Specifications are subject to change without notice.
trademark of TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names
are trademarks or registered trademarks of their respective holders.
This equipment has been tested and found to comply with the limits for a Class A
digital device, pursuant to part 15 of the FCC Rules. These limits are designed to
provide reasonable protection against harmful interference in a residential installation.
This equipment generates, uses and can radiate radio frequency energy and, if not
installed and used in accordance with the instructions, may cause harmful
interference to radio communications. However, there is no guarantee that
interference will not occur in a particular installation. If this equipment does cause
harmful interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the
interference by one or more of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which
the receiver is connected.
• Consult the dealer or an experienced radio/ TV technician for help.
This device complies with part 15 of the FCC Rules. Operation is subject to the
following two conditions:
1) This device may not cause harmful interference.
2) This device must accept any interference received, including interference that
may cause undesired operation.
Any changes or modifications not expressly approved by the party responsible for
compliance could void the user’s authority to operate the equipment.
CE Mark Warning
This is a class A product. In a domestic environment, this product may cause radio
interference, in which case the user may be required to take adequate measures.
Contents
Chapter 1: Introduction 1-1
Key Features 1-1
Description of Software Features 1-2
System Defaults 1-6
Community Strings (for SNMP version 1 and 2c clients) 2-6
Trap Receivers 2-7
Configuring Access for SNMP Version 3 Clients 2-8
Saving Configuration Settings 2-8
Managing System Files 2-9
Chapter 3: Configuring the Switch 3-1
Using the Web Interface 3-1
Navigating the Web Browser Interface 3-2
Home Page 3-2
Configuration Options 3-3
Panel Display 3-3
Main Menu 3-4
Basic Configuration 3-10
Displaying System Information 3-10
Displaying Switch Hardware/Software Versions 3-11
Displaying Bridge Extension Capabilities 3-13
Setting the Switch’s IP Address 3-14
Manual Configuration 3-15
Using DHCP/BOOTP 3-16
Enabling Jumbo Frames 3-17
Managing Firmware 3-17
Downloading System Software from a Server 3-18
i
Contents
Saving or Restoring Configuration Settings 3-19
Downloading Configuration Settings from a Server 3-20
Console Port Settings 3-21
Telnet Settings 3-23
Configuring Event Logging 3-25
Displaying Log Messages 3-25
System Log Configuration 3-26
Remote Log Configuration 3-27
Simple Mail Transfer Protocol 3-28
Renumbering the System 3-30
Resetting the System 3-30
Setting the System Clock 3-31
Configuring SNTP 3-31
Setting the Time Zone 3-32
Simple Network Management Protocol 3-33
Setting Community Access Strings 3-33
Specifying Trap Managers and Trap Types 3-34
Enabling SNMP Agent Status 3-35
Configuring SNMPv3 Management Access 3-36
Setting the Local Engine ID 3-36
Specifying a Remote Engine ID 3-37
Configuring SNMPv3 Users 3-37
Configuring Remote SNMPv3 Users 3-40
Configuring SNMPv3 Groups 3-41
Setting SNMPv3 Views 3-45
Replacing the Default Secure-site Certificate 3-53
Configuring the Secure Shell 3-54
Configuring the SSH Server 3-56
Generating the Host Key Pair 3-57
Configuring Port Security 3-59
Configuring 802.1X Port Authentication 3-60
Displaying 802.1X Global Settings 3-61
Configuring 802.1X Global Settings 3-62
Configuring Port Settings for 802.1X 3-63
Displaying 802.1X Statistics 3-66
Access Control Lists 3-67
Configuring Access Control Lists 3-67
Setting the ACL Name and Type 3-68
Configuring a Standard IP ACL 3-69
Configuring an Extended IP ACL 3-69
Configuring a MAC ACL 3-72
ii
Contents
Binding a Port to an Access Control List 3-73
Filtering IP Addresses for Management Access 3-74
Port Configuration 3-76
Displaying Connection Status 3-76
Configuring Interface Connections 3-78
Creating Trunk Groups 3-80
Statically Configuring a Trunk 3-81
Enabling LACP on Selected Ports 3-82
Configuring LACP Parameters 3-84
Displaying LACP Port Counters 3-86
Displaying LACP Settings and Status for the Local Side 3-88
Displaying LACP Settings and Status for the Remote Side 3-90
Setting Broadcast Storm Thresholds 3-91
Configuring Port Mirroring 3-93
Configuring Rate Limits 3-94
Rate Limit Configuration 3-94
Showing Port Statistics 3-95
Address Table Settings 3-99
Setting Static Addresses 3-99
Displaying the Address Table 3-100
Changing the Aging Time 3-102
Spanning Tree Algorithm Configuration 3-102
Displaying Global Settings 3-105
Configuring Global Settings 3-107
Displaying Interface Settings 3-111
Configuring Interface Settings 3-114
Configuring Multiple Spanning Trees 3-116
Displaying Interface Settings for MSTP 3-118
Configuring Interface Settings for MSTP 3-120
VLAN Configuration 3-122
IEEE 802.1Q VLANs 3-122
Enabling or Disabling GVRP (Global Setting) 3-125
Displaying Basic VLAN Information 3-126
Displaying Current VLANs 3-126
Creating VLANs 3-128
Adding Static Members to VLANs (VLAN Index) 3-129
Adding Static Members to VLANs (Port Index) 3-131
Configuring VLAN Behavior for Interfaces 3-132
Configuring IEEE 802.1Q Tunneling 3-133
Enabling QinQ Tunneling on the Switch 3-137
Adding an Interface to a QinQ Tunnel 3-138
Configuring Private VLANs 3-141
Enabling Private VLANs 3-141
Configuring Uplink and Downlink Ports 3-142
Protocol VLANs 3-142
iii
Contents
Protocol VLAN Group Configuration 3-142
Configuring Protocol VLAN Interfaces 3-143
Class of Service Configuration 3-144
Layer 2 Queue Settings 3-144
Setting the Default Priority for Interfaces 3-144
Mapping CoS Values to Egress Queues 3-145
Enabling CoS 3-147
Selecting the Queue Mode 3-147
Setting the Service Weight for Traffic Classes 3-148
Layer 3/4 Priority Settings 3-149
Mapping Layer 3/4 Priorities to CoS Values 3-149
Selecting IP Precedence/DSCP Priority 3-149
Mapping IP Precedence 3-150
Mapping DSCP Priority 3-152
Mapping IP Port Priority 3-153
Quality of Service 3-154
Configuring Quality of Service Parameters 3-155
Configuring a Class Map 3-155
Creating QoS Policies 3-158
Attaching a Policy Map to Ingress Queues 3-161
Multicast Filtering 3-162
Layer 2 IGMP (Snooping and Query) 3-162
Configuring IGMP Snooping and Query Parameters 3-163
Enabling IGMP Immediate Leave 3-164
Displaying Interfaces Attached to a Multicast Router 3-165
Specifying Static Interfaces for a Multicast Router 3-166
Displaying Port Members of Multicast Services 3-167
Assigning Ports to Multicast Services 3-168
IGMP Filtering and Throttling 3-169
Enabling IGMP Filtering and Throttling 3-170
Configuring IGMP Filtering and Throttling for Interfaces 3-171
Configuring IGMP Filter Profiles 3-172
Multicast VLAN Registration 3-174
Configuring Global MVR Settings 3-175
Displaying MVR Interface Status 3-176
Displaying Port Members of Multicast Groups 3-178
Configuring MVR Interface Status 3-179
Assigning Static Multicast Groups to Interfaces 3-180
Configuring Domain Name Service 3-181
Configuring General DNS Service Parameters 3-181
Configuring Static DNS Host to Address Entries 3-183
Displaying the DNS Cache 3-185
DHCP Snooping Information Option Configuration 3-188
DHCP Snooping Port Configuration 3-189
DHCP Snooping Binding Information 3-190
IP Source Guard 3-191
IP Source Guard Port Configuration 3-191
Static IP Source Guard Binding Configuration 3-192
Dynamic IP Source Guard Binding Information 3-193
Switch Clustering 3-194
Cluster Configuration 3-195
Cluster Member Configuration 3-196
Cluster Member Information 3-197
Cluster Candidate Information 3-198
Chapter 4: Command Line Interface 4-1
Using the Command Line Interface 4-1
Accessing the CLI 4-1
Console Connection 4-1
Telnet Connection 4-2
Entering Commands 4-3
Keywords and Arguments 4-3
Minimum Abbreviation 4-3
Command Completion 4-3
Getting Help on Commands 4-3
Showing Commands 4-4
Partial Keyword Lookup 4-5
Negating the Effect of Commands 4-5
Using Command History 4-5
Understanding Command Modes 4-5
Exec Commands 4-6
Configuration Commands 4-7
Command Line Processing 4-8
Command Groups 4-9
Line Commands 4-10
line 4-11
login 4-11
password 4-12
timeout login response 4-13
exec-timeout 4-13
password-thresh 4-14
silent-time 4-15
databits 4-15
parity 4-16
speed 4-17
stopbits 4-17
v
Contents
disconnect 4-18
show line 4-18
General Commands 4-19
enable 4-19
disable 4-20
configure 4-21
show history 4-21
reload 4-22
end 4-22
exit 4-23
quit 4-23
System Management Commands 4-24
Device Designation Commands 4-24
prompt 4-24
hostname 4-25
User Access Commands 4-25
username 4-25
enable password 4-26
IP Filter Commands 4-27
management 4-27
show management 4-28
Web Server Commands 4-29
ip http port 4-29
ip http server 4-30
ip http secure-server 4-30
ip http secure-port 4-31
Telnet Server Commands 4-32
ip telnet port 4-32
ip telnet server 4-33
Secure Shell Commands 4-33
ip ssh server 4-35
ip ssh timeout 4-36
ip ssh authentication-retries 4-37
ip ssh server-key size 4-37
delete public-key 4-38
ip ssh crypto host-key generate 4-38
ip ssh crypto zeroize 4-39
ip ssh save host-key 4-39
show ip ssh 4-40
show ssh 4-40
show public-key 4-41
Event Logging Commands 4-43
logging on 4-43
logging history 4-44
logging host 4-45
vi
Contents
logging facility 4-45
logging trap 4-46
clear logging 4-46
show logging 4-47
show log 4-48
access-list ip 4-90
permit, deny (Standard ACL) 4-91
permit, deny (Extended ACL) 4-91
show ip access-list 4-93
ip access-group 4-93
show ip access-group 4-94
MAC ACLs 4-95
access-list mac 4-95
permit, deny (MAC ACL) 4-96
show mac access-list 4-97
mac access-group 4-98
show mac access-group 4-98
show snmp engine-id 4-108
snmp-server view 4-109
show snmp view 4-110
snmp-server group 4-110
show snmp group 4-112
snmp-server user 4-113
show snmp user 4-115
Interface Commands 4-116
interface 4-116
description 4-117
speed-duplex 4-117
negotiation 4-118
capabilities 4-119
flowcontrol 4-120
shutdown 4-121
switchport broadcast packet-rate 4-122
clear counters 4-122
show interfaces status 4-123
show interfaces counters 4-124
show interfaces switchport 4-125
protocol-vlan protocol-group (Configuring Groups) 4-181
protocol-vlan protocol-group (Configuring Interfaces) 4-182
show protocol-vlan protocol-group 4-183
show interfaces protocol-vlan protocol-group 4-183
Priority Commands 4-184
Priority Commands (Layer 2) 4-184
queue mode 4-185
switchport priority default 4-185
queue bandwidth 4-186
queue cos-map 4-187
show queue mode 4-188
show queue bandwidth 4-188
show queue cos-map 4-189
Priority Commands (Layer 3 and 4) 4-189
map ip dscp (Global Configuration) 4-189
map ip dscp (Interface Configuration) 4-190
show map ip dscp 4-191
Quality of Service Commands 4-192
class-map 4-194
match 4-194
policy-map 4-195
class 4-196
set 4-197
police 4-198
service-policy 4-199
show class-map 4-199
show policy-map 4-200
show policy-map interface 4-200
Example 4-201
Multicast Filtering Commands 4-201
IGMP Snooping Commands 4-201
ip igmp snooping 4-202
ip igmp snooping vlan static 4-202
ip igmp snooping version 4-203
ip igmp snooping leave-proxy 4-203
ip igmp snooping immediate-leave 4-204
show ip igmp snooping 4-204
show mac-address-table multicast 4-205
IGMP Query Commands (Layer 2) 4-206
xi
Contents
ip igmp snooping querier 4-206
ip igmp snooping query-count 4-206
ip igmp snooping query-interval 4-207
ip igmp snooping query-max-response-time 4-208
ip igmp snooping router-port-expire-time 4-208
Static Multicast Routing Commands 4-209
ip igmp snooping vlan mrouter 4-209
show ip igmp snooping mrouter 4-210
IGMP Filtering and Throttling Commands 4-211
ip igmp filter (Global Configuration) 4-211
ip igmp profile 4-212
permit, deny 4-212
range 4-213
ip igmp filter (Interface Configuration) 4-213
ip igmp max-groups 4-214
ip igmp max-groups action 4-215
show ip igmp filter 4-215
show ip igmp profile 4-216
show ip igmp throttle interface 4-216
ip address 4-223
ip default-gateway 4-224
ip dhcp restart 4-225
show ip interface 4-225
show ip redirects 4-226
ping 4-226
IP Source Guard Commands 4-227
ip source-guard 4-227
ip source-guard binding 4-229
show ip source-guard 4-230
show ip source-guard binding 4-230
DHCP Snooping Commands 4-231
ip dhcp snooping 4-231
ip dhcp snooping vlan 4-233
ip dhcp snooping trust 4-234
ip dhcp snooping verify mac-address 4-235
ip dhcp snooping information option 4-235
ip dhcp snooping information policy 4-236
show ip dhcp snooping 4-237
show ip dhcp snooping binding 4-237
Switch Cluster Commands 4-237
xii
Contents
cluster 4-238
cluster commander 4-239
cluster ip-pool 4-239
cluster member 4-240
rcommand 4-240
show cluster 4-241
show cluster members 4-241
show cluster candidates 4-242
Appendix A: Software Specifications A-1
Software Features A-1
Management Features A-2
Standards A-2
Management Information Bases A-3
Appendix B: Troubleshooting B-1
Problems Accessing the Management Interface B-1
Using System Logs B-2
Figure 3-1Home Page 3-2
Figure 3-2Panel Display 3-3
Figure 3-3System Information 3-10
Figure 3-4Switch Information 3-12
Figure 3-5Bridge Extension Configuration 3-13
Figure 3-6Manual IP Configuration 3-15
Figure 3-7DHCP IP Configuration 3-16
Figure 3-8Bridge Extension Configuration 3-17
Figure 3-9Copy Firmware 3-18
Figure 3-10 Setting the Startup Code 3-18
Figure 3-11 Deleting Files 3-19
Figure 3-12 Downloading Configuration Settings for Startup 3-20
Figure 3-13 Setting the Startup Configuration Settings 3-21
Figure 3-14 Console Port Settings 3-22
Figure 3-15 Enabling Telnet 3-24
Figure 3-16 Displaying Logs 3-25
Figure 3-17 System Logs 3-27
Figure 3-18 Remote Logs 3-28
Figure 3-19 Enabling and Configuring SMTP 3-29
Figure 3-20 Renumbering the System 3-30
Figure 3-21 Resetting the System 3-30
Figure 3-22 SNTP Configuration 3-31
Figure 3-23 Setting the System Clock 3-32
Figure 3-24 Configuring SNMP Community Strings 3-34
Figure 3-25 Configuring IP Trap Managers 3-35
Figure 3-26 Enabling SNMP Agent Status 3-35
Figure 3-27 Setting an Engine ID 3-36
Figure 3-28 Setting a Remote Engine ID 3-37
Figure 3-29 Configuring SNMPv3 Users 3-39
Figure 3-30 Configuring Remote SNMPv3 Users 3-40
Figure 3-31 Configuring SNMPv3 Groups 3-44
Figure 3-32 Configuring SNMPv3 Views 3-45
Figure 3-33 Access Levels 3-47
Figure 3-34 Authentication Settings 3-50
Figure 3-35 HTTPS Settings 3-52
Figure 3-36 SSH Server Settings 3-56
Figure 3-37 SSH Host-Key Settings 3-58
Figure 3-38 Configuring Port Security 3-60
Figure 3-39 802.1X Global Information 3-62
Figure 3-40 802.1X Global Configuration 3-62
Figure 3-41 802.1X Port Configuration 3-64
Figure 3-42 Displaying 802.1X Port Statistics 3-66
xix
Figures
Figure 3-43 Selecting ACL Type 3-68
Figure 3-44 Configuring Standard IP ACLs 3-69
Figure 3-45 Configuring Extended IP ACLs 3-71
Figure 3-46 Configuring MAC ACLs 3-73
Figure 3-47 Configuring ACL Port Binding 3-74
Figure 3-48Creating an IP Filter List 3-75
Figure 3-49 Displaying Port/Trunk Information 3-77
Figure 3-50 Port/Trunk Configuration 3-79
Figure 3-51 Configuring Static Trunks 3-81
Figure 3-52 LACP Trunk Configuration 3-83
Figure 3-53 LACP Port Configuration 3-85
Figure 3-54 LACP - Port Counters Information 3-87
Figure 3-55LACP - Port Internal Information 3-89
Figure 3-56 LACP - Port Neighbors Information 3-90
Figure 3-57 Port Broadcast Control 3-92
Figure 3-58 Mirror Port Configuration 3-93
Figure 3-59 Input Rate Limit Port Configuration 3-94
Figure 3-60Port Statistics 3-98
Figure 3-61 Configuring a Static Address Table 3-100
Figure 3-62 Configuring a Dynamic Address Table 3-101
Figure 3-63 Setting the Address Aging Time 3-102
Figure 3-64 Displaying Spanning Tree Information 3-106
Figure 3-65 Configuring Spanning Tree 3-110
Figure 3-66 Displaying Spanning Tree Port Information 3-113
Figure 3-67 Configuring Spanning Tree per Port 3-115
Figure 3-68 Configuring Multiple Spanning Trees 3-117
Figure 3-69Displaying MSTP Interface Settings 3-119
Figure 3-70Displaying MSTP Interface Settings 3-122
Figure 3-71 Globally Enabling GVRP 3-125
Figure 3-72 Displaying Basic VLAN Information 3-126
Figure 3-73 Displaying Current VLANs 3-127
Figure 3-74 Configuring a VLAN Static List 3-129
Figure 3-75 Configuring a VLAN Static Table 3-130
Figure 3-76 VLAN Static Membership by Port 3-131
Figure 3-77 Configuring VLANs per Port 3-133
Figure 3-78 802.1Q Tunnel Status 3-137
Figure 3-79 Tunnel Port Configuration 3-139
Figure 3-80 Private VLAN Status 3-141
Figure 3-81 Private VLAN Link Status 3-142
Figure 3-82Protocol VLAN Configuration 3-143
Figure 3-83 Protocol VLAN Port Configuration 3-143
Figure 3-84Port Priority Configuration 3-145
Figure 3-85 Traffic Classes 3-146
Figure 3-86 Enable Traffic Classes 3-147
Figure 3-87 Queue Mode 3-148
xx
Figures
Figure 3-88 Configuring Queue Scheduling 3-148
Figure 3-89 IP Precedence/DSCP Priority Status 3-150
Figure 3-90 Mapping IP Precedence Priority Values 3-151
Figure 3-91 Mapping IP DSCP Priority Values 3-152
Figure 3-92 IP Port Priority Status 3-153
Figure 3-93 IP Port Priority 3-154
Figure 3-94 Configuring Class Maps 3-157
Figure 3-95 Configuring Policy Maps 3-160
Figure 3-96 Service Policy Settings 3-161
Figure 3-97 IGMP Configuration 3-164
Figure 3-98 IGMP Immediate Leave 3-165
Figure 3-99 Displaying Multicast Router Port Information 3-166
Figure 3-100 Static Multicast Router Port Configuration 3-167
Figure 3-101 IP Multicast Registration Table 3-168
Figure 3-102 IGMP Member Port Table 3-169
Figure 3-103 Enabling IGMP Filtering and Throttling 3-170
Figure 3-104 IGMP Filter and Throttling Port Configuration 3-172
Figure 3-105 IGMP Profile Configuration 3-173
Figure 3-106 MVR Global Configuration 3-176
Figure 3-107 MVR Port Information 3-177
Figure 3-108 MVR Group IP Information 3-178
Figure 3-109 MVR Port Configuration 3-180
Figure 3-110 MVR Group Member Configuration 3-181
Figure 3-111 DNS General Configuration 3-182
Figure 3-112 DNS Static Host Table 3-184
Figure 3-113 DNS Cache 3-185
Figure 3-114 DHCP Snooping Configuration 3-187
Figure 3-115 DHCP Snooping VLAN Configuration 3-188
Figure 3-116 DHCP Snooping Information Option Configuration 3-189
Figure 3-117 DHCP Snooping Port Configuration 3-190
Figure 3-118 DHCP Snooping Binding Information 3-191
Figure 3-119 IP Source Guard Port Configuration 3-192
Figure 3-120 Static IP Source Guard Binding Configuration 3-193
Figure 3-121 Dynamic IP Source Guard Binding Information 3-194
Figure 3-122 Cluster Member Choice 3-195
Figure 3-123 Cluster Configuration 3-196
Figure 3-124 Cluster Member Configuration 3-197
Figure 3-125 Cluster Member Information 3-197
Figure 3-126 Cluster Candidate Information 3-198
xxi
Figures
xxii
Chapter 1: Introduction
This switch provides a broad range of features for Layer 2 switching. It includes a
management agent that allows you to configure the features listed in this manual.
The default configuration can be used for most of the features provided by this
switch. However, there are many options that you should configure to maximize the
switch’s performance for your particular network environment.
Key Features
Table 1-1 Key Features
FeatureDescription
Configuration Backup and
Restore
AuthenticationConsole, Telnet, web – User name / password, RADIUS, TACACS+
Access Control ListsSupports up to 128 ACLs, 96 MAC rules and 96 rules per system
DHCP ClientSupported
DHCP SnoopingSupported with Option 82 relay information
Port ConfigurationSpeed, duplex mode and flow control
Rate LimitingInput rate and output limiting per port
Port MirroringOne or more port mirrored to a single analysis port
Port TrunkingSupports up to 32 trunks using either static or dynamic trunking (LACP)
Broadcast Storm ControlSupported
Static AddressUp to 8K MAC addresses in the forwarding table
IEEE 802.1D BridgeSupports dynamic data switching and addresses learning
Store-and-Forward Switching Supported to ensure wire-speed switching while eliminating bad frames
Spanning Tree AlgorithmSupports standard STP, and Rapid Spanning Tree Protocol (RSTP) and
Virtual LANsUp to 256 using IEEE 802.1Q, port-based, protocol-based or private VLANs
Traffic PrioritizationDefault port priority, traffic class map, queue scheduling, or Differentiated
Qualify of ServiceSupports Differentiated Services (DiffServ)
Multicast FilteringSupports IGMP snooping and query, as well as Multicast VLAN Registration
Backup to TFTP server
Web – HTTPS
Teln e t – SS H
SNMP v1/2c - Community strings
SNMP version 3 – MD5 or SHA password
Port – IEEE 802.1X, MAC address filtering
Multiple Spanning Trees(MSTP)
Services Code Point (DSCP), and TCP/UDP Port
1-1
Introduction
1
Table 1-1 Key Features
FeatureDescription
Switch ClusteringSupports up to 16 Member switches in a cluster
Description of Software Features
The switch provides a wide range of advanced performance enhancing features.
Flow control eliminates the loss of packets due to bottlenecks caused by port
saturation. Broadcast storm suppression prevents broadcast traffic storms from
engulfing the network. Port-based, private VLANs and protocol-based VLANs, plus
support for automatic GVRP VLAN registration provide traffic security and efficient
use of network bandwidth. CoS priority queueing ensures the minimum delay for
moving real-time multimedia data across the network. While multicast filtering
provides support for real-time network applications. Some of the management
features are briefly described below.
Configuration Backup and Restore – You can save the current configuration
settings to a file on a TFTP server, and later download this file to restore the switch
configuration settings.
Authentication – This switch authenticates management access via the console
port, Telnet or web browser. User names and passwords can be configured locally or
can be verified via a remote authentication server (i.e., RADIUS or TACACS+).
Port-based authentication is also supported via the IEEE 802.1X protocol. This
protocol uses the Extensible Authentication Protocol over LANs (EAPOL) to request
user credentials from the 802.1X client, and then verifies the client’s right to access
the network via an authentication server.
Other authentication options include HTTPS for secure management access via the
web, SSH for secure management access over a Telnet-equivalent connection, IP
address filtering for SNMP/web/Telnet management access, and MAC address
filtering for port access.
Access Control Lists – ACLs provide packet filtering for IP frames (based on
address, protocol, or TCP/UDP port number) or any frames (based on MAC address
or Ethernet type). ACLs can be used to improve performance by blocking
unnecessary network traffic or to implement security controls by restricting access to
specific network resources or protocols.
Port Configuration – You can manually configure the speed, duplex mode, and
flow control used on specific ports, or use auto-negotiation to detect the connection
settings used by the attached device. Use the full-duplex mode on ports whenever
possible to double the throughput of switch connections. Flow control should also be
enabled to control network traffic during periods of congestion and prevent the loss
of packets when port buffer thresholds are exceeded. The switch supports flow
control based on the IEEE 802.3x standard.
1-2
Description of Software Features
Rate Limiting – This feature controls the maximum rate for traffic transmitted or
received on an interface. Rate limiting is configured on interfaces at the edge of a
network to limit traffic into the network. Traffic that falls within the rate limit is
transmitted while packets that exceed the acceptable amount of traffic are dropped.
Port Mirroring – The switch can unobtrusively mirror traffic from any port to a
monitor port. You can then attach a protocol analyzer or RMON probe to this port to
perform traffic analysis and verify connection integrity.
Port Trunking – Ports can be combined into an aggregate connection. Trunks can
be manually set up or dynamically configured using IEEE 802.3ad Link Aggregation
Control Protocol (LACP). The additional ports dramatically increase the throughput
across any connection, and provide redundancy by taking over the load if a port in
the trunk should fail. The switch supports up to 32 trunks.
Broadcast Storm Control – Broadcast suppression prevents broadcast traffic from
overwhelming the network. When enabled on a port, the level of broadcast traffic
passing through the port is restricted. If broadcast traffic rises above a pre-defined
threshold, it will be throttled until the level falls back beneath the threshold.
Static Addresses – A static address can be assigned to a specific interface on this
switch. Static addresses are bound to the assigned interface and will not be moved.
When a static address is seen on another interface, the address will be ignored and
will not be written to the address table. Static addresses can be used to provide
network security by restricting access for a known host to a specific port.
IEEE 802.1D Bridge – The switch supports IEEE 802.1D transparent bridging. The
address table facilitates data switching by learning addresses, and then filtering or
forwarding traffic based on this information. The address table supports up to 8K
addresses.
Store-and-Forward Switching – The switch copies each frame into its memory
before forwarding them to another port. This ensures that all frames are a standard
Ethernet size and have been verified for accuracy with the cyclic redundancy check
(CRC). This prevents bad frames from entering the network and wasting bandwidth.
To avoid dropping frames on congested ports, the TL-SG5426 provides 4 Mbits for
frame buffering. This buffer can queue packets awaiting transmission on congested
networks.
Spanning Tree Algorithm – The switch supports these spanning tree protocols:
Spanning Tree Protocol (STP, IEEE 802.1D) – This protocol provides loop detection
and recovery by allowing two or more redundant connections to be created between
a pair of LAN segments. When there are multiple physical paths between segments,
this protocol will choose a single path and disable all others to ensure that only one
route exists between any two stations on the network. This prevents the creation of
network loops. However, if the chosen path should fail for any reason, an alternate
path will be activated to maintain the connection.
Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol reduces the
convergence time for network topology changes to 3 to 5 seconds, compared to 30
1
1-3
Introduction
1
seconds or more for the older IEEE 802.1D STP standard. It is intended as a
complete replacement for STP, but can still interoperate with switches running the
older standard by automatically reconfiguring ports to STP-compliant mode if they
detect STP protocol messages from attached devices.
Multiple Spanning Tree Protocol (MSTP, IEEE 802.1s) – This protocol is a direct
extension of RSTP. It can provide an independent spanning tree for different VLANs.
It simplifies network management, provides for even faster convergence than RSTP
by limiting the size of each region, and prevents VLAN members from being
segmented from the rest of the group (as sometimes occurs with IEEE 802.1D STP).
Virtual LANs – The switch supports up to 256 VLANs. A Virtual LAN is a collection
of network nodes that share the same collision domain regardless of their physical
location or connection point in the network. The switch supports tagged VLANs
based on the IEEE 802.1Q standard. Members of VLAN groups can be dynamically
learned via GVRP, or ports can be manually assigned to a specific set of VLANs.
This allows the switch to restrict traffic to the VLAN groups to which a user has been
assigned. By segmenting your network into VLANs, you can:
• Eliminate broadcast storms which severely degrade performance in a flat network.
• Simplify network management for node changes/moves by remotely configuring
VLAN membership for any port, rather than having to manually change the network
connection.
• Provide data security by restricting all traffic to the originating VLAN.
• Use private VLANs to restrict traffic to pass only between data ports and the uplink
ports, thereby isolating adjacent ports within the same VLAN, and allowing you to
limit the total number of VLANs that need to be configured.
• Use protocol VLANs to restrict traffic to specified interfaces based on protocol type.
Traffic Prioritization – This switch prioritizes each packet based on the required
level of service, using four priority queues with strict or Weighted Round Robin
Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on
input from the end-station application. These functions can
independent priorities for delay-sensitive data and best-effort data.
This switch also supports several common methods of prioritizing layer 3/4 traffic to
meet application requirements. Traffic can be prioritized based on the DSCP field in
the IP frame. When these services are enabled, the priorities are mapped to a Class
of Service value by the switch, and the traffic then sent to the corresponding output
queue.
Quality of Service – Differentiated Services (DiffServ) provides policy-based
management mechanisms used for prioritizing network resources to meet the
requirements of specific traffic types on a per-hop basis. Each packet is classified
upon entry into the network based on access lists, IP Precedence or DSCP values,
or VLAN lists. Using access lists allows you select traffic based on Layer 2, Layer 3,
or Layer 4 information contained in each packet. Based on network policies, different
kinds of traffic can be marked for different kinds of forwarding.
be used to provide
1-4
Description of Software Features
Multicast Filtering – Specific multicast traffic can be assigned to its own VLAN to
ensure that it does not interfere with normal network traffic and to guarantee
real-time delivery by setting the required priority level for the designated VLAN. The
switch uses IGMP Snooping and Query to manage multicast group registration. It
also supports Multicast VLAN Registration (MVR) which allows common multicast
traffic, such as television channels, to be transmitted across a single network-wide
multicast VLAN shared by hosts residing in other standard or private VLAN groups,
while preserving security and data isolation for normal traffic.
1
1-5
Loading...
+ 469 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.