User Guide
Jetstream Gigabit L2 Managed Switch
T2500G-10TS (TL-SG3210)
REV1.0.0
1910011848
COPYRIGHT & TRADEMARKS
Specifications are subject to change without notice. is a registered trademark of
TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or
registered trademarks of their respective holders.
No part of the specifications may be reproduced in any form or by any means or used to make
any derivative such as translation, transformation, or adaptation without permission from
TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2016 TP-LINK TECHNOLOGIES CO., LTD. All
rights reserved.
http://www.tp-link.com
FCC STATEMENT
This equipment has been tested and found to comply with the limits for a Class A digital device,
pursuant to part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy and, if
not installed and used in accordance with the instruction manual, may cause harmful
interference to radio communications. Operation of this equipment in a residential area is likely
to cause harmful interference in which case the user will be required to correct the interference
at his own expense.
This device complies with part 15 of the FCC Rules. Operation is subject to the following two
conditions:
1) This device may not cause harmful interference.
2) This device must accept any interference received, including interference that may cause
undesired operation.
Any changes or modifications not expressly approved by the party responsible for compliance
could void the user’s authority to operate the equipment.
CE Mark Warning
This is a class A product. In a domestic environment, this product may cause radio interference,
in which case the user may be required to take adequate measures.
I
Symbol
Explanation
This product bears the selective sorting symbol for Waste electrical and electronic
dled pursuant to
User has the choice to give his product to a competent recycling organization or to
the retailer when he buys a new electrical or electronic equipment.
Продукт сертифіковано згідно с правилами системи УкрСЕПРО на відповідність вимогам
нормативних документів та вимогам, що передбачені чинними законодавчими актами
України.
Industry Canada Statement
CAN ICES-3 (A)/NMB-3(A)
Safety Information
When product has power button, the power button is one of the way to shut off the
product; When there is no power button, the only way to completely shut off power is to
disconnect the product or the power adapter from the power source.
Don’t disassemble the product, or make repairs yourself. You run the risk of electric shock
and voiding the limited warranty. If you need service, please contact us.
Avoid water and wet locations.
安全諮詢及注意事項
請使用原裝電源供應器或只能按照本產品注明的電源類型使用本產品。
清潔本產品之前請先拔掉電源線。請勿使用液體、噴霧清潔劑或濕布進行清潔。
注意防潮,請勿將水或其他液體潑灑到本產品上。
插槽與開口供通風使用,以確保本產品的操作可靠並防止過熱,請勿堵塞或覆蓋開口。
請勿將本產品置放於靠近熱源的地方。除非有正常的通風,否則不可放在密閉位置中。
請不要私自打開機殼,不要嘗試自行維修本產品,請由授權的專業人士進行此項工作。
此為甲類資訊技術設備,于居住環境中使用時,可能會造成射頻擾動,在此種情況下,使用者
會被要求採取某些適當的對策。
Explanation of the symbols on the product label
AC voltage
RECYCLING
equipment (WEEE). This means that this product must be han
European directive 2012/19/EU in order to be recycled or dismantled to minimize its
impact on the environment.
II
CONTENTS
Package Contents ........................................................................................................................... 1
Chapter 1 About This Guide ........................................................................................................... 2
1.1 Intended Readers .......................................................................................................... 2
1.2 Conventions .................................................................................................................. 2
1.3 Overview of This Guide.................................................................................................. 3
Chapter 2 Introduction ................................................................................................................... 7
2.1 Overview of the Switch .................................................................................................. 7
2.2 Appearance Description ............................................................................................... 7
2.2.1 Front Panel .......................................................................................................... 7
2.2.2 Rear Panel ........................................................................................................... 8
Chapter 3 Login to the Switch ....................................................................................................... 9
3.1 Login .............................................................................................................................. 9
3.2 Configuration ................................................................................................................. 9
Chapter 4 System ......................................................................................................................... 11
4.1 System Info ................................................................................................................... 11
4.1.1 System Summary .............................................................................................. 11
4.1.2 Device Description ........................................................................................... 13
4.1.3 System Time ..................................................................................................... 13
4.1.4 Daylight Saving Time ........................................................................................ 14
4.1.5 System IP .......................................................................................................... 16
4.1.6 System IPv6 ...................................................................................................... 17
4.2 User Management ....................................................................................................... 25
4.2.1 User Table ......................................................................................................... 25
4.2.2 User Config ....................................................................................................... 26
4.3 System Tools ............................................................................................................... 27
4.3.1 Boot Config ....................................................................................................... 27
4.3.2 Config Restore .................................................................................................. 28
4.3.3 Config Backup .................................................................................................. 28
4.3.4 Firmware Upgrade ............................................................................................ 29
4.3.5 System Reboot ................................................................................................. 29
4.3.6 System Reset .................................................................................................... 30
4.4 Access Security ........................................................................................................... 30
4.4.1 Access Control ................................................................................................. 30
III
4.4.2 HTTP Config ...................................................................................................... 31
4.4.3 HTTPS Config ................................................................................................... 32
4.4.4 SSH Config ........................................................................................................ 36
4.4.5 Telnet Config .................................................................................................... 42
Chapter 5 Switching ..................................................................................................................... 43
5.1 Port ............................................................................................................................... 43
5.1.1 Port Config ........................................................................................................ 43
5.1.2 Port Mirror ......................................................................................................... 44
5.1.3 Port Security ..................................................................................................... 46
5.1.4 Port Isolation ..................................................................................................... 48
5.1.5 Loopback Detection ......................................................................................... 49
5.2 LAG............................................................................................................................... 50
5.2.1 LAG Table .......................................................................................................... 51
5.2.2 Static LAG ......................................................................................................... 52
5.2.3 LACP Config ..................................................................................................... 53
5.3 Traffic Monitor ............................................................................................................. 55
5.3.1 Traffic Summary ............................................................................................... 55
5.3.2 Traffic Statistics ................................................................................................ 56
5.4 MAC Address ............................................................................................................... 57
5.4.1 Address Table ................................................................................................... 58
5.4.2 Static Address .................................................................................................. 59
5.4.3 Dynamic Address ............................................................................................. 61
5.4.4 Filtering Address .............................................................................................. 63
5.5 L2PT ............................................................................................................................. 64
5.5.1 L2PT Config ..................................................................................................... 65
Chapter 6 VLAN ............................................................................................................................ 67
6.1 802.1Q VLAN ............................................................................................................... 68
6.1.1 VLAN Config ..................................................................................................... 70
6.1.2 Port Config ........................................................................................................ 72
6.2 MAC VLAN ................................................................................................................... 74
6.2.1 MAC VLAN ........................................................................................................ 74
6.3 Protocol VLAN ............................................................................................................. 76
6.3.1 Protocol Group Table ....................................................................................... 76
6.3.2 Protocol Group ................................................................................................. 77
IV
6.3.3 Protocol Template ............................................................................................ 78
6.4 Application Example for 802.1Q VLAN ....................................................................... 79
6.5 Application Example for MAC VLAN ........................................................................... 80
6.6 Application Example for Protocol VLAN ..................................................................... 82
6.7 VLAN VPN .................................................................................................................... 84
6.7.1 VPN Config ........................................................................................................ 85
6.7.2 VLAN Mapping .................................................................................................. 86
6.8 GVRP ............................................................................................................................ 87
Chapter 7 Spanning Tree ............................................................................................................. 91
7.1 STP Config ................................................................................................................... 96
7.1.1 STP Config ........................................................................................................ 96
7.1.2 STP Summary ................................................................................................... 98
7.2 Port Config ................................................................................................................... 98
7.3 MSTP Instance ........................................................................................................... 100
7.3.1 Region Config ................................................................................................. 101
7.3.2 Instance Config............................................................................................... 101
7.3.3 Instance Port Config ....................................................................................... 103
7.4 STP Security .............................................................................................................. 104
7.4.1 Port Protect .................................................................................................... 105
7.4.2 TC Protect ....................................................................................................... 107
7.5 Application Example for STP Function ..................................................................... 107
Chapter 8 DHCP .......................................................................................................................... 112
8.1 DHCP Relay ................................................................................................................. 11 6
Chapter 9 Multicast .................................................................................................................... 121
9.1 IGMP Snooping .......................................................................................................... 125
9.1.1 Snooping Config ............................................................................................. 127
9.1.2 VLAN Config ................................................................................................... 128
9.1.3 Port Config ...................................................................................................... 129
9.1.4 IP-Range.......................................................................................................... 131
9.1.5 Multicast VLAN ............................................................................................... 132
9.1.6 Static Multicast IP ........................................................................................... 135
9.1.7 IGMP Snooping Querier .................................................................................. 136
9.1.8 Packet Statistics ............................................................................................. 138
9.1.9 IGMP Authentication ....................................................................................... 140
V
9.2 MLD Snooping ........................................................................................................... 141
9.2.1 Global Config .................................................................................................. 143
9.2.2 VLAN Config ................................................................................................... 144
9.2.3 Filter Config .................................................................................................... 145
9.2.4 Port Config ...................................................................................................... 146
9.2.5 Static Multicast ............................................................................................... 147
9.2.6 Querier Config ................................................................................................ 148
9.2.7 Packet Statistics ............................................................................................. 149
9.3 Multicast Table .......................................................................................................... 151
9.3.1 IPv4 Multicast Table ....................................................................................... 151
9.3.2 IPv6 Multicast Table ....................................................................................... 152
Chapter 10 QoS ............................................................................................................................ 153
10.1 DiffServ ...................................................................................................................... 156
10.1.1 Port Priority ..................................................................................................... 156
10.1.2 DSCP Priority .................................................................................................. 157
10.1.3 802.1P/CoS Mapping ..................................................................................... 159
10.1.4 Schedule Mode ............................................................................................... 160
10.2 Bandwidth Control ..................................................................................................... 161
10.2.1 Rate Limit ........................................................................................................ 161
10.2.2 Storm Control ................................................................................................. 162
10.3 Voice VLAN ................................................................................................................ 164
10.3.1 Global Config .................................................................................................. 166
10.3.2 Port Config ...................................................................................................... 167
10.3.3 OUI Config ....................................................................................................... 168
Chapter 11 ACL ............................................................................................................................ 170
11.1 Time-Range ............................................................................................................... 170
11.1.1 Time-Range Summary .................................................................................... 170
11.1.2 Time-Range Create ........................................................................................ 171
11.1.3 Holiday Config ................................................................................................ 172
11.2 ACL Config ................................................................................................................. 173
11.2.1 ACL Summary ................................................................................................. 173
11.2.2 ACL Create...................................................................................................... 173
11.2.3 MAC ACL ......................................................................................................... 174
11.2.4 Standard-IP ACL ............................................................................................. 175
VI
11.2.5 Extend-IP ACL ................................................................................................. 176
11.3 Policy Config .............................................................................................................. 177
11.3.1 Policy Summary .............................................................................................. 177
11.3.2 Policy Create ................................................................................................... 178
11.3.3 Action Create .................................................................................................. 179
11.4 Policy Binding ............................................................................................................ 180
11.4.1 Binding Table .................................................................................................. 180
11.4.2 Port Binding .................................................................................................... 181
11.4.3 VLAN Binding .................................................................................................. 181
11.5 Application Example for ACL .................................................................................... 182
Chapter 12 Network Security ...................................................................................................... 185
12.1 IP-MAC Binding .......................................................................................................... 185
12.1.1 Binding Table .................................................................................................. 185
12.1.2 Manual Binding................................................................................................ 187
12.1.3 ARP Scanning ................................................................................................. 188
12.1.4 DHCP Snooping .............................................................................................. 190
12.2 ARP Inspection .......................................................................................................... 195
12.2.1 ARP Detect ...................................................................................................... 199
12.2.2 ARP Defend ..................................................................................................... 200
12.2.3 ARP Statistics ................................................................................................. 201
12.3 DoS Defend ............................................................................................................... 202
12.3.1 DoS Defend ..................................................................................................... 203
12.4 802.1X ........................................................................................................................ 204
12.4.1 Global Config .................................................................................................. 208
12.4.2 Port Config ...................................................................................................... 210
12.5 AAA ............................................................................................................................ 212
12.5.1 Global Config .................................................................................................. 213
12.5.2 Privilege Elevation .......................................................................................... 213
12.5.3 RADIUS Server Config .................................................................................... 214
12.5.4 TACACS+ Server Config ................................................................................ 215
12.5.5 Authentication Server Group Config ............................................................. 215
12.5.6 Authentication Method List Config ................................................................ 217
12.5.7 Application Authentication List Config .......................................................... 218
12.5.8 802.1X Authentication Server Config ............................................................ 219
VII
12.5.9 Default Settings .............................................................................................. 220
12.6 PPPoE ........................................................................................................................ 221
Chapter 13 SNMP ......................................................................................................................... 224
13.1 SNMP Config ............................................................................................................. 226
13.1.1 Global Config .................................................................................................. 226
13.1.2 SNMP View ...................................................................................................... 227
13.1.3 SNMP Group ................................................................................................... 228
13.1.4 SNMP User ...................................................................................................... 230
13.1.5 SNMP Community .......................................................................................... 231
13.2 Notification ................................................................................................................ 234
13.2.1 Notification Config .......................................................................................... 234
13.3 RMON ......................................................................................................................... 236
13.3.1 History Control ............................................................................................... 237
13.3.2 Event Config ................................................................................................... 238
13.3.3 Alarm Config ................................................................................................... 239
Chapter 14 LLDP .......................................................................................................................... 241
14.1 Basic Config ............................................................................................................... 245
14.1.1 Global Config .................................................................................................. 245
14.1.2 Port Config ...................................................................................................... 246
14.2 Device Info ................................................................................................................. 247
14.2.1 Local Info ........................................................................................................ 247
14.2.2 Neighbor Info .................................................................................................. 248
14.3 Device Statistics ........................................................................................................ 249
14.4 LLDP-MED ................................................................................................................. 250
14.4.1 Global Config .................................................................................................. 251
14.4.2 Port Config ...................................................................................................... 252
14.4.3 Local Info ........................................................................................................ 254
14.4.4 Neighbor Info .................................................................................................. 255
Chapter 15 Maintenance.............................................................................................................. 257
15.1 System Monitor ......................................................................................................... 257
15.1.1 CPU Monitor .................................................................................................... 257
15.1.2 Memory Monitor ............................................................................................. 258
15.2 Log ............................................................................................................................. 259
15.2.1 Log Table ........................................................................................................ 260
VIII
15.2.2 Local Log ........................................................................................................ 261
15.2.3 Remote Log .................................................................................................... 262
15.2.4 Backup Log ..................................................................................................... 262
15.3 Device Diagnostics .................................................................................................... 263
15.4 Network Diagnostics ................................................................................................. 264
15.4.1 Ping ................................................................................................................. 264
15.4.2 Tracert............................................................................................................. 265
15.5 DLDP .......................................................................................................................... 266
Chapter 16 System Maintenance via FTP ................................................................................... 270
Appendix A: Glossary .................................................................................................................. 273
IX
Package Contents
The following items should be found in your box:
One T2500G-10TS switch
One power cord
One console cable
Two mounting brackets and other fittings
Installation Guide
Resource CD for T2500G-10TS switch, including:
• This User Guide
• The CLI Reference Guide
• SNMP Mibs
• 802.1X Client Software
• Other Helpful Information
Note:
Make sure that the package contains the above items. If any of the listed items are damaged or
missing, please contact your distributor.
1
Symbol
Description
Note:
device.
Tips:
of your device.
Chapter 1 About This Guide
This User Guide contains information for setup and management of T2500G-10TS switch.
Please read this guide carefully before operation.
1.1 Intended Readers
This Guide is intended for network managers familiar with IT concepts and network
terminologies.
1.2 Conventions
When using this guide, please notice that features of the switch may vary slightly depending on
the model and software version you have, and on your location, language, and Internet service
provider. All screenshots, images, parameters and descriptions documented in this guide are
used for demonstration only.
The information in this document is subject to change without notice. Every effort has been
made in the preparation of this document to ensure accuracy of the contents, but all
statements, information, and recommendations in this document do not constitute the
warranty of any kind, express or implied. Users must take full responsibility for their application
of any products.
In this Guide the following conventions are used:
The switch or T2500G-10TS mentioned in this Guide stands for T2500G-10TS JetStream
8-Port Gigabit L2 Managed Switch with 2 SFP Slots without any explanation.
Menu Name→Submenu Name→Tab page indicates the menu structure. System→System
Info→System Summary means the System Summary page under the System Info menu
option that is located under the System menu.
Bold font indicates a button, a toolbar icon, menu or menu item.
Symbols in this Guide:
Ignoring this type of note might result in a malfunction or damage to the
This format indicates important information that helps you make better use
More Info:
The latest software, management app and utility can be found at Download Center at
http://www.tp-link.com/support.
2
Chapter
Introduction
Chapter 1 About This Guide
Introduces the guide structure and conventions.
Introduces the features, application and appearance of
T2500G-10TS switch.
page.
This module is used to configure system properties of the
System Info: Configure the description, system time and
the user name and password
for users to log on to the Web management page with a
login to enhance the configuration management security.
L2PT: Configure the Layer 2 Protocol Tunneling feature.
The Installation Guide (IG) can be found where you find this guide or inside the package of
the switch.
Specifications can be found on the product page at http://www.tp-link.com.
A Technical Support Forum is provided for you to discuss our products at
http://forum.tp-link.com.
Our Technical Support contact information can be found at the Contact Technical Support
page at http://www.tp-link.com/support.
1.3 Overview of This Guide
Chapter 2 Introduction
Chapter 3 Login to the switch Introduces how to log on to T2500G-10TS Web management
Chapter 4 System
switch. Here mainly introduces:
network parameters of the switch.
User Management: Configure
certain access level.
System Tools: Manage the configuration file of the switch.
Access Security: Provide different security measures for the
Chapter 5 Switching This module is used to configure basic functions of the switch.
Here mainly introduces:
Port: Configure the basic features for the port.
LAG: Configure Link Aggregation Group. LAG is to combine a
number of ports together to make a single high-bandwidth
data path.
Traffic Monitor: Monitor the traffic of each port
MAC Address: Configure the address table of the switch.
3
Chapter
Introduction
VLAN VPN: VLAN VPN allows the packets with VLAN tags of
private networks to be encapsulated with VLAN tags of
public networks at the network access terminal of the
e switch to automatically add or
remove the VLANs via the dynamic VLAN registration
information and propagate the local VLAN registration
configure each VLAN.
STP Config: Configure and view the global settings of
Security: Configure protection function to prevent
devices from any malicious attack against STP features.
DHCP Relay: Configure the DHCP relay feature.
This module is used to configure multicast function of the
IGMP Snooping: Configure global parameters of IGMP
, VLAN and multicast
MLD Snooping: Configure global parameters of MLD
Snooping function, port properties, VLAN and multicast
View the information of IPv4 and IPv6
multicast groups already on the switch.
Chapter 6 VLAN This module is used to configure VLANs to control broadcast in
LANs. Here mainly introduces:
802.1Q VLAN: Configure port-based VLAN.
MAC VLAN: Configure MAC-based VLAN without changing
the 802.1Q VLAN configuration.
Protocol VLAN: Create VLANs in application layer to make
some special data transmitted in the specified VLAN.
Internet Service Provider.
GVRP: GVRP allows th
information to other switches, without having to individually
Chapter 7 Spanning Tree This module is used to configure spanning tree function of the
switch. Here mainly introduces:
spanning tree function.
Port Config: Configure CIST parameters of ports.
MSTP Instance: Configure MSTP instances.
STP
Chapter 8 DHCP This module is used to configure DHCP function of the switch.
The switch can work as DHCP relay, and here mainly introduces
DHCP relay function.
Chapter 9 Multicast
switch. Here mainly introduces:
Snooping function, port properties
VLAN.
VLAN.
Multicast Table:
4
Chapter
Introduction
Chapter 10 QoS This mo
dule is used to configure QoS function to provide
to ensure the
transmission priority of voice data stream and voice quality.
This module is used to configure match rules and process
policies of packets to filter packets in order to control the
Here mainly
Policy Binding: Bind the policy to a port/VLAN to take its
effect on a specific port/VLAN.
This module is used to configure the multiple protection
802.1X: Configure common access control mechanism for
LAN ports to solve mainly authentication and security
Configure the AAA function protect the device from
ID Insertion
function to support the authentication, authorization, and
accounting (AAA) access requests on an Ethernet interface.
management frame to monitor and maintain the network
ction for the
efficiently.
different quality of service for various network applications and
requirements. Here mainly introduces:
DiffServ: Configure priorities, port priority, 802.1P priority and
DSCP priority.
Bandwidth Control: Configure rate limit feature to control the
traffic rate on each port; configure storm control feature to
filter broadcast, multicast and UL frame in the network.
Voice VLAN: Configure voice VLAN to transmit voice data
stream within the specified VLAN so as
Chapter 11 ACL
access of the illegal users to the network.
introduces:
Time-Range: Configure the effective time for ACL rules.
ACL Config: ACL rules.
Policy Config: Configure operation policies.
Chapter 12 Network Security
measures for the network security. Here mainly introduces:
IP-MAC Binding: Bind the IP address, MAC address, VLAN ID
and the connected Port number of the Host together.
ARP Inspection: Configure ARP inspection feature to prevent
the network from ARP attacks.
DoS Defend: Configure DoS defend feature to prevent DoS
attack.
problems.
AAA:
unauthorized operations.
PPPoE Config: Configure the PPPoE Circuit-
Chapter 13 SNMP This module is used to configure SNMP function to provide a
devices. Here mainly introduces:
SNMP Config: Configure global settings of SNMP function.
Notification: Configure notification fun
management station to monitor and process the events.
RMON: Configure RMON function to monitor network more
5
Chapter
Introduction
Chapter 14 LLDP
This module is used to configure LLDP function to provide
Device Info: View the LLDP information of the local device
LLDP statistics of the local
LLDP-MED: Configure the LLDP-MED features.
This module is used to assemble the commonly used system
Diagnostics: Including Cable Test and Loopback.
Cable Test tests the connection status of the cable
the account of router hops from the switch to the
detect whether a unidirectional link exists.
Maintenance via FTP
ow to download firmware of the switch via FTP
function.
Appendix A Glossary
Lists the glossary used in this manual.
Chapter 15 Maintenance
information for SNMP applications to simplify troubleshooting.
Here mainly introduces:
Basic Config: Configure the LLDP parameters of the device.
and its neighbors.
Device Statistics: View the
device.
tools to manage the switch. Here mainly introduces:
System Monitor: Monitor the memory and CPU of the switch.
Log: View configuration parameters on the switch.
Device
connected to the switch; and Loopback tests if the port of
the switch and the connected device are available.
Network Diagnostics: Test if the destination is reachable and
destination.
DLDP: Monitor the physical configuration of the cables and
Chapter 16 System
Introduces h
Return to CONTENTS
6
Name
Status
Indication
On
Power is on.
Flashing
Power supply is abnormal.
Off
Power is off or power supply is abnormal.
On
The switch is working abnormally.
Flashing
The switch is working normally.
Off
The switch is working abnormally.
A 1000Mbps device is connected to the
corresponding port, but no activity.
A 10/100Mbps device is connected to the
corresponding port, but no activity.
Flashing
Data is being transmitted or received.
Off
Not linked.
Chapter 2 Introduction
2.1 Overview of the Switch
Designed for workgroups and departments, T2500G-10TS from TP-LINK provides wire-speed
performance and full set of layer 2 management features. It provides a variety of service
features and multiple powerful functions with high security.
The EIA-standardized framework and smart configuration capacity can provide flexible solutions
for a variable scale of networks. ACL, 802.1x, IP Source Guard and Dynamic ARP Inspection
provide robust security strategy. QoS and IGMP snooping/filtering optimize voice and video
application. Link aggregation (LACP) increases aggregated bandwidth, optimizing the transport
of business critical data. SNMP, RMON, WEB/Telnet/SSH Log-in bring abundant management
policies. T2500G-10TS switch integrates multiple functions with excellent performance, and is
friendly to manage, which can fully meet the need of the users demanding higher networking
performance.
2.2 Appearance Description
2.2.1 Front Panel
Figure 2-1 Front Panel
The following parts are located on the front panel of the switch:
PWR
SYS
Green
On
10/100/1000M
Yellow
7
Name
Status
Indication
A 1000Mbps device is connected to the
corresponding port, but no activity.
Flashing
Data is being transmitted or received.
Off
Not linked.
On
SFP1, SFP2
Console (RJ-45) Port: Designed to connect with the serial port of a computer or terminal
for monitoring and configuring the switch.
Console (USB) Port: Designed to connect with the USB port of a computer for monitoring
and configuring the switch. The switch has an RJ-45 console port and a micro-USB console
port available. Console input is active on only one console port at a time. By default, the
micro-USB connector takes precedence over the RJ-45 connector.
10/100/1000Mbps RJ45 Ports: Designed to connect to the device with a bandwidth of
10Mbps, 100Mbps or 1000Mbps. Each 10/100/1000Mbps RJ45 port has a corresponding
10/100/1000M LED.
SFP Ports: Designed to install the SFP module. T2500G-10TS features 2 individual SFP
ports and supports 1000M SFP module connection only.
2.2.2 Rear Panel
The rear panel of T2500G-10TS features a power socket and a Grounding Terminal (marked
).
with
Figure 2-2 Rear Panel
Kensington Security Slot: Secure the lock (not provided) into the security slot to prevent
the device from being stolen.
Grounding Terminal: T2500G-10TS already comes with Lightning Protection Mechanism.
You can also ground the switch through the PE (Protecting Earth) cable of AC cord or with
Ground Cable. For detail information, please refer to Installation Guide.
AC Power Socket: Connect the female connector of the power cord here, and the male
connector to the AC power outlet. Please make sure the voltage of the power supply meets
the requirement of the input voltage (100-240V~ 50/60Hz 0.2A).
Return to CONTENTS
8
Chapter 3 Login to the Switch
3.1 Login
1. To access the configuration utility, open a web-browser and type in the default address
http://192.168.0.1 in the address field of the browser, then press the Enter key.
Figure 3-1 Web-browser
Tips:
To log in to the switch, the IP address of your PC should be set in the same subnet addresses
of the switch. The IP address is 192.168.0.x ("x" is any number from 2 to 254), Subnet Mask is
255.255.255.0.
2. After a moment, a login window will appear, as shown in Figure 3-2. Enter admin for the User
Name and Password, both in lower case letters. Then click the Login button or press the
Enter key.
Figure 3-2 Login
3.2 Configuration
After a successful login, the main page will appear as Figure 3-3, and you can configure the
function by clicking the setup menu on the left side of the screen.
9
Figure 3-3 Main Setup-Menu
Note:
Clicking Apply can only make the new configurations effective before the switch is rebooted. If
you want to keep the configurations effective even the switch is rebooted, please click Save
Config. You are suggested to click Save Config before cutting off the power or rebooting the
switch to avoid losing the new configurations.
Return to CONTENTS
10
Indicates the 1000Mbps port is not connected to a device.
Chapter 4 System
The System module is mainly for system configuration of the switch, including four submenus:
System Info, User Management, System Tools and Access Security.
4.1 System Info
The System Info, mainly for basic properties configuration, can be implemented on System
Summary, Device Description, System Time, Daylight Saving Time, System IP and System
IPv6 pages.
4.1.1 System Summary
On this page you can view the port connection status and the system information.
The port status diagram shows the working status of 8 10/100/1000Mbps RJ45 ports and 2
SFP ports of the switch. Ports 1-8 are 10/100/1000Mbps ports, and SFP1 and SFP2 are
individual SFP ports.
Choose the menu System→System Info→System Summary to load the following page.
Figure 4-1 System Summary
Port Status
Indicates the 1000Mbps port is at the speed of 1000Mbps.
11
Indicates the SFP port is not connected to a device.
Port:
Displays the port number of the switch.
Type:
Displays the type of the port.
Rate:
Displays the maximum transmission rate of the port.
Status:
Displays the connection status of the port.
Select Rx to display the bandwidth utilization of receiving
packets on this port.
Select Tx to display the bandwidth utilization of sending packets
on this port.
Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps.
Indicates the SFP port is at the speed of 1000Mbps.
When the cursor moves on the port, the detailed information of the port will be displayed.
Figure 4-2 Port Information
Port Info
Click a port to display the bandwidth utilization on this port. The actual rate divided by
theoretical maximum rate is the bandwidth utilization.
Figure 4-3 displays the bandwidth
utilization monitored every four seconds. Monitoring the bandwidth utilization on each port
facilitates you to monitor the network traffic and analyze the network abnormities.
Figure 4-3 Bandwidth Utilization
Bandwidth Utilization
Rx:
Tx:
12
Device Name:
Enter the name of the switch.
Device Location:
Enter the location of the switch.
System Contact:
Enter your contact information.
4.1.2 Device Description
On this page you can configure the description of the switch, including device name, device
location and system contact.
Choose the menu System→System Info→Device Description to load the following page.
Figure 4-4 Device Description
The following entries are displayed on this screen:
Device Description
4.1.3 System Time
System Time is the time displayed while the switch is running. On this page you can configure the
system time and the settings here will be used for other time-based functions like ACL.
You can manually set the system time, get UTC automatically if it has connected to an NTP
server or synchronize with PC’s clock as the system time.
Choose the menu System→System Info→System Time to load the following page.
Figure 4-5 System Time
13
Current System Date:
Displays the current date and time of the switch.
Current Time Source:
Displays the current time source of the switch.
When this option is selected, you can set the date and time
manually.
Time from NTP
When this option is selected, you can configure the time zone
and the IP Address for the NTP Server. The switch will get
Enter the IP Address for
Specify the rate fetching time from NTP
server.
clock is
utilized.
The following entries are displayed on this screen:
Time Info
Time Config
Manual:
Get
Server:
UTC automatically if it has connected to an NTP Server.
Time Zone: Select your local time.
Primary/Secondary NTP Server:
the NTP Server.
Update Rate:
Synchronize with
When this option is selected, the administrator PC’s
PC’S Clock:
Note:
1. The system time will be restored to the default when the switch is restarted and you need to
reconfigure the system time of the switch.
2. When Get Time from NTP Server is selected and no time server is configured, the switch will
get time from the time server of the Internet if it has connected to the Internet.
4.1.4 Daylight Saving Time
Here you can configure the Daylight Saving Time of the switch.
Choose the menu System→System Info→Daylight Saving Time to load the following page.
14
DST Status:
Enable or Disable DST.
Sunday in
First Sunday in
Last Sunday in
t
Sunday in April, 03:00.
curring mode. This
Offset: Specify the time adding in minutes when Daylight
Start/End Time: Select starting time and ending time of
Daylight Saving Time.
e mode. This
Offset: Specify the time adding in minutes when Daylight
Start/End Time: Select starting time and ending time of
Daylight Saving Time.
Figure 4-6 Daylight Saving Time
The following entries are displayed on this screen:
DST Config
Predefined Mode: Select a predefined DST configuration:
USA: Second Sunday in March, 02:00 – First
November, 02:00.
Australia: First Sunday in October, 02:00 –
April, 03:00.
Europe: Last Sunday in March, 01:00 –
October, 01:00.
New Zealand: Last Sunday in September, 02:00 – Firs
Recurring Mode: Specify the DST configuration in re
configuration is recurring in use:
Saving Time comes.
Date Mode: Specify the DST configuration in Dat
configuration is one-off in use:
Saving Time comes.
15
MAC Address:
Displays MAC Address of the switch.
When this option is selected, you should enter IP
When this option is selected, the switch will obtain
When this option is selected, the switch will obtain
network parameters from the BOOTP Server.
Enter the ID of management VLAN, the only VLAN through which
LAN1 owning all the
ports is the Management VLAN and you can access the switch via
any port on the switch. However, if another VLAN is created and
set to be the Management VLAN, you may have to reconnect the
the
Management VLAN.
Enter the system IP of the switch. The default system IP is
192.168.0.1 and you can change it appropriate to your needs.
Note:
1. When the DST is disabled, the predefined mode, recurring mode and date mode cannot be
configured.
2. When the DST is enabled, the default daylight saving time is of Europe in predefined mode.
4.1.5 System IP
Each device in the network possesses a unique IP Address. You can log on to the Web
management page to operate the switch using this IP Address. The switch supports three
modes to obtain an IP address: Static IP, DHCP and BOOTP. The IP address obtained using a
new mode will replace the original IP address. On this page you can configure the system IP of
the switch.
Choose the menu System→System Info→System IP to load the following page.
Figure 4-7 System IP
The following entries are displayed on this screen:
IP Config
IP Address Mode: Select the mode to obtain IP Address for the switch.
Static IP:
Address, Subnet Mask and Default Gateway manually.
DHCP:
network parameters from the DHCP Server.
BOOTP:
Management VLAN:
you can get access to the switch. By default V
management station to a port that is a member of
IP Address:
16
Subnet Mask:
Enter the subnet mask of the switch.
Default Gateway:
Enter the default gateway of the switch.
Note:
1. Changing the IP address to a different IP segment will interrupt the network
communication, so please keep the new IP address in the same IP segment with the local
network.
2. The switch only possesses an IP address. The IP address configured will replace the
original IP address.
3. If the switch gets the IP address from DHCP server, you can see the configuration of the
switch in the DHCP server; if DHCP option is selected but no DHCP server exists in the
network, the switch will keep obtaining IP address from DHCP server until success.
4. If DHCP or BOOTP option is selected, the switch will get network parameters dynamically
from the Internet, which means that its IP address, subnet mask and default gateway
cannot be configured.
5. By default, the IP address is 192.168.0.1.
4.1.6 System IPv6
IPv6 (Internet Protocol version 6), also called IPng (IP next generation), was developed by the
IETF (Internet Engineering Task Force) as the successor to IPv4 (Internet Protocol version 4).
Compared with IPv4, IPv6 increases the IP address size from 32 bits to 128 bits; this solves the
IPv4 address exhaustion problem.
IPv6 features
IPv6 has the following features:
1. Adequate address space: The source and destination IPv6 addresses are both 128 bits
(16 bytes) long. IPv6 can provide 3.4 x 10
of hierarchical address division as well as allocation of public and private addresses.
2. Header format simplification: IPv6 cuts down some IPv4 header fields or move them to
IPv6 extension headers to reduce the load of basic IPv6 headers, thus making IPv6 packet
handling simple and improving the forwarding efficiency. Although the IPv6 address size is
four times that of IPv4 addresses, the size of basic IPv6 headers is 40 bytes and is only
twice that of IPv4 headers (excluding the Options field).
3. Flexible extension headers: IPv6 cancels the Options field in IPv4 packets but introduces
38
addresses to completely meet the requirements
multiple extension headers. In this way, IPv6 enhances the flexibility greatly to provide
scalability for IP while improving the handling efficiency. The Options field in IPv4 packets
contains 40 bytes at most, while the size of IPv6 extension headers is restricted by that of
IPv6 packets.
4. Built-in security: IPv6 uses IPSec as its standard extension header to provide end-to-end
security. This feature provides a standard for network security solutions and improves the
interoperability between different IPv6 applications.
17
5. Automatic address configuration: To simplify the host configuration, IPv6 supports
stateful and stateless address configuration.
Stateful address configuration means that a host acquires an IPv6 address and related
information from a server (for example, DHCP server).
Stateless address configuration means that a host automatically configures an IPv6
address and related information on basis of its own link-layer address and the prefix
information advertised by a router.
In addition, a host can generate a link-local address on basis of its own link-layer address
and the default prefix (FE80::/64) to communicate with other hosts on the link.
6. Enhanced neighbor discovery mechanism: The IPv6 neighbor discovery protocol is a
group of Internet control message protocol version 6 (ICMPv6) messages that manages
the information exchange between neighbor nodes on the same link. The group of ICMPv6
messages takes the place of Address Resolution Protocol (ARP) message, Internet Control
Message Protocol version 4 (ICMPv4) router discovery message, and ICMPv4 redirection
message to provide a series of other functions.
Introduction to IPv6 address
1. IPv6 address format
An IPv6 address is represented as a series of 16-bit hexadecimals, separated by colons (:).
An IPv6 address is divided into eight groups, and the 16 bits of each group are represented
by four hexadecimal numbers which are separated by colons, for example,
2001:0d02:0000:0000:0014: 0000:0000:0095. The hexadecimal letters in IPv6 addresses
are not case-sensitive.
To simplify the representation of IPv6 addresses, zeros in IPv6 addresses can be handled
as follows:
Leading zeros in each group can be removed. For example, the above-mentioned
address can be represented in shorter format as 2001:d02:0:0:14:0:0:95.
Two colons (::) may be used to compress successive hexadecimal fields of zeros at the
beginning, middle, or end of an IPv6 address. For example, the above-mentioned
address can be represented in the shortest format as 2001:d02::14:0:0:95.
Note:
Two colons (::) can be used only once in an IPv6 address to represent the longest
successive hexadecimal fields of zeros. Otherwise, the device is unable to determine how
many zeros double-colons represent when converting them to zeros to restore a 128-bit
IPv6 address.
An IPv6 address consists of two parts: address prefix and interface ID. The address prefix
and the interface ID are respectively equivalent to the network ID and the host ID in an IPv4
address.
18
(currently assigned)
(to be assigned in future)
Anycast addresses are taken from unicast
address space and are not syntactically
An IPv6 address prefix is represented in "IPv6 address/prefix length" format, where "IPv6
address" is an IPv6 address in any of the above-mentioned formats and "prefix length" is a
decimal number indicating how many leftmost bits from the preceding IPv6 address are
used as the address prefix.
2. IPv6 address classification
IPv6 addresses fall into three types: unicast address, multicast address, and anycast
address.
Unicast address: An identifier for a single interface, on a single node. A packet that is
sent to a unicast address is delivered to the interface identified by that address.
Multicast address: An identifier for a set of interfaces (typically belonging to different
nodes), similar to an IPv4 multicast address. A packet sent to a multicast address is
delivered to all interfaces identified by that address. There are no broadcast addresses
in IPv6. Their function is superseded by multicast addresses.
Anycast address: An identifier for a set of interfaces (typically belonging to different
nodes). A packet sent to an anycast address is delivered to one of the interfaces
identified by that address (the nearest one, according to the routing protocols’ measure
of distance).
The type of an IPv6 address is designated by the first several bits called format prefix. The
following table lists the mappings between address types and format prefixes.
Type Format Prefix (binary) IPv6 Prefix ID
Unassigned address 00…0 (128 bits) ::/128
Loopback address 00…1 (128 bits) ::1/128
Link-local address 1111111010 FE80::/10
Unicast
address
Site-local address 1111111011 FEC0::/10
Global unicast address
001 2xxx::/4 or 3xxx::/4
Reserved type
Multicast address 11111111 FF00::/8
Anycast address
Table 4-1 Mappings between address types and format prefixes
Other formats
distinguishable from unicast addresses.
19
IPv6 unicast address can be classified into several types, including global unicast address,
link-local address, and site-local address. The two most common types are introduced
below:
Global unicast address
A Global unicast address is an IPv6 unicast address that is globally unique and is
routable on the global Internet.
Global unicast addresses are defined by a global routing prefix, a subnet ID, and an
interface ID. Except for addresses that start with binary 000, all global unicast
addresses have a 64-bit interface ID. The IPv6 global unicast address allocation uses
the range of addresses that start with binary value 001 (2000::/3). The figure below
shows the structure of a global unicast address.
Figure 4-8 Global Unicast Address Format
An interface ID is used to identify interfaces on a link. The interface ID must be unique to
the link. It may also be unique over a broader scope. In many cases, an interface ID will
be the same as or based on the link-layer address of an interface. Interface IDs used in
global unicast and other IPv6 address types must be 64 bits long and constructed in the
modified extended universal identifier (EUI)-64 format.
For all IEEE 802 interface types (for example, Ethernet and FDDI interfaces), Interface
IDs in the modified EUI-64 format are constructed in the following way:
the first three octets (24 bits) are taken from the Organizationally Unique Identifier (OUI)
of the 48-bit link-layer address (the media access control, or MAC, address) of the
interface, the fourth and fifth octets (16 bits) are a fixed hexadecimal value of FFFE, and
the last three octets (24 bits) are taken from the last three octets of the MAC address.
The construction of the interface ID is completed by setting the universal/local (U/L)
bit--the seventh bit of the first octet--to a value of 0 or 1. A value of 0 indicates a locally
administered identifier; a value of 1 indicates a globally unique IPv6 interface identifier.
Take MAC address 0012:0B0A:2D51 as an example. Insert FFFE to the middle of the
address to get 0012:0BFF:FE0A:2D51. Then set the U/L bit to 1 to obtain an interface ID
in EUI-64 format as 0212:0BFF:FE0A:2D51.
Link-local address
A link-local address is an IPv6 unicast address that can be automatically configured on
any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface
identifier in the modified EUI-64 format. Link-local addresses are used in the neighbor
discovery protocol and the stateless autoconfiguration process. Nodes on a local link
20
can use link-local addresses to communicate; the nodes do not need globally unique
addresses to communicate. The figure below shows the structure of a link-local
address.
Figure 4-9
Link-local Address Format
IPv6 devices must not forward packets that have link-local source or destination
addresses to other links.
Note:
You can configure multiple IPv6 addresses per interface, but only one link-local address.
IPv6 Neighbor Discovery
The IPv6 neighbor discovery process uses ICMP messages and solicited-node multicast
addresses to determine the link-layer address of a neighbor on the same network (local link),
verify the reachability of a neighbor, and track neighboring devices.
1. IPv6 Neighbor Solicitation Message
A value of 135 in the Type field of the ICMP packet header identifies a neighbor solicitation
(NS) message. Neighbor solicitation messages are sent on the local link when a node wants
to determine the link-layer address of another node on the same local link. After receiving
the neighbor solicitation message, the destination node replies by sending a neighbor
advertisement (NA) message, which has a value of 136 in the Type field of the ICMP packet
header, on the local link. After the source node receives the neighbor advertisement, the
source node and destination node can communicate.
Neighbor advertisement messages are also sent when there is a change in the link-layer
address of a node on a local link.
Neighbor solicitation messages are also used to verify the reachability of a neighbor after
the link-layer address of a neighbor is identified.
Neighbor solicitation messages are also used in the stateless autoconfiguration process to
verify the uniqueness of unicast IPv6 addresses before the addresses are assigned to an
interface. Duplicate address detection is performed first on a new, link-local IPv6 address
before the address is assigned to an interface (the new address remains in a tentative state
while duplicate address detection is performed). Specifically, a node sends a neighbor
21
solicitation message with an unspecified source address and a tentative link-local address
in the body of the message. If another node is already using that address, the node returns
a neighbor advertisement message that contains the tentative link-local address. If another
node is simultaneously verifying the uniqueness of the same address, that node also
returns a neighbor solicitation message. If no neighbor advertisement messages are
received in response to the neighbor solicitation message and no neighbor solicitation
messages are received from other nodes that are attempting to verify the same tentative
address, the node that sent the original neighbor solicitation message considers the
tentative link-local address to be unique and assigns the address to the interface.
Every IPv6 unicast address (global or link-local) must be verified for uniqueness on the link;
however, until the uniqueness of the link-local address is verified, duplicate address
detection is not performed on any other IPv6 addresses associated with the link-local
address.
2. IPv6 Router Advertisement Message
Router advertisement (RA) messages, which have a value of 134 in the Type field of the
ICMP packet header, are periodically sent out each configured interface of an IPv6 router.
RA messages typically include the following information:
One or more onlink IPv6 prefixes that nodes on the local link can use to automatically
configure their IPv6 addresses
Lifetime information for each prefix included in the advertisement
Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be
completed
Default router information (whether the device sending the advertisement should be
used as a default router and, if so, the amount of time, in seconds, the device should be
used as a default router)
Additional information for hosts, such as the hop limit and maximum transmission unit
(MTU) a host should use in packets that it originates
RAs are also sent in response to device solicitation messages. Device solicitation
messages, which have a value of 133 in the Type field of the ICMP packet header, are sent
by hosts at system startup or anytime needed so that the host can immediately
autoconfigure without needing to wait for the next scheduled RA message.
Hosts discover and select default devices by listening to Router Advertisements (RAs).
Stateless address autoconfiguration means that the node automatically configures an IPv6
address and other information for its interface according to the address prefix and other
configuration parameters in the received RA messages.
3. IPv6 Neighbor Redirect Message
22
A value of 137 in the type field of the ICMP packet header identifies an IPv6 neighbor
redirect message. Devices send neighbor redirect messages to inform hosts of better
first-hop nodes on the path to a destination.
A device will send an IPv6 ICMP redirect message when the following conditions are
satisfied:
The receiving interface is the forwarding interface.
The selected route itself is not created or modified by an IPv6 ICMP redirect message.
The selected route is not the default route.
The forwarded IPv6 packet does not contain any routing header.
Choose the menu System →System Info →System IPv6 to load the following page.
Figure 4-10 System IPv6
23
IPv6:
Enable/Disable IPv6 function globally on the Switch.
When this option is selected, you should assign a
When this option is selected, the switch will generate a
link-local address automatically.
Link-local Address:
Enter a link-local address.
local address may be newly
ess is duplicate. It is
including
link-local and global address).
Enable global address
auto configuration via
h automatically configures
a global address and other information according to the address
RA
(Router Advertisement) message.
Enable Global
oconfig
via DHCPv6 Server:
When this option is enabled, the system will try to obtain the
You can select the global address format according to your
Indicates that you only need to specify an address
prefix, and then the system will create a global address
Indicates that you have to specify an intact
global address.
input the address
prefix here, otherwise, please input an intact IPv6 address here.
The following entries are displayed on this screen:
Global Config
Link-local Address Config
Config Mode: Select the link-local address configuration mode.
Manual:
link-local address manually.
Auto:
Status: Displays the status of the link-local address.
Normal: Indicates that the link-local address is normal.
Try: Indicates that the link-
configured
Repeat: Indicates that the link-local addr
illegal to access the switch using the IPv6 address (
Global Address Autoconfig via RA Message
When this option is enabled, the switc
RA message:
Global Address Autoconfig via DHCPv6 Server
Address Aut
Add a global address manually
prefix and other configuration parameters from the received
global address from the DHCPv6 Server.
Address Format:
requirements.
EUI-64:
automatically.
Not EUI-64:
Global Address: When selecting the mode of EUI-64, please
24
Select the desired entry to delete or modify the corresponding
global address.
Global Address:
Modify the global address.
Prefix Length:
Modify the prefix length of the global address.
Indicates that the corresponding address is
Indicates that the corresponding address is created
the RA message or obtained from the
DHCPv6 Server.
/Valid Lifetime:
Indicates that the global address may be newly
Indicates that the corresponding address is
duplicate. It is illegal to access the switch using this address.
Global address Table
Select:
Type: Displays the configuration mode of the global address.
Manual:
configured manually
Auto:
automatically using
Preferred Lifetime
Displays the preferred time and valid time of the global address.
Status: Displays the status of the global address.
Normal: Indicates that the global address is normal.
Try:
configured.
Repeat:
Tips:
After adding a global IPv6 address to your switch manually here, you can configure your PC’s
global IPv6 address in the same subnet with the switch and login to the switch via its global
IPv6 address.
4.2 User Management
User Management functions to configure the user name and password for users to log on to
the Web management page with a certain access level so as to protect the settings of the
switch from being randomly changed.
The User Management function can be implemented on User Table and User Config pages.
4.2.1 User Table
On this page you can view the information about the current users of the switch.
Choose the menu System→User Management→User Table to load the following page.
Figure 4-11 User Table
25
User Name:
Create a name for users’ login.
Admin: Admin can edit, modify and view all the settings of
r can edit, modify and view most of the
Power User: Power User can edit, modify and view some of
User: User only can view the settings without the right to edit
and modify.
Password:
Type a password for users’ login.
Confirm Password:
Retype the password.
4.2.2 User Config
On this page you can configure the access level of the user to log on to the Web management
page. The switch provides four access levels: Admin, Operator, Power User and User. “Admin”
means that you can edit, modify and view all the settings of different functions. “Operator”
means that you can edit, modify and view most of the settings of different functions. “Power
User” means that you can edit, modify and view some of the settings of different functions.
“User” means that you can only view some of the settings of different functions without the
right to edit or modify. The Web management pages contained in this guide are subject to the admin’s
login without any explanation.
Choose the menu System→User Management→User Config to load the following page.
Figure 4-12 User Config
The following entries are displayed on this screen:
User Info
Access Level: Select the access level to login.
different functions.
Operator: Operato
settings in different functions.
the settings in different functions.
26
Select the desired entry to delete the corresponding user
optional The current user information
can’t be deleted.
Access Level:
button of the desired entry, and you can edit the
corresponding user information. After modifying the settings,
effective. Access level and user status of the current user
information can’t be modified.
Select:
Select the unit(s).
Image:
Next Startup Image:
Select the next startup image.
Backup Image:
Select the backup boot image.
User Table
Select:
information. It is multi-
User ID, Name and
Displays the current user ID, user name and access level.
Operation: Click the Edit
please click the Modify button to make the modification
4.3 System Tools
The System Tools function, allowing you to manage the configuration file of the switch, can be
implemented on Boot Config, Config Restore, Config Backup, Firmware Upgrade, System
Reboot and System Reset pages.
4.3.1 Boot Config
On this page you can configure the boot file of the switch. When the switch is powered on, it will
start up with the startup image. If it fails, it will try to start up with the backup image. If this fails
too, you will enter into the bootutil menu of the switch.
Choose the menu System → System Tools → Boot Config to load the following page.
Figure 4-13 Boot Config
The following entries are displayed on this screen:
Boot Table
Current Startup
Displays the current startup image.
27
he backup
configuration file. It will take effect after the switch
automatically reboots.
4.3.2 Config Restore
On this page you can upload a backup configuration file to restore your switch to this previous
configuration.
Choose the menu System→System Tools→Config Restore to load the following page.
The following entries are displayed on this screen:
Figure 4-14 Config Restore
Config Restore
Restore Config: Click the Restore Config button to restore t
Note:
1. It will take a few minutes to restore the configuration. Please wait without any operation.
2. To avoid any damage, please don’t power down the switch while being restored.
3. After being restored, the current settings of the switch will be lost. Wrong uploaded
configuration file may cause the switch unmanaged.
4.3.3 Config Backup
On this page you can download the current configuration and save it as a file to your computer
for your future configuration restore.
Choose the menu System→System Tools→Config Backup to load the following page.
Figure 4-15 Config Backup
28
Click the Backup Config button to save the current
configuration as a file to your computer. You are suggested to
take this measure before upgrading.
The following entries are displayed on this screen:
Config Backup
Backup Config:
Note:
It will take a few minutes to back up the configuration. Please wait without any operation.
4.3.4 Firmware Upgrade
The switch system can be upgraded via the Web management page. To upgrade the system is
to get more functions and better performance. Go to http://www.tp-link.com to download the
updated firmware.
Choose the menu System→System Tools→Firmware Upgrade to load the following page.
Figure 4-16 Firmware Upgrade
Note:
1. Don’t interrupt the upgrade.
2. Please select the proper software version matching with your hardware to upgrade.
3. To avoid damage, please don't turn off the device while upgrading.
4. After upgrading, the device will reboot automatically.
5. You are suggested to back up the configuration before upgrading.
4.3.5 System Reboot
On this page you can reboot the switch and return to the login page. Please save the current
configuration before rebooting to avoid losing the configuration unsaved
29
Choose the menu System→System Tools→System Reboot to load the following page.
Figure 4-17 System Reboot
Note:
To avoid damage, please don't turn off the device while rebooting.
4.3.6 System Reset
On this page you can reset the switch to the default. All the settings will be cleared after the
switch is reset.
Choose the menu System→System Tools→System Reset to load the following page.
Figure 4-18 System Reset
Note:
After the system is reset, the switch will be reset to the default and all the settings will be
cleared.
4.4 Access Security
Access Security provides different security measures for the remote login so as to enhance
the configuration management security. It can be implemented on Access Control, SSL Config
and SSH Config pages.
4.4.1 Access Control
On this page you can control the users logging on to the Web management page to enhance
the configuration management security. The definitions of Admin and Guest refer to 4.2 User
Management.
30
Select the control mode for users to log on to the Web
range of the users
Select this option to limit the MAC Address of
Port-based: Select this option to limit the ports for login.
Access Interface:
Select the interface for access control to apply.
based mode
range you set here are
allowed for login.
able for configuration only when
based mode is selected. Only the user with this MAC
Address you set here is allowed for login.
The field can be available for configuration only when
based mode is selected. Only the users connected to
these ports you selected here are allowed for login.
Choose the menu System→Access Security→Access Control to load the following page.
Figure 4-19 Access Control
The following entries are displayed on this screen:
Access Control Config
Control Mode:
management page.
IP-based: Select this option to limit the IP-
for login.
MAC-based:
the users for login.
IP Address & Mask:
These fields is available to configure only when IPis selected. Only the users within the IP-
MAC Address: The field can be avail
MAC-
Port:
Port-
4.4.2 HTTP Config
With the help of HTTP (Hyper Text Transfer Protocol), you can manage the switch through a
standard browser. The standards development of HTTP was coordinated by the Internet
Engineering Task Force and the World Wide Web Consortium.
On this page you can configure the HTTP function.
31
HTTP:
Select Enable/Disable the HTTP function on the switch.
If you do nothing with the Web management page within the
ou want to
reconfigure, please login again.
Number Control:
Select Enable/Disable the Number Control function.
Enter the maximum number of the users logging on to the Web
management page as Admin.
maximum number of the users logging on to the Web
management page as Guest.
Choose the menu System→Access Security→HTTP Config to load the following page.
Figure 4-20 HTTP Config
The following entries are displayed on this screen
Global Config
Session Config
Session Timeout:
timeout time, the system will log out automatically. If y
Access User Number
Admin Number:
Guest Number: Enter the
:
4.4.3 HTTPS Config
SSL (Secure Sockets Layer), a security protocol, is to provide a secure connection for the
application layer protocol (e.g. HTTP) communication based on TCP. SSL is widely used to
secure the data transmission between the Web browser and servers. It is mainly applied
through ecommerce and online banking.
SSL mainly provides the following services:
1. Authenticate the users and the servers based on the certificates to ensure the data are
transmitted to the correct users and servers;
2. Encrypt the data transmission to prevent the data being intercepted;
32
3. Maintain the integrality of the data to prevent the data being altered in the transmission.
Adopting asymmetrical encryption technology, SSL uses key pair to encrypt/decrypt
information. A key pair refers to a public key (contained in the certificate) and its corresponding
private key. By default the switch has a certificate (self-signed certificate) and a corresponding
private key. The Certificate/Key Download function enables the user to replace the default key
pair.
After SSL is effective, you can log on to the Web management page via https://192.168.0.1. For
the first time you use HTTPS connection to log into the switch with the default certificate, you
will be prompted that “The security certificate presented by this website was not issued by a
trusted certificate authority” or “Certificate Errors”. Please add this certificate to trusted
certificates or continue to this website.
The switch also supports HTTPS connection for IPv6. After configuring an IPv6 address (for
example, 3001::1) for the switch, you can log on to the switch’s Web management page via
https://[3001::1].
On this page you can configure the HTTPS function.
33
HTTPS:
Select Enable/Disable the HTTPS function on the switch.
Enable or Disable Secure Sockets Layer Version 3.0. By default,
it’s enabled.
Enable or Disable Transport Layer Security Version 1.0. By
default, it’s enabled.
Choose the menu System→Access Security→HTTPS Config to load the following page.
Figure 4-21 HTTPS Config
The following entries are displayed on this screen
Global Config
SSL Version 3:
TLS Version 1:
34
:
bit encryption and
MD5 for message digest. By default, it’s enabled.
bit encryption and
SHA for message digest. By default, it’s enabled.
CBC for message
ncryption and SHA for message digest. By
default, it’s enabled.
CBC
for message encryption and SHA for message
digest. By default, it’s enabled.
hing with the Web management page within the
reconfigure, please login again.
Number Control:
Select Enable/Disable the Number Control function.
e maximum number of the users logging on to the Web
management page as Admin.
Enter the maximum number of the users logging on to the Web
management page as Guest.
wnload to the switch. The
certificate must be BASE64 encoded.
Select the desired key to download to the switch. The key must
be BASE64 encoded.
CipherSuite Config
RSA_WITH_RC4_128_MD5: Key exchange with RC4 128-
RSA_WITH_RC4_128_SHA: Key exchange with RC4 128-
RSA_WITH_DES_CBC_SHA: Key exchange with DES-
e
RSA_WITH_3DES_EDE_CBC_SHA: Key exchange with 3DES and DES-EDE3-
Session Config
Session Timeout: If you do not
timeout time, the system will log out automatically. If you want to
Access User Number
Admin Number: Enter th
Guest Number:
Certificate Download
Certificate File: Select the desired certificate to do
Key Download
Key File:
Note:
1. The SSL certificate and key downloaded must match each other; otherwise the HTTPS
connection will not work.
2. To establish a secured connection using https, please enter https:// into the URL field of
the browser.
3. It may take more time for https connection than that for http connection, because https
connection involves authentication, encryption and decryption etc.
35
4.4.4 SSH Config
As stipulated by IETF (Internet Engineering Task Force), SSH (Secure Shell) is a security
protocol established on application and transport layers. SSH-encrypted-connection is similar
to a telnet connection, but essentially the old telnet remote management method is not safe,
because the password and data transmitted with plain-text can be easily intercepted. SSH can
provide information security and powerful authentication when you log on to the switch
remotely through an insecure network environment. It can encrypt all the transmission data and
prevent the information in a remote management being leaked.
Comprising server and client, SSH has two versions, V1 and V2 which are not compatible with
each other. In the communication, SSH server and client can auto-negotiate the SSH version
and the encryption algorithm. After getting a successful negotiation, the client sends
authentication request to the server for login, and then the two can communicate with each
other after successful authentication. This switch supports SSH server and you can log on to
the switch via SSH connection using SSH client software.
SSH key can be downloaded into the switch. If the key is successfully downloaded, the
certificate authentication will be preferred for SSH access to the switch.
Choose the menu System→Access Security→SSH Config to load the following page.
Figure 4-22 SSH Config
36
SSH:
Select Enable/Disable SSH function.
Protocol V1:
Select Enable/Disable SSH V1 to be the supported protocol.
Protocol V2:
Select Enable/Disable SSH V2 to be the supported protocol.
omatically
release the connection when the time is up. The default time is
120 seconds.
Specify the maximum number of the connections to the SSH
server. No new connection will be established when the number
mum number you set. The
default value is 5.
CBC algorithm of
SSH.
CBC algorithm of
SSH.
CBC algorithm of
SSH.
CBC algorithm of
SSH.
CBC algorithm of
SSH.
CBC algorithm of
SSH.
3DES-CBC:
Select the checkbox to enable the 3DES-CBC algorithm of SSH.
hm of
SSH.
MD5 algorithm of
SSH.
The following entries are displayed on this screen
Global Config
:
Idle Timeout: Specify the idle timeout time. The system will aut
Max Connect:
of the connections reaches the maxi
Encryption Algorithm
Configure SSH encryption algorithms.
AES128-CBC: Select the checkbox to enable the AES128-
AES128-CBC: Select the checkbox to enable the AES128-
AES192-CBC: Select the checkbox to enable the AES192-
AES256-CBC: Select the checkbox to enable the AES256-
Blowfish-CBC: Select the checkbox to enable the Blowfish-
Cast128-CBC: Select the checkbox to enable the Cast128-
Data Integrity Algorithm
Configure SSH data integrity algorithms.
HMAC-SHA1: Select the checkbox to enable the HMAC-SHA1 algorit
HMAC-MD5: Select the checkbox to enable the HMAC-
37
Select the type of SSH Key to download. The switch supports
two types: SSH-2 RSA/DSA and SSH-1 RSA.
wnloaded file is in the
range of 512 to 3072 bits.
button to download the desired key file to
the switch.
Key Download
Key Type:
Key File: Please ensure the key length of the do
Download: Click the Download
Note:
1. It will take a long time to download the key file. Please wait without any operation.
2. After the Key File is downloaded, the user's original key of the same type will be replaced.
The wrong downloaded file will result in the SSH access to the switch via Password
authentication.
Application Example 1 for SSH:
Network Requirements
1. Log on to the switch via password authentication using SSH and the SSH function is
enabled on the switch.
2. PuTTY client software is recommended.
Configuration Procedure
1. Open the software to log on to the interface of PuTTY. Enter the IP address of the switch
into Host Name field; keep the default value 22 in the Port field; select SSH as the
Connection type.
38
2. Click the Open button in the above figure to log on to the switch. Enter the login user name
and password, and then you can continue to configure the switch.
Application Example 2 for SSH:
Network Requirements
1. Log on to the switch via key authentication using SSH and the SSH function is enabled on
the switch.
2. PuTTY client software is recommended.
Configuration Procedure
1. Select the key type and key length, and generate SSH key.
Note:
1. The key length is in the range of 512 to 3072 bits.
39
2. During the key generation, randomly moving the mouse quickly can accelerate the key
generation.
2. After the key is successfully generated, please save the public key and private key to the
computer.
3. On the Web management page of the switch, download the public key file saved in the
computer to the switch.
Note:
1. The key type should accord with the type of the key file.
2. The SSH key downloading cannot be interrupted.
40
4. After the public key and private key are downloaded, please log on to the interface of PuTTY
and enter the IP address for login.
5. Click Browse to download the private key file to SSH client software and click Open.
41
Telnet:
Select Enable/Disable Telnet function globally on the switch.
After successful authentication, please enter the login user name. If you log on to the switch
without entering password, it indicates that the key has been successfully downloaded.
4.4.5 Telnet Config
On this page you can Enable/Disable Telnet function globally on the switch.
Choose the menu System→Access Security→Telnet Config to load the following page.
Figure 4-23 Access Control
The following entries are displayed on this screen:
Global Config
Return to CONTENTS
42
Port Select
select the corresponding
port based on the port number you entered.
Select:
Select the desired port for configuration. It is multi-optional.
Port:
Displays the port number.
Description:
Give a description to the port for identification.
Chapter 5 Switching
Switching module is used to configure the basic functions of the switch, including four
submenus: Port, DDM, LAG, Traffic Monitor and MAC Address.
5.1 Port
The Port function, allowing you to configure the basic features for the port, is implemented on
the Port Config, Port Mirror, Port Security, Port Isolation and Loopback Detection pages.
5.1.1 Port Config
On this page, you can configure the basic parameters for the ports. When the port is disabled, the
packets on the port will be discarded. Disabling the port which is vacant for a long time can
reduce the power consumption effectively. And you can enable the port when it is in need.
The parameters will affect the working mode of the port, please set the parameters appropriate
to your needs.
Choose the menu Switching→Port→Port Config to load the following page.
Figure 5-1 Port Config
The following entries are displayed on this screen.
Port Config
: Click the Select button to quick-
43
Status
When Enable is
selected, the port can forward the packets normally.
Speed and Duplex
Select the Speed and Duplex mode for the port. The device
connected to the switch should be in the same Speed and
the
Speed and Duplex mode will be determined by
auto-negotiation.
Flow Control
Allows you to Enable/Disable the Flow Control feature. When
Flow Control is enabled, the switch can synchronize the
speed with its peer to avoid the packet loss caused by
congestion.
LAG:
Displays the LAG number which the port belongs to.
Group:
Displays the mirror group number.
: Allows you to Enable/Disable the port.
:
Duplex mode with the switch. When “Auto” is selected,
:
Note:
1. The switch cannot be managed through the disabled port. Please enable the port which is
used to manage the switch.
2. The parameters of the port members in a LAG should be set as the same.
5.1.2 Port Mirror
Port Mirror, the packets obtaining technology, functions to forward copies of packets from
one/multiple ports (mirrored port) to a specific port (mirroring port). Usually, the mirroring port
is connected to a data diagnose device, which is used to analyze the mirrored packets for
monitoring and troubleshooting the network.
Choose the menu Switching→Port→Port Mirror to load the following page.
Figure 5-2 Port Mirror Config
The following entries are displayed on this screen.
Mirror Session List
44
Mirroring:
Displays the mirroring port number.
Mode:
Displays the mirror mode. The value will be "Ingress" or "Egress".
Mirrored Port:
Displays the mirrored ports.
Operation:
You can configure the mirror group by clicking Edit.
Click Edit to display the following figure.
Number:
Select the mirror group you want to config.
Mirroring Port:
Select a physical port from the port panel as the mirroring port.
Select:
Select the desired port as a mirrored port. It is multi-optional.
Port:
Displays the port number.
Figure 5-3 Port Mirror Config
The following entries are displayed on this screen:
Mirror Group
Mirroring Port
Mirrored Port
45
Select Enable/Disable the Ingress feature. When the Ingress is
be copied to the mirroring port.
Select Enable/Disable the Egress feature. When the Egress is
copied to the mirroring port.
to. The LAG
port.
Ingress:
enabled, the incoming packets received by the mirrored port will
Egress:
enabled, the outgoing packets sent by the mirrored port will be
LAG: Displays the LAG number which the port belongs
member cannot be selected as the mirrored port or mirroring
Note:
1. The LAG member cannot be selected as the mirrored port or mirroring port.
2. A port cannot be set as the mirrored port and the mirroring port simultaneously.
3. The Port Mirror function can span the multiple VLANs.
5.1.3 Port Security
MAC Address Table maintains the mapping relationship between the port and the MAC
address of the connected device, which is the base of the packet forwarding. The capacity of
MAC Address Table is fixed. MAC Address Attack is the attack method that the attacker takes
to obtain the network information illegally. The attacker uses tools to generate the cheating
MAC address and quickly occupy the MAC Address Table. When the MAC Address Table is full,
the switch will broadcast the packets to all the ports. At this moment, the attacker can obtain
the network information via various sniffers and attacks. When the MAC Address Table is full,
the packets traffic will flood to all the ports, which results in overload, lower speed, packets
drop and even breakdown of the system.
Port Security is to protect the switch from the malicious MAC Address Attack by limiting the
maximum number of MAC addresses that can be learned on the port. The port with Port
Security feature enabled will learn the MAC address dynamically. When the learned MAC
address number reaches the maximum, the port will stop learning. Thereafter, the other
devices with the MAC address unlearned cannot access to the network via this port.
46
Select
multi-optional.
Port:
Displays the port number.
Max Learned MAC
learned on the port.
Learned Num
Displays the number of MAC addresses that have been
learned on the port.
Learn Mode
entries will be saved even the switch is rebooted.
Status:
Enable/Disable the Port Security feature for the port.
Choose the menu Switching→Port→Port Security to load the following page.
Figure 5-4 Port Security
The following entries are displayed on this screen:
Port Security
: Select the desired port for Port Security configuration. It is
: Specify the maximum number of MAC addresses that can be
:
: Select the Learn Mode for the port.
• Dynamic: When Dynamic mode is selected, the learned
MAC address will be deleted automatically after the aging
time.
• Static: When Static mode is selected, the learned MAC
address will be out of the influence of the aging time and
can only be deleted manually. The learned entries will be
cleared after the switch is rebooted.
• Permanent: When Permanent mode is selected, the
learned MAC address will be out of the influence of the
aging time and can only be deleted manually. The learned
47
From/To Port:
Select the port number to set its forward list.
Forward Portlist:
Select the port(s) to be forwarded to.
Port:
Display the port number.
Forward Portlist:
Display the forward list.
Note:
1. The Port Security function is disabled for the LAG port member. Only the port is removed
from the LAG, will the Port Security function be available for the port.
2. The Port Security function is disabled when the 802.1X function is enabled.
5.1.4 Port Isolation
Port Isolation provides a method of restricting traffic flow to improve the network security by
forbidding the port to forward packets to the ports that are not on its forward portlist.
Choose the menu Switching→Port→Port Isolation to load the following page.
The following entries are displayed on this screen:
Port Isolation Config
Port Isolation List
Figure 5-5 Port Isolation Config
48
Status:
Loopback Detection function
globally.
Set a Loopback Detection interval between 1 and 1000
seconds. By default, it’s 30 seconds.
Time after which the blocked port would automatically recover
interval.
Web Refresh Status:
Here you can enable or disable web automatic refresh.
Set a web refresh interval between 3 and 100 seconds. By
default, it’s 6 seconds.
5.1.5 Loopback Detection
With loopback detection feature enabled, the switch can detect loops using loopback
detection packets. When a loop is detected, the switch will display an alert or further block the
corresponding port according to the port configuration.
Choose the menu Switching→Port→LoopbackDetection to load the following page.
Figure 5-6 Loopback Detection Config
The following entries are displayed on this screen:
Global Config
LoopbackDetection
Here you can enable or disable
Detection Interval:
Automatic
Recovery Time:
to normal status. It can be set as integral times of detection
Web Refresh Interval:
49
select the corresponding port
based on the port number you entered.
Select the desired port for Loopback Detection configuration. It
is multi-optional.
Port:
Displays the port number.
Status:
Enable or disable Loopback Detection function for the port.
When a loop is detected, display an alert and
block the port.
the mode how the blocked port recovers to normal
Block status can be automatically removed after
Manual: Block status only can be removed manually.
Loop Status:
Displays the port status whether a loopback is detected.
Block Status:
Displays the port status about block or unblock.
LAG:
Displays the LAG number the port belongs to.
Manual Recover:
Manually remove the block status of selected ports.
Port Config
Port Select: Click the Select button to quick-
Select:
Operation Mode: Select the mode how the switch processes the detected loops.
Alert: When a loop is detected, display an alert.
Port based:
Recovery Mode: Select
status.
Auto:
recovery time.
Note:
1. Recovery Mode is not selectable when Alert is chosen in Operation Mode.
2. Loopback Detection must coordinate with storm control.
5.2 LAG
LAG (Link Aggregation Group) is to combine a number of ports together to make a single
high-bandwidth data path, so as to implement the traffic load sharing among the member ports
in the group and to enhance the connection reliability.
For the member ports in an aggregation group, their basic configuration must be the same. The
basic configuration includes STP, QoS, GVRP, VLAN, port attributes, MAC Address Learning
mode and other associated settings. The further explains are as following:
If the ports, which are enabled for the GVRP, 802.1Q VLAN, Voice VLAN, STP, QoS, Port
Isolation, DHCP Snooping and Port Configuration (Speed, Flow Control), are in a LAG,
their configurations should be the same.
The ports, which are enabled for the Port Security, Port Mirror, MAC Address Filtering,
Static MAC Address Binding, 802.1X Authentication, IP Source Guard, and half-duplex
cannot be added to the LAG.
50
Hash Algorith
destination IP addresses of the packets.
It’s not suggested to add the ports with ARP Inspection and DoS Defend enabled to the
LAG.
If the LAG is needed, you are suggested to configure the LAG function here before configuring
the other functions for the member ports.
Tips:
1. Calculate the bandwidth for a LAG: If a LAG consists of the four ports in the speed of
1000Mbps Full Duplex, the whole bandwidth of the LAG is up to 8000Mbps (2000Mbps * 4)
because the bandwidth of each member port is 2000Mbps counting the up-linked speed
of 1000Mbps and the down-linked speed of 1000Mbps.
2. The traffic load of the LAG will be balanced among the ports according to the Aggregate
Arithmetic. If the connections of one or several ports are broken, the traffic of these ports
will be transmitted on the normal ports, so as to guarantee the connection reliability.
Depending on different aggregation modes, aggregation groups fall into two types: Static LAG
and LACP Config. The LAG function is implemented on the LAG Table, Static LAG and LACP
Config configuration pages.
5.2.1 LAG Table
On this page, you can view the information of the current LAG of the switch.
Choose the menu Switching→LAG→LAG Table to load the following page.
Figure 5-7 LAG Table
The following entries are displayed on this screen:
Global Config
m: Select the applied scope of aggregate hash arithmetic,
which results in choosing a port to transfer the packets.
• SRC MAC + DST MAC: When this option is selected,
the Aggregate Arithmetic will apply to the source and
destination MAC addresses of the packets.
• SRC IP + DST IP: When this option is selected, the
Aggregate Arithmetic will apply to the source and
51
Select:
Select the desired LAG. It is multi-optional.
Group Number:
Displays the LAG number here.
Description:
Displays the description of LAG.
Member:
Displays the LAG member.
Operation
Detail: Click to get the information of the LAG.
LAG Table
: Allows you to view or modify the information for each LAG.
• Edit: Click to modify the settings of the LAG.
•
Click the Detail button for the detailed information of your selected LAG.
Figure 5-8 Detail Information
5.2.2 Static LAG
On this page, you can manually configure the LAG. The LACP feature is disabled for the
member ports of the manually added Static LAG.
Choose the menu Switching→LAG→Static LAG to load the following page.
Figure 5-9 Static LAG Config
52
Group Number:
Select a Group Number for the LAG.
Description:
Give a description to the LAG for identification.
Member Port
Select the port as the LAG member. Clearing all the ports
of the LAG will delete this LAG.
The following entries are displayed on this screen:
LAG Config
LAG Table
:
Tips:
1. The LAG can be deleted by clearing its all member ports.
2. A port can only be added to a LAG. If a port is the member of a LAG or is dynamically
aggregated as the LACP member, the port number will be displayed in gray and cannot be
selected.
5.2.3 LACP Config
LACP (Link Aggregation Control Protocol) is defined in IEEE802.3ad/802.1ax and enables the
dynamic link aggregation and disaggregation by exchanging LACP packets with its partner. The
switch can dynamically group similarly configured ports into a single logical link, which will
highly extend the bandwidth and flexibly balance the load.
With the LACP feature enabled, the port will notify its partner of the system priority, system
MAC, port priority, port number and operation key (operation key is determined by the physical
properties of the port, upper layer protocol and admin key). The device with higher priority will
lead the aggregation and disaggregation. System priority and system MAC decide the priority
of the device. The smaller the system priority, the higher the priority of the device is. With the
same system priority, the device owning the smaller system MAC has the higher priority. The
device with the higher priority will choose the ports to be aggregated based on the port priority,
port number and operation key. Only the ports with the same operation key can be selected
into the same aggregation group. In an aggregation group, the port with smaller port priority will
be considered as the preferred one. If the two port priorities are equal, the port with smaller
port number is preferred. After an aggregation group is established, the selected ports can be
aggregated together as one port to transmit packets.
On this page, you can configure the LACP feature of the switch.
53
System Priority:
rity and
MAC address constitute the system identification (ID). A lower
system priority value indicates a higher system priority. When
exchanging information between systems, the system with higher
to, and the
system with lower priority adds the proper links to the link
aggregation according to the selection of its partner.
Port Select
based on the port number you entered.
Select:
Select the desired port for LACP configuration. It is multi-optional.
Port:
Displays the port number.
Admin Key
aggregation group must have the same Admin Key.
Port Priority
cify a Port Priority for the port. This value determines the
group member. The port with smaller Port Priority will be
equal; the port with smaller port number is preferred.
Choose the menu Switching→LAG→LACP Config to load the following page.
Figure 5-10 LACP Config
The following entries are displayed on this screen:
Global Config
Specify the system priority for the switch. The system prio
priority determines which link aggregation a link belongs
LACP Config
: Click the Select button to quick-select the corresponding port
: Specify an Admin Key for the port. The member ports in a dynamic
: Spe
priority of the port to be selected as the dynamic aggregation
considered as the preferred one. If the two port priorities are
54
Status:
Enable/Disable the LACP feature for your selected port.
LAG:
Displays the LAG number which the port belongs to.
Auto Refresh
Traffic Summary
automatically.
Refresh Rate:
Enter a value in seconds to specify the refresh interval.
Port Select
select the corresponding port
based on the port number you entered.
Port:
Displays the port number.
Packets Rx
Displays the number of packets received on the port. The error
packets are not counted in.
5.3 Traffic Monitor
The Traffic Monitor function, monitoring the traffic of each port, is implemented on the Traffic
Summary and Traffic Statistics pages.
5.3.1 Traffic Summary
Traffic Summary screen displays the traffic information of each port, which facilitates you to
monitor the traffic and analyze the network abnormity.
Choose the menu Switching→Traffic Monitor→Traffic Summary to load the following page.
Figure 5-11 Traffic Summary
The following entries are displayed on this screen:
Auto Refresh
: Allows you to Enable/Disable refreshing the
Traffic Summary
: Click the Select button to quick-
:
55
Packets Tx:
Displays the number of packets transmitted on the port.
Octets Rx
error
octets are counted in.
Octets Tx:
Displays the number of octets transmitted on the port.
Statistics
button to view the detailed traffic statistics of
the port.
Auto Refresh
ng the Traffic Summary
automatically.
Refresh Rate:
Enter a value in seconds to specify the refresh interval.
Port
button to view the
traffic statistics of the corresponding port.
Received:
Displays the details of the packets received on the port.
Sent:
Displays the details of the packets transmitted on the port.
: Displays the number of octets received on the port. The
: Click the Statistics
5.3.2 Traffic Statistics
Traffic Statistics screen displays the detailed traffic information of each port, which facilitates
you to monitor the traffic and locate faults promptly.
Choose the menu Switching→Traffic Monitor→Traffic Statistics to load the following page.
Figure 5-12 Traffic Statistics
The following entries are displayed on this screen:
Auto Refresh
: Allows you to Enable/Disable refreshi
Statistics
: Enter a port number and click the Select
56
Broadcast
:
Displays the number of good broadcast packets received or
transmitted on the port. The error frames are not counted in.
Multica
Displays the number of good multicast packets received or
transmitted on the port. The error frames are not counted in.
Unicast
Displays the number of good unicast packets received or
transmitted on the port. The error frames are not counted in.
Ali
Displays the number of the received packets that have a bad
integral octet
(Alignment Error) and have a bad FCS with an integral octet
(CRC Error). The length of the packet is between 64 bytes and
1518 bytes.
UndersizePkts
Displays the number of the received packets (excluding error
packets) that are less than 64 bytes long.
Pkts64Octets
Displays the number of the received packets (including error
packets) that are 64 bytes long.
Pkts65to127Octets
isplays the number of the received packets (including error
packets) that are between 65 and 127 bytes long.
Pkts128to255Octets
Displays the number of the received packets (including error
packets) that are between 128 and 255 bytes long.
Pkts256to511Oc
Displays the number of the received packets (including error
packets) that are between 256 and 511 bytes long.
Pkts512to1023Octets
Displays the number of the received packets (including error
packets) that are between 512 and 1023 bytes long.
Pkts
Displays the number of the received packets (including error
packets) that are more than 1023 bytes long.
Collisions
Displays the number of collisions experienced by a port during
packet transmissions.
st:
:
gnment Errors:
:
:
Frame Check Sequence (FCS) with a non-
: D
:
tets:
:
Over1023Octets:
:
5.4 MAC Address
The main function of the switch is forwarding the packets to the correct ports based on the
destination MAC address of the packets. Address Table contains the port-based MAC address
information, which is the base for the switch to forward packets quickly. The entries in the
Address Table can be updated by auto-learning or configured manually. Most the entries are
generated and updated by auto-learning. In the stable networks, the static MAC address
entries can facilitate the switch to reduce broadcast packets and enhance the efficiency of
packets forwarding remarkably. The address filtering feature allows the switch to filter the
undesired packets and forbid its forwarding so as to improve the network security.
57
Configuration
(if the configuration is saved)
Table
her ports in the
same VLAN.
Dynamic
Table
same VLAN.
Table
The types and the features of the MAC Address Table are listed as the following:
Type
Static
Address
Address
Filtering
Address
Way
Manually
configuring
Automatically
learning
Manually
configuring
Aging
Being kept after reboot
out
No Yes The bound MAC address cannot
Yes No The bound MAC address can be
No Yes -
Table 5-1 Types and features of Address Table
Relationship between the bound
MAC address and the port
be learned by the ot
learned by the other ports in the
This function includes four submenus: Address Table, Static Address, Dynamic Address and
Filtering Address.
5.4.1 Address Table
On this page, you can view all the information of the Address Table.
Choose the menu Switching→MAC Address→Address Table to load the following page.
Figure 5-13 Address Table
58
MAC Address:
Enter the MAC address of your desired entry.
VLAN ID:
Enter the VLAN ID of your desired entry.
Port:
Select the corresponding port number of your desired entry.
Type
This option allows the address table to display all the
allows the address table to display the
This option allows the address table to display the
This option allows the address table to display the
filtering address entries only.
MAC Address:
Displays the MAC address learned by the switch.
VLAN ID:
Displays the corresponding VLAN ID of the MAC address.
Port:
Displays the corresponding Port number of the MAC address.
Type:
Displays the Type of the MAC address.
Aging Status:
Displays the Aging status of the MAC address.
The following entries are displayed on this screen:
Search Option
: Select the type of your desired entry.
All:
address entries.
Static: This option
static address entries only.
Dynamic:
dynamic address entries only.
Filtering:
Address Table
5.4.2 Static Address
The static address table maintains the static address entries which can be added or removed
manually, independent of the aging time. In the stable networks, the static MAC address entries
can facilitate the switch to reduce broadcast packets and remarkably enhance the efficiency of
packets forwarding without learning the address. The static MAC address learned by the port
with Port Security enabled in the static learning mode will be displayed in the Static Address
Table.
59
MAC Address:
Enter the static MAC Address to be bound.
VLAN ID:
Enter the corresponding VLAN ID of the MAC address.
Port:
Select a port from the pull-down list to be bound.
Search Option
down list and click the
n the Static Address
Port: Enter the Port number of your desired entry.
Select
corresponding port
number. It is multi-optional.
MAC Address:
Displays the static MAC Address.
VLAN ID:
Displays the corresponding VLAN ID of the MAC address.
Choose the menu Switching→MAC Address→Static Address to load the following page.
Figure 5-14 Static Address
The following entries are displayed on this screen:
Create Static Address
Search Option
: Select a Search Option from the pull-
Search button to find your desired entry i
Table.
• MAC: Enter the MAC address of your desired entry.
• VLAN ID: Enter the VLAN ID number of your desired entry.
•
Static Address Table
: Select the entry to delete or modify the
60
Port: Displays the corresponding Port number of the MAC address. Here
number to which the MAC address is
bound. The new port should be in the same VLAN.
Type:
Displays the Type of the MAC address.
Aging Status:
Displays the Aging Status of the MAC address.
you can modify the port
Note:
1. If the corresponding port number of the MAC address is not correct, or the connected port
(or the device) has been changed, the switch cannot be forward the packets correctly.
Please reset the static address entry appropriately.
2. If the MAC address of a device has been added to the Static Address Table, connecting
the device to another port will cause its address not to be recognized dynamically by the
switch. Therefore, please ensure the entries in the Static Address Table are correct and
valid.
3. The MAC address in the Static Address Table cannot be added to the Filtering Address
Table or bound to a port dynamically.
4. This static MAC address bound function is not available if the 802.1X feature is enabled.
5.4.3 Dynamic Address
The dynamic address can be generated by the auto-learning mechanism of the switch. The
Dynamic Address Table can update automatically by auto-learning or the MAC address aging
out mechanism.
To fully utilize the MAC address table, which has a limited capacity, the switch adopts an aging
mechanism for updating the table. That is, the switch removes the MAC address entries related
to a network device if no packet is received from the device within the aging time.
On this page, you can configure the dynamic MAC address entry.
Choose the menu Switching→MAC Address→Dynamic Address to load the following page.
61
Auto Aging:
Allows you to Enable/Disable the Auto Aging feature.
Aging Time:
Enter the Aging Time for the dynamic address.
Search Option
Search
LAG ID: Enter the LAG ID number of your desired entry.
Select: Select the entry to delete the dynamic address or to bind the MAC
address to the corresponding port statically. It is multi-optional.
MAC Address:
Displays the dynamic MAC Address.
VLAN ID:
Displays the corresponding VLAN ID of the MAC address.
Port:
Displays the corresponding port number of the MAC address.
Type:
Displays the Type of the MAC address.
Aging Status:
Displays the Aging Status of the MAC address.
Bind
button to bind the MAC address of your selected
entry to the corresponding port statically.
Figure 5-15 Dynamic Address
The following entries are displayed on this screen:
Aging Config
Search Option
: Select a Search Option from the pull-down list and click the
button to find your desired entry in the Dynamic Address Table.
• MAC: Enter the MAC address of your desired entry.
• VLAN ID: Enter the VLAN ID number of your desired entry.
• Port: Enter the Port number of your desired entry.
•
Dynamic Address Table
: Click the Bind
62
MAC Address:
Enter the MAC Address to be filtered.
VLAN ID:
Enter the corresponding VLAN ID of the MAC address.
Search Option
Search
VLAN ID: Enter the VLAN ID number of your desired entry.
Tips:
Setting aging time properly helps implement effective MAC address aging. The aging time that
is too long or too short results decreases the performance of the switch. If the aging time is too
long, excessive invalid MAC address entries maintained by the switch may fill up the MAC
address table. This prevents the MAC address table from updating with network changes in
time. If the aging time is too short, the switch may remove valid MAC address entries. This
decreases the forwarding performance of the switch. It is recommended to keep the default
value.
5.4.4 Filtering Address
The filtering address is to forbid the undesired packets to be forwarded. The filtering address
can be added or removed manually, independent of the aging time. The filtering MAC address
allows the switch to filter the packets which includes this MAC address as the source address
or destination address, so as to guarantee the network security. The filtering MAC address
entries act on all the ports in the corresponding VLAN.
Choose the menu Switching→MAC Address→Filtering Address to load the following page.
Figure 5-16 Filtering Address
The following entries are displayed on this screen:
Create Filtering Address
Search Option
: Select a Search Option from the pull-down list and click the
button to find your desired entry in the Filtering Address Table.
• MAC Address: Enter the MAC address of your desired entry.
•
63
Select: Select the entry to delete the corresponding filtering address. It is
multi-optional.
MAC Address:
Displays the filtering MAC Address.
VLAN ID:
Displays the corresponding VLAN ID.
Port:
Here the symbol “__” indicates no specified port.
Type:
Displays the Type of the MAC address.
Aging Status:
Displays the Aging Status of the MAC address.
Filtering Address Table
Note:
1. The MAC address in the Filtering Address Table cannot be added to the Static Address
Table or bound to a port dynamically.
2. This MAC address filtering function is not available if the 802.1X feature is enabled.
5.5 L2PT
L2PT (Layer 2 Protocol Tunneling) is a feature for service providers to transmit packets from
different customers across their ISP networks and maintain Layer 2 protocol configurations of
each customer. The supported Layer 2 protocols are STP (Spanning Tree Protocol), GVRP
(GARP VLAN Registration Protocol), CDP (Cisco Discovery Protocol), VTP (VLAN Trunking
Protocol), PAgP (Port Aggregation Protocol), UDLD (UniDirectional Link Detection) and
PVST+(Per VLAN Spanning Tree Plus).
When L2PT is enabled and the switch receives the specified Layer 2 protocol packets from the
UNI port, the switch encapsulates these packets with a special MAC address and sends them
across the service-provider network through the NNI port. The devices in the ISP network do
not process these packets but forward them as normal packets. The switch on the outbound
side of the ISP network receives these packets on its NNI port and restore their MAC address
to their original Layer 2 protocol destination MAC address.
The L2PT protocol is usually used with VLAN VPN feature. Thus the NNI ports that connecting
to the ISP network are configured as VPN Up-link ports.
64
UNIT:1/LAGS:
to configure the
link aggregation groups.
5.5.1 L2PT Config
Figure 5-1 A Typical L2PT Topology
Choose the menu Switching→L2PT→L2PT Config to load the following page.
Figure 5-2 L2PT Config
Configuration Procedure:
1) Enable the Layer 2 Protocol Tunneling globally under Global Config.
2) Configure the tunneling and protocol type on the speicified port under Port Config.
3) Click Apply to save your configurations.
Entry Explannation:
Click 1 to configure the physical ports. Click LAGS
65
Select: Specify the port(s) to configure its L2PT feature. It is
multi-optional.
Type:
onnecting device in the
UNI: Specify the port’s type as UNI if it is connecting to the user’s
NNI: Specify the port’s type as NNI if it is connecting to the ISP
network.
Protocol:
upported Layer 2 protocol type. Packets of the
specified protocol will be encapsulated with their destination MAC
address before they are sent to the ISP network. Packets will be
decapsulated to restore their Layer 2 protocol and MAC address
01000CCCCCCC: Enable protocol tunneling for the packets with
, which
01000CCCCCCD: Enable protocol tunneling for the PVST+
ALL: All the above Layer 2 protocols are supported for tunneling.
Threshold
(0
second accepted for
sulation. Packets beyond the threshold will be dropped. If no
to each Layer 2
protocol types. The valid ranges are from 0 to 1000.
LAG:
Displays the port‘s aggregation group.
Choose the port type according to its c
network.
• None: Disable the L2PT on this port.
•
local network.
•
Select the s
information before they are sent to the customer network.
• STP: Enable protocol tunneling for the STP packets.
• GVRP: Enable protocol tunneling for the GVRP packets.
•
their destination MAC address as 01000CCCCCCC
includes CDP, VTP, PAgP and UDLD.
•
packets.
•
-1000)
Configure the threshold for packets-perencap
protocol is specified, the threshold applies
Return to CONTENTS
66
Chapter 6 VLAN
The traditional Ethernet is a data network communication technology basing on CSMA/CD
(Carrier Sense Multiple Access/Collision Detect) via shared communication medium. Through
the traditional Ethernet, the overfull hosts in LAN will result in serious collision, flooding
broadcasts, poor performance or even breakdown of the Internet. Though connecting the
LANs through switches can avoid the serious collision, the flooding broadcasts cannot be
prevented, which will occupy plenty of bandwidth resources, causing potential serious security
problems.
A Virtual Local Area Network (VLAN) is a network topology configured according to a logical
scheme rather than the physical layout. The VLAN technology is developed for switches to
control broadcast in LANs. By creating VLANs in a physical LAN, you can divide the LAN into
multiple logical LANs, each of which has a broadcast domain of its own. Hosts in the same
VLAN communicate with one another as if they are in a LAN. However, hosts in different VLANs
cannot communicate with one another directly. Therefore, broadcast packets are limited in a
VLAN. Hosts in the same VLAN communicate with one another via Ethernet whereas hosts in
different VLANs communicate with one another through the Internet devices such as Router,
the Layer3 switch, etc. The following figure illustrates a VLAN implementation.
Figure 6-1 VLAN implementation
Compared with the traditional Ethernet, VLAN enjoys the following advantages.
1. Broadcasts are confined to VLANs. This decreases bandwidth utilization and improves
network performance.
2. Network security is improved. VLANs cannot communicate with one another directly. That
is, a host in a VLAN cannot access resources in another VLAN directly, unless routers or
Layer 3 switches are used.
3. Network configuration workload for the host is reduced. VLAN can be used to group
specific hosts. When the physical position of a host changes within the range of the VLAN,
you need not to change its network configuration.
A VLAN can span across multiple switches, or even routers. This enables hosts in a VLAN to be
dispersed in a looser way. That is, hosts in a VLAN can belong to different physical network
67
segment. This switch supports three ways, namely, 802.1Q VLAN, MAC VLAN and Protocol
VLAN, to classify VLANs. VLAN tags in the packets are necessary for the switch to identify
packets of different VLANs. The switch can analyze the received untagged packets on the port
and match the packets with the MAC VLAN, Protocol VLAN and 802.1Q VLAN in turn. If a
packet is matched, the switch will add a corresponding VLAN tag to it and forward it in the
corresponding VLAN.
6.1 802.1Q VLAN
VLAN tags in the packets are necessary for the switch to identify packets of different VLANs.
The switch works at the data link layer in OSI model and it can identify the data link layer
encapsulation of the packet only, so you can add the VLAN tag field into the data link layer
encapsulation for identification.
In 1999, IEEE issues the IEEE 802.1Q protocol to standardize VLAN implementation, defining
the structure of VLAN-tagged packets. IEEE 802.1Q protocol defines that a 4-byte VLAN tag is
encapsulated after the destination MAC address and source MAC address to show the
information about VLAN.
As shown in the following figure, a VLAN tag contains four fields, including TPID (Tag Protocol
Identifier), Priority, CFI (Canonical Format Indicator), and VLAN ID.
Figure 6-2 Format of VLAN Tag
1. TPID: TPID is a 16-bit field, indicating that this data frame is VLAN-tagged. By default, it is
0x8100.
2. Priority: Priority is a 3-bit field, referring to 802.1p priority. Refer to section “QoS & QoS
profile” for details.
3. CFI: CFI is a 1-bit field, indicating whether the MAC address is encapsulated in the standard
format in different transmission media. This field is not described in detail in this chapter.
4. VLAN ID: VLAN ID is a 12-bit field, indicating the ID of the VLAN to which this packet
belongs. It is in the range of 0 to 4,095. Generally, 0 and 4,095 is not used, so the field is in
the range of 1 to 4,094.
VLAN ID identifies the VLAN to which a packet belongs. When the switch receives an
un-VLAN-tagged packet, it will encapsulate a VLAN tag with the default VLAN ID of the inbound
port for the packet, and the packet will be assigned to the default VLAN of the inbound port for
transmission.
In this User Guide, the tagged packet refers to the packet with VLAN tag whereas the untagged
packet refers to the packet without VLAN tag, and the priority-tagged packet refers to the
packet with VLAN tag whose VLAN ID is 0.
Link Types of ports
When creating the 802.1Q VLAN, you should set the link type for the port according to its
connected device. The link types of port including the following three types:
68
1. ACCESS: The ACCESS port can be added in a single VLAN, and the egress rule of the port
is UNTAG. The PVID is same as the current VLAN ID. If the ACCESS port is added to another
VLAN, it will be removed from the current VLAN automatically.
2. TRUNK: The TRUNK port can be added in multiple VLANs, and the egress rule of the port is
TAG. The TRUNK port is generally used to connect the cascaded network devices for it can
receive and forward the packets of multiple VLANs. When the packets are forwarded by the
TRUNK port, its VLAN tag will not be changed.
3. GENERAL: The GENERAL port can be added in multiple VLANs and set various egress rules
according to the different VLANs. The default egress rule is UNTAG. The PVID can be set as
the VID number of any VLAN the port belongs to.
PVID
PVID (Port VLAN ID) is the default VID of the port. When the switch receives an
un-VLAN-tagged packet, it will add a VLAN tag to the packet according to the PVID of its
received port and forward the packets.
When creating VLANs, the PVID of each port, indicating the default VLAN to which the port
belongs, is an important parameter with the following two purposes:
1. When the switch receives an un-VLAN-tagged packet, it will add a VLAN tag to the packet
according to the PVID of its received port
2. PVID determines the default broadcast domain of the port, i.e. when the port receives UL
packets or broadcast packets, the port will broadcast the packets in its default VLAN.
Different packets, tagged or untagged, will be processed in different ways, after being received
by ports of different link types, which is illustrated in the following table.
69
Receiving Packets
Untagged Packets
Tagged Packets
If the VID of packet is not
be dropped.
with its current VLAN tag.
the packet will be forwarded with
VLAN tag.
:
select the corresponding
entry based on the VLAN ID number you entered.
Port Type
Access
Trunk
General
When untagged
packets are
received, the port will
add the default VLAN
tag, i.e. the PVID of
the ingress port, to
the packets.
If the VID of packet is the
same as the PVID of the
port, the packet will be
received.
the same as the PVID of
the port, the packet will
If the VID of packet is
allowed by the port, the
packet will be received.
If the VID of packet is
forbidden by the port,
the packet will be
dropped.
Forwarding Packets
The packet will be forwarded
after removing its VLAN tag.
The packet will be forwarded
If the egress rule of port is TAG,
its current VLAN tag.
If the egress rule of port is
UNTAG, the packet will be
forwarded after removing its
Table 6-1 Relationship between Port Types and VLAN Packets Processing
IEEE 802.1Q VLAN function is implemented on the VLAN Config and Port Config pages.
6.1.1 VLAN Config
On this page, you can view the current created 802.1Q VLAN.
Choose the menu VLAN→802.1Q VLAN→VLAN Config to load the following page.
Figure 6-3 VLAN Table
To ensure the normal communication of the factory switch, the default VLAN of all ports is set
to VLAN1.
The following entries are displayed on this screen:
VLAN Table
VLAN ID Select
Click the Select button to quick-
70
:
multi-optional.
VLAN ID:
Displays the ID number of VLAN.
Name:
Displays the user-defined name of VLAN.
Members:
Displays the port members in the VLAN.
Detail: Click to get the information of VLAN.
VLAN ID:
Enter the ID number of VLAN.
Description:
Give a description to the VLAN for identification.
button to check whether the VLAN ID you
entered is valid or not.
Select
Operation:
Select the desired entry to delete the corresponding VLAN. It is
Allows you to view or modify the information for each entry.
• Edit: Click to modify the settings of VLAN.
•
Click Edit button to modify the settings of the corresponding VLAN. Click Create button to
create a new VLAN.
Figure 6-4 Create or Modify 802.1Q VLAN
The following entries are displayed on this screen:
VLAN Config
Check: Click the Check
71
select the corresponding entry
based on the port number you entered.
Select the desired port to be a member of VLAN or leave it
blank. It's multi-optional.
Port:
Displays the port number.
isplays the Link Type of the port. It can be reset on Port Config
screen.
Select the Egress Rule for the VLAN port member. The default
All packets forwarded by the port are tagged. The
UNTAG: Packets forwarded by the port are untagged.
LAG:
Displays the LAG to which the port belongs.
elect the corresponding entry
based on the port number you entered.
VLAN Members
Port Select: Click the Select button to quick-
Select:
Link Type: D
Egress Rule:
egress rule is UNTAG.
• TAG:
packets contain VLAN information.
•
6.1.2 Port Config
Before creating the 802.1Q VLAN, please acquaint yourself with all the devices connected to
the switch in order to configure the ports properly.
Choose the menu VLAN→802.1Q VLAN→Port Config to load the following page.
Figure 6-5 802.1Q VLAN – Port Config
The following entries are displayed on this screen:
VLAN Port Config
Port Select: Click the Select button to quick-s
72
Select:
Port:
The ACCESS port can be added in a single VLAN,
and the egress rule of the port is UNTAG. The PVID is same
as the current VLAN ID. If the current VLAN is deleted, the
The TRUNK port can be added in multiple VLANs,
The GENERAL port can be added in multiple
VLANs and set various egress rules according to the
UNTAG. The
PVID can be set as the VID number of any VLAN the port
belongs to.
PVID:
Enter the PVID number of the port.
LAG:
Displays the LAG to which the port belongs.
button to view the information of the VLAN to
which the port belongs.
select the corresponding entry
based on the VLAN ID number you entered.
VLAN Name:
Operation:
Allows you to remove the port from the current VLAN.
Select the desired port for configuration. It is multi-optional.
Displays the port number.
Link Type:
Select the Link Type from the pull-down list for the port.
• ACCESS:
PVID will be set to 1 by default.
• TRUNK:
and the egress rule of the port is TAG. The PVID can be set
as the VID number of any VLAN the port belongs to.
• GENERAL:
different VLANs. The default egress rule is
VLAN: Click the Detail
Click the Detail button to view the information of the corresponding VLAN.
Figure 6-6 View the Current VLAN of Port
The following entries are displayed on this screen:
VLAN of Port
VLAN ID Select: Click the Select button to quick-
VLAN ID:
Displays the ID number of VLAN.
Displays the user-defined description of VLAN.
73
Configuration Procedure:
Step
Operation
Description
port.
the link type for the port basing on its connected device.
member ports.
button to modify/view the information of
the corresponding VLAN.
clicking the Delete button.
1 Set the link type for
2 Create VLAN. Required. On the VLAN→802.1Q VLAN→VLAN Config page,
3 Modify/View VLAN. Optional. On the VLAN→802.1Q VLAN→VLAN Config page,
4 Delete VLAN Optional. On the VLAN→802.1Q VLAN→VLAN Config page,
Required. On the VLAN→802.1Q VLAN→Port Config page, set
click the Create button to create a VLAN. Enter the VLAN ID
and the description for the VLAN. Meanwhile, specify its
click the Edit/Detail
select the desired entry to delete the corresponding VLAN by
6.2 MAC VLAN
MAC VLAN technology is the way to classify VLANs according to the MAC addresses of Hosts.
A MAC address corresponds to a single VLAN ID. For the device in a MAC VLAN, if its MAC
address is bound to VLAN, the device can be connected to another member port in this VLAN
and still takes its member role effect without changing the configuration of VLAN members.
The packet in MAC VLAN is processed in the following way:
1. When receiving an untagged packet, the switch matches the packet with the current MAC
VLAN. If the packet is matched, the switch will add a corresponding MAC VLAN tag to it. If
no MAC VLAN is matched, the switch will add a tag to the packet according to the PVID of
the received port. Thus, the packet is assigned automatically to the corresponding VLAN
for transmission.
2. When receiving tagged packet, the switch will process it basing on the 802.1Q VLAN. If the
received port is the member of the VLAN to which the tagged packet belongs, the packet
will be forwarded normally. Otherwise, the packet will be discarded.
3. If the MAC address of a Host is classified into 802.1Q VLAN, please set its connected port
of switch to be a member of this 802.1Q VLAN so as to ensure the packets forwarded
normally.
6.2.1 MAC VLAN
On this page, you can create MAC VLAN and view the current MAC VLANs in the table.
74
MAC Address:
Enter the MAC address.
Description:
Give a description to the MAC address for identification.
VLAN ID:
of the 802.1Q VLANs the ingress port belongs to.
MAC Select:
based on the MAC address you entered.
Select:
Select the desired entry. It is multi-optional.
MAC Address:
Displays the MAC address.
Description:
Displays the user-defined description of the MAC address.
VLAN ID:
Displays the corresponding VLAN ID of the MAC address.
Operation:
click the Modify button to apply your settings.
Step
Operation
Description
port.
the link type for the port basing on its connected device.
button to create a VLAN. Enter the VLAN ID and the
description for the VLAN. Meanwhile, specify its member ports.
Choose the menu VLAN→MAC VLAN to load the following page.
Figure 6-7 Create and View MAC VLAN
The following entries are displayed on this screen:
VLAN Table
Enter the ID number of the MAC VLAN. This VLAN should be one
MAC VLAN Table
Click the Select button to quick-select the corresponding entry
Click the Edit button to modify the settings of the entry. And
Configuration Procedure:
1 Set the link type for
2 Create VLAN. Required. On the VLAN→802.1Q VLAN→VLAN Config page, click
Required. On the VLAN→802.1Q VLAN→Port Config page, set
the Create
75
For the device in a MAC VLAN, it’s required to set its connected
port of switch to be a member of this VLAN so as to ensure the
normal communication.
Protocol Type
Type value
ARP
0x0806
IP
0x0800
MPLS
0x8847/0x8848
IPX
0x8137
IS-IS
0x8000
LACP
0x8809
802.1X
0x888E
Create MAC VLAN. Required. On the VLAN→MAC VLAN page, create the MAC VLAN.
3
6.3 Protocol VLAN
Protocol VLAN is another way to classify VLANs basing on network protocol. Protocol VLANs
can be sorted by IP, IPX, DECnet, AppleTalk, Banyan and so on. Through the Protocol VLANs,
the broadcast domain can span over multiple switches and the Host can change its physical
position in the network with its VLAN member role always effective. By creating Protocol
VLANs, the network administrator can manage the network clients basing on their actual
applications and services effectively.
This switch can classify VLANs basing on the common protocol types listed in the following
table. Please create the Protocol VLAN to your actual need.
Table 6-2 Protocol types in common use
The packet in Protocol VLAN is processed in the following way:
1. When receiving an untagged packet, the switch matches the packet with the current
Protocol VLAN. If the packet is matched, the switch will add a corresponding Protocol
VLAN tag to it. If no Protocol VLAN is matched, the switch will add a tag to the packet
according to the PVID of the received port. Thus, the packet is assigned automatically to
the corresponding VLAN for transmission.
2. When receiving tagged packet, the switch will process it basing on the 802.1Q VLAN. If the
received port is the member of the VLAN to which the tagged packet belongs, the packet
will be forwarded normally. Otherwise, the packet will be discarded.
3. If the Protocol VLAN is created, please set its enabled port to be the member of
corresponding 802.1Q VLAN so as to ensure the packets forwarded normally.
6.3.1 Protocol Group Table
On this page, you can create Protocol VLAN and view the information of the current defined
Protocol VLANs.
76
Select:
Select the desired entry. It is multi-optional.
Protocol Name:
Displays the protocol of the protocol group.
VLAN ID:
Displays the corresponding VLAN ID of the protocol group.
Member:
Displays the member of the protocol group.
Operate:
f the entry. And click
the Apply button to apply your settings.
Protocol:
Select the Protocol type.
VLAN ID:
Enter the ID number of the Protocol VLAN. This VLAN should be
one of the 802.1Q VLANs the ingress port belongs to.
Choose the menu VLAN→Protocol VLAN→Protocol Group Table to load the following page.
Figure 6-8 Create Protocol VLAN
The following entries are displayed on this screen:
Protocol Group Table
Click the Edit button to modify the settings o
6.3.2 Protocol Group
On this page, you can configure the Protocol Group.
Choose the menu VLAN→Protocol VLAN→Protocol Group to load the following page.
Figure 6-9 Create and View Protocol Template
The following entries are displayed on this screen:
Protocol Group
77
Protocol Name:
Give a name for the Protocol Template.
Frame Type:
Select a Frame Type for the Protocol Template.
Ether Type:
Enter the Ethernet protocol type field in the protocol template.
DSAP:
Enter the DSAP field when selected LLC.
SSAP:
Enter the SSAP field when selected LLC.
Select:
Select the desired entry. It is multi-optional.
ID
Displays the Protocol Template ID.
Protocol Name:
Displays the Protocol Name.
Protocol Type:
Displays the Protocol type.
Protocol Template Table
Select your desired port for Protocol VLAN Group.
6.3.3 Protocol Template
The Protocol Template should be created before configuring the Protocol VLAN. By default, the
switch has defined the IP Template, ARP Template, RARP Template, etc. You can add more
Protocol Template on this page.
Choose the menu VLAN→Protocol VLAN→Protocol Template to load the following page.
Figure 6-10 Create and View Protocol Template
The following entries are displayed on this screen:
Create Protocol Template
Protocol Template Table
78
Step
Operation
Description
set the link type for the port basing on its connected
device.
VLAN ID and the description for the VLAN. Meanwhile,
specify its member ports.
configuring Protocol VLAN.
page, select the protocol name and enter the
VLAN ID to create a Protocol VLAN. Meanwhile, enable
protocol VLAN for ports.
the information of the corresponding VLAN.
corresponding VLAN by clicking the Delete button.
Note:
The Protocol Template bound to VLAN cannot be deleted.
Configuration Procedure:
1 Set the link type for port. Required. On the VLAN→802.1Q VLAN→Port Config page,
2 Create VLAN. Required. On the VLAN→802.1Q VLAN→VLAN Config
page, click the Create button to create a VLAN. Enter the
3 Create Protocol Template. Required. On the VLAN→Protocol VLAN→Protocol
Template page, create the Protocol Template before
4 Create Protocol VLAN. Required. On the VLAN→Protocol VLAN→Protocol
Group
5 Modify/View VLAN. Optional. On the VLAN→Protocol VLAN→Protocol
Group Table page, click the Edit button to modify/view
6 Delete VLAN. Optional. On the VLAN→Protocol VLAN→Protocol
Group Table page, select the desired entry to delete the
6.4 Application Example for 802.1Q VLAN
Network Requirements
Switch A is connecting to PC A and Server B;
Switch B is connecting to PC B and Server A;
PC A and Server A is in the same VLAN;
PC B and Server B is in the same VLAN;
PCs in the two VLANs cannot communicate with each other.
79
Network Diagram
Step
Operation
Description
Configure the
ports
the link type of Port 2, Port 3 and Port 4 as ACCESS, TRUNK and
ACCESS respectively
VLAN with its VLAN ID as 10, owning Port 2 and Port 3.
VLAN with its VLAN ID as 20, owning Port 3 and Port 4.
Step
Operation
Description
Configure the
ports
the link type of Port 7, Port 6 and Port 8 as ACCESS, TRUNK and
ACCESS respectively.
VLAN with its VLAN ID as 10, owning Port 6 and Port 8.
VLAN with its VLAN ID as 20, owning Port 6 and Port 7.
Configuration Procedure
Configure switch A
1
Link Type of the
2
3
Configure switch B
Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a
Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a
1
Link Type of the
2
3
Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a
Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a
Required. On VLAN→802.1Q VLAN→Port Config page, configure
Required. On VLAN→802.1Q VLAN→Port Config page, configure
6.5 Application Example for MAC VLAN
Network Requirements
Switch A and switch B are connected to meeting room A and meeting room B respectively,
and the two rooms are for all departments;
80
Step
Operation
Description
Configure the
ports
link type of Port 11 and Port 12 as GENERAL and TRUNK
respectively.
page, create a
g Port 11 and Port 12, and
configure the egress rule of Port 11 as Untag.
page, create a
ID as 20, owning Port 11 and Port 12, and
configure the egress rule of Port 11 as Untag.
Configure MAC
VLAN 10
the MAC address as 00-19-56-8A-4C-71.
Configure MAC
VLAN 20
the MAC address as 00-19-56-82-3B-70.
Notebook A and Notebook B, special for meeting room, are of two different departments;
The two departments are in VLAN10 and VLAN20 respectively. The two notebooks can just
access the server of their own departments, that is, Server A and Server B, in the two
meeting rooms;
The MAC address of Notebook A is 00-19-56-8A-4C-71, Notebook B’s MAC address is
00-19-56-82-3B-70.
Network Diagram
Configuration Procedure
Configure switch A
1
Required. On VLAN→802.1Q VLAN→Port Config page, configure the
Link Type of the
2 Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config
VLAN with its VLAN ID as 10, ownin
3 Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config
VLAN with its VLAN
4
On VLAN→MAC VLAN→MAC VLAN page, create MAC VLAN10 with
5
On VLAN→MAC VLAN→MAC VLAN page, create MAC VLAN10 with
81
Step
Operation
Description
enable Port 11 and Port 12 for MAC VLAN feature.
Step
Operation
Description
Configure the
ports
type of Port 21 and Port 22 as GENERAL and TRUNK
respectively.
page, create a
ID as 10, owning Port 21 and Port 22, and
configure the egress rule of Port 21 as Untag.
page, create a
ID as 20, owning Port 21 and Port 22, and
configure the egress rule of Port 21 as Untag.
Configure MAC
VLAN 10
the MAC address as 00-19-56-8A-4C-71.
Configure MAC
VLAN 20
the MAC address as 00-19-56-82-3B-70.
enable Port 21 and Port 22 for MAC VLAN feature.
Step
Operation
Description
Configure the
ports
of Port 4 and Port 5 as ACCESS.
page, create a
VLAN with its VLAN ID as 10, owning Port 2, Port 3 and Port 5,
page, create a
VLAN with its VLAN ID as 20, owning Port 2, Port 3 and Port 4,
6 Port Enable Required. On the VLAN→MAC VLAN→Port Enable page, select and
Configure switch B
1
Link Type of the
Required. On VLAN→802.1Q VLAN→Port Config page, configure the
link
2 Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config
VLAN with its VLAN
3 Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config
VLAN with its VLAN
4
5
On VLAN→MAC VLAN→MAC VLAN page, create MAC VLAN10 with
On VLAN→MAC VLAN→MAC VLAN page, create MAC VLAN10 with
6 Port Enable Required. On the VLAN→MAC VLAN→Port Enable page, select and
Configure switch C
1
Link Type of the
Required. On VLAN→802.1Q VLAN→Port Config page, configure the
link type of Port 2 and Port 3 as GENERAL, and configure the link type
2 Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config
3 Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config
6.6 Application Example for Protocol VLAN
Network Requirements
Department A is connected to the company LAN via Port12 of switch A;
Department A has IP host and AppleTalk host;
82
Step
Operation
Description
Configure the
ports
link type of Port 11 and Port 13 as ACCESS, and configure the link
type of Port 12 as GENERAL.
page, create a
and Port 13, and
configure the egress rule of Port 12 as Untag.
page, create a
ID as 20, owning Port 11 and Port 12, and
configure the egress rule of Port 12 as Untag.
Step
Operation
Description
Configure the
ports
link type of Port 4 and Port 5 as ACCESS, and configure the link type
of Port 3 as GENERAL.
page, create a
the egress rule of Port 3 as Untag.
IP host, in VLAN10, is served by IP server while AppleTalk host is served by AppleTalk
server;
Switch B is connected to IP server and AppleTalk server.
Network Diagram
Configuration Procedure
Configure switch A
1
Required. On VLAN→802.1Q VLAN→Port Config page, configure the
Link Type of the
2 Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config
VLAN with its VLAN ID as 10, owning Port 12
3 Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config
VLAN with its VLAN
Configure switch B
1
Required. On VLAN→802.1Q VLAN→Port Config page, configure the
Link Type of the
2 Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config
VLAN with its VLAN ID as 10, owning Port 3 and Port 4, and configure
83
Step
Operation
Description
page, create a
the egress rule of Port 3 as Untag.
Create Protocol
809B.
and enable Port 3, Port 4 and Port 5 for Protocol VLAN feature.
Create Protocol
VLAN 10
reate protocol
VLAN 10 with Protocol as IP.
Create Protocol
VLAN 20
page, create protocol
VLAN 20 with Protocol as AppleTalk.
3 Create VLAN20 Required. On VLAN→802.1Q VLAN→VLAN Config
VLAN with its VLAN ID as 20, owning Port 3 and Port 5, and configure
4
Template
5 Port Enable Required. On the VLAN→Protocol VLAN→Port Enable page, select
6
7
Required. On VLAN→Protocol VLAN→Protocol Template page,
configure the protocol template practically. E.g. the Ether Type of IP
network packets is 0800 and that of AppleTalk network packets is
On VLAN→Protocol VLAN→Protocol VLAN page, c
On VLAN→Protocol VLAN→Protocol VLAN
6.7 VLAN VPN
With the increasing application of the Internet, the VPN (Virtual Private Network) technology is
developed and used to establish the private network through the operators’ backbone
networks. VLAN-VPN (Virtual Private Network) function, the implement of a simple and flexible
Layer 2 VPN technology, allows the packets with VLAN tags of private networks to be
encapsulated with VLAN tags of public networks at the network access terminal of the Internet
Service Provider. And these packets will be transmitted with double-tag across the public
networks.
The VLAN-VPN function provides you with the following benefits:
1. Provides simple Layer 2 VPN solutions for small-sized MANs or intranets.
2. Saves public network VLAN ID resource.
3. You can have VLAN IDs of your own, which is independent of public network VLAN IDs.
4. When the network of the Internet Service Provider is upgraded, the user’s network with a
relative independence can still work normally without changing the current configurations.
In addition, the switch supports the feature to adjust the TPID Values of VLAN VPN Packets.
TPID (Tag Protocol Identifier) is a field of the VLAN tag. IEEE 802.1Q specifies the value of TPID
to be 0x8100. This switch adopts the default value of TPID (0x8100) defined by the protocol.
Other manufacturers use other TPID values (such as 0x9100 or 0x9200) in the outer tags of
VLAN-VPN packets. To be compatible with devices coming from other manufacturers, this
switch can adjust the TPID values of VLAN-VPN packets globally. You can configure TPID
values by yourself. When a port receives a packet, this port will replace the TPID value in the
outer VLAN tag of this packet with the user-defined value and then send the packet again. Thus,
the VLAN-VPN packets sent to the public network can be recognized by devices of other
manufacturers.
The position of the TPID field in an Ethernet packet is the same as the position of the protocol
type field in the packet without VLAN Tag. Thus, to avoid confusion happening when the switch
84
Protocol type
Value
ARP
0x0806
IP
0x0800
MPLS
0x8847/0x8848
IPX
0x8137
IS-IS
0x8000
LACP
0x8809
802.1X
0x888E
VPN Mode:
Allows you to Enable/Disable the VLAN-VPN function.
Global TPID:
Enter the global TPID (Tag protocol identifier).
forwards or receives a packet, you must not configure the following protocol type values listed
in the following table as the TPID value.
Table 6-3 Values of Ethernet frame protocol type in common use
This VLAN VPN function is implemented on the VPN Config, VLAN Mapping and Port Enable
pages.
6.7.1 VPN Config
This page allows you to enable the VPN function, adjust the global TPID for VLAN-VPN packets
and enable the VPN up-link port. When VPN mode is enabled, the switch will add a tag to the
received tagged packet basing on the VLAN mapping entries.
Choose the menu VLAN→VLAN VPN→VPN Config to load the following page.
Figure 6-11 VPN Global Config
The following entries are displayed on this screen:
Global Config
VPN Up-link Ports
Select the desired port as the VPN Up-link port. It’s required to set the port connected to
the operators’ backbone networks to be up-link port.
85
Port:
Select the mapping port.
the ID number of the Customer VLAN. C VLAN refers to
the VLAN to which the packet received by switch belongs.
SP VLAN:
Enter the ID number of the Service Provider VLAN.
SP PRI
Enter the Service Provider Priority.
Description:
Give a description to the VLAN Mapping entry or leave it blank.
delete the corresponding
VLAN Mapping entry. It is multi-optional.
Port:
Displays the mapping port.
Note:
If VPN mode is enabled, please create VLAN Mapping entries on the VLAN Mapping function
page.
6.7.2 VLAN Mapping
VLAN Mapping function allows the VLAN TAG of the packets to be replaced with the new VLAN
TAG according to the VLAN Mapping entries. And these packets can be forwarded in the new
VLAN. If VLAN VPN function is enabled, a received packet already carrying a VLAN tag will be
tagged basing on the VLAN Mapping entries and becomes a double-tagged packet to be
forwarded in the new VLAN.
Choose the menu VLAN→VLAN VPN→VLAN Mapping to load the following page.
Figure 6-12 Create VLAN Mapping Entry
The following entries are displayed on this screen:
VLAN Mapping Config
C VLAN: Enter
VLAN Mapping Table
Select: Select the desired entry to edit or
86
AN. C VLAN refers to
the VLAN to which the packet received by switch belongs.
SP VLAN:
Displays the ID number of the Service Provider VLAN.
SP PRI
Displays the Service Provider Priority.
Description:
Displays a description to the VLAN Mapping entry.
button to modify the settings of the entry and click
the Modify button to apply.
C VLAN: Displays the ID number of the Customer VL
Operation: Click the Edit
6.8 GVRP
GVRP (GARP VLAN Registration Protocol) is an implementation of GARP (generic attribute
registration protocol). GVRP allows the switch to automatically add or remove the VLANs via
the dynamic VLAN registration information and propagate the local VLAN registration
information to other switches, without having to individually configure each VLAN.
GARP
GARP provides the mechanism to assist the switch members in LAN to deliver, propagate and
register the information among the members. GARP itself does not work as the entity among
the devices. The application complied with GARP is called GARP implementation, and GVRP is
the implementation of GARP. When GARP is implemented on a port of device, the port is called
GARP entity.
The information exchange between GARP entities is completed by messages. GARP defines
the messages into three types: Join, Leave and LeaveAll.
•
Join Message: When a GARP entity expects other switches to register certain attribute
information of its own, it sends out a Join message. And when receiving the Join message
from the other entity or configuring some attributes statically, the device also sends out a
Join message in order to be registered by the other GARP entities.
•
Leave Message: When a GARP entity expects other switches to deregister certain attribute
information of its own, it sends out a Leave message. And when receiving the Leave
message from the other entity or deregistering some attributes statically, the device also
sends out a Leave message.
•
LeaveAll Message: Once a GARP entity starts up, it starts the LeaveAll timer. After the timer
times out, the GARP entity sends out a LeaveAll message. LeaveAll message is to
deregister all the attribute information so as to enable the other GARP entities to re-register
attribute information of their own.
Through message exchange, all the attribute information to be registered can be propagated
to all the switches in the same switched network.
The interval of GARP messages is controlled by timers. GARP defines the following timers:
• Hold Timer: When a GARP entity receives a piece of registration information, it does not
send out a Join message immediately. Instead, to save the bandwidth resources, it starts
the Hold timer, puts all registration information it receives before the timer times out into
one Join message and sends out the message after the timer times out.
87
• Join Timer: To transmit the Join messages reliably to other entities, a GARP entity sends
each Join message two times. The Join timer is used to define the interval between the two
sending operations of each Join message.
• Leave Timer: When a GARP entity expects to deregister a piece of attribute information, it
sends out a Leave message. Any GARP entity receiving this message starts its Leave timer,
and deregisters the attribute information if it does not receives a Join message again
before the timer times out.
• LeaveAll Timer: Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a
LeaveAll message after the timer times out, so that other GARP entities can re-register all
the attribute information on this entity. After that, the entity restarts the LeaveAll timer to
begin a new cycle.
GVRP
GVRP, as an implementation of GARP, maintains dynamic VLAN registration information and
propagates the information to other switches by adopting the same mechanism of GARP.
After the GVRP feature is enabled on a switch, the switch receives the VLAN registration
information from other switches to dynamically update the local VLAN registration information,
including VLAN members, ports through which the VLAN members can be reached, and so on.
The switch also propagates the local VLAN registration information to other switches so that all
the switching devices in the same switched network can have the same VLAN information. The
VLAN registration information includes not only the static registration information configured
locally, but also the dynamic registration information, which is received from other switches.
In this switch, only the port with TRUNK link type can be set as the GVRP application entity to
maintain the VLAN registration information. GVRP has the following three port registration
modes: Normal, Fixed, and Forbidden.
• Normal: In this mode, a port can dynamically register/deregister a VLAN and propagate the
dynamic/static VLAN information.
• Fixed: In this mode, a port cannot register/deregister a VLAN dynamically. It only
propagates static VLAN information. That is, the port in Fixed mode only permits the
packets of its static VLAN to pass.
• Forbidden: In this mode, a port cannot register/deregister VLANs. It only propagates VLAN
1 information. That is, the port in Forbidden mode only permits the packets of the default
VLAN (namely VLAN 1) to pass.
88
GVRP:
Allows you to Enable/Disable the GVRP function.
Port Select:
select the corresponding entry
based on the port number you entered.
Select:
Select the desired port for configuration. It is multi-optional.
Port:
Displays the port number.
Status:
set to TRUNK before enabling the GVRP feature.
Registration
Mode:
s mode, a port cannot register/deregister a VLAN
In this mode, a port cannot register/deregister
VLANs. It only propagates VLAN 1 information.
Choose the menu VLAN→GVRP→GVRP Config to load the following page.
Figure 6-13 GVRP Config
Note:
If the GVRP feature is enabled for a member port of LAG, please ensure all the member ports of
this LAG are set to be in the same status and registration mode.
The following entries are displayed on this screen:
Global Config
Port Config
Click the Select button to quick-
Enable/Disable the GVRP feature for the port. The port type should be
Select the Registration Mode for the port.
• Normal: In this mode, a port can dynamically register/deregister a
VLAN and propagate the dynamic/static VLAN information.
• Fixed: In thi
dynamically. It only propagates static VLAN information.
• Forbidden:
89
LeaveAll Timer:
register all the attribute information. After that, the LeaveAll
timer will start to begin a new cycle. The LeaveAll Timer ranges from
1000 to 30000 centiseconds.
Join Timer:
To guarantee the transmission of the Join messages, a GARP port
the interval between the two sending operations of each Join
message. The Join Timer ranges from 20 to 1000 centiseconds.
Leave Timer:
Once the Leave Timer is set, the GARP port receiving a Leave
message will start its Leave timer, and deregister the attribute
out. The Leave Timer ranges from 60 to 3000
centiseconds.
LAG:
Displays the LAG to which the port belongs.
Step
Operation
Description
page, set the link type of the port to be TRUNK.
function.
Configure the registration
port.
page, configure the
Once the LeaveAll Timer is set, the port with GVRP enabled can send a
LeaveAll message after the timer times out, so that other GARP ports
can re-
sends each Join message two times. The Join Timer is used to define
information if it does not receive a Join message again before the
timer times
Note:
LeaveAll Timer >= 10* Leave Timer, Leave Timer >= 2*Join Timer
Configuration Procedure:
1 Set the link type for port. Required. On the VLAN→802.1Q VLAN→Port Config
2 Enable GVRP function. Required. On the VLAN→GVRP page, enable GVRP
3
mode and the timers for the
Required. On the VLAN→GVRP
parameters of ports basing on actual applications.
Return to CONTENTS
90
Loading...