Configuration Guide
T1600G Series Switches
T1600G-28TS (TL-SG2424) / T1600G-28PS (TL-SG2424P)
T1600G-52TS (TL-SG2452) / T1600G-52PS (TL-SG2452P)
1910011929 REV2.0.0
FCC STATEMENT
This equipment has been tested and found to comply with the limits for a Class A digital
device, pursuant to part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instruction manual, may cause
harmful interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference in which case the user will be required to correct
the interference at his own expense.
This device complies with part 15 of the FCC Rules. Operation is subject to the following
two conditions:
1) This device may not cause harmful interference.
2) This device must accept any interference received, including interference that may
cause undesired operation.
Any changes or modifications not expressly approved by the party responsible for
compliance could void the user’s authority to operate the equipment.
CE Mark Warning
This is a class A product. In a domestic environment, this product may cause radio
interference, in which case the user may be required to take adequate measures.
Industry Canada Statement
CAN ICES-3 (A)/NMB-3(A)
BSMI Notice
安全諮詢及注意事項
•請使用原裝電源供應器或只能按照本產品注明的電源類型使用本產品。
•清潔本產品之前請先拔掉電源線。請勿使用液體、噴霧清潔劑或濕布進行清潔。
•注意防潮,請勿將水或其他液體潑灑到本產品上。
•插槽與開口供通風使用,以確保本產品的操作可靠並防止過熱,請勿堵塞或覆蓋開口。
•請勿將本產品置放於靠近熱源的地方。除非有正常的通風,否則不可放在密閉位置中。
•請不要私自打開機殼,不要嘗試自行維修本產品,請由授權的專業人士進行此項工作。
此為甲類資訊技術設備,于居住環境中使用時,可能會造成射頻擾動,在此種情況下,使用者
會被要求採取某些適當的對策。
Продукт сертифіковано згідно с правилами системи УкрСЕПРО на відповідність
вимогам нормативних документів та вимогам, що передбачені чинними законодавчими
актами України.
Safety Information
When product has power button, the power button is one of the way to shut off the
product; When there is no power button, the only way to completely shut off power is to
disconnect the product or the power adapter from the power source.
Don’t disassemble the product, or make repairs yourself. You run the risk of electric
shock and voiding the limited warranty. If you ne ed service, please contact us.
Avoid water and wet locations.
Explanation of the symbols on the product label
Symbol Explanation
AC voltage
RECYCLING
This product bears the selective sorting symbol for Waste electrical and
electronic equipment (WEEE). This means that this product must be handled
pursuant to European directive 2012/19/EU in order to be recycled or
dismantled to minimize its impact on the environment.
User has the choice to give his product to a competent recycling
organization or to the retailer when he buys a new electrical or electronic
equipment.
CONTENTS
About This Guide
Intended Readers ................................................................................................................................................................1
Conventions ...........................................................................................................................................................................1
More Information .................................................................................................................................................................2
Accessing the Switch
Overview ................................................................................................................................................................................4
Web Interface Access ........................................................................................................................................................5
Login ................................................................................................................................................................................................................5
Save Config Function ..............................................................................................................................................................................6
Disable the Web Server .........................................................................................................................................................................7
Configure the Switch's IP Address and Default Gateway ...................................................................................................8
Command Line Interface Access ............................................................................................................................... 11
Console Login (only for switch with console port) ...............................................................................................................11
Telnet Login ...............................................................................................................................................................................................13
SSH Login ...................................................................................................................................................................................................14
Disable Telnet login ...............................................................................................................................................................................18
Disable SSH login ...................................................................................................................................................................................19
Copy running-config startup-config ............................................................................................................................................19
Change the Switch's IP Address and Default Gateway .....................................................................................................20
Managing System
System .................................................................................................................................................................................. 22
Overview ......................................................................................................................................................................................................22
Supported Features ..............................................................................................................................................................................22
System Info Configurations .......................................................................................................................................... 24
Using the GUI ............................................................................................................................................................................................24
Viewing the System Summary ...........................................................................................................................................24
Specifying the Device Description ..................................................................................................................................26
Setting the System Time ......................................................................................................................................................26
Setting the Daylight Saving Time .....................................................................................................................................27
Using the CLI .............................................................................................................................................................................................29
Viewing the System Summary ...........................................................................................................................................29
Specifying the Device Description ..................................................................................................................................30
Setting the System Time ......................................................................................................................................................31
Setting the Daylight Saving Time .....................................................................................................................................33
User Management Configurations ............................................................................................................................. 36
Using the GUI ............................................................................................................................................................................................36
Creating Admin Accounts ....................................................................................................................................................36
Creating Accounts of Other Types .................................................................................................................................37
Using the CLI .............................................................................................................................................................................................39
Creating Admin Accounts ....................................................................................................................................................39
Creating Accounts of Other Types .................................................................................................................................40
System Tools Configurations ...................................................................................................................................... 44
Using the GUI ............................................................................................................................................................................................44
Configuring the Boot File ......................................................................................................................................................44
Restoring the Configuration of the Switch .................................................................................................................45
Backing up the Configuration File ....................................................................................................................................46
Upgrading the Firmware ........................................................................................................................................................46
Rebooting the switch ..............................................................................................................................................................47
Configuring the Reboot Schedule ...................................................................................................................................47
Reseting the Switch .................................................................................................................................................................48
Using the CLI .............................................................................................................................................................................................48
Configuring the Boot File ......................................................................................................................................................48
Restoring the Configuration of the Switch .................................................................................................................49
Backing up the Configuration File ....................................................................................................................................50
Upgrading the firmware .........................................................................................................................................................50
Rebooting the switch ..............................................................................................................................................................51
Configuring the Reboot Schedule ...................................................................................................................................51
Reseting the Switch .................................................................................................................................................................52
Access Security Configurations ................................................................................................................................. 54
Using the GUI ............................................................................................................................................................................................54
Configuring the Access Control Feature .....................................................................................................................54
Configuring the HTTP Function ........................................................................................................................................56
Configuring the HTTPS Function .....................................................................................................................................57
Configuring the SSH Feature .............................................................................................................................................59
Enabling the Telnet Function ..............................................................................................................................................60
Using the CLI .............................................................................................................................................................................................60
Configuring the Access Control .......................................................................................................................................60
Configuring the HTTP Function ........................................................................................................................................62
Configuring the HTTPS Function .....................................................................................................................................63
Configuring the SSH Feature .............................................................................................................................................65
Enabling the Telnet Function ..............................................................................................................................................68
SDM Template Configuration ....................................................................................................................................... 69
Using the GUI ............................................................................................................................................................................................69
Using the CLI .............................................................................................................................................................................................70
Appendix: Default Parameters ..................................................................................................................................... 72
Managing Physical Interfaces
Physical Interface ............................................................................................................................................................. 76
Overview ......................................................................................................................................................................................................76
Supported Features ..............................................................................................................................................................................76
Basic Parameters Configurations ............................................................................................................................... 77
Using the GUI ............................................................................................................................................................................................77
Using the CLI .............................................................................................................................................................................................78
Port Mirror Configuration ............................................................................................................................................... 81
Using the GUI ............................................................................................................................................................................................81
Using the CLI .............................................................................................................................................................................................83
Port Security Configuration .......................................................................................................................................... 85
Using the GUI ............................................................................................................................................................................................85
Using the CLI .............................................................................................................................................................................................86
Port Isolation Configurations ....................................................................................................................................... 89
Using the GUI ............................................................................................................................................................................................89
Using the CLI .............................................................................................................................................................................................90
Loopback Detection Configuration ........................................................................................................................... 92
Using the GUI ............................................................................................................................................................................................92
Using the CLI .............................................................................................................................................................................................93
Configuration Examples ................................................................................................................................................. 96
Example for Port Mirror .......................................................................................................................................................................96
Network Requirements ..........................................................................................................................................................96
Configuration Scheme ...........................................................................................................................................................96
Using the GUI ...............................................................................................................................................................................96
Using the CLI ...............................................................................................................................................................................98
Example for Port Isolation ..................................................................................................................................................................98
Network Requirements ..........................................................................................................................................................98
Configuration Scheme ...........................................................................................................................................................99
Using the GUI ...............................................................................................................................................................................99
Using the CLI ............................................................................................................................................................................100
Example for Loopback Detection...............................................................................................................................................101
Network Requirements .......................................................................................................................................................101
Configuration Scheme ........................................................................................................................................................101
Using the GUI ............................................................................................................................................................................101
Using the CLI ............................................................................................................................................................................102
Appendix: Default Parameters ...................................................................................................................................104
Configuring LAG
LAG ......................................................................................................................................................................................107
Overview ...................................................................................................................................................................................................107
Supported Features ...........................................................................................................................................................................107
LAG Configuration ..........................................................................................................................................................108
Using the GUI .........................................................................................................................................................................................109
Configuring Load-balancing Algorithm .....................................................................................................................109
Configuring Static LAG or LACP....................................................................................................................................110
Using the CLI ..........................................................................................................................................................................................112
Configuring Load-balancing Algorithm .....................................................................................................................112
Configuring Static LAG or LACP....................................................................................................................................113
Configuration Example .................................................................................................................................................117
Network Requirements .....................................................................................................................................................................117
Configuration Scheme .....................................................................................................................................................................117
Using the GUI .........................................................................................................................................................................................118
Using the CLI ..........................................................................................................................................................................................119
Appendix: Default Parameters ...................................................................................................................................121
Monitoring Traffic
Traffic Monitor .................................................................................................................................................................123
Using the GUI .........................................................................................................................................................................................123
Viewing the Traffic Summary ..........................................................................................................................................123
Viewing the Traffic Statistics in Detail ........................................................................................................................124
Using the CLI ..........................................................................................................................................................................................127
Appendix: Default Parameters ...................................................................................................................................128
Managing MAC Address Table
MAC Address Table .......................................................................................................................................................130
Overview ...................................................................................................................................................................................................130
Supported Features ...........................................................................................................................................................................130
Address Configurations ...............................................................................................................................................132
Using the GUI .........................................................................................................................................................................................132
Adding Static MAC Address Entries ..........................................................................................................................132
Modifying the Aging Time of Dynamic Address Entries...................................................................................134
Adding MAC Filtering Address Entries.......................................................................................................................135
Viewing Address Table Entries .......................................................................................................................................135
Using the CLI ..........................................................................................................................................................................................136
Adding Static MAC Address Entries ..........................................................................................................................136
Modifying the Aging Time of Dynamic Address Entries...................................................................................137
Adding MAC Filtering Address Entries.......................................................................................................................138
Security Configurations ...............................................................................................................................................140
Using the GUI .........................................................................................................................................................................................140
Configuring MAC Notification Traps ...........................................................................................................................140
Limiting the Number of MAC Addresses in VLANs ............................................................................................141
Using the CLI ..........................................................................................................................................................................................143
Configuring MAC Notification Traps ...........................................................................................................................143
Limiting the Number of MAC Addresses in VLANs ............................................................................................144
Example for Security Configurations ......................................................................................................................146
Network Requirements .....................................................................................................................................................................146
Configuration Scheme .....................................................................................................................................................................146
Using the GUI .........................................................................................................................................................................................147
Using the CLI ..........................................................................................................................................................................................148
Appendix: Default Parameters ...................................................................................................................................149
Configuring 802.1Q VLAN
Overview ...........................................................................................................................................................................151
802.1Q VLAN Configuration .......................................................................................................................................152
Using the GUI .........................................................................................................................................................................................152
Configuring the PVID of the Port ...................................................................................................................................152
Configuring the VLAN ..........................................................................................................................................................153
Using the CLI ..........................................................................................................................................................................................154
Creating a VLAN .....................................................................................................................................................................154
Configuring the PVID of the Port ...................................................................................................................................155
Adding the Port to the Specified VLAN .....................................................................................................................156
Configuration Example .................................................................................................................................................158
Network Requirements .....................................................................................................................................................................158
Configuration Scheme .....................................................................................................................................................................158
Network Topology ...............................................................................................................................................................................159
Using the GUI .........................................................................................................................................................................................159
Using the CLI ..........................................................................................................................................................................................161
Appendix: Default Parameters ..................................................................................................................................163
Configuring MAC VLAN
Overview ............................................................................................................................................................................165
MAC VLAN Configuration ............................................................................................................................................166
Using the GUI .........................................................................................................................................................................................166
Configuring 802.1Q VLAN ................................................................................................................................................166
Binding the MAC Address to the VLAN .....................................................................................................................167
Enabling MAC VLAN for the Port ...................................................................................................................................167
Using the CLI ..........................................................................................................................................................................................168
Configuring 802.1Q VLAN ................................................................................................................................................168
Binding the MAC Address to the VLAN .....................................................................................................................168
Enabling MAC VLAN for the Port ...................................................................................................................................169
Configuration Example ................................................................................................................................................171
Network Requirements .....................................................................................................................................................................171
Configuration Scheme .....................................................................................................................................................................171
Using the GUI .........................................................................................................................................................................................172
Using the CLI ..........................................................................................................................................................................................175
Appendix: Default Parameters ...................................................................................................................................178
Configuring Protocol VLAN
Overview ............................................................................................................................................................................180
Protocol VLAN Configuration.....................................................................................................................................181
Using the GUI .........................................................................................................................................................................................181
Configuring 802.1Q VLAN ................................................................................................................................................181
Creating Protocol Template ............................................................................................................................................182
Configuring Protocol VLAN .............................................................................................................................................183
Using the CLI ..........................................................................................................................................................................................183
Configuring 802.1Q VLAN ................................................................................................................................................183
Creating a Protocol Template .........................................................................................................................................184
Configuring Protocol VLAN ..............................................................................................................................................185
Configuration Example ................................................................................................................................................187
Network Requirements .....................................................................................................................................................................187
Configuration Scheme .....................................................................................................................................................................187
Using the GUI .........................................................................................................................................................................................188
Using the CLI ..........................................................................................................................................................................................192
Appendix: Default Parameters ...................................................................................................................................196
Configuring Spanning Tree
Spanning Tree ..................................................................................................................................................................198
Overview ...................................................................................................................................................................................................198
Basic Concepts ....................................................................................................................................................................................198
STP/RSTP Concepts ............................................................................................................................................................198
MSTP Concepts .....................................................................................................................................................................202
STP Security ...........................................................................................................................................................................................203
STP/RSTP Configurations ...........................................................................................................................................206
Using the GUI .........................................................................................................................................................................................206
Configuring STP/RSTP Parameters on Ports .........................................................................................................206
Configuring STP/RSTP Globally .....................................................................................................................................208
Verifying the STP/RSTP Configurations ....................................................................................................................210
Using the CLI ..........................................................................................................................................................................................211
Configuring STP/RSTP Parameters on Ports .........................................................................................................211
Configuring Global STP/RSTP Parameters .............................................................................................................213
Enabling STP/RSTP Globally ............................................................................................................................................214
MSTP Configurations ....................................................................................................................................................216
Using the GUI .........................................................................................................................................................................................216
Configuring Parameters on Ports in CIST ................................................................................................................216
Configuring the MSTP Region ........................................................................................................................................218
Configuring MSTP Globally ...............................................................................................................................................223
Verifying the MSTP Configurations .............................................................................................................................225
Using the CLI ..........................................................................................................................................................................................226
Configuring Parameters on Ports in CIST ................................................................................................................226
Configuring the MSTP Region .......................................................................................................................................228
Configuring Global MSTP Parameters .......................................................................................................................231
Enabling Spanning Tree Globally...................................................................................................................................233
STP Security Configurations ......................................................................................................................................236
Using the GUI .........................................................................................................................................................................................236
Configuring the STP Security ..........................................................................................................................................236
(Optional) Configuring the Threshold and Cycle of TC Protect ...................................................................237
Using the CLI ..........................................................................................................................................................................................238
Configuring the STP Security ..........................................................................................................................................238
Configuring the TC Protect ..............................................................................................................................................240
Configuration Example for MSTP .............................................................................................................................242
Network Requirements .....................................................................................................................................................................242
Configuration Scheme .....................................................................................................................................................................242
Using the GUI .........................................................................................................................................................................................243
Using the CLI ..........................................................................................................................................................................................254
Appendix: Default Parameters ...................................................................................................................................261
Configuring Layer 2 Multicast
Layer 2 Multicast .............................................................................................................................................................264
Overview ...................................................................................................................................................................................................264
Supported Layer 2 Multicast Protocols ..................................................................................................................................265
IGMP Snooping Configurations .................................................................................................................................266
Using the GUI .........................................................................................................................................................................................266
Configuring IGMP Snooping Globally .........................................................................................................................266
Enabling IGMP Snooping Globally ................................................................................................................266
(Optional) Configuring Unknown Multicast ..............................................................................................266
(Optional) Configuring Report Message Suppression ......................................................................267
Configuring Router Port Time and Member Port Time .....................................................................267
Configuring IGMP Snooping Last Listener Query ...............................................................................268
Verifying IGMP Snooping Status ...................................................................................................................268
Configuring the Port’s Basic IGMP Snooping Features....................................................................................269
Enabling IGMP Snooping on the Port .........................................................................................................269
(Optional) Configuring Fast Leave ................................................................................................................269
Configuring IGMP Snooping in the VLAN .................................................................................................................270
Configuring IGMP Snooping Globally in the VLAN ..............................................................................270
(Optional) Configuring the Static Router Ports in the VLAN ..........................................................271
(Optional) Configuring the Forbidden Router Ports in the VLAN ................................................271
Configuring the Multicast VLAN ....................................................................................................................................271
Creating Multicast VLAN and Configuring Basic Settings ..............................................................272
(Optional) Creating Replace Source IP ......................................................................................................273
Viewing Dynamic Router Ports in the Multicast VLAN ......................................................................273
(Optional) Configuring the Static Router Ports ......................................................................................273
(Optional) Configuring the Forbidden Router Ports ............................................................................273
(Optional) Configuring the Querier ................................................................................................................................274
Configuring the Querier ......................................................................................................................................274
Viewing Settings of IGMP Querier ................................................................................................................274
Configuring IGMP Profile ....................................................................................................................................................275
Creating Profile .......................................................................................................................................................275
Searching Profile ....................................................................................................................................................275
Editing IP Range of the Profile ........................................................................................................................276
Binding Profile and Member Ports ................................................................................................................................276
Binding Profile and Member Ports ...............................................................................................................277
Configuring Max Groups a Port Can Join.................................................................................................277
Viewing IGMP Statistics on Each Port ........................................................................................................................278
Configuring Auto Refresh .................................................................................................................................278
Viewing IGMP Statistics .....................................................................................................................................279
Enabling IGMP Accounting and Authentication ....................................................................................................279
Configuring IGMP Accounting Globally .....................................................................................................280
Configuring IGMP Authentication on the Port .......................................................................................280
Configuring Static Member Port ....................................................................................................................................280
Configuring Static Member Port ...................................................................................................................281
Viewing IGMP Static Multicast Groups ......................................................................................................281
Using the CLI ..........................................................................................................................................................................................282
Enabling IGMP Snooping Globally ................................................................................................................................282
Enabling IGMP Snooping on the Port .........................................................................................................................282
Configuring IGMP Snooping Parameters Globally ..............................................................................................283
Configuring Report Message Suppression ............................................................................................283
Configuring Unknown Multicast ....................................................................................................................284
Configuring IGMP Snooping Parameters on the Port .......................................................................................285
Configuring Router Port Time and Member Port Time .....................................................................285
Configuring Fast Leave ......................................................................................................................................286
Configuring Max Group and Overflow Action on the Port ..............................................................287
Configuring IGMP Snooping Last Listener Query ...............................................................................................288
Configuring IGMP Snooping Parameters in the VLAN ......................................................................................290
Configuring Router Port Time and Member Port Time .....................................................................290
Configuring Static Router Port .......................................................................................................................291
Configuring Forbidden Router Port .............................................................................................................292
Configuring Static Multicast (Multicast IP and Forward Port)........................................................293
Configuring IGMP Snooping Parameters in the Multicast VLAN ................................................................293
Configuring Router Port Time and Member Port Time .....................................................................293
Configuring Static Router Port .......................................................................................................................294
Configuring Forbidden Router Port .............................................................................................................295
Configuring Replace Source IP ......................................................................................................................296
Configuring the Querier ......................................................................................................................................................297
Enabling IGMP Querier ........................................................................................................................................297
Configuring Query Interval, Max Response Time and General Query Source IP ...............298
Configuring Multicast Filtering ........................................................................................................................................299
Creating Profile .......................................................................................................................................................299
Binding Profile to the Port .................................................................................................................................300
Enabling IGMP Accounting and Authentication ....................................................................................................302
Enabling IGMP Authentication on the Port ..............................................................................................302
Enabling IGMP Accounting Globally ............................................................................................................303
Configuring MLD Snooping.........................................................................................................................................304
Using the GUI .........................................................................................................................................................................................304
Configuring MLD Snooping Globally ...........................................................................................................................304
Enabling MLD Snooping Globally..................................................................................................................304
(Optional) Configuring Unknown Multicast ..............................................................................................304
(Optional) Configuring Report Message Suppression ......................................................................305
Configuring Router Port Time and Member Port Time .....................................................................305
Configuring MLD Snooping Last Listener Query .................................................................................306
Verifying MLD Snooping Status ....................................................................................................................306
Configuring the Port’s Basic MLD Snooping Features .....................................................................................307
Enabling MLD Snooping on the Port ..........................................................................................................307
(Optional) Configuring Fast Leave ................................................................................................................307
Configuring MLD Snooping in the VLAN ..................................................................................................................308
Configuring MLD Snooping Globally in the VLAN ...............................................................................308
(Optional) Configuring the Static Router Ports in the VLAN ..........................................................309
(Optional) Configuring the Forbidden Router Ports in the VLAN ................................................309
Configuring the Multicast VLAN ....................................................................................................................................309
Creating Multicast VLAN and Configuring Basic Settings ..............................................................310
(Optional) Creating Replace Source IP ......................................................................................................311
Viewing Dynamic Router Ports in the Multicast VLAN ......................................................................311
(Optional) Configuring the Static Router Ports ......................................................................................311
(Optional) Configuring the Forbidden Router Ports ............................................................................311
(Optional) Configuring the Querier ................................................................................................................................312
Configuring the Querier ......................................................................................................................................312
Viewing Settings of MLD Querier ..................................................................................................................312
Configuring MLD Profile .....................................................................................................................................................313
Creating Profile .......................................................................................................................................................313
Searching Profile ....................................................................................................................................................313
Editing IP Range of the Profile ........................................................................................................................314
Binding Profile and Member Ports ................................................................................................................................314
Binding Profile and Member Ports ...............................................................................................................315
Configuring Max Groups a Port Can Join.................................................................................................315
Viewing MLD Statistics on Each Port .........................................................................................................................316
Configuring Auto Refresh .................................................................................................................................317
Viewing MLD Statistics .......................................................................................................................................317
Configuring Static Member Port ....................................................................................................................................317
Configuring Static Member Port ...................................................................................................................318
Viewing MLD Static Multicast Groups ........................................................................................................318
Using the CLI ..........................................................................................................................................................................................318
Enabling MLD Snooping Globally ..................................................................................................................................318
Enabling MLD Snooping on the Port ...........................................................................................................................318
Configuring MLD Snooping Parameters Globally ................................................................................................320
Configuring Report Message Suppression ............................................................................................320
Configuring Unknown Multicast ....................................................................................................................321
Configuring MLD Snooping Parameters on the Port .........................................................................................322
Configuring Router Port Time and Member Port Time .....................................................................322
Configuring Fast Leave ......................................................................................................................................323
Configuring Max Group and Overflow Action on the Port ..............................................................324
Configuring MLD Snooping Last Listener Query .................................................................................................325
Configuring MLD Snooping Parameters in the VLAN .......................................................................................326
Configuring Router Port Time and Member Port Time .....................................................................326
Configuring Static Router Port .......................................................................................................................327
Configuring Forbidden Router Port .............................................................................................................328
Configuring Static Multicast (Multicast IP and Forward Port)........................................................329
Configuring MLD Snooping Parameters in the Multicast VLAN ..................................................................330
Configuring Router Port Time and Member Port Time .....................................................................330
Configuring Static Router Port .......................................................................................................................331
Configuring Forbidden Router Port .............................................................................................................332
Configuring Replace Source IP ......................................................................................................................333
Configuring the Querier ......................................................................................................................................................334
Enabling MLD Querier .........................................................................................................................................334
Configuring Query Interval, Max Response Time and General Query Source IP ...............334
Configuring Multicast Filtering ........................................................................................................................................336
Creating Profile .......................................................................................................................................................336
Binding Profile to the Port .................................................................................................................................337
Viewing Multicast Snooping Configurations ........................................................................................................339
Using the GUI .........................................................................................................................................................................................339
Viewing IPv4 Multicast Snooping Configurations ................................................................................................339
Viewing IPv6 Multicast Snooping Configurations ................................................................................................339
Using the CLI ..........................................................................................................................................................................................340
Viewing IPv4 Multicast Snooping Configurations ................................................................................................340
Viewing IPv6 Multicast Snooping Configurations ................................................................................................341
Configuration Examples ...............................................................................................................................................343
Example for Configuring Basic IGMP Snooping .................................................................................................................343
Network Requirements .......................................................................................................................................................343
Configuration Scheme ........................................................................................................................................................343
Using the GUI ............................................................................................................................................................................344
Using the CLI ............................................................................................................................................................................347
Example for Configuring Multicast VLAN ...............................................................................................................................349
Network Requirements .......................................................................................................................................................349
Configuration Scheme ........................................................................................................................................................349
Network Topology .................................................................................................................................................................349
Using the GUI ............................................................................................................................................................................350
Using the CLI ............................................................................................................................................................................353
Example for Configuring Unknown Multicast and Fast Leave ....................................................................................355
Network Requirement ..........................................................................................................................................................355
Configuration Scheme ........................................................................................................................................................356
Using the GUI ............................................................................................................................................................................356
Using the CLI ............................................................................................................................................................................359
Example for Configuring Multicast Filtering ..........................................................................................................................360
Network Requirements .......................................................................................................................................................360
Configuration Scheme ........................................................................................................................................................360
Network Topology .................................................................................................................................................................360
Using the GUI ............................................................................................................................................................................361
Using the CLI ............................................................................................................................................................................368
Appendix: Default Parameters ..................................................................................................................................371
Default Parameters for IGMP Snooping .................................................................................................................................371
Default Parameters for MLD Snooping ...................................................................................................................................372
Configuring Logical Interfaces
Overview ............................................................................................................................................................................375
Logical Interfaces Configurations ............................................................................................................................376
Using the GUI .........................................................................................................................................................................................376
Creating a Layer 3 Interface .............................................................................................................................................376
Configuring IPv4 Parameters of the Interface .......................................................................................................377
Configuring IPv6 Parameters of the Interface .......................................................................................................378
Viewing Detail Information of the Interface .............................................................................................................381
Using the CLI ..........................................................................................................................................................................................381
Creating a Layer 3 Interface .............................................................................................................................................381
Configuring IPv4 Parameters of the Interface .......................................................................................................383
Configuring IPv6 Parameters of the Interface .......................................................................................................384
Appendix: Default Parameters ...................................................................................................................................387
Configuring Static Routing
Overview ............................................................................................................................................................................389
IPv4 Static Routing Configuration ............................................................................................................................390
Using the GUI .........................................................................................................................................................................................390
Using the CLI ..........................................................................................................................................................................................391
IPv6 Static Routing Configuration ............................................................................................................................392
Using the GUI .........................................................................................................................................................................................392
Using the CLI ..........................................................................................................................................................................................393
Viewing Routing Table ..................................................................................................................................................395
Using the GUI .........................................................................................................................................................................................395
Viewing IPv4 Routing Table ..............................................................................................................................................395
Viewing IPv6 Routing Table ..............................................................................................................................................395
Using the CLI ..........................................................................................................................................................................................396
Viewing IPv4 Routing Table ..............................................................................................................................................396
Viewing IPv6 Routing Table ..............................................................................................................................................397
Example for Static Routing ..........................................................................................................................................398
Network Requirements .....................................................................................................................................................................398
Configuration Scheme .....................................................................................................................................................................398
Using the GUI .........................................................................................................................................................................................398
Using the CLI ..........................................................................................................................................................................................399
Appendix: Default Parameter .....................................................................................................................................402
Configuring DHCP Relay
Overview ............................................................................................................................................................................404
DHCP Relay Configuration ..........................................................................................................................................405
Using the GUI .........................................................................................................................................................................................405
Enabling DHCP Relay and Configuring Option 82 ...............................................................................................405
Specifying DHCP Server for the Interface ...............................................................................................................406
Using the CLI ..........................................................................................................................................................................................407
Enabling DHCP Relay ...........................................................................................................................................................407
Configuring Option 82 .........................................................................................................................................................407
Specifying DHCP Server for the Interface ...............................................................................................................409
Configuration Example ................................................................................................................................................411
Network Requirements .....................................................................................................................................................................411
Configuration Scheme .....................................................................................................................................................................411
Using the GUI .........................................................................................................................................................................................412
Using the CLI ..........................................................................................................................................................................................413
Appendix: Default Parameters ...................................................................................................................................414
Configuring ARP
Overview ............................................................................................................................................................................416
ARP Configurations ........................................................................................................................................................417
Using the GUI .........................................................................................................................................................................................417
Viewing the ARP Entries .....................................................................................................................................................417
Adding Static ARP Entries Manually ............................................................................................................................418
Using the CLI ..........................................................................................................................................................................................418
Configuring ARP Function .................................................................................................................................................418
Configuring QoS
QoS ......................................................................................................................................................................................423
Overview ...................................................................................................................................................................................................423
Supported Features ...........................................................................................................................................................................423
DiffServ Configuration ..................................................................................................................................................424
Using the GUI .........................................................................................................................................................................................425
Configuring Priority Mode .................................................................................................................................................425
Configuring Schedule Mode ............................................................................................................................................428
Using CLI ..................................................................................................................................................................................................429
Configuring Priority Mode .................................................................................................................................................429
Configuring Schedule Mode ............................................................................................................................................433
Bandwidth Control Configuration .............................................................................................................................436
Using the GUI .........................................................................................................................................................................................436
Configuring Rate Limit .........................................................................................................................................................436
Configuring Storm Control ...............................................................................................................................................437
Using the CLI ..........................................................................................................................................................................................438
Configuring Rate Limit on Port .......................................................................................................................................438
Configuring Storm Control ...............................................................................................................................................439
Configuration Examples ...............................................................................................................................................442
Example for Configuring SP Mode .............................................................................................................................................442
Network Requirements .......................................................................................................................................................442
Configuration Scheme ........................................................................................................................................................442
Using the GUI ............................................................................................................................................................................443
Using the CLI ............................................................................................................................................................................444
Example for Configuring WRR Mode ........................................................................................................................................445
Network Requirements .......................................................................................................................................................445
Configuration Scheme ........................................................................................................................................................446
Using the GUI ............................................................................................................................................................................446
Using the CLI ............................................................................................................................................................................454
Appendix: Default Parameters ...................................................................................................................................458
Configuring Voice VLAN
Overview ...........................................................................................................................................................................461
Voice VLAN Configuration ..........................................................................................................................................463
Using the GUI .........................................................................................................................................................................................464
(Optional) Configuring OUI Addresses .......................................................................................................................464
Configuring Voice VLAN Globally .................................................................................................................................465
Configuring Voice VLAN Mode on Ports ..................................................................................................................466
Using the CLI .........................................................................................................................................................................................467
Configuration Example .................................................................................................................................................470
Network Requirements .....................................................................................................................................................................470
Configuration Scheme .....................................................................................................................................................................470
Network Topology..............................................................................................................................................................................470
Using the GUI .........................................................................................................................................................................................471
Using the CLI ..........................................................................................................................................................................................479
Appendix: Default Parameters ...................................................................................................................................483
Configuring PoE
PoE ......................................................................................................................................................................................485
Overview ...................................................................................................................................................................................................485
Supported Features ...........................................................................................................................................................................485
PoE Power Management Configurations ..............................................................................................................486
Using the GUI .........................................................................................................................................................................................486
Configuring the PoE Parameters Manually ..............................................................................................................486
Configuring the PoE Parameters Using the Profile .............................................................................................488
Using the CLI ..........................................................................................................................................................................................490
Configuring the PoE Parameters Manually ..............................................................................................................490
Configuring the PoE Parameters Using the Profile .............................................................................................492
Time-Range Function Configurations .....................................................................................................................494
Using the GUI .........................................................................................................................................................................................494
Creating a Time-Range .......................................................................................................................................................494
Configuring the Holiday Parameters ...........................................................................................................................496
Viewing the Time-Range Table ......................................................................................................................................496
Using the CLI ..........................................................................................................................................................................................497
Configuring a Time-Range ................................................................................................................................................497
Configuring the Holiday Parameters ...........................................................................................................................499
Viewing the Time-Range Table ......................................................................................................................................500
Example for PoE Configurations ...............................................................................................................................501
Network Requirements .....................................................................................................................................................................501
Configuring Scheme ..........................................................................................................................................................................501
Using the GUI .........................................................................................................................................................................................501
Using the CLI ..........................................................................................................................................................................................503
Appendix: Default Parameters ...................................................................................................................................505
Configuring ACL
ACL ......................................................................................................................................................................................507
Overview ...................................................................................................................................................................................................507
Supported Features ...........................................................................................................................................................................507
ACL Configurations ........................................................................................................................................................508
Using the GUI .........................................................................................................................................................................................508
Creating an ACL ......................................................................................................................................................................508
Configuring ACL Rules ........................................................................................................................................................509
Configuring Policy ..................................................................................................................................................................514
Configuring the ACL Binding and Policy Binding .................................................................................................515
Using the CLI ..........................................................................................................................................................................................519
Configuring ACL .....................................................................................................................................................................519
Configuring Policy ..................................................................................................................................................................524
ACL Binding and Policy Binding .....................................................................................................................................525
Configuration Example for ACL .................................................................................................................................528
Network Requirements .....................................................................................................................................................................528
Network Topology ...............................................................................................................................................................................528
Configuration Scheme .....................................................................................................................................................................528
Using the GUI .........................................................................................................................................................................................529
Using the CLI ..........................................................................................................................................................................................533
Appendix: Default Parameters ...................................................................................................................................535
Configuring Network Security
Network Security ............................................................................................................................................................537
Overview ...................................................................................................................................................................................................537
Supported Features ...........................................................................................................................................................................537
IP-MAC Binding Configurations.................................................................................................................................541
Using the GUI .........................................................................................................................................................................................541
Binding Entries Manually ....................................................................................................................................................541
Binding Entries Dynamically .............................................................................................................................................542
Viewing the Binding Entries ..............................................................................................................................................543
Using the CLI ..........................................................................................................................................................................................545
Binding Entries Manually ....................................................................................................................................................545
Viewing Binding Entries ......................................................................................................................................................546
DHCP Snooping Configuration ..................................................................................................................................547
Using the GUI .........................................................................................................................................................................................547
Enabling DHCP Snooping on VLAN .............................................................................................................................547
Configuring DHCP Snooping on Ports ......................................................................................................................548
(Optional) Configuring Option 82 ..................................................................................................................................549
Using the CLI ..........................................................................................................................................................................................550
Globally Configuring DHCP Snooping ........................................................................................................................550
Configuring DHCP Snooping on Ports ......................................................................................................................551
(Optional) Configuring Option 82 ..................................................................................................................................553
ARP Inspection Configurations .................................................................................................................................555
Using the GUI .........................................................................................................................................................................................555
Configuring ARP Detection ..............................................................................................................................................555
Configuring ARP Defend ....................................................................................................................................................556
Viewing ARP Statistics ........................................................................................................................................................557
Using the CLI ..........................................................................................................................................................................................558
Configuring ARP Detection ..............................................................................................................................................558
Configuring ARP Defend ....................................................................................................................................................559
Viewing ARP Statistics ........................................................................................................................................................561
DoS Defend Configuration ..........................................................................................................................................562
Using the GUI .........................................................................................................................................................................................562
Using the CLI ..........................................................................................................................................................................................563
802.1X Configuration ....................................................................................................................................................566
Using the GUI .........................................................................................................................................................................................566
Configuring the RADIUS Server .....................................................................................................................................566
Configuring 802.1X Globally ............................................................................................................................................570
Configuring 802.1X on Ports ...........................................................................................................................................572
Using the CLI ..........................................................................................................................................................................................573
Configuring the RADIUS Server .....................................................................................................................................573
Configuring 802.1X Globally ............................................................................................................................................575
Configuring 802.1X on Ports ...........................................................................................................................................577
AAA Configuration ..........................................................................................................................................................580
Using the GUI .........................................................................................................................................................................................581
Globally Enabling AAA .........................................................................................................................................................581
Adding Servers ........................................................................................................................................................................581
Configuring Server Groups ...............................................................................................................................................583
Configuring the Method List ............................................................................................................................................584
Configuring the AAA Application List .........................................................................................................................585
Configuring Login Account and Enable Password .............................................................................................586
Using the CLI ..........................................................................................................................................................................................587
Globally Enabling AAA .........................................................................................................................................................587
Adding Servers ........................................................................................................................................................................587
Configuring Server Groups ...............................................................................................................................................590
Configuring the Method List ............................................................................................................................................591
Configuring the AAA Application List .........................................................................................................................592
Configuring Login Account and Enable Password .............................................................................................595
Configuration Examples ...............................................................................................................................................597
Example for DHCP Snooping and ARP Detection ............................................................................................................597
Network Requirements .......................................................................................................................................................597
Configuration Scheme ........................................................................................................................................................597
Using the GUI ............................................................................................................................................................................598
Using the CLI ............................................................................................................................................................................601
Example for 802.1X ............................................................................................................................................................................603
Network Requirements .......................................................................................................................................................603
Configuration Scheme ........................................................................................................................................................603
Network Topology .................................................................................................................................................................604
Using the GUI ............................................................................................................................................................................604
Using the CLI ............................................................................................................................................................................607
Example for AAA ..................................................................................................................................................................................609
Network Requirements .......................................................................................................................................................609
Configuration Scheme ........................................................................................................................................................610
Using the GUI ............................................................................................................................................................................610
Using the CLI ............................................................................................................................................................................613
Appendix: Default Parameters ...................................................................................................................................616
Configuring LLDP
LLDP .....................................................................................................................................................................................621
Overview ...................................................................................................................................................................................................621
Supported Features ...........................................................................................................................................................................621
LLDP Configurations .....................................................................................................................................................622
Using the GUI .........................................................................................................................................................................................622
Global Config ............................................................................................................................................................................622
Port Config .................................................................................................................................................................................624
Using the CLI ..........................................................................................................................................................................................625
Global Config ............................................................................................................................................................................625
Port Config .................................................................................................................................................................................627
LLDP-MED Configurations ..........................................................................................................................................629
Using the GUI .........................................................................................................................................................................................629
Global Config ............................................................................................................................................................................629
Port Config .................................................................................................................................................................................630
Using the CLI ..........................................................................................................................................................................................632
Global Config ............................................................................................................................................................................632
Port Config .................................................................................................................................................................................633
Viewing LLDP Settings..................................................................................................................................................636
Using GUI ..................................................................................................................................................................................................636
Viewing LLDP Device Info .................................................................................................................................................636
Viewing LLDP Statistics .....................................................................................................................................................638
Using CLI ..................................................................................................................................................................................................639
Viewing LLDP-MED Settings ......................................................................................................................................641
Using GUI ..................................................................................................................................................................................................641
Using CLI ..................................................................................................................................................................................................643
Configuration Example .................................................................................................................................................644
Example for Configuring LLDP ....................................................................................................................................................644
Network Requirements .......................................................................................................................................................644
Network Topology .................................................................................................................................................................644
Configuration Scheme ........................................................................................................................................................644
Using the GUI ............................................................................................................................................................................644
Using CLI .....................................................................................................................................................................................645
Example for Configuring LLDP-MED ........................................................................................................................................651
Network Requirements .......................................................................................................................................................651
Configuration Scheme ........................................................................................................................................................651
Network Topology .................................................................................................................................................................651
Using the GUI ............................................................................................................................................................................652
Using the CLI ............................................................................................................................................................................656
Appendix: Default Parameters ...................................................................................................................................663
Configuring Maintenance
Maintenance ....................................................................................................................................................................665
Overview ...................................................................................................................................................................................................665
Supported Features ...........................................................................................................................................................................665
Monitoring the System .................................................................................................................................................666
Using the GUI .........................................................................................................................................................................................666
Monitoring the CPU ..............................................................................................................................................................666
Monitoring the Memory ......................................................................................................................................................667
Using the CLI ..........................................................................................................................................................................................668
Monitoring the CPU ..............................................................................................................................................................668
Monitoring the Memory ......................................................................................................................................................668
System Log Configurations .......................................................................................................................................669
Using the GUI .........................................................................................................................................................................................670
Configuring the Local Log .................................................................................................................................................670
Configuring the Remote Log ...........................................................................................................................................670
Backing up the Log File .....................................................................................................................................................671
Viewing the Log Table .........................................................................................................................................................672
Using the CLI ..........................................................................................................................................................................................672
Configuring the Local Log .................................................................................................................................................672
Configuring the Remote Log ...........................................................................................................................................674
Diagnosing the Device ..................................................................................................................................................676
Using the GUI .........................................................................................................................................................................................676
Using the CLI ..........................................................................................................................................................................................677
Diagnosing the Network ...............................................................................................................................................678
Using the GUI .........................................................................................................................................................................................678
Configuring the Ping Test ..................................................................................................................................................678
Configuring the Tracert Test ...........................................................................................................................................679
Using the CLI ..........................................................................................................................................................................................679
Configuring the Ping Test ..................................................................................................................................................679
Configuring the Tracert Test ...........................................................................................................................................680
Configuration Example for Remote Log .................................................................................................................682
Network Requirements .....................................................................................................................................................................682
Configuration Scheme .....................................................................................................................................................................682
Using the GUI ........................................................................................................................................................................................682
Using the CLI .........................................................................................................................................................................................683
Appendix: Default Parameters ...................................................................................................................................684
Configuring SNMP & RMON
SNMP Overview ...............................................................................................................................................................686
SNMP Configurations ....................................................................................................................................................687
Using the GUI .........................................................................................................................................................................................688
Enabling SNMP ........................................................................................................................................................................688
Creating an SNMP View......................................................................................................................................................688
Creating an SNMP Group ..................................................................................................................................................689
Creating SNMP Users .........................................................................................................................................................691
Creating SNMP Communities .........................................................................................................................................692
Using the CLI ..........................................................................................................................................................................................693
Enabling SNMP ........................................................................................................................................................................693
Creating an SNMP View......................................................................................................................................................695
Creating an SNMP Group ..................................................................................................................................................696
Creating SNMP Users ..........................................................................................................................................................698
Creating SNMP Communities .........................................................................................................................................699
Notification Configurations .........................................................................................................................................701
Using the GUI .........................................................................................................................................................................................701
Using the CLI ..........................................................................................................................................................................................703
Configuring the Host ............................................................................................................................................................703
Enabling SNMP Notification .............................................................................................................................................704
RMON Overview ..............................................................................................................................................................709
RMON Configurations ...................................................................................................................................................710
Using the GUI .........................................................................................................................................................................................710
Configuring Statistics ..........................................................................................................................................................710
Configuring History ...............................................................................................................................................................711
Configuring Event ..................................................................................................................................................................712
Configuring Alarm ..................................................................................................................................................................713
Using the CLI ..........................................................................................................................................................................................715
Configuring Statistics ..........................................................................................................................................................715
Configuring History ...............................................................................................................................................................716
Configuring Event ..................................................................................................................................................................717
Configuring Alarm ..................................................................................................................................................................719
Configuration Example ................................................................................................................................................721
Network Requirements .....................................................................................................................................................................721
Configuration Scheme .....................................................................................................................................................................721
Network Topology ...............................................................................................................................................................................722
Using the GUI .........................................................................................................................................................................................722
Using the CLI ..........................................................................................................................................................................................727
Appendix: Default Parameters ...................................................................................................................................733
About This Guide Intended Readers
About This Guide
This Configuration Guide provides information for managing T1600G Series Switches.
Please read this guide carefully before operation.
Intended Readers
This Guide is intended for network managers familiar with IT concepts and network
terminologies.
Conventions
When using this guide, please notice that features of the switch may vary slightly
depending on the model and software version you have. All screenshots, images,
parameters and descriptions documented in this guide are used for demonstration only.
The information in this document is subject to change without notice. Every effort has
been made in the preparation of this document to ensure accuracy of the contents, but
all statements, information, and recommendations in this document do not constitute
the warranty of any kind, express or implied. Users must take full responsibility for their
application of any products.
In this Guide, the following conventions are used:
The symbol
make better use of your device.
For GUI:
Menu Name > Submenu Name > Tab page indicates the menu structure. System >
System Info > System Summary means the System Summary page under the System Info
menu option that is located under the System menu.
Bold font indicates a button, a toolbar icon, menu or menu item.
For CLI:
stands for
. Notes contains suggestions or references that helps you
Note
Bold Font An unalterable keyword.
For example: show logging
Normal Font A constant (several options are enumerated and only one can be
selected).
For example: no bandwidth {all | ingress | egress}
{} Items in braces { } are required.
Configuration Guide 1
About This Guide More Information
[] Items in square brackets [ ] are optional.
| Alternative items are grouped in braces and separated by vertical bars |.
For example: speed {10 | 100 | 1000}
Italic Font
Common combination:
{[ ][ ][ ]} A least one item in the square brackets must be selected.
A variable (an actual value must be assigned).
For example: bridge aging-time
For example: bandwidth {[ingress
]}
rate
This command can be used on three occasions:
bandwidth ingress
bandwidth.
bandwidth egress
bandwidth.
bandwidth ingress
restrict ingress and egress bandwidth.
i
ngress-rate
egress-rate
ingress-rate
aging-time
ingress-rate
is used to restrict ingress
is used to restrict egress
egress
egress-rate
] [egress
is used to
More Information
egress-
The latest software and documentations can be found at Download Center at http://
www.tp-link.com/support.
The Installation Guide (IG) can be found where you find this guide or inside the package
of the switch.
Specifications can be found on the product page at http://www.tp-link.com.
A Technical Support Forum is provided for you to discuss our products at http://forum.
tp-link.com.
Our Technical Support contact information can be found at the Contact Technical
Support page at http://www.tp-link.com/support.
Configuration Guide 2
Part 1
Accessing the Switch
CHAPTERS
1. Overview
2. Web Interface Access
3. Command Line Interface Access
Accessing the Switch Overview
1
Overview
You can access and manage the switch using the GUI (Graphical User Interface, also called
web interface in this text) or using the CLI (Command Line Interface). There are equivalent
functions in the web interface and the command line interface, while web configuration is
easier and more visual than the CLI configuration. You can choose the method according
to their available applications and preference.
Configuration Guide 4
Accessing the Switch Web Interface Access
2
Web Interface Access
You can access the switch’s web interface through the web-based authentication.
The switch uses two built-in web servers, HTTP server and HTTPS server, for user
authentication.
The following example shows how to login via the HTTP server.
2.1 Login
To manage your switch through a web browser in the host PC:
1) Make sure that the route between the host PC and the switch is available.
2) Launch a web browser. The supported web browsers include, but are not limited to, the
following types:
IE 8.0, 9.0, 10.0, 11.0
Firefox 26.0, 27.0
Chrome 32.0, 33.0
3) Enter the switch’s IP address in the web browser’s address bar. The switch’s default IP
address is 192.168.0.1.
Figure 2-1 Enter the switch's IP addresss in the browser
4) Enter the username and password in the pop-up login window. Use admin for both
username and password in lower case letters.
Figure 2-2 Login authentication
5) The typical web interface displays below. You can view the switch’s running status and
configure the switch on this interface.
Configuration Guide
5
Accessing the Switch Web Interface Access
Figure 2-3 Web interface
2.2 Save Config Function
The switch’s configuration files fall into two types: the running configuration file and the
start-up configuration file.
After you perform configurations on the sub-interfaces and click Apply, the modifications
will be saved in the running configuration file. The configurations will be lost when the
switch reboots.
If you need to keep the configurations after the switch reboots, please user the Save Config
function on the main interface to save the configurations in the start-up configuration file.
Configuration Guide 6
Accessing the Switch Web Interface Access
Figure 2-4 Save Config
2.3 Disable the Web Server
You can shut down the HTTP server or HTTPS server to block any access to the web
interface.
System > Access Security > HTTP Config, disable the HTTP server and click Apply.
Go to
Figure 2-5 Shut down HTTP server
Configuration Guide
7
Accessing the Switch Web Interface Access
System > Access Security > HTTPS Config, disable the HTTPS server and click Apply.
Go to
Figure 2-6 Disbale the HTTPS Server
2.4 Configure the Switch's IP Address and Default Gateway
If you want to access the switch via a specified port (hereafter referred to as the access
port), you can configure the port as a routed port and specify its IP address, or configure
the IP address of the VLAN which the access port belongs to.
Change the IP Address
By default, all the ports belong to VLAN 1 with the VLAN interface IP 192.168.0.1.
The following example shows how to change the switch’s default access IP address
192.168.0.1.
1) Go to
Routing > Interface > Interface Config
. The default access IP address in VLAN 1 in
the Interface List. Click Edit to modify the VLAN1’s IP address.
Figure 2-7 Change VLAN1's IP address
2) Choose the IP Address Mode as Static. Enter the new access address in the IP
Address field and click Apply. Make sure that the route between the host PC and the
switch’s new IP address is available.
Configuration Guide 8
Accessing the Switch Web Interface Access
Figure 2-8 Specify the IP address
3) Enter the new IP address in the web browser to access the switch.
4) Click Save Config to save the settings.
Configure the Default Gateway
The following example shows how to configure the switch’s gateway. By default, the switch
has no default gateway.
1) Go to page
Routing > Static Routing > IPv4 Static Routing Config
. Configure the parameters
related to the switch’s gateway and click Create.
Figure 2-9 Configure the default gateway
Destination Specify the destination as 0.0.0.0.
Subnet Mask Specify the subnet mask as 255.255.255.0.
Next Hop Configure your desired default gateway as the next hop’s IP address.
Configuration Guide
9
Accessing the Switch Web Interface Access
Distance Specify the distance as 1.
2) Click Save Config to save the settings.
3) Check the routing table to verify the default gateway you configured. The entry marked
in red box displays the valid default gateway.
Figure 2-10 View the default gateway
Configuration Guide 10
Accessing the Switch Command Line Interface Access
3
Command Line Interface Access
Users can access the switch's command line interface through the console (only for switch
with console port), Telnet or SSH connection, and manage the switch with the command
lines.
Console connection requires the host PC connecting to the switch’s console port directly,
while Telnet and SSH connection support both local and remote access.
The following table shows the typical applications used in the CLI access.
Table 3-1 Method list
Method Using Port Typical Applications
Console Console port (connected
directly)
Telnet RJ-45 port CMD
SSH RJ-45 port Putty
Hyper Terminal
3.1 Console Login (only for switch with console port)
Follow these steps to log in to the switch via the Console port:
1) Connect the PC or terminal to the Console port on the switch with the serial cable.
2) Start the terminal emulation program (such as the Hyper Terminal) on the PC and
configure the terminal emulation program as follows:
·Baud Rate: 38400bps
·Data Bits: 8
·Parity: None
·Stop Bits: 1
·Flow Control: None
3) Press Enter in the main window and Switch> will appear, indicating that you have
successfully logged in to the switch and you can use the CLI now.
Configuration Guide
11
Accessing the Switch Command Line Interface Access
Figure 3-1 CLI Main Window
4) Enter enable to enter the User EXEC Mode to further configure the switch.
Figure 3-2 User EXEC Mode
Note:
In Windows XP, go to Start > All Programs > Accessories > Communications > Hyper Terminal to
open the Hyper Terminal and configure the above settings to log in to the switch.
Configuration Guide 12
Accessing the Switch Command Line Interface Access
3.2 Telnet Login
The switch supports Login Local Mode for authentication by default.
Login Local Mode: Username and password are required, which are both admin by default.
The following steps show how to manage the switch via the Login Local Mode:
1) Make sure the switch and the PC are in the same LAN (Local Area Network). Click Start
and type in cmd in the Search bar and press Enter.
Figure 3-3 Open the cmd Window
2) Type in telnet 192.168.0.1 in the cmd window and press Enter.
Figure 3-4 Log In to the Switch
3) Type in the login username and password (both admin by default). Press Enter and you
will enter User EXEC Mode.
Figure 3-5 Enter User EXEC Mode
4) Type in enable command and you will enter Privileged EXEC Mode. By default no
password is needed. Later you can set a password for users who want to access the
Privileged EXEC Mode.
Configuration Guide
13
Accessing the Switch Command Line Interface Access
Figure 3-6 Enter Privileged EXEC Mode
Now you can manage your switch with CLI commands through Telnet connection.
3.3 SSH Login
SSH login supports the following two modes: Password Authentication Mode and Key
Authentication Mode. You can choose one according to your needs:
Password Authentication Mode: Username and password are required, which are both
admin by default.
Key Authentication Mode (Recommended): A public key for the switch and a private key
for the client software (PuTTY) are required. You can generate the public key and the
private key through the PuTTY Key Generator.
Before logging in via SSH, follow the steps below to enable SSH on the terminal emulation
program:
Figure 3-7 Enable SSH
Password Authentication Mode
1) Open PuTTY and go to the Session page. Enter the IP address of the switch in the Host
Name field and keep the default value 22 in the Port field; select SSH as the Connection
type. Click Open.
Configuration Guide 14
Accessing the Switch Command Line Interface Access
Figure 3-8 Configurations in PuTTY
2) Enter the login username and password to log in to the switch, and you can continue to
configure the switch.
Figure 3-9 Log In to the Switch
Key Authentication Mode
1) Open the PuTTY Key Generator. In the Parameters section, select the key type and
enter the key length. In the Actions section, click Generate to generate a public/private
key pair. In the following figure, an SSH-2 RSA key pair is generated, and the length of
each key is 1024 bits.
Configuration Guide
15
Accessing the Switch Command Line Interface Access
Figure 3-10 Generate a Public/Private Key Pair
Note:
The key length should be between 512 and 3072 bits.
•
You can accelerate the key generation process by moving the mouse quickly and randomly in
•
the Key section.
2) After the keys are successfully generated, click Save public key to save the public key
to a TFTP server; click Save private key to save the private key to the host PC.
Figure 3-11 Save the Generated Keys
Configuration Guide 16
Accessing the Switch Command Line Interface Access
3) On Hyper Terminal, download the public key file from the TFTP server to the switch as
shown in the following figure:
Figure 3-12 Download the Public Key to the Switch
Note:
The key type should accord with the type of the key file. In the above CLI, v1 corresponds to
•
SSH-1 (RSA), and v2 corresponds to SSH-2 RSA and SSH-2 DSA.
The key downloading process cannot be interrupted.
•
4) After the public key is downloaded, open PuTTY and go to the Session page. Enter the
IP address of the switch and select SSH as the Connection type (keep the default value
in the Port field).
Figure 3-13 Configure the Host Name and Connection Type
5) Go to Connection > SSH > Auth. Click Browse to download the private key file to
PuTTY. Click Open to start the connection and negotiation.
Configuration Guide
17
Accessing the Switch Command Line Interface Access
Figure 3-14 Download the Private Key to PuTTY
6) After negotiation is completed, enter the username to log in. If you can log in without
entering the password, the key authentication completed successfully.
Figure 3-15 Log In to the Switch
3.4 Disable Telnet login
You can shut down the Telnet function to block any Telnet access to the CLI interface.
Using the GUI:
System > Access Security > Telnet Config, disable the Telnet function and click Apply.
Go to
Figure 3-16 Disable Telnet login
Configuration Guide 18
Accessing the Switch Command Line Interface Access
Using the CLI:
Switch#configure
Switch(config)#telnet disable
3.5 Disable SSH login
You can shut down the SSH server to block any SSH access to the CLI interface.
Using the GUI:
System > Access Security > SSH Config, disable the SSH server and click Apply.
Go to
Figure 3-17 Shut down SSH server
Using the CLI:
Switch#configure
Switch(config)#no ip ssh server
3.6 Copy running-config startup-config
The switch’s configuration files fall into two types: the running configuration file and the
start-up configuration file.
After you enter each command line, the modifications will be saved in the running
configuration file. The configurations will be lost when the switch reboots.
If you need to keep he configurations after the switch reboots, please use the command
copy running-config startup-config to save the configurations in the start-up
configuration file.
Switch(config)#end
Switch#copy running-config startup-config
Configuration Guide
19
Accessing the Switch Command Line Interface Access
3.7 Change the Switch's IP Address and Default Gateway
If you want to access the switch via a specified port (hereafter referred to as the access
port), you can configure the port as a routed port and specify its IP address, or configure
the IP address of the VLAN which the access port belongs to.
Change the IP Address
By default, all the ports belong to VLAN 1 with the VLAN interface IP 192.168.0.1/24. In
the following example, we will show how to replace the switch’s default access IP address
192.168.0.1/24 with 192.168.0.10/24.
Switch#configure
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.0.10 255.255.255.0
The connection will be interrupted and you should telnet to the switch's new IP address
192.168.0.10.
C:\Users\Administrator>telnet 192.168.0.10
User:admin
Password:admin
Switch>enable
Switch#copy running-config startup-config
Configure the Default Gateway
In the following example, we will show how to configure the switch’s gateway as
192.168.0.100. By default, the switch has no default gateway.
Switch#configure
Switch(config)#ip route 0.0.0.0 255.255.255.0 192.168.0.100 1
Switch(config)#end
Switch#copy running-config startup-config
Configuration Guide 20
Part 2
Managing System
CHAPTERS
1. System
2. System Info Configurations
3. User Management Configurations
4. System Tools Configurations
5. Access Security Configurations
6. SDM Template Configuration
7. Appendix: Default Parameters
Managing System System
1
System
1.1 Overview
The System module is mainly used to configure and view the system information of the
switch. It provides controls over the type of the access users and the access security.
1.2 Supported Features
System Info
The System Info is mainly used for the basic properties configuration. You can view the
switch’s port status and system information, and configure the device description, system
time, and daylight saving time.
User management
User Management function is used to configure the user name and password for users to
log into the switch with a certain access level so as to protect the settings of the switch
from being randomly changed.
System Tools
The System Tools are used to manage the configuration file of the switch. With these tools,
you can configure the boot file of the switch, backup and restore the configurations of the
switch, update the firmware, reset the switch, and reboot the switch.
Boot Config function is used to configure the boot file of the switch uploaded before, and
the switch will boot up according to your configuration file.
Reboot Schedule function is used to set a schedule for the switch to reboot.
Access Security
Access Security provides different security measures for accessing the switch remotely
so as to enhance the configuration management security.
Access Control function is used to control the users’ access to the switch by filtering IP
address, MAC address or port.
HTTP Config function is based on the HTTP protocol. It can allow or deny users to access
the switch via a web browser.
HTTPS Config function is based on the SSL or TLS protocol working in transport layer. It
supports a security access via a web browser.
Configuration Guide 22
Managing System System
SSH Config function is based on the SSH protocol, a security protocol established on
application and transport layers. The function with SSH is similar to a telnet connection, but
SSH can provide information security and powerful authentication.
SDM Template
The switch SDM (Switch Database Management) templates prioritize system resources to
optimize support for certain features. SDM Template function provides three templates for
users to allocate hardware resources for different usage.
Configuration Guide
23
Managing System System Info Configurations
2
System Info Configurations
With system information configurations, you can:
View the system summary
Specify the device description
Set the system time
Set the daylight saving time
2.1 Using the GUI
2.1.1 Viewing the System Summary
Choose the menu System > System Info > System Summary to load the following page.
Figure 2-1 Viewing the System Summary
Port Status Indication
Indicates that the corresponding 1000Mbps port is not connected to a device.
Indicates that the corresponding 1000Mbps port is at the speed of 1000Mbps.
Indicates that the corresponding 1000Mbps port is at the speed of 10Mbps or
100Mbps.
Indicates that the corresponding SFP port is not connected to a device.
Configuration Guide 24
Managing System System Info Configurations
Indicates the SFP port is at the speed of 1000Mbps.
Move the cursor to the port to view the detailed information of the port.
Figure 2-2 Port Information
Port Information Indication
Port Displays the port number of the switch.
Type Displays the type of the port.
Speed Displays the maximum transmission rate of the port.
Status Displays the connection status of the port.
Click a port to view the bandwidth utilization on this port.
Figure 2-3 Bnadwidth Utilization
Rx Select Rx to view the bandwidth utilization of receiving packets on this port.
Tx Select Tx to view the bandwidth utilization of sending packets on this port.
Configuration Guide
25
Managing System System Info Configurations
2.1.2 Specifying the Device Description
Choose the menu System > System Info > Device Description to load the following page.
Figure 2-4 Specifying the Device Description
1) In the Device Description section, specify the following information.
Device Name Enter the name of the switch.
Device Location Enter the location of the switch.
System Contact Enter the contact information.
2) Click Apply.
2.1.3 Setting the System Time
Choose the menu System > System Info > System Time to load the following page.
Figure 2-5 Setting the System Time
In the Time Info section, view the current time information of the switch.
Configuration Guide 26
Managing System System Info Configurations
Current System
Time
Current Time
Source
Displays the current date and time of the switch.
Displays the current time source of the switch.
In the Time Config section, follow these steps to configure the system time:
1) Choose one method to set the system time and specify the information.
Manual Set the system time manually.
Date: Specify the date of the system.
Time: Specify the time of the system.
Get Time from
NTP Server
Set the system time by getting time from NTP server. Make sure the NTP server
is accessible on your network. If the NTP server is on the Internet, connect the
switch to the Internet first.
Time Zone: Select your local time zone.
Primary Server: Enter the IP Address of the primary NTP server.
Secondary Server: Enter the IP Address of the secondary NTP server.
Update Rate: Specify the interval the switch fetching time from NTP server, which
ranges from 1 to 24 hours. The default value is 12 hours.
Synchronize
with PC’s Clock
Synchronize the system time of the switch with PC’s clock.
2) Click Apply.
2.1.4 Setting the Daylight Saving Time
Choose the menu System > System Info > Daylight Saving Time to load the following
page.
Configuration Guide
27
Managing System System Info Configurations
Figure 2-6 Setting the Daylight Saving Time
Follow these steps to configure Daylight Saving Time:
1) In the DST Config section, select Enable to enable the Daylight Saving Time function.
2) Choose one method to set the Daylight Saving Time of the switch and specify the
information.
Predefined
Mode
Recurring Mode If you select Recurring Mode, specify a cycle time range for the Daylight Saving
If you select Predefined Mode, choose a predefined DST schedule for the switch.
USA: Select the Daylight Saving Time of the USA. It is from 2: 00 a.m. on the
Second Sunday in March to 2:00 a.m. on the First Sunday in November.
Australia: Select the Daylight Saving Time of Australia. It is from 2:00 a.m. on the
First Sunday in October to 3:00 a.m. on the First Sunday in April.
Europe: Select the Daylight Saving Time of Europe. It is from 1: 00 a.m. on the Last
Sunday in March to 1:00 a.m. on the Last Sunday in October.
New Zealand: Select the Daylight Saving Time of New Zealand. It is from 2: 00 a.m.
on the Last Sunday in September to 3:00 a.m. on the First Sunday in April.
Time of the switch. This configuration will be used every year.
Offset: Specify the time to set the clock forward by.
Start Time: Specify the start time of Daylight Saving Time. The interval between
start time and end time should be more than 1 day and less than 1 year(365 days).
End Time: Specify the end time of Daylight Saving Time. The interval between
start time and end time should be more than 1 day and less than 1 year (365 days).
Configuration Guide 28
Managing System System Info Configurations
Date Mode If you select Date Mode, specify an absolute time range for the Daylight Saving
Time of the switch. This configuration will be used only one time.
Offset: Specify the time to set the clock forward by.
Start Time: Specify the start time of Daylight Saving Time. The interval between
start time and end time should be more than 1 day and less than 1 year(365 days).
End Time: Specify the end time of Daylight Saving Time. The interval between
start time and end time should be more than 1 day and less than 1 year (365 days).
3) Click Apply.
2.2 Using the CLI
2.2.1 Viewing the System Summary
On privileged EXEC mode or any other configuration mode, you can use the following
command to view the system information of the switch:
show interface status [ fastEthernet
View status of the interface.
: Enter the number of the Ethernet port.
port
show system-info
View the system information including system Description, Device Name, Device Location, System
Contact, Hardware Version, Firmware Version, System Time, Run Time and so on.
| gigabitEthernet
port
| ten-gigabitEthernet
port
port
]
The following example shows how to view the interface status and the system information
of the switch.
Switch#show interface status
Port Status Speed Duplex FlowCtrl Jumbo Active-Medium
------- ----------- ----- ------ -------- --------- -------------
Gi1/0/1 LinkDown N/A N/A N/A Disable Copper
Gi1/0/2 LinkDown N/A N/A N/A Disable Copper
Gi1/0/3 LinkUp 1000M Full Disable Disable Copper
...
Gi1/0/50 LinkDown N/A N/A N/A Disable Fiber
Gi1/0/51 LinkDown N/A N/A N/A Disable Fiber
Gi1/0/52 LinkDown N/A N/A N/A Disable Fiber
Switch#show system-info
Configuration Guide
29
Managing System System Info Configurations
System Description - JetStream 48-Port Gigabit Smart Switch with 4 SFP Slots
System Name - T1600G-52TS
System Location - SHENZHEN
Contact Information - www.tp-link.com
Hardware Version - T1600G-52TS 1.0
Software Version - 1.0.3 Build 20160412 Rel.52132(s)
System Time - 2016-01-04 10:07:38
Running Time - 3 day - 2 hour - 8 min - 26 sec
2.2.2 Specifying the Device Description
Follow these steps to specify the device description:
Step 1 configure
Enter global configuration mode.
Step 2 hostname [
Specify the system name of the switch.
hostname
default, it is the model name of the switch.
Step 3 location [
Specify the system location of the switch.
location
it is “SHENZHEN”.
Step 4 contact-info [
Specify the system contact Information.
contact-info
default, it is “www.tp-link.com”.
Step 5 show system-info
hostname
: Enter the system name. The length of the name ranges from 1 to 32 characters. By
location
: Enter the device location. It should consist of no more than 32 characters. By default,
contact-info
: Enter the contact information. It should consist of no more than 32 characters. By
]
]
]
Verify the system information including system Description, Device Name, Device Location,
System Contact, Hardware Version, Firmware Version, System Time, Run Time and so on.
Step 6 end
Return to privileged EXEC mode.
Step 7 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the device name as Switch_A, set the location as
BEIJING and set the contact information as http://www.tp-link.com.
Configuration Guide 30
Managing System System Info Configurations
Switch#configure
Switch(config)#hostname Switch_A
Switch(config)#location BEIJING
Switch(config)#contact-info http://www.tp-link.com
Switch(config)#show system-info
System Description - JetStream 48-Port Gigabit Smart Switch with 4 SFP Slots
System Name - Switch_A
System Location - BEIJING
Contact Information - http://www.tp-link.com
...
Switch(config)#end
Switch#copy running-config startup-config
2.2.3 Setting the System Time
Follow these steps and choose one method to set the system time:
Step 1 configure
Enter global configuration mode.
Step 2 Use the following command to set the system time manually:
system-time manual
Configure the system time manually.
: Specify the date and time manually in the format of MM/DD/YYYY-HH:MM:SS. The valid
time
value of the year ranges from 2000 to 2037.
Use the following command to set the system time by getting time from the NTP server:
system-time ntp {
Configure the time zone and the NTP server to get time from the NTP server. Ensure the NTP
server is accessible. If the NTP server is on the Internet, connect the switch to the Internet first.
time
timezone
} {
ntp-server
} {
backup-ntp-server
} {
fetching-rate
}
timezone
: Enter your local time-zone, which ranges from UTC-12:00 to UTC+13:00.
Configuration Guide
31
Managing System System Info Configurations
The detailed information of each time-zone are displayed as follows:
UTC-12:00 —— TimeZone for International Date Line West.
UTC-11:00 —— TimeZone for Coordinated Universal Time-11.
UTC-10:00 —— TimeZone for Hawaii.
UTC-09:00 —— TimeZone for Alaska.
UTC-08:00 —— TimeZone for Pacific Time (US Canada).
UTC-07:00 —— TimeZone for Mountain Time (US Canada).
UTC-06:00 —— TimeZone for Central Time (US Canada).
UTC-05:00 —— TimeZone for Eastern Time (US Canada).
UTC-04:30 —— TimeZone for Caracas.
UTC-04:00 —— TimeZone for Atlantic Time (Canada).
UTC-03:30 —— TimeZone for Newfoundland.
UTC-03:00 —— TimeZone for Buenos Aires, Salvador, Brasilia.
UTC-02:00 —— TimeZone for Mid-Atlantic.
UTC-01:00 —— TimeZone for Azores, Cape Verde Is.
UTC —— TimeZone for Dublin, Edinburgh, Lisbon, London.
UTC+01:00 —— TimeZone for Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.
UTC+02:00 —— TimeZone for Cairo, Athens, Bucharest, Amman, Beirut, Jerusalem.
UTC+03:00 —— TimeZone for Kuwait, Riyadh, Baghdad.
UTC+03:30 —— TimeZone for Tehran.
UTC+04:00 —— TimeZone for Moscow, St.Petersburg, Volgograd, Tbilisi, Port Louis.
UTC+04:30 —— TimeZone for Kabul.
UTC+05:00 —— TimeZone for Islamabad, Karachi, Tashkent.
UTC+05:30 —— TimeZone for Chennai, Kolkata, Mumbai, New Delhi.
UTC+05:45 —— TimeZone for Kathmandu.
UTC+06:00 —— TimeZone for Dhaka,Astana, Ekaterinburg.
UTC+06:30 —— TimeZone for Yangon (Rangoon).
UTC+07:00 —— TimeZone for Novosibrisk, Bangkok, Hanoi, Jakarta.
UTC+08:00 —— TimeZone for Beijing, Chongqing, Hong Kong, Urumqi, Singapore.
UTC+09:00 —— TimeZone for Seoul, Irkutsk, Osaka, Sapporo, Tokyo.
UTC+09:30 —— TimeZone for Darwin, Adelaide.
UTC+10:00 —— TimeZone for Canberra, Melbourne, Sydney, Brisbane.
UTC+11:00 —— TimeZone for Solomon Is., New Caledonia, Vladivostok.
UTC+12:00 —— TimeZone for Fiji, Magadan, Auckland, Welington.
UTC+13:00 —— TimeZone for Nuku’alofa, Samoa.
ntp-server
backup-ntp-server
fetching-rate
: Specify the IP address of the primary NTP server.
: Specify the IP address of the backup NTP server.
: Specify the interval fetching time from the NTP server.
Configuration Guide 32
Managing System System Info Configurations
Step 3 Use the following command to verify the system time information.
show system-time
Verify the system time information.
Use the following command to verify the NTP mode configuration information.
show system-time ntp
Verify the system time information of NTP mode.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the system time by Get Time from NTP Server and
set the time zone as UTC+08:00, set the NTP server as 133.100.9.2, set the backup NTP
server as 139.78.100.163 and set the update rate as 11.
Switch#configure
Switch(config)#system-time ntp UTC+08:00 133.100.9.2 139.78.100.163 11
Switch(config)#show system-time ntp
Time zone : UTC+08:00
Prefered NTP server: 133.100.9.2
Backup NTP server: 139.78.100.163
Last successful NTP server: 133.100.9.2
Update Rate: 11 hour(s)
Switch(config)#end
Switch#copy running-config startup-config
2.2.4 Setting the Daylight Saving Time
Follow these steps and choose one method to set the Daylight Saving Time:
Step 1 configure
Enter global configuration mode.
Configuration Guide
33
Managing System System Info Configurations
Step 2 Use the following command to select a predefined Daylight Saving Time configuration:
system-time dst predefined [ USA | Australia | Europe | New-Zealand ]
Specify the Daylight Saving Time using a predefined schedule.
USA | Australia | Europe | New-Zealand: Select one mode of Daylight Saving Time.
USA: 02:00 a.m. on the Second Sunday in March ~ 02:00 a.m. on the First Sunday in November.
Australia: 02:00 a.m. on the First Sunday in October ~ 03:00 a.m. on the First Sunday in April.
Europe: 01:00 a.m. on the Last Sunday in March ~ 01:00 a.m. on the Last Sunday in October.
New Zealand: 02:00 a.m. on the Last Sunday in September ~ 03:00 a.m. on the First Sunday in
April.
Use the following command to set the Daylight Saving Time in recurring mode:
system-time dst recurring {
} [
etime
Specify the Daylight Saving Time in Recuring mode.
: Enter the start week of Daylight Saving Time. There are 5 values showing as follows:
sweek
first, second, third, fourth, last.
: Enter the start day of Daylight Saving Time. There are 7 values showing as follows: Sun,
sday
Mon, Tue, Wed, Thu, Fri, Sat.
smonth
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
: Enter the start time of Daylight Saving Time,in the format of HH:MM.
stime
: Enter the end week of Daylight Saving Time. There are 5 values showing as follows:
eweek
first, second, third, fourth, last.
: Enter the end day of Daylight Saving Time. There are 7 values showing as follows: Sun,
eday
Mon, Tue, Wed, Thu, Fri, Sat.
emonth
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
: Enter the end time of Daylight Saving Time,in the format of HH:MM.
etime
: Enter the offset of Daylight Saving Time. The default value is 60.
offset
]
offset
: Enter the start month of Daylight Saving Time. There are 12 values showing as follows:
: Enter the end month of Daylight Saving Time. There are 12 values showing as follows:
sweek
} {
sday
} {
smonth
} {
stime
} {
eweek
} {
eday
} {
emonth
} {
Use the following command to set the Daylight Saving Time in date mode:
system-time dst date {
]
offset
Specify the Daylight Saving Time in Date mode.
smonth
} {
sday
} {
stime
} {
syear
} {
emonth
} {
eday
Configuration Guide 34
} {
etime
} {
eyear
} [
Managing System System Info Configurations
: Enter the start month of Daylight Saving Time. There are 12 values showing as follows:
smonth
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
: Enter the start day of Daylight Saving Time, which ranges from 1 to 31.
sday
: Enter the start time of Daylight Saving Time,in the format of HH:MM.
stime
: Enter the start year of Daylight Saving Time.
syear
: Enter the end month of Daylight Saving Time. There are 12 values showing as follows:
emonth
Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
: Enter the end day of Daylight Saving Time, which ranges from 1 to 31.
eday
: Enter the end time of Daylight Saving Time,in the format of HH:MM.
etime
: Enter the end year of Daylight Saving Time.
eyear
: Enter the offset of Daylight Saving Time. The default value is 60.
offset
Step 3 show system-time dst
Verify the DST information of the switch.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the Daylight Saving Time by Date Mode. Set the
start time as 01:00 August 1st, 2016, set the end time as 01:00 September 1st,2016 and
set the offset as 50.
Switch#configure
Switch(config)#system-time dst date Aug 1 01:00 2016 Sep 1 01:00 2016 50
Switch(config)#show system-time dst
DST starts at 01:00:00 on Aug 1 2016
DST ends at 01:00:00 on Sep 1 2016
DST offset is 50 minutes
DST configuration is one-off
Switch(config)#end
Switch#copy running-config startup-config
Configuration Guide
35
Managing System User Management Configurations
3
User Management Configurations
With user management configurations, you can:
Create Admin accounts
Create accounts of other types
3.1 Using the GUI
3.1.1 Creating Admin Accounts
Choose the menu System > User Management > User Config to load the following page.
Figure 3-1 Create Admin Accounts
Follow these steps to create an Admin account:
1) In the User Info section, select Admin from the drop-down list and specify the user
name and password.
User Name Create a user name for users' login. It contains 16 characters at most,
composed of digits, English letters and underscore only.
Configuration Guide 36
Managing System User Management Configurations
Access Level Select the access level as Admin.
Admin: Admin can edit, modify and view all the settings of different
functions.
Operator: Operator can edit, modify and view most of the settings of
different functions.
Power User: Power User can edit, modify and view some of the settings of
different functions.
User: User can only view the settings without the right to edit or modify.
Password Type a password for users' login. It is a string from 1 to 31 alphanumeric
characters or symbols. You can use digits, English letters (case sensitive),
underscore and sixteen special characters.
Confirm
Password
Retype the password.
2) Click Create.
3.1.2 Creating Accounts of Other Types
You can create accounts with the access level of Operator,Power User and User here. You
also need to go to the AAA section to create an Enable Password for these accounts. The
Enable Password is used to change the users’ access level to Admin.
Creating an Account
Choose the menu System > User Management > User Config to load the following page.
Figure 3-2 Create Accounts of Other Types
Follow these steps to create an account of other types:
1) In the User Info section, select the access level from the drop-down list and specify the
user name and password.
Configuration Guide
37
Managing System User Management Configurations
User Name Create a user name for users' login. It contains 16 characters at most,
composed of digits, English letters and under dashes only.
Access Level Select the access level as Operator, Power User or User.
Admin: Admin can edit, modify and view all the settings of different
functions.
Operater: Operator can edit, modify and view most of the settings of
different functions.
Power User: Power User can edit, modify and view some of the settings of
different functions.
User: User can only view the settings without the right to edit or modify.
Password Type a password for users' login. It is a string from 1 to 31 alphanumeric
characters or symbols. You can use digits, English letters (case sensitive),
underscore and sixteen special characters.
Confirm
Password
Retype the password.
2) Click Create.
Configuring Enable Password
Choose the menu Network Security > AAA > Global Config to load the following page.
Figure 3-3 Configure the AAA Function
1) Select Enable and Click Apply to enable the AAA function.
2) Specify the Enable Password and Click Apply.
Tips:
The AAA function applies another method to manage the access users' name and
password. For details, refer to
The logged-in users can enter the Enable Password on this page to get the
AAA Configuration
in
Configuring Network Security.
administrative privileges.
Configuration Guide 38
Managing System User Management Configurations
3.2 Using the CLI
3.2.1 Creating Admin Accounts
Follow these steps to create an Admin account:
Step 1 configure
Enter global configuration mode.
Step 2 Use the following command to create an account unencrypted or symmetric encrypted.
user name
Create an account whose access level is Admin.
: Enter a user name for users’ login. It contains 16 characters at most, composed of
name
digits, English letters and underscore only.
admin: Select the access level for the user. Admin can edit, modify and view all the settings of
different functions.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, and
the password is saved to the configuration file unencrypted. By default, the encryption type is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
7: Specify the encryption type. 7 indicates that the password you entered is symmetric
encrypted, and the password is saved to the configuration file symmetric encrypted.
encrypted-password
copy from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
Use the following command to create an account MD5 encrypted.
user name
: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters
{ privilege admin } password { [ 0 ]
name
: Enter a symmetric encrypted password with fixed length, which you can
{ privilege admin } secret { [ 0 ]
name
password
password
| 7
encrypted-password
| 5
encrypted-password
}
}
Create an account whose access level is Admin.
: Enter a user name for users’ login. It contains 16 characters at most, composed of
name
digits, English letters and underscore only.
admin: Select the access level for the user. Admin can edit, modify and view all the settings of
different functions.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, but
the password is saved to the configuration file MD5 encrypted. By default, the encryption type
is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
5: Specify the encryption type. 5 indicates that the password you entered is MD5 encrypted,
and the password is saved to the configuration file MD5 encrypted.
encrypted-password
from another switch’s configuration file.
: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters
: Enter a MD5 encrypted password with fixed length, which you can copy
Configuration Guide
39
Managing System User Management Configurations
Step 3 show user account-list
Verify the information of the current users.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
3.2.2 Creating Accounts of Other Types
You can create accounts with the access level of Operator, Power user and User here. You
also need to go to the AAA section to create an Enable Password for these accounts. The
Enable Password is used to change the users’ access level to Admin.
Follow these steps to create an account of other type:
Step 1 configure
Enter global configuration mode.
Configuration Guide 40
Managing System User Management Configurations
Step 2 Use the following command to create an account unencrypted or symmetric encrypted.
user name
encrypted-password
Create an account whose access level is Operator, Power User or User.
: Enter a user name for users’ login. It contains 16 characters at most, composed of
name
digits, English letters and underscore only.
operator | power_user | user: Select the access level for the user. Operator can edit, modify
and view mostly the settings of different functions. Power User can edit, modify and view some
the settings of different functions. User only can view the settings without the right to edit and
modify.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, and
the password is saved to the configuration file unencrypted. By default, the encryption type is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
7: Specify the encryption type. 7 indicates that the password you entered is symmetric
encrypted, and the password is saved to the configuration file symmetric encrypted.
: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters
encrypted-password
copy from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
{ privilege operator | power_user | user } password { [ 0 ]
name
}
: Enter a symmetric encrypted password with fixed length, which you can
password
| 7
Use the following command to create an account MD5 encrypted.
user name
password
Create an account whose access level is Operator, Power User or User.
name
digits, English letters and underscore only.
operator | power_user | user: Select the access level for the user. Operator can edit, modify
and view mostly the settings of different functions. Power User can edit, modify and view some
the settings of different functions. User only can view the settings without the right to edit and
modify.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, but
the password is saved to the configuration file MD5 encrypted. By default, the encryption type
is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
5: Specify the encryption type. 5 indicates that the password you entered is MD5 encrypted,
and the password is saved to the configuration file MD5 encrypted.
}
: Enter a user name for users’ login. It contains 16 characters at most, composed of
: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters
encrypted-password
from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
{ privilege operator | power_user | user } secret { [ 0 ]
name
: Enter a MD5 encrypted password with fixed length, which you can copy
password
| 5
encrypted-
Step 3 aaa enable
Globally enable the AAA function.
Configuration Guide
41
Managing System User Management Configurations
Step 4 Use the following command to create an enable password unencrypted or symmetric
encrypted.
enable admin password { [ 0 ]
Create an Enable Password. It can change the users’ access level to Admin. By default, it is
empty.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, and
the password is saved to the configuration file unencrypted. By default, the encryption type is 0.
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
7: Specify the encryption type. 7 indicates that the password you entered is symmetric
encrypted, and the password is saved to the configuration file symmetric encrypted.
encrypted-password
copy from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
Use the following command to create an enable password unencrypted or MD5 encrypted.
enable admin secret { [ 0 ]
Create an Enable Password. It can change the users’ access level to Admin. By default, it is
empty.
0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, but
the password is saved to the configuration file MD5 encrypted. By default, the encryption type
is 0.
: Enter an enable password. It is a string from 1 to 31 alphanumeric characters
: Enter a symmetric encrypted password with fixed length, which you can
password
password
| 7
encrypted-password
| 5
encrypted-password
}
}
password
or symbols. The password is case sensitive, allows digits, English letters (case sensitive),
underlines and sixteen special characters.
5: Specify the encryption type. 5 indicates that the password you entered is MD5 encrypted,
and the password is saved to the configuration file MD5 encrypted.
encrypted-password
from another switch’s configuration file. After the encrypted password is configured, you
should use the corresponding unencrypted password to reenter this mode.
Step 5 show user account-list
Verify the information of the current users.
Step 6 end
Return to privileged EXEC mode.
Step 7 copy running-config startup-config
Save the settings in the configuration file.
: Enter an enable password. It is a string from 1 to 31 alphanumeric characters
: Enter a MD5 encrypted password with fixed length, which you can copy
Tips:
The AAA function applies another method to manage the access users’ name and
password. For details, refer to
AAA Configuration
in
Configuring Network Security
.
The logged-in users can enter the Enable Password on this page to get the
administrative privileges.
Configuration Guide 42
Managing System User Management Configurations
The following example shows how to create a uesr with the access level of Operator, set
the user name as user1 and set the password as 123. Enable AAA function and set the
enable password as abc123.
Switch#configure
Switch(config)#user name user1 privilege operator password 123
Switch(config)#aaa enable
Switch(config)#enable admin password abc123
Switch(config)#show user account-list
Index User-Name User-Type
----- --------- ---------
1 user1 Operator
2 admin Admin
Switch(config)#end
Switch#copy running-config startup-config
Configuration Guide
43
Managing System System Tools Configurations
4
System Tools Configurations
With system tools configurations, you can:
Configure the boot file
Restore the configuration of the switch
Back up the configuration file
Upgrade the firmware
Reboot the switch
Configure the reboot schedule
Reset the switch
4.1 Using the GUI
4.1.1 Configuring the Boot File
Choose the menu System > System Tools > Boot Config to load the following page.
Figure 4-1 Configuring the Boot File
Follow these steps to configure the boot file:
1) In the Boot Table section, select one or more units and configure the relevant
parameters.
Configuration Guide 44
Managing System System Tools Configurations
Select Select one or more units to be configured.
Unit Displays the number of the unit.
Current Startup
Image
Next Startup
Image
Backup Image Select the backup image. When the switch fails to start up with the next startup
Displays the current startup image.
Select the next startup image. When the switch is powered on, it will try to start up
with the next startup image. The next startup and backup image should not be the
same.
image, it will try to start up with the backup image. The next startup and backup
image should not be the same.
2) Click Apply.
4.1.2 Restoring the Configuration of the Switch
Choose the menu System > System Tools > Config Restore to load the following page.
Figure 4-2 Restoring the Configuration of the Switch
Follow these steps to restore the configuration of the switch:
1) In the Config Restore section, select one unit and one configuration file.
Target Unit Select a member switch to import configuration file. .
Config file Select the desired configuration file to import.
2) Click Import to import the configuration file.
Note:
It will take a long time to restore the configuration. Please wait without any operation.
•
After the configuration is restored successfully, the device will reboot to make the configura-
•
tion change effective.
Configuration Guide
45
Managing System System Tools Configurations
4.1.3 Backing up the Configuration File
Choose the menu System > System Tools > Config Backup to load the following page.
Figure 4-3 Backing up the Configuration File
In the Config Backup section, select one unit and click Export to export the configuration
file.
4.1.4 Upgrading the Firmware
Choose the menu System > System Tools > Firmware Upgrade to load the following
page.
Figure 4-4 Upgrading the Firmware
In the Firmware Upgrade section, select one file and click Upgrade to upgrade the system.
Firmware File Select the desired firmware file to upgrade the system.
Image Name Displays the image to upgrade. It means that the operation will only effect the
backup image.
Firmware Version Displays the current firmware version of the system.
Hardware Version
Displays the current hardware version of the system.
Configuration Guide 46
Managing System System Tools Configurations
After upgrading, the
device will reboot
automatically with
the backup image
Select this option to reboot automatically with the backup image after upgrading.
4.1.5 Rebooting the switch
Choose the menu System > System Tools > System Reboot to load the following page.
Figure 4-5 Rebooting the switch
In the System Reboot section, select the desired unit and click Reboot.
Target Unit Select the desired unit to reboot. By default, it is ALL Unit.
Save Config Select this option to save the configuration before the reboot.
4.1.6 Configuring the Reboot Schedule
Choose the menu System > System Tools > Reboot Schedule to load the following page.
Figure 4-6 Configuring the Reboot Schedule
Follow these steps to restore the configuration of the switch:
1) In the Reboot Schedule Setting section, select one method and specify the
parameters.
Time Interval Specify a period of time. The switch will reboot after this period. The valid values
are from 1 to 43200 minutes. This reboot schedule recurs if users check the Save
Before Reboot.
Configuration Guide
47
Managing System System Tools Configurations
Time (HH:MM)/
Date (DD/MM/
YY)
Save Before
Reboot
Specify the date and time for the switch to reboot.
Time (HH:MM): Specify the time for the switch to reboot, in the format of HH:MM
Date (DD/MM/YY): Specify the date for the switch to reboot, in the format of DD/
MM/YYYY. The date should be within 30 days.
Select to save the switch’s configurations before it reboots.
4.1.7 Reseting the Switch
Choose the menu System > System Tools > System Reset to load the following page.
Figure 4-7 Reseting the Switch
In the System Reset section, select the desired unit and click Reset.
Target Unit Select the desired unit to reset. By default, it is ALL Unit.
Note:
After the system is reset, configurations of the switch will be reset to the default.
4.2 Using the CLI
4.2.1 Configuring the Boot File
Follow these steps to configure the boot file:
Step 1 configure
Enter global configuration mode.
Step 2 boot application filename { image1 | image2 } { startup | backup }
Specify the configuration of the boot file. By default, the image1.bin is the startup image and
the image2.bin is the backup image.
image1 | image2: Select the image file to be configured.
startup | backup: Select the property of the image file.
Configuration Guide 48
Managing System System Tools Configurations
Step 3 show boot
Verify the boot configuration of the system.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the next startup image as image 1 and set the
backup image as image 2.
Switch#configure
Switch(config)#boot application filename image1 startup
Switch(config)#boot application filename image2 backup
Switch(config)#show boot
Boot config:
Current Startup Image - image1.bin
Next Startup Image - image1.bin
Backup Image - image2.bin
Switch(config)#end
Switch#copy running-config startup-config
4.2.2 Restoring the Configuration of the Switch
Follow these steps to restore the configuration of the switch:
Step 1 enable
Enter privileged mode.
Step 2 copy tftp startup-config ip-address
Download the configuration file to the switch from TFTP server.
ip-addr
filename
name
: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
ip-addr
supported.
: Specify the name of the configuration file to be downloaded.
name
Note:
It will take a long time to restore the configuration. Please wait without any operation.
•
After the configuration is restored successfully, the device will reboot to make the configura-
•
tion change effective.
Configuration Guide
49
Managing System System Tools Configurations
The following example shows how to restore the configuration file named file1 from the
TFTP server with IP address 192.168.0.100.
Switch>enable
Switch#copy tftp startup-config ip-address 192.168.0.100 filename file1
Start to load user config file......
Operation OK! Now rebooting system......
4.2.3 Backing up the Configuration File
Follow these steps to back up the current configuration of the switch in a file:
Step 1 enable
Enter privileged mode.
Step 2 copy startup-config tftp ip-address
Back up the configuration file to TFTP server.
: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
ip-addr
supported.
: Specify the name of the configuration file to be saved.
name
The following example shows how to backup the configuration file named file2 from TFTP
server with IP address 192.168.0.100.
Switch>enable
Switch#copy startup-config tftp ip-address 192.168.0.100 filename file2
Start to backup user config file......
Backup user config file OK.
4.2.4 Upgrading the firmware
Follow these steps to upgrade the firmware:
ip-addr
filename
name
Step 1 enable
Enter privileged mode.
Step 2 firmware upgrade ip-address
Upgrade the switch’s backup image via TFTP server. To boot up with the new firmware, you
need to choose to reboot the switch with the backup image.
: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
ip-addr
supported.
: Specify the name of the desired firmware file.
name
Step 3 Enter Y to continue then enter Y to reboot.
ip-addr
filename
name
Configuration Guide 50
Managing System System Tools Configurations
The following example shows how to upgrade the firmware using the configuration file
named file3.bin. The TFTP server is 190.168.0.100.
Switch>enable
Switch#firmware upgrade ip-address 192.168.0.100 filename file3.bin
It will only upgrade the backup image. Continue? (Y/N):Y
Operation OK!
Reboot with the backup image? (Y/N): Y
4.2.5 Rebooting the switch
Follow these steps to reboot the switch:
Step 1 enable
Enter privileged mode.
Step 2 reboot
Reboot the switch.
4.2.6 Configuring the Reboot Schedule
Follow these steps and choose one type to configure the reboot schedule:
Step 1 configure
Enter global configuration mode.
Configuration Guide
51
Managing System System Tools Configurations
Step 2 Use the following command to set the interval to reboot:
reboot-schedule in
(Optional) Specify the reboot schedule.
interval
from 1 to 43200 minutes.
save_before_reboot: Save the configuration file before the switch reboots.
Use the following command to set the time and date to reboot:
reboot-schedule at
(Optional) Specify the reboot schedule.
time
date
be within 30 days.
save_before_reboot: Save the configuration file before the switch reboots.
If no date is specified, the switch reboots according to the time you have set. If the time you
set is later than the time that this command is executed, the switch will reboot later the same
day; otherwise the switch will reboot the next day.
Step 3 end
Return to privileged EXEC mode.
[ save_before_reboot ]
interval
: Specify a period of time. The switch will reboot after this period. The valid values are
[
time
: Specify the time for the switch to reboot, in the format of HH:MM.
: Specify the date for the switch to reboot, in the format of DD/MM/YYYY. The date should
] [ save_before_reboot ]
date
Step 4 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the switch to reboot at 12:00 on 15/01/2016.
Switch#configure
Switch(config)#reboot-schedule at 12:00 15/01/2016 save_before_reboot
Reboot system at 15/01/2016 12:00. Continue? (Y/N): Y
Reboot Schedule Settings
---------------------------
Reboot schedule at 2016-01-15 12:00 (in 17007 minutes)
Save before reboot: Yes
Switch(config)#end
Switch#copy running-config startup-config
4.2.7 Reseting the Switch
Follow these steps to reset the switch:
Configuration Guide 52
Managing System System Tools Configurations
Step 1 enable
Enter privileged mode.
Step 2 reset
Reset the switch.
Note:
After the system is reset, configurations of the switch will be reset to the default.
Configuration Guide
53
Managing System Access Security Configurations
5
Access Security Configurations
With access security configurations, you can:
Configure the Access Control feature
Configure the HTTP feature
Configure the HTTPS feature
Configure the SSH feature
Enable the telnet function
5.1 Using the GUI
5.1.1 Configuring the Access Control Feature
Choose the menu System > Access Security > Access Control to load the following page.
Figure 5-1 Configuring the Access Control
1) In the Access Control section, select one control mode and specify the parameters.
Control Mode Select the control mode for users to log in to the web management page.
Disable: The Access Control function is disabled.
IP-based: Only the users within the IP-range you set here are allowed to access
the switch.
MAC-based: Only the users with the MAC address you set here are allowed to
access the switch.
Port-based: Only the users connecting to the ports you set here are allowed to
access the switch.
Configuration Guide 54
Managing System Access Security Configurations
Access
Interface
IP Address/
Mask
MAC Address
Select the interface to control the methods for users’ accessing. The selected
access interfaces will only affect the users you set before.
SNMP: A function to manage the network devices via NMS.
Telnet: A connection type for users to remote login.
SSH: A connection type based on SSH protocol.
HTTP: A connection type based on HTTP protocol.
HTTPS: A connection type based on SSL protocol.
Ping: A communication protocol to test the connection of the network.
If you select IP-based mode, enter the IP address and mask to specify an IP
range. Only the users within this IP range can access the switch.
If you select MAC-based mode, specify the MAC address. Only the users with the
correct MAC address can access the switch.
When the IP-based mode is selected, the following section will display.
IP Address Displays the IP range of the entry.
Access
Interface
Operation
Displays the access interface you set of the entry.
Click Edit to modify the parameters of the desired entry.
When the Port-based mode is selected, the following section will display.
Port Select one or more ports to configure. Only the users connected to these ports are
allowed to access the switch.
2) Click Apply.
Configuration Guide
55
Managing System Access Security Configurations
5.1.2 Configuring the HTTP Function
Choose the menu System > Access Security > HTTP Config to load the following page.
Figure 5-2 Configuring the HTTP Function
1) In the Global Control section, Select Enable and click Apply to enable the HTTP
function.
HTTP HTTP function is based on the HTTP protocol. It allows users to manage the
switch through a web browser.
2) In the Session Config section, specify the Session Timeout and click Apply.
Session
Timeout
The system will log out automatically if users do nothing within the Session
Timeout time.
3) In the Access User Number section, select Enable and specify the parameters.
Number Control Select Enable to control the number of the users logging on to the web
management page at the same time. The total number of users should be no more
than 16.
Admin Number Specify the maximum number of users whose access level is Admin.
Guest Number Specify the maximum number of users whose access level is Operator, Power
User or User.
4) Click Apply.
Configuration Guide 56
Managing System Access Security Configurations
5.1.3 Configuring the HTTPS Function
Choose the menu System > Access Security > HTTPS Config to load the following page.
Table 5-1 Configuring the HTTPS Function
1) In the Global Config section, select Enable to enable HTTPS function and select the
protocol the switch supports. Click Apply.
HTTPS Select Enable to enable the HTTPS function.
HTTPS function is based on the SSL or TLS protocol. It provides a secure
connection between the client and the switch.
Configuration Guide
57
Managing System Access Security Configurations
SSL Version 3 Select Enable to make the switch support SSL Version 3 protocol.
SSL is a transport protocol. It can provide server authentication, encryption and
message integrity to allow secure HTTP connection.
TLS Version 1 Select Enable to make the switch support TLS Version 1 protocol.
TLS is a transport protocol upgraded from SSL. It supports a different encryption
algorithm from SSL, so TLS and SSL are not compatible. TLS can support a more
secure connection.
2) In the CipherSuite Config section, select the algorithm to be enabled and click Apply.
RSA_WITH_
RC4_128_MD5
RSA_WITH_
RC4_128_SHA
RSA_WITH_
DES_CBC_SHA
RSA_
WITH_3DES_
EDE_CBC_SHA
Key exchange with RC4 128-bit encryption and MD5 for message digest.
Key exchange with RC4 128-bit encryption and SHA for message digest.
Key exchange with DES-CBC for message encryption and SHA for message
digest.
Key exchange with 3DES and DES-EDE3-CBC for message encryption and SHA
for message digest.
3) In the Session Config section, specify the Session Timeout and click Apply.
Session
Timeout
The system will log out automatically if users do nothing within the Session
Timeout time.
4) In the Access User Number section, select Enable and specify the parameters. Click
Apply.
Number Control Select Enable to control the number of the users logging in to the web
management page at the same time.
Admin Number Specify the maximum number of users whose access level is Admin.
Guest Number Specify the maximum number of users whose access level is Operator, Power
User or User.
5) In the Certificate Download and Key Download section, download the certificate and
key.
Certificate File Select the desired certificate to download to the switch. The certificate must be
BASE64 encoded. The SSL certificate and key downloaded must match each
other, otherwise the HTTPS connection will not work.
Key File Select the desired Key to download to the switch. The key must be BASE64
encoded. The SSL certificate and key downloaded must match each other,
otherwise the HTTPS connection will not work.
Configuration Guide 58
Managing System Access Security Configurations
5.1.4 Configuring the SSH Feature
Choose the menu System > Access Security > SSH Config to load the following page.
Figure 5-3 Configuring the SSH Feature
1) In the Global Config section, select Enable to enable SSH function and specify other
parameters.
SSH Select Enable to enable the SSH function.
SSH is a protocol working in application layer and transport layer. It can provide a
secure, remote connection to a device. It is more secure than Telnet protocol as it
provides strong encryption.
Protocol V1 Select Enable to enable SSH version 1.
Protocol V2 Select Enable to enable SSH version 2.
Idle Timeout Specify the idle timeout time. The system will automatically release the
connection when the time is up.
Max Connect Specify the maximum number of the connections to the SSH server. New
connection will not be established when the number of the connections reaches
the maximum number you set.
Configuration Guide
59
Managing System Access Security Configurations
2) In the Encryption Algorithm section, select the encryption algorithm you want the
switch to support and click Apply.
3) In Data Integrity Algorithm section, select the integrity algorithm you want the switch
to support and click Apply.
4) In Key Download section, select key type from the drop-down list and select the
desired key file to down.
Key Type Select the key type. The algorithm of the corresponding type is used for both key
generation and authentication.
Key File Select the desired public key to download to the switch. The key length of the
downloaded file ranges of 512 to 3072 bits.
Note:
It will take a long time to download the key file. Please wait without any operation.
5.1.5 Enabling the Telnet Function
Choose the menu System > Access Security > Telnet Config to load the following page.
Figure 5-4 Configuring the Telnet Function
In Global Config section, select Enable and click Apply.
Telnet Select Enable to make the Telnet function effective. Telnet function is based on the
Telnet protocol subjected to TCP/IP protocol. It allows users to log on to the switch
remotely.
5.2 Using the CLI
5.2.1 Configuring the Access Control
Follow these steps to configure the access control:
Step 1 configure
Enter global configuration mode.
Configuration Guide 60
Managing System Access Security Configurations
Step 2 Use the following command to control the users’ access by limiting the IP address:
user access-control ip-based {
] [ all ]
Only the users within the IP-range you set here are allowed to access the switch.
: Specify the IP address of the user.
ip-addr
ip-mask
[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]: Select to control the types for users’
accessing. By default, these types are all enabled.
Use the following command to control the users’ access by limiting the MAC address:
user access-control mac-based {
all ]
Only the users with the MAC address you set here are allowed to access the switch.
mac-addr
[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]: Select to control the types for users’
accessing. By default, these types are all enabled.
Use the following command to control the users’ access by limiting the ports connected to the
users:
: Specify the subnet mask of the user.
: Specify the MAC address of the user.
ip-addr ip-mask
mac-addr
} [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping
} [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [
user access-control port-based interface { fastEthernet
ten-gigabitEthernet
Only the users connecting to the ports you set here are allowed to access the switch.
: Specify the list of Ethernet port, in the format of 1/0/1-4. You can appoint 5 ports at
port-list
most.
[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]: Select to control the types for users’
accessing. By default, these types are all enabled.
Step 3 show user configuration
Verify the security configuration information of the user authentication information and the
access interface.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
} [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]
port-list
| gigabitEthernet
port-list
port-list
|
The following example shows how to set the type of access control as IP-based. Set the
IP address as 192.168.0.100,set the subnet mask as 255.255.255.0 and make the switch
support snmp, telnet, http and https.
Switch#configure
Switch(config)#user access-control ip-based 192.168.0.100 255.255.255.0 snmp telnet
http https
Switch(config)#show user configuration
Configuration Guide
61
Managing System Access Security Configurations
User authentication mode: IP based
Index IP Address Access Interface
----- ----------------- -------------------------------
1 192.168.0.0/24 SNMP Telnet HTTP HTTPS
Switch(config)#end
Switch#copy running-config startup-config
5.2.2 Configuring the HTTP Function
Follow these steps to configure the HTTP function:
Step 1 configure
Enter global configuration mode.
Step 2 ip http server
Enable the HTTP function. By default, it is enabled.
Step 3 ip http session timeout
Specify the Session Timeout time. The system will log out automatically if users do nothing
within the Session Timeout time.
minutes
Step 4 ip http max-users
Specify the maximum number of users that are allowed to connect to the HTTP server. The
total number of users should be no more than 16.
admin-num
are from 1 to 16.
guest-num
or User. The valid values are from 0 to 15.
Step 5 show ip http configuration
Verify the configuration information of the HTTP server, including status, session timeout,
access-control, max-user number and the idle-timeout, etc.
: Specify the timeout time, which ranges from 5 to 30 minutes. The default value is 10.
: Enter the maximum number of users whose access level is Admin. The valid values
: Enter the maximum number of users whose access level is Operator, Power User
minutes
admin-num guest-num
Step 6 end
Return to privileged EXEC mode.
Step 7 copy running-config startup-config
Save the settings in the configuration file.
The following example shows how to set the session timeout as 9, set the maximum admin
number as 6, and set the maximum guest number as 5.
Switch#configure
Switch(config)#ip http server
Configuration Guide 62
Managing System Access Security Configurations
Switch(config)#ip http session timeout 9
Switch(config)#ip http max-user 6 5
Switch(config)#show ip http configuration
HTTP Status: Enabled
HTTP Session Timeout: 9
HTTP User Limitation: Enabled
HTTP Max Admin Users: 6
HTTP Max Guest Users: 5
Switch(config)#end
Switch#copy running-config startup-config
5.2.3 Configuring the HTTPS Function
Follow these steps to configure the HTTPS function:
Step 1 configure
Enter global configuration mode.
Step 2 ip http secure-server
Enable the HTTPS function. By default, it is enabled.
Step 3 ip http secure-protocol { [ ssl3 ] [ tls1 ] }
Configure to make the switch support the corresponding protocol. By default, the switch
supports SSLv3 and TLSv1.
ssl3: Enable the SSL version 3 protocol. SSL is a transport protocol. It can provide server
authentication, encryption and message integrity to allow secure HTTP connection.
tls1: Enable the TLS version 1 protocol. TLS is s transport protocol upgraded from SSL. It
supports different encryption algorithm from SSL, so TLS and SSL are not compatible. TLS
can support a more secure connection.
Step 4 ip http secure-ciphersuite { [ 3des-ede-cbc-sha ] [ rc4-128-md5 ] [ rc4-128-sha ] [ des-cbc-
sha ] }
Enable the corresponding ciphersuite. By default, these types are all enabled.
[ 3des-ede-cbc-sha ]: Key exchange with 3DES and DES-EDE3-CBC for message encryption
and SHA for message digest.
[ rc4-128-md5 ]: Key exchange with RC4 128-bit encryption and MD5 for message digest.
[ rc4-128-sha ]: Key exchange with RC4 128-bit encryption and SHA for message digest.
[ des-cbc-sha ]: Key exchange with DES-CBC for message encryption and SHA for message
digest.
Configuration Guide
63
Managing System Access Security Configurations
Step 5 ip http secure-session timeout
Specify the Session Timeout time. The system will log out automatically if users do nothing
within the Session Timeout time.
minutes
Step 6 ip http secure-max-users
Specify the maximum number of users that are allowed to connect to the HTTPS server. The
total number of users should be no more than 16.
admin-num
are from 1 to 16.
guest-num
or User. The valid value are from 0 to 15.
Step 7 ip http secure-server download certificate
Download the desired certificate to the switch from TFTP server.
ssl-cert
certificate must be BASE64 encoded. The SSL certificate and key downloaded must match
each other.
ip-addr
supported.
: Specify the timeout time, which ranges from 5 to 30 minutes. The default value is 10.
: Enter the maximum number of users whose access level is Admin. The valid value
: Enter the maximum number of users whose access level is Operator, Power User
: Specify the name of the SSL certificate, which ranges from 1 to 25 characters. The
: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
minutes
admin-num guest-num
ssl-cert
ip-address
ip-addr
Step 8 ip http secure-server download key
Download the desired key to the switch from TFTP server.
: Specify the name of the key file saved in TFTP server. The key must be BASE64
ssl-key
encoded.
: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
ip-addr
supported.
Step 9 show ip http secure-server
Verify the global configuration of HTTPS.
Step 10 end
Return to privileged EXEC mode.
Step 11 copy running-config startup-config
Save the settings in the configuration file.
ssl-key
ip-address
ip-addr
The following example shows how to configure the HTTPS function. Enable SSL3 and TLS1
protocol. Enable the ciphersuite of 3des-ede-cbc-sha. Set the session timeout time as 15,
the admin number as 1 and the guest number as 2. Download the certificate named ca.crt
and the key named ca.key from the TFTP server with the IP address 192.168.0.100.
Switch#configure
Switch(config)#ip http secure-server
Switch(config)#ip http secure-protocol ssl3 tls1
Switch(config)#ip http secure-ciphersuite 3des-ede-cbc-sha
Configuration Guide 64
Managing System Access Security Configurations
Switch(config)#ip http secure-session timeout 15
Switch(config)#ip http secure-max-users 1 2
Switch(config)#ip http secure-server download certificate ca.crt ip-address
192.168.0.100
Start to download SSL certificate......
Download SSL certificate OK.
Switch(config)#ip http secure-server download key ca.key ip-address 192.168.0.100
Start to download SSL key......
Download SSL key OK.
Switch(config)#show ip http secure-server
HTTPS Status: Enabled
SSL Protocol Level(s): ssl3 tls1
SSL CipherSuite: 3des-ede-cbc-sha
HTTPS Session Timeout: 15
HTTPS User Limitation: Enabled
HTTPS Max Admin Users: 1
HTTPS Max Guest Users: 2
Switch(config)#end
Switch#copy running-config startup-config
5.2.4 Configuring the SSH Feature
Follow these steps to configure the SSH function:
Step 1 configure
Enter global configuration mode.
Step 2 ip ssh server
Enable the SSH function. By default, it is disabled.
Step 3 ip ssh version { v1 | v2 }
Configure to make the switch support the corresponding protocol. By default, the switch
supports SSHv1 and SSHv3.
v1 | v2: Select to enable the corresponding protocol.
Configuration Guide
65
Managing System Access Security Configurations
Step 4 ip ssh timeout
Specify the idle timeout time. The system will automatically release the connection when the
time is up.
: Enter the value of the timeout time, which ranges from 1 to 120 seconds. The default
value
value is 120 seconds.
Step 5 ip ssh max-client
Specify the maximum number of the connections to the SSH server. New connection will not
be established when the number of the connections reaches the maximum number you set.
: Enter the number of the connections, which ranges from 1 to 5. The default value is 5.
num
Step 6 ip ssh algorithm { AES128-CBC | AES192-CBC | AES256-CBC | Blowfish-CBC | Cast128-CBC |
3DES-CBC | HMAC-SHA1 | HMAC-MD5 }
Enable the corresponding algorithm. By default, these types are all enabled.
AES128-CBC | AES192-CBC | AES256-CBC | Blowfish-CBC | Cast128-CBC | 3DES-CBC:
Specify the encryption algorithm you want the switch supports.
HMAC-SHA1 | HMAC-MD5: Specify the data integrity algorithm you want the switch supports.
Step 7 ip ssh download { v1 | v2 }
value
num
key-file
ip-address
ip-addr
Select the type of the key file and download the desired file to the switch from TFTP server.
v1 | v2: Select the key type. The algorithm of the corresponding type is used for both key
generation and authentication.
: Specify the name of the key file saved in TFTP server. Ensure the key length of the
key-file
downloaded file is in the range of 512 to 3072 bits.
: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are
ip-addr
supported.
Step 8 show ip ssh
Verify the global configuration of SSH.
Step 9 end
Return to privileged EXEC mode.
Step 10 copy running-config startup-config
Save the settings in the configuration file.
Note:
It will take a long time to download the key file. Please wait without any operation.
The following example shows how to configure the SSH function. Set the version as SSH
V1 and SSH V2. Enable the AES128-CBC and Cast128-CBC encryption algorithm. Enable
the HMAC-MD5 data integrity algorithm. Choose the key type as SSH-2 RSA/DSA.
Switch(config)#ip ssh server
Switch(config)#ip ssh version v1
Configuration Guide 66
Managing System Access Security Configurations
Switch(config)#ip ssh version v2
Switch(config)#ip ssh timeout 100
Switch(config)#ip ssh max-client 4
Switch(config)#ip ssh algorithm AES128-CBC
Switch(config)#ip ssh algorithm Cast128-CBC
Switch(config)#ip ssh algorithm HMAC-MD5
Switch(config)#ip ssh download v2 publickey ip-address 192.168.0.100
Start to download SSH key file......
Download SSH key file OK.
Switch(config)#show ip ssh
Global Config:
SSH Server: Enabled
Protocol V1: Enabled
Protocol V2: Enabled
Idle Timeout: 100
MAX Clients: 4
Encryption Algorithm:
AES128-CBC: Enabled
AES192-CBC: Disabled
AES256-CBC: Disabled
Blowfish-CBC: Disabled
Cast128-CBC: Enabled
3DES-CBC: Disabled
Data Integrity Algorithm:
HMAC-SHA1: Disabled
HMAC-MD5: Enabled
Key Type: SSH-2 RSA/DSA
Key File:
---- BEGIN SSH2 PUBLIC KEY ----
Comment: “dsa-key-20160711”
Configuration Guide
67
Managing System Access Security Configurations
Switch(config)#end
Switch#copy running-config startup-config
5.2.5 Enabling the Telnet Function
Follow these steps enable the Telnet function:
Step 1 configure
Enter global configuration mode.
Step 2 telnet enable
Enable the telnet function. By default, it is enabled.
Step 3 end
Return to privileged EXEC mode.
Step 4 copy running-config startup-config
Save the settings in the configuration file.
Configuration Guide 68
Managing System SDM Template Configuration
6
SDM Template Configuration
SDM Template function is used to configure system resources in the switch to optimize
support for specific features. The switch provides three templates, and the hardware
resources allocation is different. Users can choose one according to how the switch is
used in the network.
6.1 Using the GUI
Choose the menu System > SDM Template to load the following page.
Figure 6-1 Configuring the SDM Template Function
In Select Options section, select one template and click Apply. The setting will be effective
after the reboot.
Current
Template ID
Next Template
ID
Select Next
Template
The Template Table displays the resources allocation of each template.
Displays the template currently in effect.
Displays the template that will be effective after the reboot.
Select the template that will be effective after the next reboot.
default: Select the template of default. It gives balance to the IP ACL rules, MAC ACL
rules and ARP detection entries.
enterpriseV4: Select the template of enterpriseV4. It maximizes system resources for
IP ACL rules and MAC ACL rules.
enterpriseV6: Select the template of enterpriseV6. It allocates resources to IPv6 ACL
rules.
Configuration Guide
69
Managing System SDM Template Configuration
SDM Template Displays the name of the templates.
IP ACL Rules Displays the number of IP ACL Rules including Lay3 ACL Rules and Lay4 ACL Rules.
MAC ACL Rules Displays the number of Lay2 ACL Rules.
COMBINED ACL
Rules
IPv6 ACL Rules Displays the number of IPv6 ACL rules.
ARP Detection
Entries
IPv6 Source
Guard Entries
6.2 Using the CLI
Follow these steps to configure the SDM template function:
Step 1 configure
Enter global configuration mode.
Step 2 show sdm prefer { used | default | enterpriseV4 | enterpriseV6 }
View the template table to select the desired template.
Displays the number of combined ACL rules.
Displays the number of TCAM entries for ARP defend.
Displays the number of IPv6 source guard entries.
used: Displays the resource allocation of the current template.
default: Displays the resource allocation of the default template.
enterpriseV4: Displays the resource allocation of the enterpriseV4 template.
enterpriseV6: Displays the resource allocation of the enterpriseV6 template.
Step 3 sdm prefer { default | enterpriseV4 | enterpriseV6 }
Select the template that will be effective after the next reboot.
default: Select the template of default. It gives banlance to the IP ACLrules, MAC ACL rules and
ARP detection entries.
enterpriseV4: Select the template of enterpriseV4. It maximizes system resources for IP ACL
rules and MAC ACL rules.
enterpriseV6: Select the template of enterpriseV4. It allocates resources to IPv6 ACL rules.
Step 4 end
Return to privileged EXEC mode.
Step 5 copy running-config startup-config
Save the settings in the configuration file.
Configuration Guide 70
Managing System SDM Template Configuration
The following example shows how to set the SDM template as enterpriseV4.
Switch#config
Switch(config)#show sdm prefer enterpriseV4
“enterpriseV4” template:
number of IP ACL Rules : 360
number of MAC ACL Rules : 230
number of Combined ACL Rules : 0
number of IPV6 ACL Rules : 0
number of IPV6 Source Guard Entries : 0
number of ARP Detection Entries : 7
Switch(config)#sdm prefer enterpriseV4
Switch to “enterpriseV4” tempale.
Changes to the running SDM preferences have been stored, but cannot take effect until
reboot the switch.
Switch(config)#end
Switch#copy running-config startup-config
Configuration Guide
71
Managing System Appendix: Default Parameters
7
Appendix: Default Parameters
Default settings of System Info are listed in the following tables.
Table 7-1 Default Settings of Device Description Configuration
Parameter Default Setting
Device Name The model name
of the switch.
Device Location SHENZHEN
System Contact www.tp-link.com
Table 7-2 Default Settings of System Time Configuration
Parameter Default Setting
Time Source Manual
System Time 2006-01-01
08:01:56 Sunday
Table 7-3 Default Settings of Daylight Saving Time Configuration
Parameter Default Setting
DST status Disabled
Default settings of User Management are listed in the following table.
Table 7-4 Default Settings of User Configuration
Parameter Default Setting
User Name admin
Password admin
Access Level Admin
Default settings of System Tools are listed in the following table.
Table 7-5 Default Settings of Boot Configuration
Parameter Default Setting
Current Startup Image image1.bin
Next Startup Image image1.bin
Backup Image image2.bin
Configuration Guide 72
Managing System Appendix: Default Parameters
Default settings of Access Security are listed in the following tables.
Table 7-6 Default Settings of Access Control Configuration
Parameter Default Setting
Control Mode Disabled
Table 7-7 Default Settings of HTTP Configuration
Parameter Default Setting
HTTP Enabled
Session Timeout 10 minutes
Number Control Disabled
Table 7-8 Default Settings of HTTPS Configuration
Parameter Default Setting
HTTPS Enabled
SSL Version 3 Enabled
TLS Version 1 Enabled
RSA_WITH_RC4_128_MD5 Enabled
RSA_WITH_RC4_128_SHA Enabled
RSA_WITH_DES_CBC_SHA Enabled
RSA_WITH_3DES_EDE_CBC_
SHA
Session Timeout 10 minutes
Number Control Disabled
Table 7-9 Default Settings of SSH Configuration
Parameter Default Setting
SSH Disabled
Protocol V1 Enabled
Protocol V2 Enabled
Idle Timeout 120 seconds
Enabled
Max Connect 5
AES128-CBC Enabled
AES192-CBC Enabled
AES256-CBC Enabled
Blowfish-CBC Enabled
Cast128-CBC Enabled
3DES-CBC Enabled
Configuration Guide
73
Managing System Appendix: Default Parameters
Parameter Default Setting
HMAC-SHA1 Enabled
HMAC-MD5 Enabled
Key Type: SSH-2 RSA/DSA
Table 7-10 Default Settings of Telnet Configuration
Parameter Default Setting
Control Mode Enabled
Default settings of SDM Template are listed in the following table.
Table 7-11 Default Settings of SDM Template Configuration
Parameter Default Setting
Current Template ID Default
Next Template ID Default
Configuration Guide 74
Part 3
Managing Physical Interfaces
CHAPTERS
1. Physical Interface
2. Basic Parameters Configurations
3. Port Mirror Configuration
4. Port Security Configuration
5. Port Isolation Configurations
6. Loopback Detection Configuration
7. Configuration Examples
Loading...