 encrypted.
encrypted-password
from another switch’s configuration file.
: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters
: Enter a MD5 encrypted password with fixed length, which you can copy
Configuration Guide
39
Managing SystemUser Management Configurations
Step 3show user account-list
Verify the information of the current users.
Step 4end
Return to privileged EXEC mode.
Step 5copy running-config startup-config
Save the settings in the configuration file.
3.2.2 Creating Accounts of Other Types
You can create accounts with the access level of Operator, Power user and User here. You
also need to go to the AAA section to create an Enable Password for these accounts. The
Enable Password is used to change the users’ access level to Admin.
Follow these steps to create an account of other type:
Step 1configure
Enter global configuration mode.
Configuration Guide 40
Managing SystemUser Management Configurations
Step 2Use the following command to create an account unencrypted or symmetric encrypted.
user name
encrypted-password
Create an account whose access level is Operator, Power User or User.
: Enter a user name for users’ login. It contains 16 characters at most, composed of
name
digits, English letters and underscore only.
operator | power_user | user: Select the access level for the user. Operator can edit, modify
and view mostly the settings of different functions. Power User can edit, modify and view some
the settings of different functions. User only can view the settings without the right to edit and
modify.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, and
the password is saved to the configuration file unencrypted. By default, the encryption type is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
7: Specify the encryption type. 7 indicates that the password you entered is symmetric
encrypted, and the password is saved to the configuration file symmetric encrypted.
: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters
encrypted-password
copy from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
: Enter a symmetric encrypted password with fixed length, which you can
password
| 7
Use the following command to create an account MD5 encrypted.
user name
password
Create an account whose access level is Operator, Power User or User.
name
digits, English letters and underscore only.
operator | power_user | user: Select the access level for the user. Operator can edit, modify
and view mostly the settings of different functions. Power User can edit, modify and view some
the settings of different functions. User only can view the settings without the right to edit and
modify.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, but
the password is saved to the configuration file MD5 encrypted. By default, the encryption type
is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
5: Specify the encryption type. 5 indicates that the password you entered is MD5 encrypted,
and the password is saved to the configuration file MD5 encrypted.
}
: Enter a user name for users’ login. It contains 16 characters at most, composed of
: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters
encrypted-password
from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
: Enter a MD5 encrypted password with fixed length, which you can copy
password
| 5
encrypted-
Step 3aaa enable
Globally enable the AAA function.
Configuration Guide
41
Managing SystemUser Management Configurations
Step 4Use the following command to create an enable password unencrypted or symmetric
encrypted.
enable admin password { [ 0 ]
Create an Enable Password. It can change the users’ access level to Admin. By default, it is
empty.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, and
the password is saved to the configuration file unencrypted. By default, the encryption type is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
7: Specify the encryption type. 7 indicates that the password you entered is symmetric
encrypted, and the password is saved to the configuration file symmetric encrypted.
encrypted-password
copy from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
Use the following command to create an enable password unencrypted or MD5 encrypted.
enable admin secret { [ 0 ]
Create an Enable Password. It can change the users’ access level to Admin. By default, it is
empty.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, but
the password is saved to the configuration file MD5 encrypted. By default, the encryption type
is 0.
: Enter an enable password. It is a string from 1 to 31 alphanumeric characters
: Enter a symmetric encrypted password with fixed length, which you can
password
password
| 7
encrypted-password
| 5
encrypted-password
}
}
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
5: Specify the encryption type. 5 indicates that the password you entered is MD5 encrypted,
and the password is saved to the configuration file MD5 encrypted.
encrypted-password
from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
Step 5show user account-list
Verify the information of the current users.
Step 6end
Return to privileged EXEC mode.
Step 7copy running-config startup-config
Save the settings in the configuration file.
: Enter an enable password. It is a string from 1 to 31 alphanumeric characters
: Enter a MD5 encrypted password with fixed length, which you can copy
Tips:
The AAA function applies another method to manage the access users’ name and
password. For details, refer to
AAA Configuration
in
Configuring Network Security
.
The logged-in users can enter the Enable Password on this page to get the
administrative privileges.
Configuration Guide 42
Managing SystemUser Management Configurations
The following example shows how to create a uesr with the access level of Operator, set
the user name as user1 and set the password as 123. Enable AAA function and set the
enable password as abc123.
Switch#configure
Switch(config)#user name user1 privilege operator password 123
Switch(config)#aaa enable
Switch(config)#enable admin password abc123
Switch(config)#show user account-list
Index User-Name User-Type
----- --------- ---------
1 user1 Operator
2 admin Admin
Switch(config)#end
Switch#copy running-config startup-config
Configuration Guide
43
Managing SystemSystem Tools Configurations
4
System Tools Configurations
With system tools configurations, you can:
Configure the boot file
Restore the configuration of the switch
Back up the configuration file
Upgrade the firmware
Reboot the switch
Configure the reboot schedule
Reset the switch
4.1 Using the GUI
4.1.1 Configuring the Boot File
Choose the menu System > System Tools > Boot Config to load the following page.
Figure 4-1 Configuring the Boot File
Follow these steps to configure the boot file:
1) In the Boot Table section, select one or more units and configure the relevant
parameters.
Configuration Guide 44
Managing SystemSystem Tools Configurations
SelectSelect one or more units to be configured.
UnitDisplays the number of the unit.
Current Startup
Image
Next Startup
Image
Backup ImageSelect the backup image. When the switch fails to start up with the next startup
Displays the current startup image.
Select the next startup image. When the switch is powered on, it will try to start up
with the next startup image. The next startup and backup image should not be the
same.
image, it will try to start up with the backup image. The next startup and backup
image should not be the same.
2) Click Apply.
4.1.2 Restoring the Configuration of the Switch
Choose the menu System > System Tools > Config Restore to load the following page.
Figure 4-2 Restoring the Configuration of the Switch
Follow these steps to restore the configuration of the switch:
1) In the Config Restore section, select one unit and one configuration file.
Target UnitSelect a member switch to import configuration file. .
Config fileSelect the desired configuration file to import.
2) Click Import to import the configuration file.
Note:
It will take a long time to restore the configuration. Please wait without any operation.
•
After the configuration is restored successfully, the device will reboot to make the configura-
•
tion change effective.
Configuration Guide
45
Managing SystemSystem Tools Configurations
4.1.3 Backing up the Configuration File
Choose the menu System > System Tools > Config Backup to load the following page.
Figure 4-3 Backing up the Configuration File
In the Config Backup section, select one unit and click Export to export the configuration
file.
4.1.4 Upgrading the Firmware
Choose the menu System > System Tools > Firmware Upgrade to load the following
page.
Figure 4-4 Upgrading the Firmware
In the Firmware Upgrade section, select one file and click Upgrade to upgrade the system.
Firmware FileSelect the desired firmware file to upgrade the system.
Image NameDisplays the image to upgrade. It means that the operation will only effect the
backup image.
Firmware VersionDisplays the current firmware version of the system.
Hardware Version
Displays the current hardware version of the system.
Configuration Guide 46
Managing SystemSystem Tools Configurations
After upgrading, the
device will reboot
automatically with
the backup image
Select this option to reboot automatically with the backup image after upgrading.
4.1.5 Rebooting the switch
Choose the menu System > System Tools > System Reboot to load the following page.
Figure 4-5 Rebooting the switch
In the System Reboot section, select the desired unit and click Reboot.
Target UnitSelect the desired unit to reboot. By default, it is ALL Unit.
Save ConfigSelect this option to save the configuration before the reboot.
4.1.6 Configuring the Reboot Schedule
Choose the menu System > System Tools > Reboot Schedule to load the following page.
Figure 4-6 Configuring the Reboot Schedule
Follow these steps to restore the configuration of the switch:
1) In the Reboot Schedule Setting section, select one method and specify the
parameters.
Time IntervalSpecify a period of time. The switch will reboot after this period. The valid values
are from 1 to 43200 minutes. This reboot schedule recurs if users check the Save Before Reboot.
Configuration Guide
47
Managing SystemSystem Tools Configurations
Time (HH:MM)/
Date (DD/MM/
YY)
Save Before
Reboot
Specify the date and time for the switch to reboot.
Time (HH:MM): Specify the time for the switch to reboot, in the format of HH:MM
Date (DD/MM/YY): Specify the date for the switch to reboot, in the format of DD/
MM/YYYY. The date should be within 30 days.
Select to save the switch’s configurations before it reboots.
4.1.7 Reseting the Switch
Choose the menu System > System Tools > System Reset to load the following page.
Figure 4-7 Reseting the Switch
In the System Reset section, select the desired unit and click Reset.
Target UnitSelect the desired unit to reset. By default, it is ALL Unit.
Note:
After the system is reset, configurations of the switch will be reset to the default.
It will only upgrade the backup image. Continue? (Y/N):Y
Operation OK!
Reboot with the backup image? (Y/N): Y
4.2.5 Rebooting the switch
Follow these steps to reboot the switch:
Step 1enable
Enter privileged mode.
Step 2reboot
Reboot the switch.
4.2.6 Configuring the Reboot Schedule
Follow these steps and choose one type to configure the reboot schedule:
Step 1configure
Enter global configuration mode.
Configuration Guide
51
Managing SystemSystem Tools Configurations
Step 2Use the following command to set the interval to reboot:
reboot-schedule in
(Optional) Specify the reboot schedule.
interval
from 1 to 43200 minutes.
save_before_reboot: Save the configuration file before the switch reboots.
Use the following command to set the time and date to reboot:
reboot-schedule at
(Optional) Specify the reboot schedule.
time
date
be within 30 days.
save_before_reboot: Save the configuration file before the switch reboots.
If no date is specified, the switch reboots according to the time you have set. If the time you
set is later than the time that this command is executed, the switch will reboot later the same
day; otherwise the switch will reboot the next day.
Step 3end
Return to privileged EXEC mode.
[ save_before_reboot ]
interval
: Specify a period of time. The switch will reboot after this period. The valid values are
[
time
: Specify the time for the switch to reboot, in the format of HH:MM.
: Specify the date for the switch to reboot, in the format of DD/MM/YYYY. The date should
] [ save_before_reboot ]
date
Step 4copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the switch to reboot at 12:00 on 15/01/2016.
Switch#configure
Switch(config)#reboot-schedule at 12:00 15/01/2016 save_before_reboot
Reboot system at 15/01/2016 12:00. Continue? (Y/N): Y
Reboot Schedule Settings
---------------------------
Reboot schedule at 2016-01-15 12:00 (in 17007 minutes)
Save before reboot: Yes
Switch(config)#end
Switch#copy running-config startup-config
4.2.7 Reseting the Switch
Follow these steps to reset the switch:
Configuration Guide 52
Managing SystemSystem Tools Configurations
Step 1enable
Enter privileged mode.
Step 2reset
Reset the switch.
Note:
After the system is reset, configurations of the switch will be reset to the default.
Configuration Guide
53
Managing SystemAccess Security Configurations
5
Access Security Configurations
With access security configurations, you can:
Configure the Access Control feature
Configure the HTTP feature
Configure the HTTPS feature
Configure the SSH feature
Enable the telnet function
5.1 Using the GUI
5.1.1 Configuring the Access Control Feature
Choose the menu System > Access Security > Access Control to load the following page.
Figure 5-1 Configuring the Access Control
1) In the Access Control section, select one control mode and specify the parameters.
Control ModeSelect the control mode for users to log in to the web management page.
Disable: The Access Control function is disabled.
IP-based: Only the users within the IP-range you set here are allowed to access
the switch.
MAC-based: Only the users with the MAC address you set here are allowed to
access the switch.
Port-based: Only the users connecting to the ports you set here are allowed to
access the switch.
Configuration Guide 54
Managing SystemAccess Security Configurations
Access
Interface
IP Address/
Mask
MAC Address
Select the interface to control the methods for users’ accessing. The selected
access interfaces will only affect the users you set before.
SNMP: A function to manage the network devices via NMS.
Telnet: A connection type for users to remote login.
SSH: A connection type based on SSH protocol.
HTTP: A connection type based on HTTP protocol.
HTTPS: A connection type based on SSL protocol.
Ping: A communication protocol to test the connection of the network.
If you select IP-based mode, enter the IP address and mask to specify an IP
range. Only the users within this IP range can access the switch.
If you select MAC-based mode, specify the MAC address. Only the users with the
correct MAC address can access the switch.
When the IP-based mode is selected, the following section will display.
IP AddressDisplays the IP range of the entry.
Access
Interface
Operation
Displays the access interface you set of the entry.
Click Edit to modify the parameters of the desired entry.
When the Port-based mode is selected, the following section will display.
PortSelect one or more ports to configure. Only the users connected to these ports are
allowed to access the switch.
2) Click Apply.
Configuration Guide
55
Managing SystemAccess Security Configurations
5.1.2 Configuring the HTTP Function
Choose the menu System > Access Security > HTTP Config to load the following page.
Figure 5-2 Configuring the HTTP Function
1) In the Global Control section, Select Enable and click Apply to enable the HTTP
function.
HTTPHTTP function is based on the HTTP protocol. It allows users to manage the
switch through a web browser.
2) In the Session Config section, specify the Session Timeout and click Apply.
Session
Timeout
The system will log out automatically if users do nothing within the Session
Timeout time.
3) In the Access User Number section, select Enable and specify the parameters.
Number ControlSelect Enable to control the number of the users logging on to the web
management page at the same time. The total number of users should be no more
than 16.
Admin NumberSpecify the maximum number of users whose access level is Admin.
Guest NumberSpecify the maximum number of users whose access level is Operator, Power
User or User.
4) Click Apply.
Configuration Guide 56
Managing SystemAccess Security Configurations
5.1.3 Configuring the HTTPS Function
Choose the menu System > Access Security > HTTPS Config to load the following page.
Table 5-1 Configuring the HTTPS Function
1) In the Global Config section, select Enable to enable HTTPS function and select the
protocol the switch supports. Click Apply.
HTTPSSelect Enable to enable the HTTPS function.
HTTPS function is based on the SSL or TLS protocol. It provides a secure
connection between the client and the switch.
Configuration Guide
57
Managing SystemAccess Security Configurations
SSL Version 3Select Enable to make the switch support SSL Version 3 protocol.
SSL is a transport protocol. It can provide server authentication, encryption and
message integrity to allow secure HTTP connection.
TLS Version 1Select Enable to make the switch support TLS Version 1 protocol.
TLS is a transport protocol upgraded from SSL. It supports a different encryption
algorithm from SSL, so TLS and SSL are not compatible. TLS can support a more
secure connection.
2) In the CipherSuite Config section, select the algorithm to be enabled and click Apply.
RSA_WITH_
RC4_128_MD5
RSA_WITH_
RC4_128_SHA
RSA_WITH_
DES_CBC_SHA
RSA_
WITH_3DES_
EDE_CBC_SHA
Key exchange with RC4 128-bit encryption and MD5 for message digest.
Key exchange with RC4 128-bit encryption and SHA for message digest.
Key exchange with DES-CBC for message encryption and SHA for message
digest.
Key exchange with 3DES and DES-EDE3-CBC for message encryption and SHA
for message digest.
3) In the Session Config section, specify the Session Timeout and click Apply.
Session
Timeout
The system will log out automatically if users do nothing within the Session
Timeout time.
4) In the Access User Number section, select Enable and specify the parameters. Click
Apply.
Number ControlSelect Enable to control the number of the users logging in to the web
management page at the same time.
Admin NumberSpecify the maximum number of users whose access level is Admin.
Guest NumberSpecify the maximum number of users whose access level is Operator, Power
User or User.
5) In the Certificate Download and Key Download section, download the certificate and
key.
Certificate FileSelect the desired certificate to download to the switch. The certificate must be
BASE64 encoded. The SSL certificate and key downloaded must match each
other, otherwise the HTTPS connection will not work.
Key FileSelect the desired Key to download to the switch. The key must be BASE64
encoded. The SSL certificate and key downloaded must match each other,
otherwise the HTTPS connection will not work.
Configuration Guide 58
Managing SystemAccess Security Configurations
5.1.4 Configuring the SSH Feature
Choose the menu System > Access Security > SSH Config to load the following page.
Figure 5-3 Configuring the SSH Feature
1) In the Global Config section, select Enable to enable SSH function and specify other
parameters.
SSHSelect Enable to enable the SSH function.
SSH is a protocol working in application layer and transport layer. It can provide a
secure, remote connection to a device. It is more secure than Telnet protocol as it
provides strong encryption.
Protocol V1Select Enable to enable SSH version 1.
Protocol V2Select Enable to enable SSH version 2.
Idle TimeoutSpecify the idle timeout time. The system will automatically release the
connection when the time is up.
Max ConnectSpecify the maximum number of the connections to the SSH server. New
connection will not be established when the number of the connections reaches
the maximum number you set.
Configuration Guide
59
Managing SystemAccess Security Configurations
2) In the Encryption Algorithm section, select the encryption algorithm you want the
switch to support and click Apply.
3) In Data Integrity Algorithm section, select the integrity algorithm you want the switch
to support and click Apply.
4) In Key Download section, select key type from the drop-down list and select the
desired key file to down.
Key TypeSelect the key type. The algorithm of the corresponding type is used for both key
generation and authentication.
Key FileSelect the desired public key to download to the switch. The key length of the
downloaded file ranges of 512 to 3072 bits.
Note:
It will take a long time to download the key file. Please wait without any operation.
5.1.5 Enabling the Telnet Function
Choose the menu System > Access Security > Telnet Config to load the following page.
Figure 5-4 Configuring the Telnet Function
In Global Config section, select Enable and click Apply.
TelnetSelect Enable to make the Telnet function effective. Telnet function is based on the
Telnet protocol subjected to TCP/IP protocol. It allows users to log on to the switch
remotely.
5.2 Using the CLI
5.2.1 Configuring the Access Control
Follow these steps to configure the access control:
Step 1configure
Enter global configuration mode.
Configuration Guide 60
Managing SystemAccess Security Configurations
Step 2Use the following command to control the users’ access by limiting the IP address:
user access-control ip-based {
] [ all ]
Only the users within the IP-range you set here are allowed to access the switch.
: Specify the IP address of the user.
ip-addr
ip-mask
[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]: Select to control the types for users’
accessing. By default, these types are all enabled.
Use the following command to control the users’ access by limiting the MAC address:
user access-control mac-based {
all ]
Only the users with the MAC address you set here are allowed to access the switch.
mac-addr
[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]: Select to control the types for users’
accessing. By default, these types are all enabled.
Use the following command to control the users’ access by limiting the ports connected to the
users:
The following example shows how to set the type of access control as IP-based. Set the
IP address as 192.168.0.100,set the subnet mask as 255.255.255.0 and make the switch
support snmp, telnet, http and https.
Enable the corresponding ciphersuite. By default, these types are all enabled.
[ 3des-ede-cbc-sha ]: Key exchange with 3DES and DES-EDE3-CBC for message encryption
and SHA for message digest.
[ rc4-128-md5 ]: Key exchange with RC4 128-bit encryption and MD5 for message digest.
[ rc4-128-sha ]: Key exchange with RC4 128-bit encryption and SHA for message digest.
[ des-cbc-sha ]: Key exchange with DES-CBC for message encryption and SHA for message
digest.
Configuration Guide
63
Managing SystemAccess Security Configurations
Step 5ip http secure-session timeout
Specify the Session Timeout time. The system will log out automatically if users do nothing
within the Session Timeout time.
minutes
Step 6ip http secure-max-users
Specify the maximum number of users that are allowed to connect to the HTTPS server. The
total number of users should be no more than 16.
admin-num
are from 1 to 16.
guest-num
or User. The valid value are from 0 to 15.
Step 7ip http secure-server download certificate
Download the desired certificate to the switch from TFTP server.
ssl-cert
certificate must be BASE64 encoded. The SSL certificate and key downloaded must match
each other.
ip-addr
supported.
: Specify the timeout time, which ranges from 5 to 30 minutes. The default value is 10.
: Enter the maximum number of users whose access level is Admin. The valid value
: Enter the maximum number of users whose access level is Operator, Power User
: Specify the name of the SSL certificate, which ranges from 1 to 25 characters. The
: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
minutes
admin-num guest-num
ssl-cert
ip-address
ip-addr
Step 8ip http secure-server download key
Download the desired key to the switch from TFTP server.
: Specify the name of the key file saved in TFTP server. The key must be BASE64
ssl-key
encoded.
: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
ip-addr
supported.
Step 9show ip http secure-server
Verify the global configuration of HTTPS.
Step 10end
Return to privileged EXEC mode.
Step 11copy running-config startup-config
Save the settings in the configuration file.
ssl-key
ip-address
ip-addr
The following example shows how to configure the HTTPS function. Enable SSL3 and TLS1
protocol. Enable the ciphersuite of 3des-ede-cbc-sha. Set the session timeout time as 15,
the admin number as 1 and the guest number as 2. Download the certificate named ca.crt
and the key named ca.key from the TFTP server with the IP address 192.168.0.100.
Enable the SSH function. By default, it is disabled.
Step 3ip ssh version { v1 | v2 }
Configure to make the switch support the corresponding protocol. By default, the switch
supports SSHv1 and SSHv3.
v1 | v2: Select to enable the corresponding protocol.
Configuration Guide
65
Managing SystemAccess Security Configurations
Step 4ip ssh timeout
Specify the idle timeout time. The system will automatically release the connection when the
time is up.
: Enter the value of the timeout time, which ranges from 1 to 120 seconds. The default
value
value is 120 seconds.
Step 5ip ssh max-client
Specify the maximum number of the connections to the SSH server. New connection will not
be established when the number of the connections reaches the maximum number you set.
: Enter the number of the connections, which ranges from 1 to 5. The default value is 5.
Specify the encryption algorithm you want the switch supports.
HMAC-SHA1 | HMAC-MD5: Specify the data integrity algorithm you want the switch supports.
Step 7ip ssh download { v1 | v2 }
value
num
key-file
ip-address
ip-addr
Select the type of the key file and download the desired file to the switch from TFTP server.
v1 | v2: Select the key type. The algorithm of the corresponding type is used for both key
generation and authentication.
: Specify the name of the key file saved in TFTP server. Ensure the key length of the
key-file
downloaded file is in the range of 512 to 3072 bits.
: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
ip-addr
supported.
Step 8show ip ssh
Verify the global configuration of SSH.
Step 9end
Return to privileged EXEC mode.
Step 10copy running-config startup-config
Save the settings in the configuration file.
Note:
It will take a long time to download the key file. Please wait without any operation.
The following example shows how to configure the SSH function. Set the version as SSH
V1 and SSH V2. Enable the AES128-CBC and Cast128-CBC encryption algorithm. Enable
the HMAC-MD5 data integrity algorithm. Choose the key type as SSH-2 RSA/DSA.
Enable the telnet function. By default, it is enabled.
Step 3end
Return to privileged EXEC mode.
Step 4copy running-config startup-config
Save the settings in the configuration file.
Configuration Guide 68
Managing SystemSDM Template Configuration
6
SDM Template Configuration
SDM Template function is used to configure system resources in the switch to optimize
support for specific features. The switch provides three templates, and the hardware
resources allocation is different. Users can choose one according to how the switch is
used in the network.
6.1 Using the GUI
Choose the menu System > SDM Template to load the following page.
Figure 6-1 Configuring the SDM Template Function
In Select Options section, select one template and click Apply. The setting will be effective
after the reboot.
Current
Template ID
Next Template
ID
Select Next
Template
The Template Table displays the resources allocation of each template.
Displays the template currently in effect.
Displays the template that will be effective after the reboot.
Select the template that will be effective after the next reboot.
default: Select the template of default. It gives balance to the IP ACL rules, MAC ACL
rules and ARP detection entries.
enterpriseV4: Select the template of enterpriseV4. It maximizes system resources for
IP ACL rules and MAC ACL rules.
enterpriseV6: Select the template of enterpriseV6. It allocates resources to IPv6 ACL
rules.
Configuration Guide
69
Managing SystemSDM Template Configuration
SDM TemplateDisplays the name of the templates.
IP ACL RulesDisplays the number of IP ACL Rules including Lay3 ACL Rules and Lay4 ACL Rules.
MAC ACL RulesDisplays the number of Lay2 ACL Rules.
COMBINED ACL
Rules
IPv6 ACL RulesDisplays the number of IPv6 ACL rules.
ARP Detection
Entries
IPv6 Source
Guard Entries
6.2 Using the CLI
Follow these steps to configure the SDM template function: