About This Guide
- Intended Readers
- Conventions
- More Information
Accessing the Switch
- Overview
- Web Interface Access
- Command Line Interface Access
Managing System
- System
  - Overview
  - Supported Features
- System Info Configurations
  - Using the GUI
  - Using the CLI
- User Management Configurations
  - Using the GUI
    - Creating Admin Accounts
    - Creating Accounts of Other Types
  - Using the CLI
    - Creating Admin Accounts
    - Creating Accounts of Other Types
- System Tools Configurations
  - Using the GUI
  - Using the CLI
- Access Security Configurations
  - Using the GUI
  - Using the CLI
- SDM Template Configuration
  - Using the GUI
  - Using the CLI
- Appendix: Default Parameters
Managing Physical Interfaces
- Physical Interface
  - Overview
  - Supported Features
- Basic Parameters Configurations
  - Using the GUI
  - Using the CLI
- Port Mirror Configuration
  - Using the GUI
  - Using the CLI
- Port Security Configuration
  - Using the GUI
  - Using the CLI
- Port Isolation Configurations
  - Using the GUI
  - Using the CLI
- Loopback Detection Configuration
  - Using the GUI
  - Using the CLI
- Configuration Examples
- Appendix: Default Parameters
Configuring LAG
- LAG
  - Overview
  - Supported Features
- LAG Configuration
  - Using the GUI
    - Configuring Load-balancing Algorithm
    - Configuring Static LAG or LACP
  - Using the CLI
    - Configuring Load-balancing Algorithm
    - Configuring Static LAG or LACP
- Configuration Example
- Appendix: Default Parameters
Monitoring Traffic
- Traffic Monitor
  - Using the GUI
    - Viewing the Traffic Summary
    - Viewing the Traffic Statistics in Detail
  - Using the CLI
- Appendix: Default Parameters
Managing MAC Address Table
- MAC Address Table
  - Overview
  - Supported Features
- Address Configurations
  - Using the GUI
  - Using the CLI
- Security Configurations
  - Using the GUI
    - Configuring MAC Notification Traps
    - Limiting the Number of MAC Addresses in VLANs
  - Using the CLI
    - Configuring MAC Notification Traps
    - Limiting the Number of MAC Addresses in VLANs
- Example for Security Configurations
- Appendix: Default Parameters
Configuring DDM
- Overview
- DDM Configuration
  - Using the GUI
  - Using the CLI
- Appendix: Default Parameters
Configuring L2PT
- Overview
- L2PT Configuration
  - Using the GUI
  - Using the CLI
- Configuration Example
- Appendix: Default Parameters
Configuring 802.1Q VLAN
- Overview
- 802.1Q VLAN Configuration
  - Using the GUI
    - Configuring the PVID of the Port
    - Configuring the VLAN
  - Using the CLI
- Configuration Example
- Appendix: Default Parameters
Configuring MAC VLAN
- Overview
- MAC VLAN Configuration
  - Using the GUI
  - Using the CLI
- Configuration Example
- Appendix: Default Parameters
Configuring Protocol VLAN
- Overview
- Protocol VLAN Configuration
  - Using the GUI
  - Using the CLI
- Configuration Example
- Appendix: Default Parameters
Configuring VLAN-VPN
- VLAN-VPN
  - Overview
  - Supported Features
- Basic VLAN-VPN Configuration
  - Using the GUI
  - Using the CLI
    - Configuring 802.1Q VLAN
    - Configuring Basic VLAN-VPN
- Flexible VLAN-VPN Configuration
  - Using the GUI
  - Using the CLI
- Configuration Example
- Appendix: Default Parameters
Configuring GVRP
- Overview
- GVRP Configuration
  - Using the GUI
  - Using the CLI
- Configuration Example
- Appendix: Default Parameters
Configuring Private VLAN
- Overview
- Private VLAN Configurations
  - Using the GUI
  - Using the CLI
- Configuration Example
- Appendix: Default Parameters
Configuring Spanning Tree
- Spanning Tree
- STP/RSTP Configurations
  - Using the GUI
  - Using the CLI
- MSTP Configurations
  - Using the GUI
  - Using the CLI
- STP Security Configurations
  - Using the GUI
    - Configuring the STP Security
    - (Optional) Configuring the Threshold and TC Protect Cycle
  - Using the CLI
    - Configuring the STP Security
    - Configuring the TC Protect
- Configuration Example for MSTP
- Appendix: Default Parameters
Configuring OAM
- Ethernet OAM
  - Overview
  - Supported Features
- Ethernet OAM Configurations
  - Using the GUI
  - Using the CLI
- Viewing OAM Statistics
  - Using the GUI
    - Viewing OAMPDUs
    - Viewing Event Logs
  - Using the CLI
    - Viewing OAMPDUs
    - Viewing Event Logs
- Configuration Example
  - Network Requirements
- Appendix: Default Parameters
Configuring Layer 2 Multicast
- Layer 2 Multicast
  - Overview
  - Supported Layer 2 Multicast Protocols
- IGMP Snooping Configurations
  - Using the GUI
  - Using the CLI
- Configuring MLD Snooping
  - Using the GUI
  - Using the CLI
- Viewing Multicast Snooping Configurations
  - Using the GUI
    - Viewing IPv4 Multicast Snooping Configurations
    - Viewing IPv6 Multicast Snooping Configurations
  - Using the CLI
    - Viewing IPv4 Multicast Snooping Configurations
    - Viewing IPv6 Multicast Snooping Configurations
- Configuration Examples
- Appendix: Default Parameters
  - Default Parameters for IGMP Snooping
  - Default Parameters for MLD Snooping
Configuring Logical Interfaces
- Overview
- Logical Interfaces Configurations
  - Using the GUI
  - Using the CLI
- Appendix: Default Parameters
Configuring Static Routing
- Overview
- IPv4 Static Routing Configuration
  - Using the GUI
  - Using the CLI
- IPv6 Static Routing Configuration
  - Using the GUI
  - Using the CLI
- Viewing Routing Table
  - Using the GUI
    - Viewing IPv4 Routing Table
    - Viewing IPv6 Routing Table
  - Using the CLI
    - Viewing IPv4 Routing Table
    - Viewing IPv6 Routing Table
- Example for Static Routing
- Appendix: Default Parameter
Configuring DHCP
- DHCP
  - Overview
  - Supported Features
- DHCP Server Configuration
  - Using the GUI
  - Using the CLI
- DHCP Client Configuration
  - Using the GUI
  - Using the CLI
- DHCP Relay Configuration
  - Using the GUI
    - Enabling DHCP Relay and Configuring Option 82
    - Specifying DHCP Server for the Interface or VLAN
  - Using the CLI
- Configuration Examples
  - Example for DHCP Server
  - Example for DHCP Interface Relay
- Appendix: Default Parameters
Configuring ARP
- Overview
- ARP Configurations
  - Using the GUI
    - Viewing the ARP Entries
    - Adding Static ARP Entries Manually
  - Using the CLI
    - Configuring ARP Function
Configuring QoS
- QoS
  - Overview
  - Supported Features
- DiffServ Configuration
  - Using the GUI
    - Configuring Priority Mode
    - Configuring Schedule Mode
  - Using CLI
    - Configuring Priority Mode
    - Configuring Schedule Mode
- Bandwidth Control Configuration
  - Using the GUI
    - Configuring Rate Limit
    - Configuring Storm Control
  - Using the CLI
    - Configuring Rate Limit on Port
    - Configuring Storm Control
- Configuration Examples
  - Example for Configuring SP Mode
  - Example for Configuring WRR Mode
- Appendix: Default Parameters
Configuring Voice VLAN
- Overview
- Voice VLAN Configuration
  - Using the GUI
  - Using the CLI
- Configuration Example
- Appendix: Default Parameters
Configuring PoE
- PoE
  - Overview
  - Supported Features
- PoE Power Management Configurations
  - Using the GUI
    - Configuring the PoE Parameters Manually
    - Configuring the PoE Parameters Using the Profile
  - Using the CLI
    - Configuring the PoE Parameters Manually
    - Configuring the PoE Parameters Using the Profile
- Time-Range Function Configurations
  - Using the GUI
  - Using the CLI
- Example for PoE Configurations
- Appendix: Default Parameters
Configuring ACL
- Overview
  - Introduction
  - Supported Features
- ACL Configuration
  - Using the GUI
  - Using the CLI
- Configuration Example for ACL
- Appendix: Default Parameters
Configuring Network Security
- Network Security
  - Overview
  - Supported Features
- IP-MAC Binding Configurations
  - Using the GUI
  - Using the CLI
    - Binding Entries Manually
    - Viewing Binding Entries
- IPv6-MAC Binding Configurations
  - Using the GUI
  - Using the CLI
- DHCP Snooping Configuration
  - Using the GUI
  - Using the CLI
- DHCPv6 Snooping Configuration
  - Using the GUI
  - Using the CLI
- ARP Inspection Configurations
  - Using the GUI
  - Using the CLI
- ND Detection Configuration
  - Using the GUI
  - Using the CLI
- IP Source Guard Configuration
  - Using the GUI
  - Using the CLI
- DoS Defend Configuration
  - Using the GUI
  - Using the CLI
- 802.1X Configuration
  - Using the GUI
  - Using the CLI
- PPPoE ID-Insertion Configuration
  - Using the GUI
  - Using the CLI
- AAA Configuration
  - Using the GUI
  - Using the CLI
- Configuration Examples
- Appendix: Default Parameters
Configuring LLDP
- LLDP
  - Overview
  - Supported Features
- LLDP Configurations
  - Using the GUI
    - Global Config
    - Port Config
  - Using the CLI
    - Global Config
    - Port Config
- LLDP-MED Configurations
  - Using the GUI
    - Global Config
    - Port Config
  - Using the CLI
    - Global Config
    - Port Config
- Viewing LLDP Settings
  - Using GUI
    - Viewing LLDP Device Info
    - Viewing LLDP Statistics
  - Using CLI
- Viewing LLDP-MED Settings
  - Using GUI
  - Using CLI
- Configuration Example
  - Example for Configuring LLDP
  - Example for Configuring LLDP-MED
- Appendix: Default Parameters
Configuring Maintenance
- Maintenance
  - Overview
  - Supported Features
- Monitoring the System
  - Using the GUI
    - Monitoring the CPU
    - Monitoring the Memory
  - Using the CLI
    - Monitoring the CPU
    - Monitoring the Memory
- SFlow Configuration
  - Using the GUI
    - Configuring the SFlow Collector
    - Configuring the SFlow Sampler
  - Using the CLI
- System Log Configurations
  - Using the GUI
  - Using the CLI
    - Configuring the Local Log
    - Configuring the Remote Log
- Diagnosing the Device
  - Using the GUI
  - Using the CLI
- Diagnosing the Network
  - Using the GUI
    - Configuring the Ping Test
    - Configuring the Tracert Test
  - Using the CLI
    - Configuring the Ping Test
    - Configuring the Tracert Test
- DLDP Configuration
  - Using the GUI
  - Using the CLI
- Configuration Examples
  - Example for Configuring SFlow
  - Example for Configuring Remote Log
- Appendix: Default Parameters
Configuring SNMP & RMON
- SNMP Overview
- SNMP Configurations
  - Using the GUI
  - Using the CLI
- Notification Configurations
  - Using the GUI
  - Using the CLI
    - Configuring the Host
    - Enabling SNMP Notification
- RMON Overview
- RMON Configurations
  - Using the GUI
  - Using the CLI
- Configuration Example
- Appendix: Default Parameters

TP-Link T2600G-28TS(TL-SG3424) User Manual

Displayed below is the user manual for T2600G-28TS(TL-SG3424) by TP-Link which is a product in the Network Switches category. This manual has pages.

Configuration Guide

T2600G Series Switches

T2600G-18TS (TL-SG3216) / T2600G-28TS (TL-SG3424)

T2600G-52TS (TL-SG3452) / T2600G-28MPS (TL-SG3424P)

1910012207 REV2.1.1

July 2017

Specifications are subject to change without notice. is a registered trademark

of TP-Link Technologies Co., Ltd. Other brands and product names are trademarks or

registered trademarks of their respective holders.

No part of the specifications may be reproduced in any form or by any means or used to

make any derivative such as translation, transformation, or adaptation without permission

rights reserved.

http://www.tp-link.com

FCC STATEMENT

This equipment has been tested and found to comply with the limits for a Class A digital

device, pursuant to part 15 of the FCC Rules. These limits are designed to provide

reasonable protection against harmful interference when the equipment is operated in a

commercial environment. This equipment generates, uses, and can radiate radio frequency

energy and, if not installed and used in accordance with the instruction manual, may cause

harmful interference to radio communications. Operation of this equipment in a residential

area is likely to cause harmful interference in which case the user will be required to correct

the interference at his own expense.

This device complies with part 15 of the FCC Rules. Operation is subject to the following

two conditions:

1) This device may not cause harmful interference.

2) This device must accept any interference received, including interference that may

cause undesired operation.

Any changes or modifications not expressly approved by the party responsible for

compliance could void the user’s authority to operate the equipment.

CE Mark Warning

This is a class A product. In a domestic environment, this product may cause radio

interference, in which case the user may be required to take adequate measures.

Industry Canada Statement

CAN ICES-3 (A)/NMB-3(A)

BSMI Notice

安全諮詢及注意事項

•請使用原裝電源供應器或只能按照本產品注明的電源類型使用本產品。

•清潔本產品之前請先拔掉電源線。請勿使用液體、噴霧清潔劑或濕布進行清潔。

•注意防潮，請勿將水或其他液體潑灑到本產品上。

•插槽與開口供通風使用，以確保本產品的操作可靠並防止過熱，請勿堵塞或覆蓋開口。

•請勿將本產品置放於靠近熱源的地方。除非有正常的通風，否則不可放在密閉位置中。

•請不要私自打開機殼，不要嘗試自行維修本產品，請由授權的專業人士進行此項工作。

此為甲類資訊技術設備，于居住環境中使用時，可能會造成射頻擾動，在此種情況下，使用者

會被要求採取某些適當的對策。

限用物質含有情況標示聲明書

產品元件名稱限用物質及其化學符號

鉛

鎘

汞

六價鉻

CrVI

多溴聯苯

PBB

多溴二苯醚

PBDE

PCB ○ ○ ○ ○ ○ ○

外殼 ○ ○ ○ ○ ○ ○

電源供應板 —○ ○ ○ ○ ○

電源適配器 —○ ○ ○ ○ ○

備考 1. “超出 0.1 wt %”及“超出 0.01 wt %”系指限用物質之百分比含量超出百分比

含量基準值。

備考 2. “○”系指該項限用物質之百分比含量未超出百分比含量基準值。

備考 3. “—”系指該項限用物質為排除項目。

Продукт сертифіковано згідно с правилами системи УкрСЕПРО на відповідність

вимогам нормативних документів та вимогам, що передбачені чинними законодавчими

актами України.

Safety Information

When product has power button, the power button is one of the way to shut off the

product; When there is no power button, the only way to completely shut off power is to

disconnect the product or the power adapter from the power source.

Don’t disassemble the product, or make repairs yourself. You run the risk of electric

shock and voiding the limited warranty. If you need service, please contact us.

Avoid water and wet locations.

Please read and follow the above safety information when operating the device. We cannot

guarantee that no accidents or damage will occur due to improper use of the device.

Please use this product with care and operate at your own risk.

Explanation of the symbols on the product label

Symbol Explanation

AC voltage

Indoor use only

RECYCLING

This product bears the selective sorting symbol for Waste electrical and electronic

equipment (WEEE). This means that this product must be handled pursuant to

European directive 2012/19/EU in order to be recycled or dismantled to minimize

its impact on the environment.

User has the choice to give his product to a competent recycling organization or

to the retailer when he buys a new electrical or electronic equipment.

この装置は、クラスA情報技術装置です。この装置を家庭環境で使用すると電波妨害を引き起こすことがありま

す。この場合には使用者が適切な対策を講ずるよう要求されることがあります。

VCCI-A

CONTENTS

About This Guide

Intended Readers ................................................................................................................................................................1

Conventions ...........................................................................................................................................................................1

More Information .................................................................................................................................................................2

Accessing the Switch

Overview ................................................................................................................................................................................4

Web Interface Access ........................................................................................................................................................5

Login .................................................................................................................................................................................................................5

Save Config Function ..............................................................................................................................................................................6

Disable the Web Server .........................................................................................................................................................................7

Configure the Switch's IP Address and Default Gateway ...................................................................................................8

Command Line Interface Access ............................................................................................................................... 11

Console Login (only for switch with console port) ...............................................................................................................11

Telnet Login ...............................................................................................................................................................................................13

SSH Login ...................................................................................................................................................................................................14

Disable Telnet login ...............................................................................................................................................................................18

Disable SSH login ...................................................................................................................................................................................19

Copy running-config startup-config ............................................................................................................................................19

Change the Switch's IP Address and Default Gateway .....................................................................................................20

Managing System

System .................................................................................................................................................................................. 22

Overview ......................................................................................................................................................................................................22

Supported Features ..............................................................................................................................................................................22

System Info Configurations .......................................................................................................................................... 24

Using the GUI ............................................................................................................................................................................................24

Viewing the System Summary ...........................................................................................................................................24

Specifying the Device Description ..................................................................................................................................26

Setting the System Time ......................................................................................................................................................26

Setting the Daylight Saving Time .....................................................................................................................................28

Specifying the Serial Port Parameter .............................................................................................................................29

Using the CLI .............................................................................................................................................................................................30

Viewing the System Summary ...........................................................................................................................................30

Specifying the Device Description ..................................................................................................................................31

Setting the System Time ......................................................................................................................................................32

Setting the Daylight Saving Time .....................................................................................................................................34

Specifying the Serial Port Parameter .............................................................................................................................36

User Management Configurations ............................................................................................................................. 38

Creating Admin Accounts ....................................................................................................................................................38

Creating Accounts of Other Types .................................................................................................................................39

Creating Admin Accounts ....................................................................................................................................................41

Creating Accounts of Other Types .................................................................................................................................42

System Tools Configurations ...................................................................................................................................... 46

Configuring the Boot File ......................................................................................................................................................46

Restoring the Configuration of the Switch .................................................................................................................47

Backing up the Configuration File ....................................................................................................................................48

Upgrading the Firmware ........................................................................................................................................................48

Configuring Auto Install Function .....................................................................................................................................49

Rebooting the switch ..............................................................................................................................................................50

Configuring the Reboot Schedule ...................................................................................................................................50

Reseting the Switch .................................................................................................................................................................51

Configuring the Boot File ......................................................................................................................................................51

Restoring the Configuration of the Switch .................................................................................................................52

Backing up the Configuration File ....................................................................................................................................53

Upgrading the firmware .........................................................................................................................................................53

Configuring Auto Install Function .....................................................................................................................................54

Rebooting the switch ..............................................................................................................................................................55

Configuring the Reboot Schedule ...................................................................................................................................56

Reseting the Switch .................................................................................................................................................................57

Access Security Configurations ................................................................................................................................. 58

Configuring the Access Control Feature .....................................................................................................................58

Configuring the HTTP Function ........................................................................................................................................60

Configuring the HTTPS Function .....................................................................................................................................61

Configuring the SSH Feature .............................................................................................................................................63

Enabling the Telnet Function ..............................................................................................................................................64

Configuring the Access Control .......................................................................................................................................64

Configuring the HTTP Function ........................................................................................................................................66

Configuring the HTTPS Function .....................................................................................................................................67

Configuring the SSH Feature .............................................................................................................................................69

Enabling the Telnet Function ..............................................................................................................................................72

SDM Template Configuration ....................................................................................................................................... 73

Appendix: Default Parameters ..................................................................................................................................... 76

Managing Physical Interfaces

Physical Interface ............................................................................................................................................................. 80

Supported Features ..............................................................................................................................................................................80

Basic Parameters Configurations ............................................................................................................................... 81

Port Mirror Configuration ............................................................................................................................................... 85

Port Security Configuration .......................................................................................................................................... 89

Port Isolation Configurations ....................................................................................................................................... 93

Loopback Detection Configuration ........................................................................................................................... 96

Configuration Examples ...............................................................................................................................................100

Example for Port Mirror ....................................................................................................................................................................100

Network Requirements .......................................................................................................................................................100

Configuration Scheme ........................................................................................................................................................100

Using the GUI ............................................................................................................................................................................ 100

Using the CLI ............................................................................................................................................................................102

Example for Port Isolation ...............................................................................................................................................................102

Network Requirements .......................................................................................................................................................102

Configuration Scheme ........................................................................................................................................................103

Using the GUI ............................................................................................................................................................................ 103

Using the CLI ............................................................................................................................................................................104

Example for Loopback Detection...............................................................................................................................................105

Network Requirements .......................................................................................................................................................105

Configuration Scheme ........................................................................................................................................................105

Using the GUI ............................................................................................................................................................................ 105

Using the CLI ............................................................................................................................................................................106

Appendix: Default Parameters ...................................................................................................................................108

Configuring LAG

LAG ....................................................................................................................................................................................... 111

Supported Features ...........................................................................................................................................................................111

LAG Configuration ..........................................................................................................................................................112

Configuring Load-balancing Algorithm .....................................................................................................................113

Configuring Static LAG or LACP....................................................................................................................................114

Configuring Load-balancing Algorithm .....................................................................................................................116

Configuring Static LAG or LACP....................................................................................................................................117

Configuration Example .................................................................................................................................................121

Network Requirements .....................................................................................................................................................................121

Configuration Scheme .....................................................................................................................................................................121

Appendix: Default Parameters ...................................................................................................................................125

Monitoring Traffic

Traffic Monitor .................................................................................................................................................................127

Viewing the Traffic Summary ..........................................................................................................................................127

Viewing the Traffic Statistics in Detail ........................................................................................................................128

Appendix: Default Parameters ...................................................................................................................................131

Managing MAC Address Table

MAC Address Table .......................................................................................................................................................133

Supported Features ...........................................................................................................................................................................133

Address Configurations ...............................................................................................................................................135

Adding Static MAC Address Entries ..........................................................................................................................135

Modifying the Aging Time of Dynamic Address Entries...................................................................................137

Adding MAC Filtering Address Entries.......................................................................................................................138

Viewing Address Table Entries ....................................................................................................................................... 138

Adding Static MAC Address Entries ..........................................................................................................................139

Modifying the Aging Time of Dynamic Address Entries...................................................................................140

Adding MAC Filtering Address Entries.......................................................................................................................141

Security Configurations ...............................................................................................................................................143

Configuring MAC Notification Traps ...........................................................................................................................143

Limiting the Number of MAC Addresses in VLANs ............................................................................................145

Configuring MAC Notification Traps ...........................................................................................................................146

Limiting the Number of MAC Addresses in VLANs ............................................................................................147

Example for Security Configurations ......................................................................................................................149

Network Requirements .....................................................................................................................................................................149

Configuration Scheme .....................................................................................................................................................................149

Appendix: Default Parameters ...................................................................................................................................152

Configuring DDM

Overview ............................................................................................................................................................................154

DDM Configuration.........................................................................................................................................................155

Configuring DDM Globally .................................................................................................................................................155

Configuring the Temperature Threshold ..................................................................................................................156

Configuring the Voltage Threshold .............................................................................................................................. 156

Configuring the Bias Current Threshold ...................................................................................................................157

Configuring the Tx Power Threshold ..........................................................................................................................158

Configuring the Rx Power Threshold ..........................................................................................................................159

Viewing DDM Status ............................................................................................................................................................. 159

Configuring DDM Globally .................................................................................................................................................160

Configuring DDM Shutdown ............................................................................................................................................161

Configuring Temperature Threshold ..........................................................................................................................162

Configuring Voltage Threshold ......................................................................................................................................163

Configuring Bias Current Threshold ............................................................................................................................ 164

Configuring Tx Power Threshold ................................................................................................................................... 166

Configuring Rx Power Threshold ..................................................................................................................................167

Viewing DDM Configuration .............................................................................................................................................168

Viewing DDM Status ............................................................................................................................................................. 169

Appendix: Default Parameters ...................................................................................................................................170

Configuring L2PT

Overview ............................................................................................................................................................................172

L2PT Configuration ........................................................................................................................................................174

Configuration Example .................................................................................................................................................178

Network Requirements .....................................................................................................................................................................178

Configuration Scheme .....................................................................................................................................................................178

Appendix: Default Parameters ...................................................................................................................................181

Configuring 802.1Q VLAN

Overview ...........................................................................................................................................................................183

802.1Q VLAN Configuration .......................................................................................................................................184

Configuring the PVID of the Port ...................................................................................................................................184

Configuring the VLAN .......................................................................................................................................................... 186

Creating a VLAN .....................................................................................................................................................................187

Configuring the Port .............................................................................................................................................................188

Adding the Port to the Specified VLAN .....................................................................................................................189

Configuration Example .................................................................................................................................................191

Network Requirements .....................................................................................................................................................................191

Configuration Scheme .....................................................................................................................................................................191

Network Topology ...............................................................................................................................................................................192

Appendix: Default Parameters ..................................................................................................................................197

Configuring MAC VLAN

Overview ............................................................................................................................................................................199

MAC VLAN Configuration ............................................................................................................................................200

Configuring 802.1Q VLAN ................................................................................................................................................200

Binding the MAC Address to the VLAN .....................................................................................................................201

Enabling MAC VLAN for the Port ................................................................................................................................... 201

Configuring 802.1Q VLAN ................................................................................................................................................202

Binding the MAC Address to the VLAN .....................................................................................................................202

Enabling MAC VLAN for the Port ................................................................................................................................... 203

Configuration Example ................................................................................................................................................205

Network Requirements .....................................................................................................................................................................205

Configuration Scheme .....................................................................................................................................................................205

Appendix: Default Parameters ...................................................................................................................................213

Configuring Protocol VLAN

Overview ............................................................................................................................................................................215

Protocol VLAN Configuration.....................................................................................................................................216

Configuring 802.1Q VLAN ................................................................................................................................................216

Creating Protocol Template ............................................................................................................................................217

Configuring Protocol VLAN ............................................................................................................................................. 218

Configuring 802.1Q VLAN ................................................................................................................................................218

Creating a Protocol Template ......................................................................................................................................... 219

Configuring Protocol VLAN ..............................................................................................................................................220

Configuration Example ................................................................................................................................................222

Network Requirements .....................................................................................................................................................................222

Configuration Scheme .....................................................................................................................................................................222

Appendix: Default Parameters ...................................................................................................................................234

Configuring VLAN-VPN

VLAN-VPN .........................................................................................................................................................................236

Supported Features ...........................................................................................................................................................................237

Basic VLAN-VPN Configuration ................................................................................................................................238

Configuring 802.1Q VLAN ................................................................................................................................................238

Configuring Global VLAN-VPN and Up-link Ports ................................................................................................ 239

Configuring VPN Ports ........................................................................................................................................................240

Configuring 802.1Q VLAN ................................................................................................................................................240

Configuring Basic VLAN-VPN .........................................................................................................................................241

Flexible VLAN-VPN Configuration ............................................................................................................................244

Configuration Example .................................................................................................................................................247

Network Requirements .....................................................................................................................................................................247

Configuration Scheme .....................................................................................................................................................................247

Appendix: Default Parameters ...................................................................................................................................255

Configuring GVRP

Overview ............................................................................................................................................................................257

GVRP Configuration .......................................................................................................................................................258

Configuration Example .................................................................................................................................................263

Network Requirements .....................................................................................................................................................................263

Configuration Scheme .....................................................................................................................................................................263

Appendix: Default Parameters ...................................................................................................................................271

Configuring Private VLAN

Overview ............................................................................................................................................................................273

Private VLAN Configurations .....................................................................................................................................275

Creating Private VLAN.........................................................................................................................................................275

Configuring the Up-link Port ............................................................................................................................................276

Configuring the Down-link Port ......................................................................................................................................277

Creating Private VLAN.........................................................................................................................................................278

Configuring the Up-link Port ............................................................................................................................................280

Configuring the Down-link Port ......................................................................................................................................281

Configuration Example .................................................................................................................................................283

Network Requirements .....................................................................................................................................................................283

Configuration Scheme .....................................................................................................................................................................283

Network Topology ...............................................................................................................................................................................283

Appendix: Default Parameters ...................................................................................................................................289

Configuring Spanning Tree

Spanning Tree ..................................................................................................................................................................291

Basic Concepts ....................................................................................................................................................................................291

STP/RSTP Concepts ............................................................................................................................................................ 291

MSTP Concepts .....................................................................................................................................................................295

STP Security ...........................................................................................................................................................................................296

STP/RSTP Configurations ...........................................................................................................................................299

Configuring STP/RSTP Parameters on Ports ......................................................................................................... 299

Configuring STP/RSTP Globally .....................................................................................................................................301

Verifying the STP/RSTP Configurations .................................................................................................................... 303

Configuring STP/RSTP Parameters on Ports ......................................................................................................... 304

Configuring Global STP/RSTP Parameters .............................................................................................................306

Enabling STP/RSTP Globally ............................................................................................................................................307

MSTP Configurations ....................................................................................................................................................309

Configuring Parameters on Ports in CIST ................................................................................................................309

Configuring the MSTP Region ........................................................................................................................................311

Configuring MSTP Globally ............................................................................................................................................... 316

Verifying the MSTP Configurations .............................................................................................................................318

Configuring Parameters on Ports in CIST ................................................................................................................319

Configuring the MSTP Region .......................................................................................................................................321

Configuring Global MSTP Parameters .......................................................................................................................324

Enabling Spanning Tree Globally...................................................................................................................................326

STP Security Configurations ......................................................................................................................................329

Configuring the STP Security .......................................................................................................................................... 329

(Optional) Configuring the Threshold and TC Protect Cycle ......................................................................... 330

Configuring the STP Security .......................................................................................................................................... 331

Configuring the TC Protect ..............................................................................................................................................333

Configuration Example for MSTP .............................................................................................................................335

Network Requirements .....................................................................................................................................................................335

Configuration Scheme .....................................................................................................................................................................335

Appendix: Default Parameters ...................................................................................................................................354

Configuring OAM

Ethernet OAM ................................................................................................................................................................... 357

Supported Features ...........................................................................................................................................................................358

Ethernet OAM Configurations ....................................................................................................................................361

Enabling OAM and Configuring OAM Mode ...........................................................................................................361

Configuring Link Monitoring ............................................................................................................................................. 362

Configuring RFI ........................................................................................................................................................................364

Configuring Remote Loopback ...................................................................................................................................... 365

Viewing OAM Status ............................................................................................................................................................. 366

Enabling OAM and Configuring OAM Mode ...........................................................................................................368

Configuring Link Monitoring ............................................................................................................................................. 369

Configuring Remote Failure Indication ....................................................................................................................... 375

Configuring Remote Loopback ...................................................................................................................................... 376

Verifying OAM Connection ............................................................................................................................................... 377

Viewing OAM Statistics ................................................................................................................................................380

Viewing OAMPDUs ................................................................................................................................................................ 380

Viewing Event Logs...............................................................................................................................................................382

Viewing OAMPDUs ................................................................................................................................................................ 383

Viewing Event Logs...............................................................................................................................................................385

Configuration Example .................................................................................................................................................387

Network Requirements .....................................................................................................................................................................387

Configuration Scheme ........................................................................................................................................................387

Using the GUI ............................................................................................................................................................................ 387

Using the CLI ............................................................................................................................................................................392

Appendix: Default Parameters ...................................................................................................................................397

Configuring Layer 2 Multicast

Layer 2 Multicast .............................................................................................................................................................399

Supported Layer 2 Multicast Protocols ..................................................................................................................................400

IGMP Snooping Configurations ................................................................................................................................. 401

Configuring IGMP Snooping Globally .........................................................................................................................401

Enabling IGMP Snooping Globally ................................................................................................................401

(Optional) Configuring Unknown Multicast ..............................................................................................401

(Optional) Configuring Report Message Suppression ......................................................................402

Configuring Router Port Time and Member Port Time ..................................................................... 402

Configuring IGMP Snooping Last Listener Query ...............................................................................403

Verifying IGMP Snooping Status ................................................................................................................... 403

Configuring the Port’s Basic IGMP Snooping Features....................................................................................404

Enabling IGMP Snooping on the Port .........................................................................................................404

(Optional) Configuring Fast Leave ................................................................................................................404

Configuring IGMP Snooping in the VLAN .................................................................................................................405

Configuring IGMP Snooping Globally in the VLAN .............................................................................. 405

(Optional) Configuring the Static Router Ports in the VLAN ..........................................................406

(Optional) Configuring the Forbidden Router Ports in the VLAN ................................................406

Configuring the Multicast VLAN ....................................................................................................................................406

Creating Multicast VLAN and Configuring Basic Settings .............................................................. 407

(Optional) Creating Replace Source IP ......................................................................................................408

Viewing Dynamic Router Ports in the Multicast VLAN ...................................................................... 408

(Optional) Configuring the Static Router Ports ...................................................................................... 408

(Optional) Configuring the Forbidden Router Ports ............................................................................ 408

(Optional) Configuring the Querier ................................................................................................................................ 409

Configuring the Querier ...................................................................................................................................... 409

Viewing Settings of IGMP Querier ................................................................................................................409

Configuring IGMP Profile .................................................................................................................................................... 410

Creating Profile .......................................................................................................................................................410

Searching Profile ....................................................................................................................................................410

Editing IP Range of the Profile ........................................................................................................................411

Binding Profile and Member Ports ................................................................................................................................ 411

Binding Profile and Member Ports ...............................................................................................................412

Configuring Max Groups a Port Can Join.................................................................................................412

Viewing IGMP Statistics on Each Port ........................................................................................................................413

Configuring Auto Refresh .................................................................................................................................413

Viewing IGMP Statistics .....................................................................................................................................414

Enabling IGMP Accounting and Authentication .................................................................................................... 414

Configuring IGMP Accounting Globally .....................................................................................................415

Configuring IGMP Authentication on the Port .......................................................................................415

Configuring Static Member Port ....................................................................................................................................415

Configuring Static Member Port ...................................................................................................................416

Viewing IGMP Static Multicast Groups ......................................................................................................416

Enabling IGMP Snooping Globally ................................................................................................................................417

Enabling IGMP Snooping on the Port .........................................................................................................................417

Configuring IGMP Snooping Parameters Globally ..............................................................................................418

Configuring Report Message Suppression ............................................................................................418

Configuring Unknown Multicast ....................................................................................................................419

Configuring IGMP Snooping Parameters on the Port .......................................................................................420

Configuring Router Port Time and Member Port Time ..................................................................... 420

Configuring Fast Leave ......................................................................................................................................421

Configuring Max Group and Overflow Action on the Port ..............................................................422

Configuring IGMP Snooping Last Listener Query ...............................................................................................423

Configuring IGMP Snooping Parameters in the VLAN ......................................................................................425

Configuring Router Port Time and Member Port Time ..................................................................... 425

Configuring Static Router Port .......................................................................................................................426

Configuring Forbidden Router Port .............................................................................................................427

Configuring Static Multicast (Multicast IP and Forward Port)........................................................428

Configuring IGMP Snooping Parameters in the Multicast VLAN ................................................................428

Configuring Router Port Time and Member Port Time ..................................................................... 428

Configuring Static Router Port .......................................................................................................................429

Configuring Forbidden Router Port .............................................................................................................430

Configuring Replace Source IP ......................................................................................................................431

Configuring the Querier ......................................................................................................................................................432

Enabling IGMP Querier ........................................................................................................................................432

Configuring Query Interval, Max Response Time and General Query Source IP ...............433

Configuring Multicast Filtering ........................................................................................................................................ 434

Creating Profile .......................................................................................................................................................434

Binding Profile to the Port .................................................................................................................................435

Enabling IGMP Accounting and Authentication .................................................................................................... 437

Enabling IGMP Authentication on the Port ..............................................................................................437

Enabling IGMP Accounting Globally ............................................................................................................438

Configuring MLD Snooping.........................................................................................................................................439

Configuring MLD Snooping Globally ...........................................................................................................................439

Enabling MLD Snooping Globally..................................................................................................................439

(Optional) Configuring Unknown Multicast ..............................................................................................439

(Optional) Configuring Report Message Suppression ......................................................................440

Configuring Router Port Time and Member Port Time ..................................................................... 440

Configuring MLD Snooping Last Listener Query ................................................................................. 441

Verifying MLD Snooping Status ....................................................................................................................441

Configuring the Port’s Basic MLD Snooping Features .....................................................................................442

Enabling MLD Snooping on the Port ..........................................................................................................442

(Optional) Configuring Fast Leave ................................................................................................................442

Configuring MLD Snooping in the VLAN ..................................................................................................................443

Configuring MLD Snooping Globally in the VLAN ...............................................................................443

(Optional) Configuring the Static Router Ports in the VLAN ..........................................................444

(Optional) Configuring the Forbidden Router Ports in the VLAN ................................................444

Configuring the Multicast VLAN ....................................................................................................................................444

Creating Multicast VLAN and Configuring Basic Settings .............................................................. 445

(Optional) Creating Replace Source IP ......................................................................................................446

Viewing Dynamic Router Ports in the Multicast VLAN ...................................................................... 446

(Optional) Configuring the Static Router Ports ...................................................................................... 446

(Optional) Configuring the Forbidden Router Ports ............................................................................ 446

(Optional) Configuring the Querier ................................................................................................................................ 447

Configuring the Querier ...................................................................................................................................... 447

Viewing Settings of MLD Querier .................................................................................................................. 447

Configuring MLD Profile .....................................................................................................................................................448

Creating Profile .......................................................................................................................................................448

Searching Profile ....................................................................................................................................................448

Editing IP Range of the Profile ........................................................................................................................449

Binding Profile and Member Ports ................................................................................................................................ 450

Binding Profile and Member Ports ...............................................................................................................450

Configuring Max Groups a Port Can Join.................................................................................................451

Viewing MLD Statistics on Each Port .........................................................................................................................452

Configuring Auto Refresh .................................................................................................................................452

Viewing MLD Statistics .......................................................................................................................................452

Configuring Static Member Port ....................................................................................................................................453

Configuring Static Member Port ...................................................................................................................453

Viewing MLD Static Multicast Groups ........................................................................................................ 453

Enabling MLD Snooping Globally ..................................................................................................................................454

Enabling MLD Snooping on the Port ........................................................................................................................... 454

Configuring MLD Snooping Parameters Globally ................................................................................................455

Configuring Report Message Suppression ............................................................................................455

Configuring Unknown Multicast ....................................................................................................................456

Configuring MLD Snooping Parameters on the Port ......................................................................................... 457

Configuring Router Port Time and Member Port Time ..................................................................... 457

Configuring Fast Leave ......................................................................................................................................458

Configuring Max Group and Overflow Action on the Port ..............................................................459

Configuring MLD Snooping Last Listener Query .................................................................................................460

Configuring MLD Snooping Parameters in the VLAN .......................................................................................461

Configuring Router Port Time and Member Port Time ..................................................................... 461

Configuring Static Router Port .......................................................................................................................462

Configuring Forbidden Router Port .............................................................................................................463

Configuring Static Multicast (Multicast IP and Forward Port)........................................................464

Configuring MLD Snooping Parameters in the Multicast VLAN ..................................................................465

Configuring Router Port Time and Member Port Time ..................................................................... 465

Configuring Static Router Port .......................................................................................................................466

Configuring Forbidden Router Port .............................................................................................................467

Configuring Replace Source IP ......................................................................................................................468

Configuring the Querier ......................................................................................................................................................469

Enabling MLD Querier .........................................................................................................................................469

Configuring Query Interval, Max Response Time and General Query Source IP ...............470

Configuring Multicast Filtering ........................................................................................................................................ 471

Creating Profile .......................................................................................................................................................471

Binding Profile to the Port .................................................................................................................................472

Viewing Multicast Snooping Configurations ........................................................................................................474

Viewing IPv4 Multicast Snooping Configurations ................................................................................................474

Viewing IPv6 Multicast Snooping Configurations ................................................................................................475

Viewing IPv4 Multicast Snooping Configurations ................................................................................................475

Viewing IPv6 Multicast Snooping Configurations ................................................................................................476

Configuration Examples ...............................................................................................................................................478

Example for Configuring Basic IGMP Snooping .................................................................................................................478

Network Requirements .......................................................................................................................................................478

Configuration Scheme ........................................................................................................................................................478

Using the GUI ............................................................................................................................................................................ 479

Using the CLI ............................................................................................................................................................................482

Example for Configuring Multicast VLAN ...............................................................................................................................484

Network Requirements .......................................................................................................................................................484

Configuration Scheme ........................................................................................................................................................484

Network Topology .................................................................................................................................................................484

Using the GUI ............................................................................................................................................................................ 485

Using the CLI ............................................................................................................................................................................488

Example for Configuring Unknown Multicast and Fast Leave ....................................................................................490

Network Requirement .......................................................................................................................................................... 490

Configuration Scheme ........................................................................................................................................................491

Using the GUI ............................................................................................................................................................................ 491

Using the CLI ............................................................................................................................................................................494

Example for Configuring Multicast Filtering ..........................................................................................................................495

Network Requirements .......................................................................................................................................................495

Configuration Scheme ........................................................................................................................................................495

Network Topology .................................................................................................................................................................495

Using the GUI ............................................................................................................................................................................ 496

Using the CLI ............................................................................................................................................................................503

Appendix: Default Parameters ..................................................................................................................................506

Default Parameters for IGMP Snooping .................................................................................................................................506

Default Parameters for MLD Snooping ...................................................................................................................................507

Configuring Logical Interfaces

Overview ............................................................................................................................................................................510

Logical Interfaces Configurations ............................................................................................................................511

Creating a Layer 3 Interface ............................................................................................................................................. 511

Configuring IPv4 Parameters of the Interface .......................................................................................................512

Configuring IPv6 Parameters of the Interface .......................................................................................................513

Viewing Detail Information of the Interface .............................................................................................................516

Creating a Layer 3 Interface ............................................................................................................................................. 516

Configuring IPv4 Parameters of the Interface .......................................................................................................518

Configuring IPv6 Parameters of the Interface .......................................................................................................519

Appendix: Default Parameters ...................................................................................................................................522

Configuring Static Routing

Overview ............................................................................................................................................................................524

IPv4 Static Routing Configuration ............................................................................................................................525

IPv6 Static Routing Configuration ............................................................................................................................527

Viewing Routing Table ..................................................................................................................................................530

Viewing IPv4 Routing Table ..............................................................................................................................................530

Viewing IPv6 Routing Table ..............................................................................................................................................531

Viewing IPv4 Routing Table ..............................................................................................................................................531

Viewing IPv6 Routing Table ..............................................................................................................................................532

Example for Static Routing .......................................................................................................................................... 533

Network Requirements .....................................................................................................................................................................533

Configuration Scheme .....................................................................................................................................................................533

Appendix: Default Parameter .....................................................................................................................................537

Configuring DHCP

DHCP ...................................................................................................................................................................................539

Supported Features ...........................................................................................................................................................................539

DHCP Server Configuration ........................................................................................................................................ 543

Enabling DHCP Server ........................................................................................................................................................543

Configuring DHCP Server Pool ......................................................................................................................................545

Configuring Manual Binding .............................................................................................................................................546

Enabling DHCP Server ........................................................................................................................................................548

Configuring DHCP Server Pool ......................................................................................................................................550

Configuring Manual Binding .............................................................................................................................................553

DHCP Client Configuration ..........................................................................................................................................555

DHCP Relay Configuration ..........................................................................................................................................558

Enabling DHCP Relay and Configuring Option 82 ...............................................................................................558

Specifying DHCP Server for the Interface or VLAN ...........................................................................................559

Enabling DHCP Relay ...........................................................................................................................................................561

(Optional) Configuring Option 82 ..................................................................................................................................562

Specifying DHCP Server for Interface or VLAN ....................................................................................................563

Configuration Examples ...............................................................................................................................................567

Example for DHCP Server ...............................................................................................................................................................567

Network Requirements .......................................................................................................................................................567

Configuration Scheme ........................................................................................................................................................567

Using the GUI ............................................................................................................................................................................ 567

Using the CLI ............................................................................................................................................................................570

Example for DHCP Interface Relay ............................................................................................................................................571

Network Requirements .......................................................................................................................................................571

Configuration Scheme ........................................................................................................................................................571

Using the GUI ............................................................................................................................................................................ 572

Using the CLI ............................................................................................................................................................................573

Appendix: Default Parameters ...................................................................................................................................575

Configuring ARP

Overview ............................................................................................................................................................................580

ARP Configurations ........................................................................................................................................................ 581

Viewing the ARP Entries .....................................................................................................................................................581

Adding Static ARP Entries Manually ............................................................................................................................582

Configuring ARP Function ................................................................................................................................................. 582

Configuring QoS

QoS .......................................................................................................................................................................................587

Supported Features ...........................................................................................................................................................................587

DiffServ Configuration ..................................................................................................................................................588

Configuring Priority Mode .................................................................................................................................................589

Configuring Schedule Mode ............................................................................................................................................592

Using CLI ..................................................................................................................................................................................................593

Configuring Priority Mode .................................................................................................................................................593

Configuring Schedule Mode ............................................................................................................................................598

Bandwidth Control Configuration .............................................................................................................................601

Configuring Rate Limit .........................................................................................................................................................601

Configuring Storm Control ...............................................................................................................................................602

Configuring Rate Limit on Port .......................................................................................................................................604

Configuring Storm Control ...............................................................................................................................................605

Configuration Examples ...............................................................................................................................................608

Example for Configuring SP Mode .............................................................................................................................................608

Network Requirements .......................................................................................................................................................608

Configuration Scheme ........................................................................................................................................................608

Using the GUI ............................................................................................................................................................................ 609

Using the CLI ............................................................................................................................................................................610

Example for Configuring WRR Mode ........................................................................................................................................611

Network Requirements .......................................................................................................................................................611

Configuration Scheme ........................................................................................................................................................612

Using the GUI ............................................................................................................................................................................ 612

Using the CLI ............................................................................................................................................................................619

Appendix: Default Parameters ...................................................................................................................................624

Configuring Voice VLAN

Overview ...........................................................................................................................................................................627

Voice VLAN Configuration ..........................................................................................................................................629

Configuring OUI Addresses .............................................................................................................................................630

Configuring Voice VLAN Globally .................................................................................................................................631

Configuring Voice VLAN Mode on Ports ..................................................................................................................632

Configuration Example .................................................................................................................................................636

Network Requirements .....................................................................................................................................................................636

Configuration Scheme .....................................................................................................................................................................636

Network Topology..............................................................................................................................................................................636

Appendix: Default Parameters ...................................................................................................................................653

Configuring PoE

PoE .......................................................................................................................................................................................655

Supported Features ...........................................................................................................................................................................655

PoE Power Management Configurations ..............................................................................................................656

Configuring the PoE Parameters Manually .............................................................................................................. 656

Configuring the PoE Parameters Using the Profile .............................................................................................658

Configuring the PoE Parameters Manually .............................................................................................................. 660

Configuring the PoE Parameters Using the Profile .............................................................................................662

Time-Range Function Configurations ..................................................................................................................... 664

Creating a Time-Range ....................................................................................................................................................... 664

Configuring the Holiday Parameters ...........................................................................................................................666

Viewing the Time-Range Table ......................................................................................................................................666

Configuring a Time-Range ................................................................................................................................................667

Configuring the Holiday Parameters ...........................................................................................................................669

Viewing the Time-Range Table ......................................................................................................................................670

Example for PoE Configurations ...............................................................................................................................671

Network Requirements .....................................................................................................................................................................671

Configuring Scheme ..........................................................................................................................................................................671

Appendix: Default Parameters ...................................................................................................................................675

Configuring ACL

Overview............................................................................................................................................677

Introduction.............................................................................................................................................................................................677

Supported Features ...........................................................................................................................................................................677

ACL Configuration .............................................................................................................................678

Configuring Time-Range .................................................................................................................................................679

(Optional) Configuring Holiday ........................................................................................................................................680

Creating an ACL ...................................................................................................................................................................... 680

Configuring ACL Rules ........................................................................................................................................................682

Configuring Policy ..................................................................................................................................................................690

Configuring the ACL Binding and Policy Binding .................................................................................................693

Configuring Time Range ....................................................................................................................................................698

Configuring ACL .....................................................................................................................................................................700

Configuring Policy ..................................................................................................................................................................709

ACL Binding and Policy Binding .....................................................................................................................................711

Configuration Example for ACL ................................................................................................................................. 714

Network Requirements .....................................................................................................................................................................714

Network Topology ...............................................................................................................................................................................714

Configuration Scheme .....................................................................................................................................................................714

Appendix: Default Parameters...........................................................................................................722

Configuring Network Security

Network Security ............................................................................................................................................................725

Supported Features ...........................................................................................................................................................................725

IP-MAC Binding Configurations.................................................................................................................................731

Binding Entries Manually ....................................................................................................................................................731

Binding Entries Dynamically .............................................................................................................................................732

Viewing the Binding Entries ..............................................................................................................................................734

Binding Entries Manually ....................................................................................................................................................736

Viewing Binding Entries ......................................................................................................................................................737

IPv6-MAC Binding Configurations............................................................................................................................738

Binding Entries Manually ....................................................................................................................................................738

Binding Entries Dynamically .............................................................................................................................................739

Viewing the Binding Entries ..............................................................................................................................................741

Binding Entries Manually ....................................................................................................................................................743

Binding Entries via ND Snooping ................................................................................................................................... 744

Viewing Binding Entries ......................................................................................................................................................745

DHCP Snooping Configuration .................................................................................................................................. 747

Enabling DHCP Snooping on VLAN ............................................................................................................................. 747

Configuring DHCP Snooping on Ports ......................................................................................................................748

(Optional) Configuring Option 82 ..................................................................................................................................749

Enabling DHCP Snooping on VLAN ............................................................................................................................. 750

Configuring DHCP Snooping on Ports ......................................................................................................................751

(Optional) Configuring Option 82 ..................................................................................................................................753

DHCPv6 Snooping Configuration ............................................................................................................................. 756

ARP Inspection Configurations .................................................................................................................................759

Configuring ARP Detection ..............................................................................................................................................759

Configuring ARP Defend ....................................................................................................................................................760

Viewing ARP Statistics ........................................................................................................................................................761

Configuring ARP Detection ..............................................................................................................................................762

Configuring ARP Defend ....................................................................................................................................................763

Viewing ARP Statistics ........................................................................................................................................................765

ND Detection Configuration .......................................................................................................................................766

IP Source Guard Configuration .................................................................................................................................. 769

DoS Defend Configuration ..........................................................................................................................................772

802.1X Configuration ....................................................................................................................................................776

Configuring the RADIUS Server .....................................................................................................................................776

Configuring 802.1X Globally ............................................................................................................................................780

Configuring 802.1X on Ports ...........................................................................................................................................782

Configuring the RADIUS Server .....................................................................................................................................783

Configuring 802.1X Globally ............................................................................................................................................785

Configuring 802.1X on Ports ...........................................................................................................................................788

PPPoE ID-Insertion Configuration ............................................................................................................................790

AAA Configuration .......................................................................................................................................................... 794

Globally Enabling AAA .........................................................................................................................................................795

Adding Servers ........................................................................................................................................................................ 795

Configuring Server Groups ............................................................................................................................................... 797

Configuring the Method List ............................................................................................................................................798

Configuring the AAA Application List .........................................................................................................................800

Configuring Login Account and Enable Password .............................................................................................800

Globally Enabling AAA .........................................................................................................................................................801

Adding Servers ........................................................................................................................................................................ 802

Configuring Server Groups ............................................................................................................................................... 805

Configuring the Method List ............................................................................................................................................806

Configuring the AAA Application List .........................................................................................................................807

Configuring Login Account and Enable Password .............................................................................................812

Configuration Examples ...............................................................................................................................................814

Example for DHCP Snooping and ARP Detection ............................................................................................................814

Network Requirements .......................................................................................................................................................814

Configuration Scheme ........................................................................................................................................................814

Using the GUI ............................................................................................................................................................................ 815

Using the CLI ............................................................................................................................................................................818

Example for DHCPv6 Snooping and ND Detection .........................................................................................................820

Network Requirements .......................................................................................................................................................820

Configuration Scheme ........................................................................................................................................................821

Using the GUI ............................................................................................................................................................................ 821

Using the CLI ............................................................................................................................................................................823

Example for IP Source Guard ........................................................................................................................................................825

Network Requirements .......................................................................................................................................................825

Configuration Scheme ........................................................................................................................................................825

Using the GUI ............................................................................................................................................................................ 826

Using the CLI ............................................................................................................................................................................827

Example for 802.1X ............................................................................................................................................................................828

Network Requirements .......................................................................................................................................................828

Configuration Scheme ........................................................................................................................................................828

Network Topology .................................................................................................................................................................829

Using the GUI ............................................................................................................................................................................ 829

Using the CLI ............................................................................................................................................................................832

Example for AAA ..................................................................................................................................................................................834

Network Requirements .......................................................................................................................................................834

Configuration Scheme ........................................................................................................................................................835

Using the GUI ............................................................................................................................................................................ 835

Using the CLI ............................................................................................................................................................................838

Appendix: Default Parameters ...................................................................................................................................841

Configuring LLDP

LLDP .....................................................................................................................................................................................849

Supported Features ...........................................................................................................................................................................849

LLDP Configurations .....................................................................................................................................................850

Global Config ............................................................................................................................................................................850

Port Config ................................................................................................................................................................................. 852

Global Config ............................................................................................................................................................................853

Port Config ................................................................................................................................................................................. 855

LLDP-MED Configurations ..........................................................................................................................................858

Global Config ............................................................................................................................................................................858

Port Config ................................................................................................................................................................................. 859

Global Config ............................................................................................................................................................................861

Port Config ................................................................................................................................................................................. 862

Viewing LLDP Settings..................................................................................................................................................865

Using GUI ..................................................................................................................................................................................................865

Viewing LLDP Device Info .................................................................................................................................................865

Viewing LLDP Statistics .....................................................................................................................................................868

Viewing LLDP-MED Settings ......................................................................................................................................870

Configuration Example .................................................................................................................................................873

Example for Configuring LLDP ....................................................................................................................................................873

Network Requirements .......................................................................................................................................................873

Network Topology .................................................................................................................................................................873

Configuration Scheme ........................................................................................................................................................873

Using the GUI ............................................................................................................................................................................ 873

Using CLI .....................................................................................................................................................................................874

Example for Configuring LLDP-MED ........................................................................................................................................880

Network Requirements .......................................................................................................................................................880

Configuration Scheme ........................................................................................................................................................880

Network Topology .................................................................................................................................................................880

Using the GUI ............................................................................................................................................................................ 881

Using the CLI ............................................................................................................................................................................885

Appendix: Default Parameters ...................................................................................................................................892

Configuring Maintenance

Maintenance ....................................................................................................................................................................894

Supported Features ...........................................................................................................................................................................894

Monitoring the System .................................................................................................................................................895

Monitoring the CPU ..............................................................................................................................................................895

Monitoring the Memory ......................................................................................................................................................896

Monitoring the CPU ..............................................................................................................................................................897

Monitoring the Memory ......................................................................................................................................................897

SFlow Configuration ......................................................................................................................................................898

Configuring the SFlow Collector ...................................................................................................................................898

Configuring the SFlow Sampler ....................................................................................................................................899

System Log Configurations .......................................................................................................................................903

Configuring the Local Log ................................................................................................................................................. 904

Configuring the Remote Log ...........................................................................................................................................905

Backing up the Log File .....................................................................................................................................................905

Viewing the Log Table .........................................................................................................................................................906

Configuring the Local Log ................................................................................................................................................. 906

Configuring the Remote Log ...........................................................................................................................................908

Diagnosing the Device .................................................................................................................................................. 910

Diagnosing the Network ............................................................................................................................................... 912

Configuring the Ping Test .................................................................................................................................................. 912

Configuring the Tracert Test ...........................................................................................................................................913

Configuring the Ping Test .................................................................................................................................................. 914

Configuring the Tracert Test ...........................................................................................................................................915

DLDP Configuration .......................................................................................................................................................916

Configuration Examples ...............................................................................................................................................920

Example for Configuring SFlow ...................................................................................................................................................920

Network Requirements .......................................................................................................................................................920

Configuration Scheme ........................................................................................................................................................920

Using the GUI ............................................................................................................................................................................ 920

Using the CLI ............................................................................................................................................................................921

Example for Configuring Remote Log ......................................................................................................................................923

Network Requirements .......................................................................................................................................................923

Configuration Scheme ........................................................................................................................................................923

Using the GUI ........................................................................................................................................................................... 923

Using the CLI ...........................................................................................................................................................................923

Appendix: Default Parameters ...................................................................................................................................925

Configuring SNMP & RMON

SNMP Overview ...............................................................................................................................................................928

SNMP Configurations .................................................................................................................................................... 929

Enabling SNMP ........................................................................................................................................................................930

Creating an SNMP View......................................................................................................................................................930

Creating an SNMP Group ..................................................................................................................................................931

Creating SNMP Users ......................................................................................................................................................... 933

Creating SNMP Communities .........................................................................................................................................934

Enabling SNMP ........................................................................................................................................................................935

Creating an SNMP View......................................................................................................................................................937

Creating an SNMP Group ..................................................................................................................................................938

Creating SNMP Users .......................................................................................................................................................... 940

Creating SNMP Communities .........................................................................................................................................941

Notification Configurations ......................................................................................................................................... 943

Configuring the Host ............................................................................................................................................................945

Enabling SNMP Notification .............................................................................................................................................946

RMON Overview ..............................................................................................................................................................952

RMON Configurations ...................................................................................................................................................953

Configuring Statistics ..........................................................................................................................................................953

Configuring History ...............................................................................................................................................................954

Configuring Event ..................................................................................................................................................................955

Configuring Alarm ..................................................................................................................................................................956

Configuring Statistics ..........................................................................................................................................................958

Configuring History ...............................................................................................................................................................959

Configuring Event ..................................................................................................................................................................960

Configuring Alarm ..................................................................................................................................................................962

Configuration Example ................................................................................................................................................964

Network Requirements .....................................................................................................................................................................964

Configuration Scheme .....................................................................................................................................................................964

Network Topology ...............................................................................................................................................................................965

Appendix: Default Parameters ...................................................................................................................................976

Configuration Guide 1

About This Guide Intended Readers

About This Guide

This Configuration Guide provides information for managing T2600G Series Switches.

Please read this guide carefully before operation.

Intended Readers

This Guide is intended for network managers familiar with IT concepts and network

terminologies.

Conventions

Some models featured in this guide may be unavailable in your country or region. For local

sales information, visit http://www.tp-link.com.

When using this guide, please notice that features of the switch may vary slightly

depending on the model and software version you have. All screenshots, images,

parameters and descriptions documented in this guide are used for demonstration only.

The information in this document is subject to change without notice. Every effort has

been made in the preparation of this document to ensure accuracy of the contents, but

all statements, information, and recommendations in this document do not constitute

the warranty of any kind, express or implied. Users must take full responsibility for their

application of any products.

In this Guide, the following conventions are used:

The symbol stands for Note. Notes contains suggestions or references that helps you

make better use of your device.

For GUI:

Menu Name > Submenu Name > Tab page indicates the menu structure. System >

System Info > System Summary means the System Summary page under the System Info

menu option that is located under the System menu.

Bold font indicates a button, a toolbar icon, menu or menu item.

For CLI:

Bold Font An unalterable keyword.

For example: show logging

Configuration Guide 2

About This Guide More Information

Normal Font A constant (several options are enumerated and only one can be

selected).

For example: no bandwidth {all | ingress | egress}

{} Items in braces { } are required.

[] Items in square brackets [ ] are optional.

|Alternative items are grouped in braces and separated by vertical bars |.

For example: speed {10 | 100 | 1000}

Italic Font A variable (an actual value must be assigned).

For example: bridge aging-time aging-time

Common combination:

{[ ][ ][ ]} A least one item in the square brackets must be selected.

For example: bandwidth {[ingress

ingress-rate] [egress egress-

rate]}

This command can be used on three occasions:

bandwidth ingress

ngress-rate is used to restrict ingress

bandwidth.

bandwidth egress egress-rate is used to restrict egress

bandwidth.

bandwidth ingress

ingress-rate egress egress-rate is used to

restrict ingress and egress bandwidth.

More Information

The latest software and documentations can be found at Download Center at

http://www.tp-link.com/support.

The Installation Guide (IG) can be found where you find this guide or inside the package

of the switch.

Specifications can be found on the product page at http://www.tp-link.com.

A Technical Support Forum is provided for you to discuss our products at

http://forum.tp-link.com.

Our Technical Support contact information can be found at the Contact Technical

Support page at http://www.tp-link.com/support.

Part 1

Accessing the Switch

CHAPTERS

1. Overview

2. Web Interface Access

3. Command Line Interface Access

Configuration Guide 4

Accessing the Switch Overview

1 Overview

You can access and manage the switch using the GUI (Graphical User Interface, also called

web interface in this text) or using the CLI (Command Line Interface). There are equivalent

functions in the web interface and the command line interface, while web configuration is

easier and more visual than the CLI configuration. You can choose the method according

to their available applications and preference.

Accessing the Switch Web Interface Access

Configuration Guide 5

2 Web Interface Access

You can access the switch’s web interface through the web-based authentication.

The switch uses two built-in web servers, HTTP server and HTTPS server, for user

authentication.

The following example shows how to login via the HTTP server.

2.1 Login

To manage your switch through a web browser in the host PC:

1) Make sure that the route between the host PC and the switch is available.

2) Launch a web browser. The supported web browsers include, but are not limited to, the

following types:

IE 8.0, 9.0, 10.0, 11.0

Firefox 26.0, 27.0

Chrome 32.0, 33.0

3) Enter the switch’s IP address in the web browser’s address bar. The switch’s default IP

address is 192.168.0.1.

Figure 2-1 Enter the switch's IP addresss in the browser

4) Enter the username and password in the pop-up login window. Use admin for both

username and password in lower case letters.

Figure 2-2 Login authentication

5) The typical web interface displays below. You can view the switch’s running status and

configure the switch on this interface.

Configuration Guide 6

Accessing the Switch Web Interface Access

Figure 2-3 Web interface

2.2 Save Config Function

The switch’s configuration files fall into two types: the running configuration file and the

start-up configuration file.

After you perform configurations on the sub-interfaces and click Apply, the modifications

will be saved in the running configuration file. The configurations will be lost when the

switch reboots.

If you need to keep the configurations after the switch reboots, please use the Save Config

function on the main interface to save the configurations in the start-up configuration file.

Accessing the Switch Web Interface Access

Configuration Guide 7

Figure 2-4 Save Config

2.3 Disable the Web Server

You can shut down the HTTP server or HTTPS server to block any access to the web

interface.

Go to System > Access Security > HTTP Config, disable the HTTP server and click Apply.

Figure 2-5 Shut down HTTP server

Configuration Guide 8

Accessing the Switch Web Interface Access

Go to System > Access Security > HTTPS Config, disable the HTTPS server and click Apply.

Figure 2-6 Disbale the HTTPS Server

2.4 Configure the Switch's IP Address and Default Gateway

If you want to access the switch via a specified port (hereafter referred to as the access

port), you can configure the port as a routed port and specify its IP address, or configure

the IP address of the VLAN which the access port belongs to.

Change the IP Address

By default, all the ports belong to VLAN 1 with the VLAN interface IP 192.168.0.1.

The following example shows how to change the switch’s default access IP address

192.168.0.1.

1) Go to Routing > Interface > Interface Config. The default access IP address in VLAN 1 in

the Interface List. Click Edit to modify the VLAN1’s IP address.

Figure 2-7 Change VLAN1's IP address

2) Choose the IP Address Mode as Static. Enter the new access address in the IP

Address field and click Apply. Make sure that the route between the host PC and the

switch’s new IP address is available.

Accessing the Switch Web Interface Access

Configuration Guide 9

Figure 2-8 Specify the IP address

3) Enter the new IP address in the web browser to access the switch.

4) Click Save Config to save the settings.

Configure the Default Gateway

The following example shows how to configure the switch’s gateway. By default, the switch

has no default gateway.

1) Go to page Routing > Static Routing > IPv4 Static Routing Config. Configure the parameters

related to the switch’s gateway and click Create.

Figure 2-9 Configure the default gateway

Destination Specify the destination as 0.0.0.0.

Subnet Mask Specify the subnet mask as 255.255.255.0.

Next Hop Configure your desired default gateway as the next hop’s IP address.

Configuration Guide 10

Accessing the Switch Web Interface Access

Distance Specify the distance as 1.

2) Click Save Config to save the settings.

3) Check the routing table to verify the default gateway you configured. The entry marked

in red box displays the valid default gateway.

Figure 2-10 View the default gateway

Accessing the Switch Command Line Interface Access

Configuration Guide 11

3 Command Line Interface Access

Users can access the switch's command line interface through the console (only for switch

with console port), Telnet or SSH connection, and manage the switch with the command

lines.

Console connection requires the host PC connecting to the switch’s console port directly,

while Telnet and SSH connection support both local and remote access.

The following table shows the typical applications used in the CLI access.

Table 3-1 Method list

Method Using Port Typical Applications

Console Console port (connected

directly)

Hyper Terminal

Telnet RJ-45 port CMD

SSH RJ-45 port Putty

3.1 Console Login (only for switch with console port)

Follow these steps to log in to the switch via the Console port:

1) Connect the PC or terminal to the Console port on the switch with the serial cable.

2) Start the terminal emulation program (such as the Hyper Terminal) on the PC and

configure the terminal emulation program as follows:

Baud Rate: 38400bps

Data Bits: 8

Parity: None

Stop Bits: 1

Flow Control: None

3) Press Enter in the main window and Switch> will appear, indicating that you have

successfully logged in to the switch and you can use the CLI now.

Configuration Guide 12

Accessing the Switch Command Line Interface Access

Figure 3-1 CLI Main Window

4) Enter enable to enter the User EXEC Mode to further configure the switch.

Figure 3-2 User EXEC Mode

Note:

In Windows XP, go to Start > All Programs > Accessories > Communications > Hyper Terminal to

open the Hyper Terminal and configure the above settings to log in to the switch.

Accessing the Switch Command Line Interface Access

Configuration Guide 13

3.2 Telnet Login

The switch supports Login Local Mode for authentication by default.

The following steps show how to manage the switch via the Login Local Mode:

1) Make sure the switch and the PC are in the same LAN (Local Area Network). Click Start

and type in cmd in the Search bar and press Enter.

Figure 3-3 Open the cmd Window

2) Type in telnet 192.168.0.1 in the cmd window and press Enter.

Figure 3-4 Log In to the Switch

3) Type in the login username and password (both admin by default). Press Enter and you

will enter User EXEC Mode.

Figure 3-5 Enter User EXEC Mode

4) Type in enable command and you will enter Privileged EXEC Mode. By default no

password is needed. Later you can set a password for users who want to access the

Privileged EXEC Mode.

Configuration Guide 14

Accessing the Switch Command Line Interface Access

Figure 3-6 Enter Privileged EXEC Mode

Now you can manage your switch with CLI commands through Telnet connection.

3.3 SSH Login

SSH login supports the following two modes: Password Authentication Mode and Key

Authentication Mode. You can choose one according to your needs:

Password Authentication Mode: Username and password are required, which are both

admin by default.

Key Authentication Mode (Recommended): A public key for the switch and a private key

for the client software (PuTTY) are required. You can generate the public key and the

private key through the PuTTY Key Generator.

Before logging in via SSH, follow the steps below to enable SSH on the terminal emulation

program:

Figure 3-7 Enable SSH

Password Authentication Mode

1) Open PuTTY and go to the Session page. Enter the IP address of the switch in the Host

Name field and keep the default value 22 in the Port field; select SSH as the Connection

type. Click Open.

Accessing the Switch Command Line Interface Access

Configuration Guide 15

Figure 3-8 Configurations in PuTTY

2) Enter the login username and password to log in to the switch, and you can continue to

configure the switch.

Figure 3-9 Log In to the Switch

Key Authentication Mode

1) Open the PuTTY Key Generator. In the Parameters section, select the key type and

enter the key length. In the Actions section, click Generate to generate a public/private

key pair. In the following figure, an SSH-2 RSA key pair is generated, and the length of

each key is 1024 bits.

Configuration Guide 16

Accessing the Switch Command Line Interface Access

Figure 3-10 Generate a Public/Private Key Pair

Note:

• The key length should be between 512 and 3072 bits.

• You can accelerate the key generation process by moving the mouse quickly and randomly in

the Key section.

2) After the keys are successfully generated, click Save public key to save the public key

to a TFTP server; click Save private key to save the private key to the host PC.

Figure 3-11 Save the Generated Keys

Accessing the Switch Command Line Interface Access

Configuration Guide 17

3) On Hyper Terminal, download the public key file from the TFTP server to the switch as

shown in the following figure:

Figure 3-12 Download the Public Key to the Switch

Note:

• The key type should accord with the type of the key file. In the above CLI, v1 corresponds to

SSH-1 (RSA), and v2 corresponds to SSH-2 RSA and SSH-2 DSA.

• The key downloading process cannot be interrupted.

4) After the public key is downloaded, open PuTTY and go to the Session page. Enter the

IP address of the switch and select SSH as the Connection type (keep the default value

in the Port field).

Figure 3-13 Configure the Host Name and Connection Type

5) Go to Connection > SSH > Auth. Click Browse to download the private key file to

PuTTY. Click Open to start the connection and negotiation.

Configuration Guide 18

Accessing the Switch Command Line Interface Access

Figure 3-14 Download the Private Key to PuTTY

6) After negotiation is completed, enter the username to log in. If you can log in without

entering the password, the key authentication completed successfully.

Figure 3-15 Log In to the Switch

3.4 Disable Telnet login

You can shut down the Telnet function to block any Telnet access to the CLI interface.

Using the GUI:

Go to System > Access Security > Telnet Config, disable the Telnet function and click Apply.

Figure 3-16 Disable Telnet login

Accessing the Switch Command Line Interface Access

Configuration Guide 19

Using the CLI:

Switch#configure

Switch(config)#telnet disable

3.5 Disable SSH login

You can shut down the SSH server to block any SSH access to the CLI interface.

Using the GUI:

Go to System > Access Security > SSH Config, disable the SSH server and click Apply.

Figure 3-17 Shut down SSH server

Using the CLI:

Switch#configure

Switch(config)#no ip ssh server

3.6 Copy running-config startup-config

The switch’s configuration files fall into two types: the running configuration file and the

start-up configuration file.

After you enter each command line, the modifications will be saved in the running

configuration file. The configurations will be lost when the switch reboots.

If you need to keep he configurations after the switch reboots, please user the command

copy running-config startup-config to save the configurations in the start-up

configuration file.

Switch(config)#end

Switch#copy running-config startup-config

Configuration Guide 20

Accessing the Switch Command Line Interface Access

3.7 Change the Switch's IP Address and Default Gateway

If you want to access the switch via a specified port (hereafter referred to as the access

port), you can configure the port as a routed port and specify its IP address, or configure

the IP address of the VLAN which the access port belongs to.

Change the IP Address

By default, all the ports belong to VLAN 1 with the VLAN interface IP 192.168.0.1/24. In

the following example, we will show how to replace the switch’s default access IP address

192.168.0.1/24 with 192.168.0.10/24.

Switch#configure

Switch(config)#interface vlan 1

Switch(config-if)#ip address 192.168.0.10 255.255.255.0

The connection will be interrupted and you should telnet to the switch's new IP address

192.168.0.10.

C:\Users\Administrator>telnet 192.168.0.10

User:admin

Password:admin

Switch>enable

Switch#copy running-config startup-config

Configure the Default Gateway

In the following example, we will show how to configure the switch’s gateway as

192.168.0.100. By default, the switch has no default gateway.

Switch#configure

Switch(config)#ip route 0.0.0.0 255.255.255.0 192.168.0.100 1

Switch(config)#end

Switch#copy running-config startup-config

Part 2

Managing System

CHAPTERS

1. System

2. System Info Configurations

3. User Management Configurations

4. System Tools Configurations

5. Access Security Configurations

6. SDM Template Configuration

7. Appendix: Default Parameters

Configuration Guide 22

Managing System System

1 System

1.1 Overview

The System module is mainly used to configure and view the system information of the

switch. It provides controls over the type of the access users and the access security.

1.2 Supported Features

System Info

The System Info is mainly used for the basic properties configuration. You can view the

switch’s port status and system information, and configure the device description, system

time, and daylight saving time.

User management

User Management function is used to configure the user name and password for users to

log into the switch with a certain access level so as to protect the settings of the switch

from being randomly changed.

System Tools

The System Tools are used to manage the configuration file of the switch. With these tools,

you can configure the boot file of the switch, backup and restore the configurations of the

switch, update the firmware, reset the switch, and reboot the switch.

Boot Config function is used to configure the boot file of the switch uploaded before, and

the switch will boot up according to your configuration file.

Auto Install function is used to download the configuration file and backup image for

switch automatically.

Reboot Schedule function is used to set a schedule for the switch to reboot.

Access Security

Access Security provides different security measures for accessing the switch remotely

so as to enhance the configuration management security.

Access Control function is used to control the users’ access to the switch by filtering IP

address, MAC address or port.

HTTP Config function is based on the HTTP protocol. It can allow or deny users to access

the switch via a web browser.

Managing System System

Configuration Guide 23

HTTPS Config function is based on the SSL or TLS protocol working in transport layer. It

supports a security access via a web browser.

SSH Config function is based on the SSH protocol, a security protocol established on

application and transport layers. The function with SSH is similar to a telnet connection, but

SSH can provide information security and powerful authentication.

SDM Template

The switch SDM (Switch Database Management) templates prioritize system resources to

optimize support for certain features. SDM Template function provides three templates for

users to allocate hardware resources for different usage.

Configuration Guide 24

Managing System System Info Configurations

2 System Info Configurations

With system information configurations, you can:

View the system summary

Specify the device description

Set the system time

Set the daylight saving time

Specify the Serial Port Parameter

2.1 Using the GUI

2.1.1 Viewing the System Summary

Choose the menu System > System Info > System Summary to load the following page.

Figure 2-1 Viewing the System Summary

Managing System System Info Configurations

Configuration Guide 25

Port Status Indication

Indicates that the corresponding 1000Mbps port is not connected to a device.

Indicates that the corresponding 1000Mbps port is at the speed of 1000Mbps.

Indicates that the corresponding 1000Mbps port is at the speed of 10Mbps or

100Mbps.

Indicates that the corresponding SFP port is not connected to a device.

Indicates the SFP port is at the speed of 1000Mbps.

Move the cursor to the port to view the detailed information of the port.

Figure 2-2 Port Information

Port Information Indication

Port Displays the port number of the switch.

Type Displays the type of the port.

Speed Displays the maximum transmission rate of the port.

Status Displays the connection status of the port.

Click a port to view the bandwidth utilization on this port.

Figure 2-3 Bnadwidth Utilization

Configuration Guide 26

Managing System System Info Configurations

Rx Select Rx to view the bandwidth utilization of receiving packets on this port.

Tx Select Tx to view the bandwidth utilization of sending packets on this port.

2.1.2 Specifying the Device Description

Choose the menu System > System Info > Device Description to load the following page.

Figure 2-4 Specifying the Device Description

1) In the Device Description section, specify the following information.

Device Name Enter the name of the switch.

Device Location Enter the location of the switch.

System Contact Enter the contact information.

2) Click Apply.

2.1.3 Setting the System Time

Choose the menu System > System Info > System Time to load the following page.

Managing System System Info Configurations

Configuration Guide 27

Figure 2-5 Setting the System Time

In the Time Info section, view the current time information of the switch.

Current System

Time

Displays the current date and time of the switch.

Current Time

Source

Displays the current time source of the switch.

In the Time Config section, follow these steps to configure the system time:

1) Choose one method to set the system time and specify the information.

Manual Set the system time manually.

Date: Specify the date of the system.

Time: Specify the time of the system.

Get Time from

NTP Server

Set the system time by getting time from NTP server. Make sure the NTP server

is accessible on your network. If the NTP server is on the Internet, connect the

switch to the Internet first.

Time Zone: Select your local time zone.

Primary Server: Enter the IP Address of the primary NTP server.

Secondary Server: Enter the IP Address of the secondary NTP server.

Update Rate: Specify the interval the switch fetching time from NTP server, which

ranges from 1 to 24 hours. The default value is 12 hours.

Synchronize

with PC’s Clock

Synchronize the system time of the switch with PC’s clock.

Configuration Guide 28

Managing System System Info Configurations

2) Click Apply.

2.1.4 Setting the Daylight Saving Time

Choose the menu System > System Info > Daylight Saving Time to load the following

page.

Figure 2-6 Setting the Daylight Saving Time

Follow these steps to configure Daylight Saving Time:

1) In the DST Config section, select Enable to enable the Daylight Saving Time function.

2) Choose one method to set the Daylight Saving Time of the switch and specify the

information.

Predefined

Mode

If you select Predefined Mode, choose a predefined DST schedule for the switch.

USA: Select the Daylight Saving Time of the USA. It is from 2: 00 a.m. on the

Second Sunday in March to 2:00 a.m. on the First Sunday in November.

Australia: Select the Daylight Saving Time of Australia. It is from 2:00 a.m. on the

First Sunday in October to 3:00 a.m. on the First Sunday in April.

Europe: Select the Daylight Saving Time of Europe. It is from 1: 00 a.m. on the Last

Sunday in March to 1:00 a.m. on the Last Sunday in October.

New Zealand: Select the Daylight Saving Time of New Zealand. It is from 2: 00 a.m.

on the Last Sunday in September to 3:00 a.m. on the First Sunday in April.

Managing System System Info Configurations

Configuration Guide 29

Recurring Mode If you select Recurring Mode, specify a cycle time range for the Daylight Saving

Time of the switch. This configuration will be used every year.

Offset: Specify the time to set the clock forward by.

Start Time: Specify the start time of Daylight Saving Time. The interval between

start time and end time should be more than 1 day and less than 1 year(365 days).

End Time: Specify the end time of Daylight Saving Time. The interval between

start time and end time should be more than 1 day and less than 1 year (365 days).

Date Mode If you select Date Mode, specify an absolute time range for the Daylight Saving

Time of the switch. This configuration will be used only one time.

Offset: Specify the time to set the clock forward by.

Start Time: Specify the start time of Daylight Saving Time. The interval between

start time and end time should be more than 1 day and less than 1 year(365 days).

End Time: Specify the end time of Daylight Saving Time. The interval between

start time and end time should be more than 1 day and less than 1 year (365 days).

3) Click Apply.

2.1.5 Specifying the Serial Port Parameter

Choose the menu System > System Info > Serial Port Setting to load the following page.

Figure 2-7 Specifying the Serial Port Parameter

In the Serial Port Settings section, specify the Baud Rate and click Apply.

Baud Rate Configure the baud rate of the console connection. The default value is 38400 bps.

Date Bits Displays the data bits.

Parity Bits Displays the parity bits.

Stop Bits Displays the stop bits.

Configuration Guide 30

Managing System System Info Configurations

2.2 Using the CLI

2.2.1 Viewing the System Summary

On privileged EXEC mode or any other configuration mode, you can use the following

command to view the system information of the switch:

show interface status [ fastEthernet

port

| gigabitEthernet

port

| ten-gigabitEthernet

port

]

View status of the interface.

port

: Enter the number of the Ethernet port.

show system-info

View the system information including system Description, Device Name, Device Location, System

Contact, Hardware Version, Firmware Version, System Time, Run Time and so on.

The following example shows how to view the interface status and the system information

of the switch.

Switch#show interface status

Port Status Speed Duplex FlowCtrl Jumbo Active-Medium

------- ----------- ----- ------ -------- --------- -------------

Gi1/0/1 LinkDown N/A N/A N/A Disable Copper

Gi1/0/2 LinkDown N/A N/A N/A Disable Copper

Gi1/0/3 LinkUp 1000M Full Disable Disable Copper

...

Gi1/0/50 LinkDown N/A N/A N/A Disable Fiber

Gi1/0/51 LinkDown N/A N/A N/A Disable Fiber

Gi1/0/52 LinkDown N/A N/A N/A Disable Fiber

Switch#show system-info

System Description - JetStream 48-Port Gigabit L2 Managed Switch with 4 SFP Slots

System Name - T2600G-52TS

System Location - SHENZHEN

Contact Information - www.tp-link.com

Hardware Version - T2600G-52TS 2.0

Software Version - 2.0.0 Build 20160923 Rel.39814(s)

System Time - 2006-01-03 12:54:41

Managing System System Info Configurations

Configuration Guide 31

Serial Number -

Running Time - 2 day - 4 hour - 55 min - 36 sec

2.2.2 Specifying the Device Description

Follow these steps to specify the device description:

Step 1 configure

Enter global configuration mode.

Step 2 hostname [

hostname

]

Specify the system name of the switch.

hostname

: Enter the system name. The length of the name ranges from 1 to 32 characters. By

default, it is the model name of the switch.

Step 3 location [

location

]

Specify the system location of the switch.

location

: Enter the device location. It should consist of no more than 32 characters. By default,

it is “SHENZHEN”.

Step 4 contact-info [

contact-info

]

Specify the system contact Information.

contact-info

: Enter the contact information. It should consist of no more than 32 characters. By

default, it is “www.tp-link.com”.

Step 5 show system-info

Verify the system information including system Description, Device Name, Device Location,

System Contact, Hardware Version, Firmware Version, System Time, Run Time and so on.

Step 6 end

Return to privileged EXEC mode.

Step 7 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the device name as Switch_A, set the location as

BEIJING and set the contact information as http://www.tp-link.com.

Switch#configure

Switch(config)#hostname Switch_A

Switch(config)#location BEIJING

Switch(config)#contact-info http://www.tp-link.com

Switch(config)#show system-info

System Description - JetStream 48-Port Gigabit Smart Switch with 4 SFP Slots

Configuration Guide 32

Managing System System Info Configurations

System Name - Switch_A

System Location - BEIJING

Contact Information - http://www.tp-link.com

...

Switch(config)#end

Switch#copy running-config startup-config

2.2.3 Setting the System Time

Follow these steps and choose one method to set the system time:

Step 1 configure

Enter global configuration mode.

Step 2 Use the following command to set the system time manually:

system-time manual

time

Configure the system time manually.

time

: Specify the date and time manually in the format of MM/DD/YYYY-HH:MM:SS. The valid

value of the year ranges from 2000 to 2037.

Use the following command to set the system time by getting time from the NTP server:

system-time ntp {

timezone

} {

ntp-server

} {

backup-ntp-server

} {

fetching-rate

}

Configure the time zone and the NTP server to get time from the NTP server. Ensure the NTP

server is accessible. If the NTP server is on the Internet, connect the switch to the Internet first.

timezone

: Enter your local time-zone, which ranges from UTC-12:00 to UTC+13:00.

Managing System System Info Configurations

Configuration Guide 33

The detailed information of each time-zone are displayed as follows:

UTC-12:00 —— TimeZone for International Date Line West.

UTC-11:00 —— TimeZone for Coordinated Universal Time-11.

UTC-10:00 —— TimeZone for Hawaii.

UTC-09:00 —— TimeZone for Alaska.

UTC-08:00 —— TimeZone for Pacific Time (US Canada).

UTC-07:00 —— TimeZone for Mountain Time (US Canada).

UTC-06:00 —— TimeZone for Central Time (US Canada).

UTC-05:00 —— TimeZone for Eastern Time (US Canada).

UTC-04:30 —— TimeZone for Caracas.

UTC-04:00 —— TimeZone for Atlantic Time (Canada).

UTC-03:30 —— TimeZone for Newfoundland.

UTC-03:00 —— TimeZone for Buenos Aires, Salvador, Brasilia.

UTC-02:00 —— TimeZone for Mid-Atlantic.

UTC-01:00 —— TimeZone for Azores, Cape Verde Is.

UTC —— TimeZone for Dublin, Edinburgh, Lisbon, London.

UTC+01:00 —— TimeZone for Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

UTC+02:00 —— TimeZone for Cairo, Athens, Bucharest, Amman, Beirut, Jerusalem.

UTC+03:00 —— TimeZone for Kuwait, Riyadh, Baghdad.

UTC+03:30 —— TimeZone for Tehran.

UTC+04:00 —— TimeZone for Moscow, St.Petersburg, Volgograd, Tbilisi, Port Louis.

UTC+04:30 —— TimeZone for Kabul.

UTC+05:00 —— TimeZone for Islamabad, Karachi, Tashkent.

UTC+05:30 —— TimeZone for Chennai, Kolkata, Mumbai, New Delhi.

UTC+05:45 —— TimeZone for Kathmandu.

UTC+06:00 —— TimeZone for Dhaka,Astana, Ekaterinburg.

UTC+06:30 —— TimeZone for Yangon (Rangoon).

UTC+07:00 —— TimeZone for Novosibrisk, Bangkok, Hanoi, Jakarta.

UTC+08:00 —— TimeZone for Beijing, Chongqing, Hong Kong, Urumqi, Singapore.

UTC+09:00 —— TimeZone for Seoul, Irkutsk, Osaka, Sapporo, Tokyo.

UTC+09:30 —— TimeZone for Darwin, Adelaide.

UTC+10:00 —— TimeZone for Canberra, Melbourne, Sydney, Brisbane.

UTC+11:00 —— TimeZone for Solomon Is., New Caledonia, Vladivostok.

UTC+12:00 —— TimeZone for Fiji, Magadan, Auckland, Welington.

UTC+13:00 —— TimeZone for Nuku’alofa, Samoa.

ntp-server

: Specify the IP address of the primary NTP server.

backup-ntp-server

: Specify the IP address of the backup NTP server.

fetching-rate

: Specify the interval fetching time from the NTP server.

Configuration Guide 34

Managing System System Info Configurations

Step 3 Use the following command to verify the system time information.

show system-time

Verify the system time information.

Use the following command to verify the NTP mode configuration information.

show system-time ntp

Verify the system time information of NTP mode.

Step 4 end

Return to privileged EXEC mode.

Step 5 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the system time by Get Time from NTP Server and

set the time zone as UTC+08:00, set the NTP server as 133.100.9.2, set the backup NTP

server as 139.78.100.163 and set the update rate as 11.

Switch#configure

Switch(config)#system-time ntp UTC+08:00 133.100.9.2 139.78.100.163 11

Switch(config)#show system-time ntp

Time zone : UTC+08:00

Prefered NTP server: 133.100.9.2

Backup NTP server: 139.78.100.163

Last successful NTP server: 133.100.9.2

Update Rate: 11 hour(s)

Switch(config)#end

Switch#copy running-config startup-config

2.2.4 Setting the Daylight Saving Time

Follow these steps and choose one method to set the Daylight Saving Time:

Step 1 configure

Enter global configuration mode.

Managing System System Info Configurations

Configuration Guide 35

Step 2 Use the following command to select a predefined Daylight Saving Time configuration:

system-time dst predefined [ USA | Australia | Europe | New-Zealand ]

Specify the Daylight Saving Time using a predefined schedule.

USA | Australia | Europe | New-Zealand: Select one mode of Daylight Saving Time.

USA: 02:00 a.m. on the Second Sunday in March ~ 02:00 a.m. on the First Sunday in November.

Australia: 02:00 a.m. on the First Sunday in October ~ 03:00 a.m. on the First Sunday in April.

Europe: 01:00 a.m. on the Last Sunday in March ~ 01:00 a.m. on the Last Sunday in October.

New Zealand: 02:00 a.m. on the Last Sunday in September ~ 03:00 a.m. on the First Sunday in

April.

Use the following command to set the Daylight Saving Time in recurring mode:

system-time dst recurring {

sweek

} {

sday

} {

smonth

} {

stime

} {

eweek

} {

eday

} {

emonth

} {

etime

} [

offset

]

Specify the Daylight Saving Time in Recuring mode.

sweek

: Enter the start week of Daylight Saving Time. There are 5 values showing as follows:

first, second, third, fourth, last.

sday

: Enter the start day of Daylight Saving Time. There are 7 values showing as follows: Sun,

Mon, Tue, Wed, Thu, Fri, Sat.

smonth

: Enter the start month of Daylight Saving Time. There are 12 values showing as follows:

Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.

stime

: Enter the start time of Daylight Saving Time,in the format of HH:MM.

eweek

: Enter the end week of Daylight Saving Time. There are 5 values showing as follows:

first, second, third, fourth, last.

eday

: Enter the end day of Daylight Saving Time. There are 7 values showing as follows: Sun,

Mon, Tue, Wed, Thu, Fri, Sat.

emonth

: Enter the end month of Daylight Saving Time. There are 12 values showing as follows:

Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.

etime

: Enter the end time of Daylight Saving Time,in the format of HH:MM.

offset

: Enter the offset of Daylight Saving Time. The default value is 60.

Use the following command to set the Daylight Saving Time in date mode:

system-time dst date {

smonth

} {

sday

} {

stime

} {

syear

} {

emonth

} {

eday

} {

etime

} {

eyear

} [

offset

]

Specify the Daylight Saving Time in Date mode.

Configuration Guide 36

Managing System System Info Configurations

smonth

: Enter the start month of Daylight Saving Time. There are 12 values showing as follows:

Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.

sday

: Enter the start day of Daylight Saving Time, which ranges from 1 to 31.

stime

: Enter the start time of Daylight Saving Time,in the format of HH:MM.

syear

: Enter the start year of Daylight Saving Time.

emonth

: Enter the end month of Daylight Saving Time. There are 12 values showing as follows:

Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.

eday

: Enter the end day of Daylight Saving Time, which ranges from 1 to 31.

etime

: Enter the end time of Daylight Saving Time,in the format of HH:MM.

eyear

: Enter the end year of Daylight Saving Time.

offset

: Enter the offset of Daylight Saving Time. The default value is 60.

Step 3 show system-time dst

Verify the DST information of the switch.

Step 4 end

Return to privileged EXEC mode.

Step 5 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the Daylight Saving Time by Date Mode. Set the

start time as 01:00 August 1st, 2016, set the end time as 01:00 September 1st,2016 and

set the offset as 50.

Switch#configure

Switch(config)#system-time dst date Aug 1 01:00 2016 Sep 1 01:00 2016 50

Switch(config)#show system-time dst

DST starts at 01:00:00 on Aug 1 2016

DST ends at 01:00:00 on Sep 1 2016

DST offset is 50 minutes

DST configuration is one-off

Switch(config)#end

Switch#copy running-config startup-config

2.2.5 Specifying the Serial Port Parameter

Follow These steps to specify the serial port parameter.

Step 1 configure

Enter global configuration mode.

Managing System System Info Configurations

Configuration Guide 37

Step 2 serial_port baud_rate { 9600 | 19200 | 38400 | 57600 | 115200 }

Specify the baud rate of the console connection.

9600 | 19200 | 38400 | 57600 | 115200: Specify the communication baud rate on the console

port. The default value is 38400 bps.

Step 3 end

Return to privileged EXEC mode.

Step 4 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the baud rate as 9600 and view the serial port

parameters.

Switch#config

Switch(config)#serial_port baud_rate 9600

Switch(config)#show serial_port

Serial Port Settings

---------------------------

Baud rate: 9600

Data Bits: 8

Parity Bits: None

Stop Bits: 1

Switch(config)#end

Switch#copy running-config startup-config

Configuration Guide 38

Managing System User Management Configurations

3 User Management Configurations

With user management configurations, you can:

Create Admin accounts

Create accounts of other types

3.1 Using the GUI

3.1.1 Creating Admin Accounts

Choose the menu System > User Management > User Config to load the following page.

Figure 3-1 Create Admin Accounts

Follow these steps to create an Admin account:

1) In the User Info section, select Admin from the drop-down list and specify the user

name and password.

User Name Create a user name for users' login. It contains 16 characters at most,

composed of digits, English letters and underscore only.

Managing System User Management Configurations

Configuration Guide 39

Access Level Select the access level as Admin.

Admin: Admin can edit, modify and view all the settings of different

functions.

Operator: Operator can edit, modify and view most of the settings of

different functions.

Power User: Power User can edit, modify and view some of the settings of

different functions.

User: User can only view the settings without the right to edit or modify.

Password Type a password for users' login. It is a string from 1 to 31 alphanumeric

characters or symbols. You can use digits, English letters (case sensitive),

underscore and sixteen special characters.

Confirm

Password

Retype the password.

2) Click Create.

3.1.2 Creating Accounts of Other Types

You can create accounts with the access level of Operator,Power User and User here. You

also need to go to the AAA section to create an Enable Password for these accounts. The

Enable Password is used to change the users’ access level to Admin.

Creating an Account

Choose the menu System > User Management > User Config to load the following page.

Figure 3-2 Create Accounts of Other Types

Follow these steps to create an account of other types:

1) In the User Info section, select the access level from the drop-down list and specify the

user name and password.

Configuration Guide 40

Managing System User Management Configurations

User Name Create a user name for users' login. It contains 16 characters at most,

composed of digits, English letters and under dashes only.

Access Level Select the access level as Operator, Power User or User.

Admin: Admin can edit, modify and view all the settings of different

functions.

Operater: Operator can edit, modify and view most of the settings of

different functions.

Power User: Power User can edit, modify and view some of the settings of

different functions.

User: User can only view the settings without the right to edit or modify.

Password Type a password for users' login. It is a string from 1 to 31 alphanumeric

characters or symbols. You can use digits, English letters (case sensitive),

underscore and sixteen special characters.

Confirm

Password

Retype the password.

2) Click Create.

Configuring Enable Password

Choose the menu Network Security > AAA > Global Config to load the following page.

Figure 3-3 Configure the AAA Function

1) Select Enable and Click Apply to enable the AAA function.

2) Specify the Enable Password and Click Apply.

Tips:

The AAA function applies another method to manage the access users' name and

password. For details, refer to AAA Configuration in Configuring Network Security.

The logged-in users can enter the Enable Password on this page to get the

administrative privileges.

Managing System User Management Configurations

Configuration Guide 41

3.2 Using the CLI

3.2.1 Creating Admin Accounts

Follow these steps to create an Admin account:

Step 1 configure

Enter global configuration mode.

Step 2 Use the following command to create an account unencrypted or symmetric encrypted.

user name

name

{ privilege admin } password { [ 0 ]

password

| 7

encrypted-password

}

Create an account whose access level is Admin.

name

: Enter a user name for users’ login. It contains 16 characters at most, composed of

digits, English letters and underscore only.

admin: Select the access level for the user. Admin can edit, modify and view all the settings of

different functions.

0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, and

the password is saved to the configuration file unencrypted. By default, the encryption type is 0.

password

: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters

or symbols. The password is case sensitive, allows digits, English letters (case sensitive),

underlines and sixteen special characters.

7: Specify the encryption type. 7 indicates that the password you entered is symmetric

encrypted, and the password is saved to the configuration file symmetric encrypted.

encrypted-password

: Enter a symmetric encrypted password with fixed length, which you can

copy from another switch’s configuration file. After the encrypted password is configured, you

should use the corresponding unencrypted password to reenter this mode.

Use the following command to create an account MD5 encrypted.

user name

name

{ privilege admin } secret { [ 0 ]

password

| 5

encrypted-password

}

Create an account whose access level is Admin.

name

: Enter a user name for users’ login. It contains 16 characters at most, composed of

digits, English letters and underscore only.

admin: Select the access level for the user. Admin can edit, modify and view all the settings of

different functions.

0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, but

the password is saved to the configuration file MD5 encrypted. By default, the encryption type

is 0.

password

: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters

or symbols. The password is case sensitive, allows digits, English letters (case sensitive),

underlines and sixteen special characters.

5: Specify the encryption type. 5 indicates that the password you entered is MD5 encrypted,

and the password is saved to the configuration file MD5 encrypted.

encrypted-password

: Enter a MD5 encrypted password with fixed length, which you can copy

from another switch’s configuration file.

Configuration Guide 42

Managing System User Management Configurations

Step 3 show user account-list

Verify the information of the current users.

Step 4 end

Return to privileged EXEC mode.

Step 5 copy running-config startup-config

Save the settings in the configuration file.

3.2.2 Creating Accounts of Other Types

You can create accounts with the access level of Operator, Power user and User here. You

also need to go to the AAA section to create an Enable Password for these accounts. The

Enable Password is used to change the users’ access level to Admin.

Follow these steps to create an account of other type:

Step 1 configure

Enter global configuration mode.

Managing System User Management Configurations

Configuration Guide 43

Step 2 Use the following command to create an account unencrypted or symmetric encrypted.

user name

name

{ privilege operator | power_user | user } password { [ 0 ]

password

| 7

encrypted-password

}

Create an account whose access level is Operator, Power User or User.

name

: Enter a user name for users’ login. It contains 16 characters at most, composed of

digits, English letters and underscore only.

operator | power_user | user: Select the access level for the user. Operator can edit, modify

and view mostly the settings of different functions. Power User can edit, modify and view some

the settings of different functions. User only can view the settings without the right to edit and

modify.

0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, and

the password is saved to the configuration file unencrypted. By default, the encryption type is 0.

password

: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters

or symbols. The password is case sensitive, allows digits, English letters (case sensitive),

underlines and sixteen special characters.

7: Specify the encryption type. 7 indicates that the password you entered is symmetric

encrypted, and the password is saved to the configuration file symmetric encrypted.

encrypted-password

: Enter a symmetric encrypted password with fixed length, which you can

copy from another switch’s configuration file. After the encrypted password is configured, you

should use the corresponding unencrypted password to reenter this mode.

Use the following command to create an account MD5 encrypted.

user name

name

{ privilege operator | power_user | user } secret { [ 0 ]

password

| 5

encrypted-

password

}

Create an account whose access level is Operator, Power User or User.

name

: Enter a user name for users’ login. It contains 16 characters at most, composed of

digits, English letters and underscore only.

operator | power_user | user: Select the access level for the user. Operator can edit, modify

and view mostly the settings of different functions. Power User can edit, modify and view some

the settings of different functions. User only can view the settings without the right to edit and

modify.

0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, but

the password is saved to the configuration file MD5 encrypted. By default, the encryption type

is 0.

password

: Enter a password for users’ login. It is a string from 1 to 31 alphanumeric characters

or symbols. The password is case sensitive, allows digits, English letters (case sensitive),

underlines and sixteen special characters.

5: Specify the encryption type. 5 indicates that the password you entered is MD5 encrypted,

and the password is saved to the configuration file MD5 encrypted.

encrypted-password

: Enter a MD5 encrypted password with fixed length, which you can copy

from another switch’s configuration file. After the encrypted password is configured, you

should use the corresponding unencrypted password to reenter this mode.

Step 3 aaa enable

Globally enable the AAA function.

Configuration Guide 44

Managing System User Management Configurations

Step 4 Use the following command to create an enable password unencrypted or symmetric

encrypted.

enable admin password { [ 0 ]

password

| 7

encrypted-password

}

Create an Enable Password. It can change the users’ access level to Admin. By default, it is

empty.

0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, and

the password is saved to the configuration file unencrypted. By default, the encryption type is 0.

password

: Enter an enable password. It is a string from 1 to 31 alphanumeric characters

or symbols. The password is case sensitive, allows digits, English letters (case sensitive),

underlines and sixteen special characters.

7: Specify the encryption type. 7 indicates that the password you entered is symmetric

encrypted, and the password is saved to the configuration file symmetric encrypted.

encrypted-password

: Enter a symmetric encrypted password with fixed length, which you can

copy from another switch’s configuration file. After the encrypted password is configured, you

should use the corresponding unencrypted password to reenter this mode.

Use the following command to create an enable password unencrypted or MD5 encrypted.

enable admin secret { [ 0 ]

password

| 5

encrypted-password

}

Create an Enable Password. It can change the users’ access level to Admin. By default, it is

empty.

0: Specify the encryption type. 0 indicates that the password you entered is unencrypted, but

the password is saved to the configuration file MD5 encrypted. By default, the encryption type

is 0.

password

: Enter an enable password. It is a string from 1 to 31 alphanumeric characters

or symbols. The password is case sensitive, allows digits, English letters (case sensitive),

underlines and sixteen special characters.

5: Specify the encryption type. 5 indicates that the password you entered is MD5 encrypted,

and the password is saved to the configuration file MD5 encrypted.

encrypted-password

: Enter a MD5 encrypted password with fixed length, which you can copy

from another switch’s configuration file. After the encrypted password is configured, you

should use the corresponding unencrypted password to reenter this mode.

Step 5 show user account-list

Verify the information of the current users.

Step 6 end

Return to privileged EXEC mode.

Step 7 copy running-config startup-config

Save the settings in the configuration file.

Tips:

The AAA function applies another method to manage the access users’ name and

password. For details, refer to AAA Configuration in Configuring Network Security .

The logged-in users can enter the Enable Password on this page to get the

administrative privileges.

Managing System User Management Configurations

Configuration Guide 45

The following example shows how to create a uesr with the access level of Operator, set

the user name as user1 and set the password as 123. Enable AAA function and set the

enable password as abc123.

Switch#configure

Switch(config)#user name user1 privilege operator password 123

Switch(config)#aaa enable

Switch(config)#enable admin password abc123

Switch(config)#show user account-list

Index User-Name User-Type

----- --------- ---------

1 user1 Operator

2 admin Admin

Switch(config)#end

Switch#copy running-config startup-config

Configuration Guide 46

Managing System System Tools Configurations

4 System Tools Configurations

With system tools configurations, you can:

Configure the boot file

Restore the configuration of the switch

Back up the configuration file

Upgrade the firmware

Configure the Auto Install Function

Reboot the switch

Configure the reboot schedule

Reset the switch

4.1 Using the GUI

4.1.1 Configuring the Boot File

Choose the menu System > System Tools > Boot Config to load the following page.

Figure 4-1 Configuring the Boot File

Follow these steps to configure the boot file:

1) In the Boot Table section, select one or more units and configure the relevant

parameters.

Managing System System Tools Configurations

Configuration Guide 47

Select Select one or more units to be configured.

Unit Displays the number of the unit.

Current Startup

Image

Displays the current startup image.

Next Startup

Image

Select the next startup image. When the switch is powered on, it will try to start up

with the next startup image. The next startup and backup image should not be the

same.

Backup Image Select the backup image. When the switch fails to start up with the next startup

image, it will try to start up with the backup image. The next startup and backup

image should not be the same.

2) Click Apply.

4.1.2 Restoring the Configuration of the Switch

Choose the menu System > System Tools > Config Restore to load the following page.

Figure 4-2 Restoring the Configuration of the Switch

Follow these steps to restore the configuration of the switch:

1) In the Config Restore section, select one unit and one configuration file.

Target Unit Select a member switch to import configuration file. .

Config file Select the desired configuration file to import.

2) Click Import to import the configuration file.

Note:

• It will take a long time to restore the configuration. Please wait without any operation.

• After the configuration is restored successfully, the device will reboot to make the configura-

tion change effective.

Configuration Guide 48

Managing System System Tools Configurations

4.1.3 Backing up the Configuration File

Choose the menu System > System Tools > Config Backup to load the following page.

Figure 4-3 Backing up the Configuration File

In the Config Backup section, select one unit and click Export to export the configuration

file.

4.1.4 Upgrading the Firmware

Choose the menu System > System Tools > Firmware Upgrade to load the following

page.

Figure 4-4 Upgrading the Firmware

In the Firmware Upgrade section, select one file and click Upgrade to upgrade the system.

Firmware File Select the desired firmware file to upgrade the system.

Image Name Displays the image to upgrade. It means that the operation will only effect the

backup image.

Firmware Version Displays the current firmware version of the system.

Hardware Version

Displays the current hardware version of the system.

Managing System System Tools Configurations

Configuration Guide 49

After upgrading, the

device will reboot

automatically with

the backup image

Select this option to reboot automatically with the backup image after upgrading.

4.1.5 Configuring Auto Install Function

Note:

• Only T2600G-18TS supports the Auto Install Function.

• You should configure the DHCP server and the TFTP server first before configuring the Auto

Install function.

Choose the menu System > System Tools > Auto Install to load the following page.

Figure 4-5 Configuring the Auto Install Function

In the Auto Install Configuration section, specify the parameters and click Apply.

Auto Install

Mode

Select Start to enable the Auto Install function and the switch will download the

configuration file and the backup image automatically.

Auto Install

Persistent Mode

Specify the Auto Install Persistent Mode. If you select Enable and save configuration,

Auto Install will start during next reboot.

Auto Save Mode Specify the Auto Save Mode. If you select Enable, the switch will save the

configuration file downloaded as startup configuration file automatically.

Auto Reboot

Mode

Specify the Auto Reboot Mode. If you select Enable, the switch will reboot

automatically after the auto install process is completed successfully.

Auto Install

Retry Count

Specify the Auto Install Retry Count. It ranges from 1 to 3.

Auto Install

State

Display the state of the auto install function.

Configuration Guide 50

Managing System System Tools Configurations

Note:

• The switch will obtain a new IP address from the DHCP server during the process of Auto In-

stall. If you want to access to the switch, you should check the new IP address on the DHCP

server.

• IF the Auto Install process is failed, the switch will restart the process every 10 minutes. You

can stop the process manually.

4.1.6 Rebooting the switch

Choose the menu System > System Tools > System Reboot to load the following page.

Figure 4-6 Rebooting the switch

In the System Reboot section, select the desired unit and click Reboot.

Target Unit Select the desired unit to reboot. By default, it is ALL Unit.

Save Config Select this option to save the configuration before the reboot.

4.1.7 Configuring the Reboot Schedule

Choose the menu System > System Tools > Reboot Schedule to load the following page.

Figure 4-7 Configuring the Reboot Schedule

Follow these steps to restore the configuration of the switch:

1) In the Reboot Schedule Setting section, select one method and specify the

parameters.

Managing System System Tools Configurations

Configuration Guide 51

Time Interval Specify a period of time. The switch will reboot after this period. The valid values

are from 1 to 43200 minutes. This reboot schedule recurs if users check the Save

Before Reboot.

Time (HH:MM)/

Date (DD/MM/

YY)

Specify the date and time for the switch to reboot.

Time (HH:MM): Specify the time for the switch to reboot, in the format of HH:MM

Date (DD/MM/YY): Specify the date for the switch to reboot, in the format of DD/

MM/YYYY. The date should be within 30 days.

Save Before

Reboot

Select to save the switch’s configurations before it reboots.

4.1.8 Reseting the Switch

Choose the menu System > System Tools > System Reset to load the following page.

Figure 4-8 Reseting the Switch

In the System Reset section, select the desired unit and click Reset.

Target Unit Select the desired unit to reset. By default, it is ALL Unit.

Note:

After the system is reset, configurations of the switch will be reset to the default.

4.2 Using the CLI

4.2.1 Configuring the Boot File

Follow these steps to configure the boot file:

Step 1 configure

Enter global configuration mode.

Configuration Guide 52

Managing System System Tools Configurations

Step 2 boot application filename { image1 | image2 } { startup | backup }

Specify the configuration of the boot file. By default, the image1.bin is the startup image and

the image2.bin is the backup image.

image1 | image2: Select the image file to be configured.

startup | backup: Select the property of the image file.

Step 3 show boot

Verify the boot configuration of the system.

Step 4 end

Return to privileged EXEC mode.

Step 5 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the next startup image as image 1 and set the

backup image as image 2.

Switch#configure

Switch(config)#boot application filename image1 startup

Switch(config)#boot application filename image2 backup

Switch(config)#show boot

Boot config:

Current Startup Image - image1.bin

Next Startup Image - image1.bin

Backup Image - image2.bin

Switch(config)#end

Switch#copy running-config startup-config

4.2.2 Restoring the Configuration of the Switch

Follow these steps to restore the configuration of the switch:

Step 1 enable

Enter privileged mode.

Step 2 copy tftp startup-config ip-address

ip-addr

filename

name

Download the configuration file to the switch from TFTP server.

ip-addr

: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are

supported.

name

: Specify the name of the configuration file to be downloaded.

Managing System System Tools Configurations

Configuration Guide 53

Note:

• It will take a long time to restore the configuration. Please wait without any operation.

• After the configuration is restored successfully, the device will reboot to make the configura-

tion change effective.

The following example shows how to restore the configuration file named file1 from the

TFTP server with IP address 192.168.0.100.

Switch>enable

Switch#copy tftp startup-config ip-address 192.168.0.100 filename file1

Start to load user config file......

Operation OK! Now rebooting system......

4.2.3 Backing up the Configuration File

Follow these steps to back up the current configuration of the switch in a file:

Step 1 enable

Enter privileged mode.

Step 2 copy startup-config tftp ip-address

ip-addr

filename

name

Back up the configuration file to TFTP server.

ip-addr

: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are

supported.

name

: Specify the name of the configuration file to be saved.

The following example shows how to backup the configuration file named file2 from TFTP

server with IP address 192.168.0.100.

Switch>enable

Switch#copy startup-config tftp ip-address 192.168.0.100 filename file2

Start to backup user config file......

Backup user config file OK.

4.2.4 Upgrading the firmware

Follow these steps to upgrade the firmware:

Step 1 enable

Enter privileged mode.

Configuration Guide 54

Managing System System Tools Configurations

Step 2 firmware upgrade ip-address

ip-addr

filename

name

Upgrade the switch’s backup image via TFTP server. To boot up with the new firmware, you

need to choose to reboot the switch with the backup image.

ip-addr

: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are

supported.

name

: Specify the name of the desired firmware file.

Step 3 Enter Y to continue then enter Y to reboot.

The following example shows how to upgrade the firmware using the configuration file

named file3.bin. The TFTP server is 190.168.0.100.

Switch>enable

Switch#firmware upgrade ip-address 192.168.0.100 filename file3.bin

It will only upgrade the backup image. Continue? (Y/N):Y

Operation OK!

Reboot with the backup image? (Y/N): Y

4.2.5 Configuring Auto Install Function

Note:

• Only T2600G-18TS supports the Auto Install Function.

• You should configure the DHCP server and the TFTP server first before configuring the Auto

Install function.

Follow these steps to congure the Auto Install function.

Step 1 configure

Enter global configuration mode.

Step 2 boot autoinstall persistent-mode

Enable the auto install persistent mode. After saving configuration, the switch will start the

Auto Install function automatically during next reboot process.

Step 3 boot autoinstall auto-save

Enable the auto save mode and the switch will save the configuration file downloaded as

startup configuration file automatically.

Step 4 boot autoinstall auto-reboot

Enable the auto reboot mode and the switch will reboot automatically after the auto install

process is completed successfully.

Step 5 boot autoinstall retry-count

count

Specify the auto install retry count which ranges from 1 to 3. The default value is 1.

Managing System System Tools Configurations

Configuration Guide 55

Step 6 boot autoinstall start

Start the Auto Install process and the switch will download the configuration file and the

backup image automatically.

Step 7 end

Return to privileged EXEC mode.

Step 8 copy running-config startup-config

Save the settings in the configuration file.

Note:

• The switch will obtain a new IP address from the DHCP server during the process of Auto In-

stall. If you want to access to the switch, you should check the new IP address on the DHCP

server.

• IF the Auto Install process is failed, the switch will restart the process every 10 minutes. You

can stop the process manually.

The following example shows how to congure the Auto Install function.

Switch#congure

Switch(cong)#boot autoinstall persistent-mode

Switch(cong)#boot autoinstall auto-save

Switch(cong)#boot autoinstall auto-reboot

Switch(cong)#boot autoinstall retry-count 2

Switch(cong)#show boot autoinstall

Auto Insatll Mode.................................Stop

Auto Insatll Persistent Mode...........Enabled

Auto Save Mode...................................Enabled

Auto Reboot Mode..............................Enabled

Auto Insatll Retry Count....................2

Auto Insatll sate....................................Stopped

4.2.6 Rebooting the switch

Follow these steps to reboot the switch:

Step 1 enable

Enter privileged mode.

Configuration Guide 56

Managing System System Tools Configurations

Step 2 reboot

Reboot the switch.

4.2.7 Configuring the Reboot Schedule

Follow these steps and choose one type to configure the reboot schedule:

Step 1 configure

Enter global configuration mode.

Step 2 Use the following command to set the interval to reboot:

reboot-schedule in

interval

[ save_before_reboot ]

(Optional) Specify the reboot schedule.

interval

: Specify a period of time. The switch will reboot after this period. The valid values are

from 1 to 43200 minutes.

save_before_reboot: Save the configuration file before the switch reboots.

Use the following command to set the time and date to reboot:

reboot-schedule at

time

[

date

] [ save_before_reboot ]

(Optional) Specify the reboot schedule.

time

: Specify the time for the switch to reboot, in the format of HH:MM.

date

: Specify the date for the switch to reboot, in the format of DD/MM/YYYY. The date should

be within 30 days.

save_before_reboot: Save the configuration file before the switch reboots.

If no date is specified, the switch reboots according to the time you have set. If the time you

set is later than the time that this command is executed, the switch will reboot later the same

day; otherwise the switch will reboot the next day.

Step 3 end

Return to privileged EXEC mode.

Step 4 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the switch to reboot at 12:00 on 15/01/2016.

Switch#configure

Switch(config)#reboot-schedule at 12:00 15/01/2016 save_before_reboot

Reboot system at 15/01/2016 12:00. Continue? (Y/N): Y

Reboot Schedule Settings

---------------------------

Reboot schedule at 2016-01-15 12:00 (in 17007 minutes)

Managing System System Tools Configurations

Configuration Guide 57

Save before reboot: Yes

Switch(config)#end

Switch#copy running-config startup-config

4.2.8 Reseting the Switch

Follow these steps to reset the switch:

Step 1 enable

Enter privileged mode.

Step 2 reset

Reset the switch.

Note:

After the system is reset, configurations of the switch will be reset to the default.

Configuration Guide 58

Managing System Access Security Configurations

5 Access Security Configurations

With access security configurations, you can:

Configure the Access Control feature

Configure the HTTP feature

Configure the HTTPS feature

Configure the SSH feature

Enable the telnet function

5.1 Using the GUI

5.1.1 Configuring the Access Control Feature

Choose the menu System > Access Security > Access Control to load the following page.

Figure 5-1 Configuring the Access Control

1) In the Access Control section, select one control mode and specify the parameters.

Control Mode Select the control mode for users to log in to the web management page.

Disable: The Access Control function is disabled.

IP-based: Only the users within the IP-range you set here are allowed to access

the switch.

MAC-based: Only the users with the MAC address you set here are allowed to

access the switch.

Port-based: Only the users connecting to the ports you set here are allowed to

access the switch.

Managing System Access Security Configurations

Configuration Guide 59

Access

Interface

Select the interface to control the methods for users’ accessing. The selected

access interfaces will only affect the users you set before.

SNMP: A function to manage the network devices via NMS.

Telnet: A connection type for users to remote login.

SSH: A connection type based on SSH protocol.

HTTP: A connection type based on HTTP protocol.

HTTPS: A connection type based on SSL protocol.

Ping: A communication protocol to test the connection of the network.

IP Address/

Mask

If you select IP-based mode, enter the IP address and mask to specify an IP

range. Only the users within this IP range can access the switch.

MAC Address

If you select MAC-based mode, specify the MAC address. Only the users with the

correct MAC address can access the switch.

When the IP-based mode is selected, the following section will display.

IP Address Displays the IP range of the entry.

Access

Interface

Displays the access interface you set of the entry.

Operation

Click Edit to modify the parameters of the desired entry.

When the Port-based mode is selected, the following section will display.

Port Select one or more ports to configure. Only the users connected to these ports are

allowed to access the switch.

2) Click Apply.

Configuration Guide 60

Managing System Access Security Configurations

5.1.2 Configuring the HTTP Function

Choose the menu System > Access Security > HTTP Config to load the following page.

Figure 5-2 Configuring the HTTP Function

1) In the Global Control section, Select Enable and click Apply to enable the HTTP

function.

HTTP HTTP function is based on the HTTP protocol. It allows users to manage the

switch through a web browser.

2) In the Session Config section, specify the Session Timeout and click Apply.

Session

Timeout

The system will log out automatically if users do nothing within the Session

Timeout time.

3) In the Access User Number section, select Enable and specify the parameters.

Number Control Select Enable to control the number of the users logging on to the web

management page at the same time. The total number of users should be no more

than 16.

Admin Number Specify the maximum number of users whose access level is Admin.

Guest Number Specify the maximum number of users whose access level is Operator, Power

User or User.

Note:

For T2600G-18TS, the number of Operator, Power User and User can be set respectively.

4) Click Apply.

Managing System Access Security Configurations

Configuration Guide 61

5.1.3 Configuring the HTTPS Function

Choose the menu System > Access Security > HTTPS Config to load the following page.

Table 5-1 Configuring the HTTPS Function

1) In the Global Config section, select Enable to enable HTTPS function and select the

protocol the switch supports. Click Apply.

HTTPS Select Enable to enable the HTTPS function.

HTTPS function is based on the SSL or TLS protocol. It provides a secure

connection between the client and the switch.

Configuration Guide 62

Managing System Access Security Configurations

SSL Version 3 Select Enable to make the switch support SSL Version 3 protocol.

SSL is a transport protocol. It can provide server authentication, encryption and

message integrity to allow secure HTTP connection.

TLS Version 1 Select Enable to make the switch support TLS Version 1 protocol.

TLS is a transport protocol upgraded from SSL. It supports a different encryption

algorithm from SSL, so TLS and SSL are not compatible. TLS can support a more

secure connection.

2) In the CipherSuite Config section, select the algorithm to be enabled and click Apply.

RSA_WITH_

RC4_128_MD5

Key exchange with RC4 128-bit encryption and MD5 for message digest.

RSA_WITH_

RC4_128_SHA

Key exchange with RC4 128-bit encryption and SHA for message digest.

RSA_WITH_

DES_CBC_SHA

Key exchange with DES-CBC for message encryption and SHA for message

digest.

RSA_

WITH_3DES_

EDE_CBC_SHA

Key exchange with 3DES and DES-EDE3-CBC for message encryption and SHA

for message digest.

3) In the Session Config section, specify the Session Timeout and click Apply.

Session

Timeout

The system will log out automatically if users do nothing within the Session

Timeout time.

4) In the Access User Number section, select Enable and specify the parameters. Click

Apply.

Number Control Select Enable to control the number of the users logging in to the web

management page at the same time.

Admin Number Specify the maximum number of users whose access level is Admin.

Guest Number Specify the maximum number of users whose access level is Operator, Power

User or User.

Note:

For T2600G-18TS, the number of Operator, Power User and User can be set respectively.

5) In the Certificate Download and Key Download section, download the certificate and

key.

Certificate File Select the desired certificate to download to the switch. The certificate must be

BASE64 encoded. The SSL certificate and key downloaded must match each

other, otherwise the HTTPS connection will not work.

Managing System Access Security Configurations

Configuration Guide 63

Key File Select the desired Key to download to the switch. The key must be BASE64

encoded. The SSL certificate and key downloaded must match each other,

otherwise the HTTPS connection will not work.

5.1.4 Configuring the SSH Feature

Choose the menu System > Access Security > SSH Config to load the following page.

Figure 5-3 Configuring the SSH Feature

1) In the Global Config section, select Enable to enable SSH function and specify other

parameters.

SSH Select Enable to enable the SSH function.

SSH is a protocol working in application layer and transport layer. It can provide a

secure, remote connection to a device. It is more secure than Telnet protocol as it

provides strong encryption.

Protocol V1 Select Enable to enable SSH version 1.

Protocol V2 Select Enable to enable SSH version 2.

Idle Timeout Specify the idle timeout time. The system will automatically release the

connection when the time is up.

Configuration Guide 64

Managing System Access Security Configurations

Max Connect Specify the maximum number of the connections to the SSH server. New

connection will not be established when the number of the connections reaches

the maximum number you set.

2) In the Encryption Algorithm section, select the encryption algorithm you want the

switch to support and click Apply.

3) In Data Integrity Algorithm section, select the integrity algorithm you want the switch

to support and click Apply.

4) In Key Download section, select key type from the drop-down list and select the

desired key file to down.

Key Type Select the key type. The algorithm of the corresponding type is used for both key

generation and authentication.

Key File Select the desired public key to download to the switch. The key length of the

downloaded file ranges of 512 to 3072 bits.

Note:

It will take a long time to download the key file. Please wait without any operation.

5.1.5 Enabling the Telnet Function

Choose the menu System > Access Security > Telnet Config to load the following page.

Figure 5-4 Configuring the Telnet Function

In the Global Config section, select Enable and click Apply.

Telnet Select Enable to make the Telnet function effective. Telnet function is based on the

Telnet protocol subjected to TCP/IP protocol. It allows users to log on to the switch

remotely.

5.2 Using the CLI

5.2.1 Configuring the Access Control

Follow these steps to configure the access control:

Step 1 configure

Enter global configuration mode.

Managing System Access Security Configurations

Configuration Guide 65

Step 2 Use the following command to control the users’ access by limiting the IP address:

user access-control ip-based {

ip-addr ip-mask

} [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping

] [ all ]

Only the users within the IP-range you set here are allowed to access the switch.

ip-addr

: Specify the IP address of the user.

ip-mask

: Specify the subnet mask of the user.

[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]: Select to control the types for users’

accessing. By default, these types are all enabled.

Use the following command to control the users’ access by limiting the MAC address:

user access-control mac-based {

mac-addr

} [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [

all ]

Only the users with the MAC address you set here are allowed to access the switch.

mac-addr

: Specify the MAC address of the user.

[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]: Select to control the types for users’

accessing. By default, these types are all enabled.

Use the following command to control the users’ access by limiting the ports connected to the

users:

user access-control port-based interface { fastEthernet

port-list

| gigabitEthernet

port-list

ten-gigabitEthernet

port-list

} [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]

Only the users connecting to the ports you set here are allowed to access the switch.

port-list

: Specify the list of Ethernet port, in the format of 1/0/1-4. You can appoint 5 ports at

most.

[ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]: Select to control the types for users’

accessing. By default, these types are all enabled.

Step 3 show user configuration

Verify the security configuration information of the user authentication information and the

access interface.

Step 4 end

Return to privileged EXEC mode.

Step 5 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the type of access control as IP-based. Set the

IP address as 192.168.0.100,set the subnet mask as 255.255.255.0 and make the switch

support snmp, telnet, http and https.

Switch#configure

Switch(config)#user access-control ip-based 192.168.0.100 255.255.255.0 snmp telnet

http https

Switch(config)#show user configuration

Configuration Guide 66

Managing System Access Security Configurations

User authentication mode: IP based

Index IP Address Access Interface

----- ----------------- -------------------------------

1 192.168.0.0/24 SNMP Telnet HTTP HTTPS

Switch(config)#end

Switch#copy running-config startup-config

5.2.2 Configuring the HTTP Function

Follow these steps to configure the HTTP function:

Step 1 configure

Enter global configuration mode.

Step 2 ip http server

Enable the HTTP function. By default, it is enabled.

Step 3 ip http session timeout

minutes

Specify the Session Timeout time. The system will log out automatically if users do nothing

within the Session Timeout time.

minutes

: Specify the timeout time, which ranges from 5 to 30 minutes. The default value is 10.

Step 4 ip http max-users

admin-num

guest-num

Specify the maximum number of users that are allowed to connect to the HTTP server. The

total number of users should be no more than 16.

For T2600G-18TS, the number of Operator, Power User and User can be set respectively.

admin-num

: Enter the maximum number of users whose access level is Admin. The valid values

are from 1 to 16.

guest-num

: Enter the maximum number of users whose access level is Operator, Power User

or User. The valid values are from 0 to 15.

Step 5 show ip http configuration

Verify the configuration information of the HTTP server, including status, session timeout,

access-control, max-user number and the idle-timeout, etc.

Step 6 end

Return to privileged EXEC mode.

Step 7 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the session timeout as 9, set the maximum admin

number as 6, and set the maximum guest number as 5.

Switch#configure

Managing System Access Security Configurations

Configuration Guide 67

Switch(config)#ip http server

Switch(config)#ip http session timeout 9

Switch(config)#ip http max-user 6 5

Switch(config)#show ip http configuration

HTTP Status: Enabled

HTTP Session Timeout: 9

HTTP User Limitation: Enabled

HTTP Max Admin Users: 6

HTTP Max Guest Users: 5

Switch(config)#end

Switch#copy running-config startup-config

5.2.3 Configuring the HTTPS Function

Follow these steps to configure the HTTPS function:

Step 1 configure

Enter global configuration mode.

Step 2 ip http secure-server

Enable the HTTPS function. By default, it is enabled.

Step 3 ip http secure-protocol { [ ssl3 ] [ tls1 ] }

Configure to make the switch support the corresponding protocol. By default, the switch

supports SSLv3 and TLSv1.

ssl3: Enable the SSL version 3 protocol. SSL is a transport protocol. It can provide server

authentication, encryption and message integrity to allow secure HTTP connection.

tls1: Enable the TLS version 1 protocol. TLS is s transport protocol upgraded from SSL. It

supports different encryption algorithm from SSL, so TLS and SSL are not compatible. TLS

can support a more secure connection.

Step 4 ip http secure-ciphersuite { [ 3des-ede-cbc-sha ] [ rc4-128-md5 ] [ rc4-128-sha ] [ des-cbc-

sha ] }

Enable the corresponding ciphersuite. By default, these types are all enabled.

[ 3des-ede-cbc-sha ]: Key exchange with 3DES and DES-EDE3-CBC for message encryption

and SHA for message digest.

[ rc4-128-md5 ]: Key exchange with RC4 128-bit encryption and MD5 for message digest.

[ rc4-128-sha ]: Key exchange with RC4 128-bit encryption and SHA for message digest.

[ des-cbc-sha ]: Key exchange with DES-CBC for message encryption and SHA for message

digest.

Configuration Guide 68

Managing System Access Security Configurations

Step 5 ip http secure-session timeout

minutes

Specify the Session Timeout time. The system will log out automatically if users do nothing

within the Session Timeout time.

minutes

: Specify the timeout time, which ranges from 5 to 30 minutes. The default value is 10.

Step 6 ip http secure-max-users

admin-num guest-num

Specify the maximum number of users that are allowed to connect to the HTTPS server. The

total number of users should be no more than 16.

For T2600G-18TS, the number of Operator, Power User and User can be set respectively.

admin-num

: Enter the maximum number of users whose access level is Admin. The valid value

are from 1 to 16.

guest-num

: Enter the maximum number of users whose access level is Operator, Power User

or User. The valid value are from 0 to 15.

Step 7 ip http secure-server download certificate

ssl-cert

ip-address

ip-addr

Download the desired certificate to the switch from TFTP server.

ssl-cert

: Specify the name of the SSL certificate, which ranges from 1 to 25 characters. The

certificate must be BASE64 encoded. The SSL certificate and key downloaded must match

each other.

ip-addr

: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are

supported.

Step 8 ip http secure-server download key

ssl-key

ip-address

ip-addr

Download the desired key to the switch from TFTP server.

ssl-key

: Specify the name of the key file saved in TFTP server. The key must be BASE64

encoded.

ip-addr

: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are

supported.

Step 9 show ip http secure-server

Verify the global configuration of HTTPS.

Step 10 end

Return to privileged EXEC mode.

Step 11 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to configure the HTTPS function. Enable SSL3 and TLS1

protocol. Enable the ciphersuite of 3des-ede-cbc-sha. Set the session timeout time as 15,

the admin number as 1 and the guest number as 2. Download the certificate named ca.crt

and the key named ca.key from the TFTP server with the IP address 192.168.0.100.

Switch#configure

Switch(config)#ip http secure-server

Switch(config)#ip http secure-protocol ssl3 tls1

Managing System Access Security Configurations

Configuration Guide 69

Switch(config)#ip http secure-ciphersuite 3des-ede-cbc-sha

Switch(config)#ip http secure-session timeout 15

Switch(config)#ip http secure-max-users 1 2

Switch(config)#ip http secure-server download certificate ca.crt ip-address

192.168.0.100

Start to download SSL certificate......

Download SSL certificate OK.

Switch(config)#ip http secure-server download key ca.key ip-address 192.168.0.100

Start to download SSL key......

Download SSL key OK.

Switch(config)#show ip http secure-server

HTTPS Status: Enabled

SSL Protocol Level(s): ssl3 tls1

SSL CipherSuite: 3des-ede-cbc-sha

HTTPS Session Timeout: 15

HTTPS User Limitation: Enabled

HTTPS Max Admin Users: 1

HTTPS Max Guest Users: 2

Switch(config)#end

Switch#copy running-config startup-config

5.2.4 Configuring the SSH Feature

Follow these steps to configure the SSH function:

Step 1 configure

Enter global configuration mode.

Step 2 ip ssh server

Enable the SSH function. By default, it is disabled.

Step 3 ip ssh version { v1 | v2 }

Configure to make the switch support the corresponding protocol. By default, the switch

supports SSHv1 and SSHv3.

v1 | v2: Select to enable the corresponding protocol.

Configuration Guide 70

Managing System Access Security Configurations

Step 4 ip ssh timeout

value

Specify the idle timeout time. The system will automatically release the connection when the

time is up.

value

: Enter the value of the timeout time, which ranges from 1 to 120 seconds. The default

value is 120 seconds.

Step 5 ip ssh max-client

num

Specify the maximum number of the connections to the SSH server. New connection will not

be established when the number of the connections reaches the maximum number you set.

num

: Enter the number of the connections, which ranges from 1 to 5. The default value is 5.

Step 6 ip ssh algorithm { AES128-CBC | AES192-CBC | AES256-CBC | Blowfish-CBC | Cast128-CBC |

3DES-CBC | HMAC-SHA1 | HMAC-MD5 }

Enable the corresponding algorithm. By default, these types are all enabled.

Specify the encryption algorithm you want the switch supports.

HMAC-SHA1 | HMAC-MD5: Specify the data integrity algorithm you want the switch supports.

Step 7 ip ssh download { v1 | v2 }

key-file

ip-address

ip-addr

Select the type of the key file and download the desired file to the switch from TFTP server.

v1 | v2: Select the key type. The algorithm of the corresponding type is used for both key

generation and authentication.

key-file

: Specify the name of the key file saved in TFTP server. Ensure the key length of the

downloaded file is in the range of 512 to 3072 bits.

ip-addr

: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are

supported.

Step 8 show ip ssh

Verify the global configuration of SSH.

Step 9 end

Return to privileged EXEC mode.

Step 10 copy running-config startup-config

Save the settings in the configuration file.

Note:

It will take a long time to download the key file. Please wait without any operation.

The following example shows how to configure the SSH function. Set the version as SSH

V1 and SSH V2. Enable the AES128-CBC and Cast128-CBC encryption algorithm. Enable

the HMAC-MD5 data integrity algorithm. Choose the key type as SSH-2 RSA/DSA.

Switch(config)#ip ssh server

Switch(config)#ip ssh version v1

Managing System Access Security Configurations

Configuration Guide 71

Switch(config)#ip ssh version v2

Switch(config)#ip ssh timeout 100

Switch(config)#ip ssh max-client 4

Switch(config)#ip ssh algorithm AES128-CBC

Switch(config)#ip ssh algorithm Cast128-CBC

Switch(config)#ip ssh algorithm HMAC-MD5

Switch(config)#ip ssh download v2 publickey ip-address 192.168.0.100

Start to download SSH key file......

Download SSH key file OK.

Switch(config)#show ip ssh

Global Config:

SSH Server: Enabled

Protocol V1: Enabled

Protocol V2: Enabled

Idle Timeout: 100

MAX Clients: 4

Encryption Algorithm:

AES128-CBC: Enabled

AES192-CBC: Disabled

AES256-CBC: Disabled

Blowfish-CBC: Disabled

Cast128-CBC: Enabled

3DES-CBC: Disabled

Data Integrity Algorithm:

HMAC-SHA1: Disabled

HMAC-MD5: Enabled

Key Type: SSH-2 RSA/DSA

Key File:

---- BEGIN SSH2 PUBLIC KEY ----

Comment: “dsa-key-20160711”

Configuration Guide 72

Managing System Access Security Configurations

Switch(config)#end

Switch#copy running-config startup-config

5.2.5 Enabling the Telnet Function

Follow these steps enable the Telnet function:

Step 1 configure

Enter global configuration mode.

Step 2 telnet enable

Enable the telnet function. By default, it is enabled.

Step 3 end

Return to privileged EXEC mode.

Step 4 copy running-config startup-config

Save the settings in the configuration file.

Managing System SDM Template Configuration

Configuration Guide 73

6 SDM Template Configuration

SDM Template function is used to configure system resources in the switch to optimize

support for specific features. The switch provides three templates, and the hardware

resources allocation is different. Users can choose one according to how the switch is

used in the network.

6.1 Using the GUI

Choose the menu System > SDM Template to load the following page.

Figure 6-1 Configuring the SDM Template Function

In Select Options section, select one template and click Apply. The setting will be effective

after the reboot.

Current

Template ID

Displays the template currently in effect.

Next Template

Displays the template that will be effective after the reboot.

Select Next

Template

Select the template that will be effective after the next reboot.

default: Select the template of default. It gives balance to the IP ACL rules, MAC ACL

rules and ARP detection entries.

enterpriseV4: Select the template of enterpriseV4. It maximizes system resources for

IP ACL rules and MAC ACL rules.

enterpriseV6: Select the template of enterpriseV6. It allocates resources to IPv6 ACL

rules.

Configuration Guide 74

Managing System SDM Template Configuration

The Template Table displays the resources allocation of each template.

SDM Template Displays the name of the templates.

IP ACL Rules Displays the number of IP ACL Rules including Lay3 ACL Rules and Lay4 ACL Rules.

MAC ACL Rules Displays the number of Lay2 ACL Rules.

COMBINED ACL

Rules

Displays the number of combined ACL rules.

IPv6 ACL Rules Displays the number of IPv6 ACL rules.

ARP Detection

Entries

Displays the number of TCAM entries for ARP defend.

IPv6 Source

Guard Entries

Displays the number of IPv6 source guard entries.

6.2 Using the CLI

Follow these steps to configure the SDM template function:

Step 1 configure

Enter global configuration mode.

Step 2 show sdm prefer { used | default | enterpriseV4 | enterpriseV6 }

View the template table to select the desired template.

used: Displays the resource allocation of the current template.

default: Displays the resource allocation of the default template.

enterpriseV4: Displays the resource allocation of the enterpriseV4 template.

enterpriseV6: Displays the resource allocation of the enterpriseV6 template.

Step 3 sdm prefer { default | enterpriseV4 | enterpriseV6 }

Select the template that will be effective after the next reboot.

default: Select the template of default. It gives banlance to the IP ACLrules, MAC ACL rules and

ARP detection entries.

enterpriseV4: Select the template of enterpriseV4. It maximizes system resources for IP ACL

rules and MAC ACL rules.

enterpriseV6: Select the template of enterpriseV4. It allocates resources to IPv6 ACL rules.

Step 4 end

Return to privileged EXEC mode.

Managing System SDM Template Configuration

Configuration Guide 75

Step 5 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the SDM template as enterpriseV4.

Switch#config

Switch(config)#show sdm prefer enterpriseV4

“enterpriseV4” template:

number of IP ACL Rules : 360

number of MAC ACL Rules : 230

number of Combined ACL Rules : 50

number of IPV6 ACL Rules : 0

number of IPV6 Source Guard Entries : 0

number of ARP Detection Entries : 7

Switch(config)#sdm prefer enterpriseV4

Switch to “enterpriseV4” tempale.

Changes to the running SDM preferences have been stored, but cannot take effect until

reboot the switch.

Switch(config)#end

Switch#copy running-config startup-config

Configuration Guide 76

Managing System Appendix: Default Parameters

7 Appendix: Default Parameters

Default settings of System Info are listed in the following tables.

Table 7-1 Default Settings of Device Description Configuration

Parameter Default Setting

Device Name The model name

of the switch.

Device Location SHENZHEN

System Contact www.tp-link.com

Table 7-2 Default Settings of System Time Configuration

Parameter Default Setting

Time Source Manual

System Time 2006-01-01

08:01:56 Sunday

Table 7-3 Default Settings of Daylight Saving Time Configuration

Parameter Default Setting

DST status Disabled

Default settings of User Management are listed in the following table.

Table 7-4 Default Settings of User Configuration

Parameter Default Setting

User Name admin

Password admin

Access Level Admin

Default settings of System Tools are listed in the following table.

Table 7-5 Default Settings of Boot Configuration

Parameter Default Setting

Current Startup Image image1.bin

Next Startup Image image1.bin

Backup Image image2.bin

Managing System Appendix: Default Parameters

Configuration Guide 77

Default settings of Access Security are listed in the following tables.

Table 7-6 Default Settings of Access Control Configuration

Parameter Default Setting

Control Mode Disabled

Table 7-7 Default Settings of HTTP Configuration

Parameter Default Setting

HTTP Enabled

Session Timeout 10 minutes

Number Control Disabled

Table 7-8 Default Settings of HTTPS Configuration

Parameter Default Setting

HTTPS Enabled

SSL Version 3 Enabled

TLS Version 1 Enabled

RSA_WITH_RC4_128_MD5 Enabled

RSA_WITH_RC4_128_SHA Enabled

RSA_WITH_DES_CBC_SHA Enabled

RSA_WITH_3DES_EDE_CBC_

SHA

Enabled

Session Timeout 10 minutes

Number Control Disabled

Table 7-9 Default Settings of SSH Configuration

Parameter Default Setting

SSH Disabled

Protocol V1 Enabled

Protocol V2 Enabled

Idle Timeout 120 seconds

Max Connect 5

AES128-CBC Enabled

AES192-CBC Enabled

AES256-CBC Enabled

Blowfish-CBC Enabled

Cast128-CBC Enabled

3DES-CBC Enabled

Configuration Guide 78

Managing System Appendix: Default Parameters

Parameter Default Setting

HMAC-SHA1 Enabled

HMAC-MD5 Enabled

Key Type: SSH-2 RSA/DSA

Table 7-10 Default Settings of Telnet Configuration

Parameter Default Setting

Control Mode Enabled

Default settings of SDM Template are listed in the following table.

Table 7-11 Default Settings of SDM Template Configuration

Parameter Default Setting

Current Template ID Default

Next Template ID Default

Table 7-12 Default Settings of Device Description Configuration

Parameter Default Setting

Auto Install Mode Stop

Auto Install Persistent Mode Disable

Auto Save Mode Enable

Auto Reboot Mode Disable

Auto Install Retry Count 1

Part 3

Managing Physical

Interfaces

CHAPTERS

1. Physical Interface

2. Basic Parameters Configurations

3. Port Mirror Configuration

4. Port Security Configuration

5. Port Isolation Configurations

6. Loopback Detection Configuration

7. Configuration Examples

Configuration Guide 80

Managing Physical Interfaces Physical Interface

1 Physical Interface

1.1 Overview

Interfaces of a device are used to exchange data and interact with other network devices.

Interfaces are classified into physical interfaces and logical interfaces.

Physical interfaces are the ports on the front panel or rear panel of the switch.

Logical interfaces are manually configured and do not physically exist, such as

loopback interfaces and routing interfaces.

This chapter introduces the configurations for physical interfaces.

1.2 Supported Features

The switch supports the following features about physical interfaces:

Basic Parameters

You can configure port status, speed mode, duplex mode, flow control and other basic

parameters for ports.

Port Mirror

This function allows the switch to forward packet copies of the monitored ports to a

specific monitoring port. Then you can analyze the copied packets to monitor network

traffic and troubleshoot network problems.

Port Security

You can use this feature to limit the number of MAC addresses that can be learned on each

port, thus preventing the MAC address table from being exhausted by the attack packets.

Port Isolation

You can use this feature to restrict a specific port to send packets to only the ports in the

forward-port list that you configure.

Loopback Detection

This function allows the switch to detect loops in the network. When a loop is detected on a

port, the switch will send a trap message, generate an entry on the log file and further block

the corresponding port according to your configurations.

Managing Physical Interfaces Basic Parameters Configurations

Configuration Guide 81

2 Basic Parameters Configurations

2.1 Using the GUI

Choose the menu Switching > Port > Port Config to load the following page.

Figure 2-1 Configuring Basic Parameters

Follow these steps to set basic parameters for ports:

Select and configure your desired ports or LAGs. Then click Apply.

UNIT:1/LAGS Click 1 to configure physical ports. Click LAGS to configure LAGs.

Type Displays the port type. Copper indicates an Ethernet port, and SFP or SFP+ indicates

a fiber port.

Description Give a port description for identification.

Status With this option enabled, the port forwards packets normally. Otherwise, the port

discards all the received packets. By default, it is enabled.

Speed Select the appropriate speed mode for the port. When Auto is selected, the port

autonegotiates speed mode with the connected device. The default setting is Auto.

This value is recommended if both ends of the line support auto-negotiation.

Duplex Select the appropriate duplex mode for the port. There are three options: Half, Full

and Auto. When Auto is selected, the port autonegotiates duplex mode with the

connected device. The default setting is Auto.

Configuration Guide 82

Managing Physical Interfaces Basic Parameters Configurations

Flow Control With this option enabled, the switch synchronizes the data transmission speed with

the peer device, thus avoiding the packet loss caused by congestion. By default, it is

disabled.

Jumbo With this option enabled, the port can send jumbo frames. The default MTU (Maximum

Transmission Unit) size for frames received and sent on all ports is 1518 bytes. For

the port with Jumbo enabled, the MTU size is up to 9216 bytes, thus allowing the port

to send jumbo frames. By default, it is disabled.

For T2600G-18TS, you can set the value of the jumbo frame globally as needed. The

valid values are from 1518 to 9216 bytes, and the default is 1518 bytes.

Note:

We recommend that you set the ports on both ends of a link as the same speed and duplex mode.

2.2 Using the CLI

Follow these steps to set basic parameters for the ports.

Step 1 configure

Enter global configuration mode.

Step 2 jumbo-size

size

(For T2600G-18TS)

Change the MTU (Maximum Transmission Unit) size globally to support jumbo frames.

size

: Specify the size of MTU (Maximum Transmission Unit) ranging from 1518 to 9216

bytes. The default value is 1518.

Step 3 interface { fastEthernet

port

| range fastEthernet port-list | gigabitEthernet

port

| range

gigabitEthernet

port-list

port-channel

port-channel-id

range port-channel

port-channel-

id-list

}

Enter interface configuration mode.

Managing Physical Interfaces Basic Parameters Configurations

Configuration Guide 83

Step 4 Configure basic parameters for the port:

description

string

Give a port description for identification.

string

: Content of a port description, ranging from 1 to 16 characters.

shutdown

no shutdown

Use shutdown to disable the port, and use no shutdown to enable the port. When the

status is enabled, the port can forward packets normally, otherwise it will discard the

received packets. By default, all ports are enabled.

speed { 10 | 100 | 1000 | auto }

Set the appropriate speed mode for the port.

10 | 100 | 1000 | auto: Speed mode of the port. The options are subject to your actual

product. The device connected to the port should be in the same speed and duplex

mode with the port. When auto is selected, the speed mode will be determined by auto

negotiation.

duplex { auto | full | half }

Set the appropriate duplex mode for the port.

auto | full | half: Duplex mode of the port. The device connected to the port should be in the

same speed and duplex mode with the port. When auto is selected, the duplex mode will be

determined by auto negotiation.

flow-control

Enable the switch to synchronize the data transmission speed with the peer device,

avoiding the packet loss caused by congestion. By default, this feature is disabled.

jumbo

(Except T1600G-18TS)

Enable Jumbo on the port. For the port with Jumbo enabled, the MTU size is up to 9216

bytes, thus allowing the port to send jumbo frames. By default, it is disabled and the MTU

size for frames received and sent on the port is 1518 bytes.

Step 5 show interface configuration [ fastEthernet

port

| gigabitEthernet

port

| port-channel

port-channel-id

]

Verify the configuration of the port or LAG.

Step 6 end

Return to privileged EXEC mode.

Step 7 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to implement the basic configurations of port1/0/1,

including setting a description for the port, making the port autonegotiate speed and

duplex with the neighboring port, and enabling the flow-control and jumbo feature:

Switch#configure

Configuration Guide 84

Managing Physical Interfaces Basic Parameters Configurations

Switch(config)#interface gigabitEthernet 1/0/1

Switch(config-if)#no shutdown

Switch(config-if)#description router connection

Switch(config-if)#speed auto

Switch(config-if)#duplex auto

Switch(config-if)#flow-control

Switch(config-if)#jumbo

Switch(config-if)#show interface configuration gigabitEthernet 1/0/1

Port State Speed Duplex FlowCtrl Jumbo Description

-------- ----- -------- ------ -------- -------- -----------

Gi1/0/1 Enable Auto Auto Enable Enable router connection

Switch(config-if)#end

Switch#copy running-config startup-config

Managing Physical Interfaces Port Mirror Configuration

Configuration Guide 85

3 Port Mirror Configuration

3.1 Using the GUI

Choose the menu Switching > Port > Port Mirror to load the following page.

Figure 3-1 Mirror Session List

The above page displays a mirror session, and no more session can be created. Click Edit

to configure this mirror session on the following page.

Configuration Guide 86

Managing Physical Interfaces Port Mirror Configuration

Figure 3-2 Configuring Port Mirror

Follow these steps to configure Port Mirror:

1) In the Destination Port section, specify a monitoring port for the mirror session, and

click Apply.

2) In the Source Port section, select one or multiple monitored ports for configuration.

Then set the parameters and click Apply.

UNIT:1/LAGS Click 1 to select physical ports. Click LAGS to select LAGs.

Ingress With this option enabled, the packets received by the monitored port will be

copied to the monitoring port. By default, it is disabled.

Egress With this option enabled, the packets sent by the monitored port will be copied to

the monitoring port. By default, it is disabled.

Managing Physical Interfaces Port Mirror Configuration

Configuration Guide 87

Note:

• The member port of an LAG cannot be set as a monitoring port or monitored port.

• A port cannot be set as the monitoring port and monitored port at the same time.

3.2 Using the CLI

Follow these steps to configure Port Mirror.

Step 1 configure

Enter global configuration mode.

Step 2 monitor session

session_num

destination interface { fastEthernet

port

| gigabitEthernet

port

}

Enable the port mirror function and set the monitoring port.

session_num:

The monitor session number. It can only be specified as 1.

port

: The monitoring port number. You can specify only one monitoring port for the mirror

session.

Step 3 monitor session

session_num

source interface { fastEthernet

port-list

| gigabitEthernet

port-list

| port-channel

port-channel-id

}

mode

Set the monitored ports.

session_num

: The monitor session number. It can only be specified as 1.

port-list:

List of monitored port. It is multi-optional.

mode

: The monitor mode. There are three options: rx, tx and both:

rx: The incoming packets of the monitored port will be copied to the monitoring port.

tx: The outgoing packets of the monitored port will be copied to the monitoring port.

both: Both of the incoming and outgoing packets on monitored port can be copied to the

monitoring port.

Step 4 show monitor session

Verify the Port Mirror configuration.

Step 5 end

Return to privileged EXEC mode.

Step 6 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to copy the received and transmitted packets on port

1/0/1,2,3 to port 1/0/10.

Switch#configure

Switch(config)#monitor session 1 destination interface gigabitEthernet 1/0/10

Switch(config)#monitor session 1 source interface gigabitEthernet 1/0/1-3 both

Switch(config)#show monitor session

Monitor Session: 1

Configuration Guide 88

Managing Physical Interfaces Port Mirror Configuration

Destination Port: Gi1/0/10

Source Ports(Ingress): Gi1/0/1-3

Source Ports(Egress): Gi1/0/1-3

Switch(config-if)#end

Switch#copy running-config startup-config

Managing Physical Interfaces Port Security Configuration

Configuration Guide 89

4 Port Security Configuration

4.1 Using the GUI

Choose the menu Switching > Port > Port Security to load the following page.

Figure 4-1 Port Security

Follow these steps to configure Port Security:

1) Select one or multiple ports for security configuration.

2) Specify the maximum number of the MAC addresses that can be learned on the port,

and then select the learn mode of the MAC addresses.

Max Learned MAC Specify the maximum number of MAC addresses that can be learned on the

port. When the learned MAC address number reaches the limit, the port will

stop learning. The default value is 64.

Learned Num Displays the number of MAC addresses that have been learned on the port.

Configuration Guide 90

Managing Physical Interfaces Port Security Configuration

Learn Mode Select the learn mode of the MAC addresses on the port. Three modes are

provided:

Dynamic: The switch will delete the MAC addresses that are not used or

updated within the aging time. It is the default setting.

Static: The learned MAC addresses are out of the influence of the aging time

and can only be deleted manually. The learned entries will be cleared after the

switch is rebooted.

Permanent: The learned MAC addresses are out of the influence of the aging

time and can only be deleted manually. The learned entries will be saved even

the switch is rebooted.

3) Select the status of the port security feature.

Status Select the status of Port Security. Three kinds of status can be selected:

Drop: When the number of learned MAC addresses reaches the limit, the port

will stop learning and discard the packets with the MAC addresses that have

not been learned.

Forward: When the number of learned MAC addresses reaches the limit, the

port will stop learning but send the packets with the MAC addresses that have

not been learned.

Disable: The number limit on the port is not effective, and the switch follows the

original forwarding rules. It is the default setting.

4) Click Apply.

Note:

• Port Security cannot be enabled on the member port of a LAG, and the port with Port Security

enabled cannot be added to a LAG.

• On one port, Port Security and 802.1X cannot be enabled at the same time.

4.2 Using the CLI

Follow these steps to configure Port Security:

Step 1 configure

Enter global configuration mode.

Step 2 interface { fastEthernet

port

| range fastEthernet

port-list

gigabitEthernet

port

range

gigabitEthernet

port-list

}

Enter interface configuration mode.

Managing Physical Interfaces Port Security Configuration

Configuration Guide 91

Step 3 mac address-table max-mac-count { [max-number

num

] [mode { dynamic | static |

permanent } ] [ status { forward | drop | disable } ] }

Enable the port security feature of the port and configure the related parameters.

num

: The maximum number of MAC addresses that can be learned on the port. The valid

values are from 0 to 64. The default value is 64.

mode: Learn mode of the MAC address. There are three modes:

dynamic: The switch will delete the MAC addresses that are not used or updated within the

aging time.

static: The learned MAC addresses are out of the influence of the aging time and can only

be deleted manually. The learned entries will be cleared after the switch is rebooted.

permanent: The learned MAC address is out of the influence of the aging time and can only

be deleted manually. The learned entries will be saved even the switch is rebooted.

status: Status of port security feature. By default, it is disabled.

drop: When the number of learned MAC addresses reaches the limit, the port will stop

learning and discard the packets with the MAC addresses that have not been learned.

forward: When the number of learned MAC addresses reaches the limit, the port will stop

learning but send the packets with the MAC addresses that have not been learned.

disable: The number limit on the port is not effective, and the switch follows the original

forwarding rules. It is the default setting.

Step 4 show mac address-table max-mac-count interface { fastEthernet

port

| gigabitEthernet

port

}

Verify the Port Security configuration and the current learned MAC addresses of the port.

Step 5 end

Return to privileged EXEC mode.

Step 6 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the maximum number of MAC addresses that can

be learned on port 1/0/1 as 30 and configure the mode as permanent and the status as

drop:

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/1

Switch(config-if)#mac address-table max-mac-count max-number 30 mode permanent

status drop

Switch(config-if)#show mac address-table max-mac-count interface gigabitEthernet

1/0/1

Port Max-learn Current-learn Mode Status

---- --------- ----------- ------ ------

Gi1/0/1 30 0 permanent drop

Configuration Guide 92

Managing Physical Interfaces Port Security Configuration

Switch(config-if)#end

Switch#copy running-config startup-config

Managing Physical Interfaces Port Isolation Configurations

Configuration Guide 93

5 Port Isolation Configurations

5.1 Using the GUI

Choose the menu Switching > Port > Port Isolation to load the following page.

Figure 5-1 Port Isolation List

The above page displays the port isolation list. Click Edit to configure Port Isolation on the

following page.

Configuration Guide 94

Managing Physical Interfaces Port Isolation Configurations

Figure 5-2 Port Isolation

Follow these steps to configure Port Isolation:

1) In the Port section, select one or multiple ports to be isolated.

2) In the Forward Portlist section, select the forward ports or LAGs which the isolated

ports can only communicate with. It is multi-optional.

3) Click Apply.

5.2 Using the CLI

Follow these steps to configure Port Isolation:

Step 1 configure

Enter global configuration mode.

Step 2 interface { fastEthernet

port

| range fastEthernet

port-list

| gigabitEthernet

port

| range

gigabitEthernet

port-list

}

Enter interface configuration mode.

Step 3 port isolation { [gi-forward-list

gi-forward-list

] [ po-forward-list

po-forward-list

] }

Specify ports or LAGs to the forward list of the specific port which can only communicate

with the forward ports or LAGs. It is multi-optional.

gi-forward-list

: The list of Ethernet ports.

po-forward-list:

The list of LAGs.

Step 4 show port isolation interface { fastEthernet

port

| gigabitEthernet

port

}

Verify the Port Isolation configuration of the specified port.

Step 5 end

Return to privileged EXEC mode.

Managing Physical Interfaces Port Isolation Configurations

Configuration Guide 95

Step 6 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to add ports 1/0/1-3 and LAG 4 to the forward list of port

1/0/5:

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/5

Switch(config-if)#port isolation gi-forward-list 1/0/1-3 po-forward-list 4

Switch(config-if)#show port isolation interface gigabitEthernet 1/0/5

Port LAG Forward-List

---- --- -----------------------

Gi1/0/5 N/A Gi1/0/1-3,Po4

Switch(config-if)#end

Switch#copy running-config startup-config

Configuration Guide 96

Managing Physical Interfaces Loopback Detection Configuration

6 Loopback Detection Configuration

6.1 Using the GUI

To avoid broadcast storm, we recommend that you enable storm control before loopback

detection is enabled. For detailed introductions about storm control, refer to Configuring

QoS

Choose the menu Switching > Port > Loopback Detection to load the following page.

Figure 6-1 Loopback Detection

Follow these steps to configure loopback detection:

1) In the Global Config section, enable loopback detection and configure the global

parameters. Then click Apply.

Loopback

Detection Status

Enable loopback detection globally.

Detection

Interval

Set the interval of sending loopback detection packets.

The valid values are from 1 to 1000 seconds and the default value is 30 seconds.

Managing Physical Interfaces Loopback Detection Configuration

Configuration Guide 97

Automatic

Recovery Time

Set the recovery time globally, after which the blocked port/VLAN in Auto

Recovery mode can automatically recover to normal status.

The valid values are from 60 to 1000000 seconds and the default value is 90

seconds.

Web Refresh

Status

With this option enabled, the switch refreshes the web timely. By default, it is

disabled.

Web Refresh

Interval

If you enabled web refresh, set the refresh interval between 3 and 100 seconds.

The default value is 6 seconds.

2) In the Port Config section, select one or multiple ports for configuration. Then set the

parameters and click Apply.

Status Enable loopback detection for the port.

Operation Mode Select the operation mode when a loop is detected on the port:

Alert: When a loop is detected, the switch will send a trap message and generate

an entry on the log file. It is the default setting.

Port Based: When a loop is detected, the switch will send a trap message and

generate an entry on the log file. In addition, the switch will totally block the port

on which the loop is detected and no packets can pass through the port.

VLAN Based: When a loop is detected, the switch will send a trap message and

generate an entry on the log file. In addition, the switch will block the VLAN in

which the loop is detected and only the packets of the blocked VLAN cannot

pass through the port.

Recovery Mode If you select Port Based or VLAN Based as the operation mode, you also need to

configure the recovery mode for the blocked port/VLAN:

Auto: The blocked port/VLAN will automatically recover to normal status after the

automatic recovery time. It is the default setting.

Manual: You need to manually release the blocked port/VLAN. Click the Recover

button to release the corresponding port/VLAN.

3) View the loopback detection information on this page.

Loop Status Displays whether a loop is detected on the port.

Block Status Displays whether the port is blocked.

Block VLAN Click Detail to view the information about the blocked VLAN.

Configuration Guide 98

Managing Physical Interfaces Loopback Detection Configuration

6.2 Using the CLI

Follow these steps to configure Loopback Detection:

Step 1 configure

Enter global configuration mode.

Step 2 loopback-detection

Enable the loopback detection feature globally. By default, it is disabled.

Step 3 loopback-detection interval

interval-time

Set the interval of sending loopback detection packets which is used to detect the loops in

the network.

interval-time:

The interval of sending loopback detection packets. The valid values are from

1 to 1000 seconds. By default, the value is 30 seconds.

Step 4 loopback-detection recovery-time

recovery-time

Set the recovery time, after which the blocked port in Auto Recovery mode can

automatically recover to normal status.

recovery-time

: It is integral times of detection interval, ranging from 1 to 100. The default

value is 3.

Step 5 interface {

fastEthernet

port

| range fastEthernet

port-list

| gigabitEthernet

port

| range

gigabitEthernet

port-list

}

Enter interface configuration mode.

Step 6 loopback-detection

Enable loopback detection of the port. By default, it is disabled.

Step 7 loopback-detection config process-mode { alert | port-based | vlan-based } [ recovery-

mode { auto | manual } ]

Set the process mode when a loopback is detected on the port. There are three modes:

alert: When a loop is detected, the switch will send a trap message and generate an entry on

the log file. It is the default setting.

port-based: When a loop is detected, the switch will send a trap message and generate an

entry on the log file. In addition, the switch will totally block the port on which the loop is

detected and no packets can pass through the port.

vlan-based: When a loop is detected, the switch will send a trap message and generate an

entry on the log file. In addition, the switch will block the VLAN in which the loop is detected

and only the packets of the blocked VLAN cannot pass through the port.

Set the recovery mode for the blocked port. There are two modes:

auto: After the recovery time, the blocked port/VLAN will automatically recover to normal

status and restart to detect loops in the network.

manual: The blocked port/VLAN can only be released manually. You can use the command

loopback-detection recover under interface configuration mode to recover the blocked

port/VLAN to normal status.

Step 9 show loopback-detection global

Verify the global configuration of Loopback Detection.

Managing Physical Interfaces Loopback Detection Configuration

Configuration Guide 99

Step 10 show loopback-detection interface {

fastEthernet

port

| gigabitEthernet

port

}

Verify the Loopback Detection configuration of the specified port.

Step 11 end

Return to privileged EXEC mode.

Step 12 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable loopback detection globally (keeping the

default parameters):

Switch#configure

Switch(config)#loopback-detection

Switch(config)#show loopback-detection global

Loopback detection global status : enable

Loopback detection interval : 30 s

Loopback detection recovery time : 90 s

Switch(config-if)#end

Switch#copy running-config startup-config

The following example shows how to enable loopback detection of port 1/0/3 and set the

process mode as alert and recovery mode as auto:

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/3

Switch(config-if)#loopback-detection

Switch(config-if)#loopback-detection config process-mode alert recovery-mode auto

Switch(config-if)#show loopback-detection interface gigabitEthernet 1/0/3

Port Enable Process Mode Recovery Mode Loopback Block LAG

---- ------ ------------ ------------- -------- ----- ----

Gi1/0/3 enable alert auto N/A N/A N/A

Switch(config-if)#end

Switch#copy running-config startup-config

Configuration Guide 100

Managing Physical Interfaces Configuration Examples

7 Configuration Examples

7.1 Example for Port Mirror

7.1.1 Network Requirements

As shown below, several hosts and a network analyzer are directly connected to the switch.

For network security and troubleshooting, the network manager needs to use the network

analyzer to monitor the data packets from the end hosts.

Figure 7-1 Network Topology

Switch

Network Analyzer

Hosts

Gi1/0/2-5 Gi1/0/1

7.1.2 Configuration Scheme

To implement this requirement, you can configure port mirror to copy the packets from

ports 1/0/2-5 to port 1/0/1. The overview of configuration is as follows:

1) Specify ports 1/0/2-5 as the source ports, allowing the switch to copy the packets from

the hosts.

2) Specify port 1/0/1 as the destination port so that the network analyzer can receive

mirrored packets from the hosts.

Demonstrated with T2600G-52TS, the following sections provide configuration procedure

in two ways: using the GUI and using the CLI.

7.1.3 Using the GUI

1) Choose the menu Switching > Port > Port Mirror to load the following page. It displays

the information of the mirror session.

Managing Physical Interfaces Configuration Examples

Configuration Guide 101

Figure 7-2 Mirror Session List

2) Click Edit on the above page to load the following page. In the Destination Port section,

select port 1/0/1 as the monitoring port and click Apply.

Figure 7-3 Destination Port Configuration

3) In the Source Port section, select ports 1/0/2-5 as the monitored ports, and enable

Ingress and Egress to allow the received and sent packets to be copied to the

monitoring port. Then click Apply.

Figure 7-4 Source Port Configuration

4) Click Save Config to save the settings.

Configuration Guide 102

Managing Physical Interfaces Configuration Examples

7.1.4 Using the CLI

Switch#configure

Switch(config)#monitor session 1 destination interface gigabitEthernet 1/0/1

Switch(config)#monitor session 1 source interface gigabitEthernet 1/0/2-5 both

Switch(config)#end

Switch#copy running-config startup-config

Verify the Configuration

Switch#show monitor session 1

Monitor Session: 1

Destination Port: Gi1/0/1

Source Ports(Ingress): Gi1/0/2-5

Source Ports(Egress): Gi1/0/2-5

7.2 Example for Port Isolation

7.2.1 Network Requirements

As shown below, three hosts and a server are connected to the switch and all belong to

VLAN 10. With the VLAN configuration unchanged, Host A is not allowed to communicate

with the other hosts except the server, even if the MAC address or IP address of Host A is

changed.

Figure 7-5 Network Topology

VLAN 10

Switch

Gi1/0/1

Gi1/0/2

Gi1/0/4

Gi1/0/3

Host A Host B Host C Server

Managing Physical Interfaces Configuration Examples

Configuration Guide 103

7.2.2 Configuration Scheme

You can configure port isolation to implement the requirement. Set 1/0/4 as the only

forwarding port for port 1/0/1, thus forbidding Host A to forward packets to the other

hosts.

Demonstrated with T2600G-52TS, the following sections provide configuration procedure

in two ways: using the GUI and using the CLI.

7.2.3 Using the GUI

1) Choose the menu Switching > Port > Port Isolation to load the following page. It

displays the port isolation list.

Figure 7-6 Port Isolation List

2) Click Edit on the above page to load the following page. Select port 1/0/1 as the

isolated port, and select port 1/0/4 as the forwarding port. Click Apply.

Configuration Guide 104

Managing Physical Interfaces Configuration Examples

Figure 7-7 Port Isolation Configuration

3) Click Save Config to save the settings.

7.2.4 Using the CLI

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/1

Switch(config-if)#port isolation gi-forward-list 1/0/4

Switch(config-if)#end

Switch#copy running-config startup-config

Verify the Configuration

Switch#show port isolation interface

Port LAG Forward-List

---- --- ------------

Gi1/0/1 N/A Gi1/0/4

Gi1/0/2 N/A Gi1/0/1-52,Po1-14

Gi1/0/3 N/A Gi1/0/1-52,Po1-14

......

Managing Physical Interfaces Configuration Examples

Configuration Guide 105

7.3 Example for Loopback Detection

7.3.1 Network Requirements

As shown below, Switch A is a convergence-layer switch connecting several access-

layer switches. Loops can be easily caused in case of misoperation on the access-

layer switches. If there is a loop on an access-layer switch, broadcast storms will occur

on Switch A or even in the entire network, creating excessive traffic and degrading the

network performance.

To reduce the impacts of broadcast storms, users need to detect loops in the network via

Switch A and timely block the port on which a loop is detected.

Figure 7-8 Network Topology

Switch A

Management Host

Access-layer Switches

Gi1/0/1

Gi1/0/2

Loop

Gi1/0/3

7.3.2 Configuration Scheme

Enable loopback detection on ports 1/0/1-3 and configure SNMP to receive the

notifications. For detailed instructions about SNMP, refer to Configuring SNMP & RMON.

Here we introduce how to configure loopback detection and monitor the detection result

on the management interface of the switch.

Demonstrated with T2600G-52TS, the following sections provide configuration procedure

in two ways: using the GUI and using the CLI.

7.3.3 Using the GUI

1) Choose the menu Switching > Port > Loopback Detection to load the configuration

page.

2) In the Global Config section, enable loopback detection and web refresh globally. Keep

the default parameters and click Apply.

Configuration Guide 106

Managing Physical Interfaces Configuration Examples

Figure 7-9 Global Configuration

3) In the Port Config section, enable ports 1/0/1-3, select the operation mode as Port

based so that the port will be blocked when a loop is detected, and keep the recovery

mode as Auto so that the port will recover to normal status after the automatic recovery

time. Click Apply.

Figure 7-10 Port Configuration

4) Monitor the detection result on the above page. The Loop status and Block status are

displayed on the right side of ports.

7.3.4 Using the CLI

1) Enable loopback detection globally and configure the detection interval and recovery

time.

Switch#configure

Switch(config)#loopback-detection

Switch(config)#loopback-detection interval 30

Switch(config)#loopback-detection recovery-time 90

2) Enable loopback detection on ports 1/0/1-3 and set the process mode and recovery

mode.

Switch(config)#interface range gigabitEthernet 1/0/1-3

Managing Physical Interfaces Configuration Examples

Configuration Guide 107

Switch(config-if)#loopback-detection

Switch(config-if)#loopback-detection config process-mode port-based recovery-mode

auto

Switch(config-if)#end

Switch#copy running-config startup-config

Verify the Configuration

Verify the global configuration:

Switch#show loopback-detection global

Loopback detection global status : enable

Loopback detection interval: 30 s

Loopback detection recovery time : 90 s

Verify the loopback detection configuration on ports:

Switch#show loopback-detection interface

Port Enable Process Mode Recovery Mode Loopback Block LAG

---- -------- ----------------- ------------ ------------ -- ---- -----

Gi1/0/1 enable port-based auto N/A N/A N/A

Gi1/0/2 enable port-based auto N/A N/A N/A

Gi1/0/3 enable port-based auto N/A N/A N/A

...

Configuration Guide 108

Managing Physical Interfaces Appendix: Default Parameters

8 Appendix: Default Parameters

Default settings of Switching are listed in th following tables.

Table 8-1 Configurations for Ports

Parameter Default Setting

Port Config

Type Copper

Status Enable

Speed Auto

Duplex Auto

Flow Control Disable

Jumbo Disable

Port Mirror

Ingress Disable

Egress Disable

Port Security

Max Learned MAC 64

Learned Num 0

Learned Mode Dynamic

Status Disable

Loopback Detection

Status

Disable

Detection Interval 30 seconds

Automatic Recovery Time 90 seconds

Web Refresh Status Disable

Web Refresh Interval 6 seconds

Managing Physical Interfaces Appendix: Default Parameters

Configuration Guide 109

Parameter Default Setting

Port Status Disable

Operation mode Alert

Recovery mode Auto

Part 4

Configuring LAG

CHAPTERS

1. LAG

2. LAG Configuration

3. Configuration Example

4. Appendix: Default Parameters

Configuring LAG LAG

Configuration Guide 111

1 LAG

1.1 Overview

With LAG (Link Aggregation Group) function, you can aggregate multiple physical ports into

a logical interface to increase link bandwidth and configure the backup ports to enhance

the connection reliability.

1.2 Supported Features

You can configure LAG in two ways: static LAG and LACP (Link Aggregation Control

Protocol).

Static LAG

The member ports are manually added to the LAG.

LACP

The switch uses LACP to implement dynamic link aggregation and disaggregation

by exchanging LACP packets with its partner. LACP extends the flexibility of the LAG

configuration.

Configuration Guide 112

Configuring LAG LAG Configuration

2 LAG Configuration

To complete LAG configuration, follow these steps:

1) Configure the global load-balancing algorithm.

2) Configure Static LAG or LACP.

Configuration Guidelines

Ensure that both ends of the aggregation link work in the same LAG mode. For example,

if the local end works in LACP mode, the peer end should be set as LACP mode.

Ensure that devices on both ends of the aggregation link use the same number of

physical ports with the same speed, duplex, jumbo and flow control mode.

A port cannot be added to more than one LAG at the same time.

LACP does not support half-duplex links.

One static LAG supports up to eight member ports. All the member ports share the

traffic evenly. If an active link fails, the other active links share the traffic evenly.

One LACP LAG supports more than eight member ports, but at most eight of them can

be active. Using LACP protocol, the switches negotiate parameters and determine

the active ports. When an active link fails, the link with the highest priority among the

inactive links will replace the faulty link and start to forward data.

For the functions like IGMP Snooping, 802.1Q VLAN, MAC VLAN, Protocol VLAN, VLAN-

VPN, GVRP, Voice VLAN, STP, QoS, DHCP Snooping and Flow-Control, the member pot

of an LAG follows the configuration of the LAG but not its own. The configurations of

the port can take effect only after it leaves the LAG.

The port which is enabled with Port Security, Port Mirror, MAC Address Filtering or

802.1X cannot be added to LAG, and the member port of an LAG cannot be enabled

with these functions.

Configuring LAG LAG Configuration

Configuration Guide 113

2.1 Using the GUI

2.1.1 Configuring Load-balancing Algorithm

Choose the menu Switching > LAG > LAG Table to load the following page.

Figure 2-1 Global Config

In the Global Config section, select the load-balancing algorithm. Click Apply.

Hash Algorithm Select the Hash Algorithm, based on which the switch can choose the port to send

the received packets. In this way, different data flows are forwarded on different

physical links to implement load balancing. There are six options:

SRC MAC: The computation is based on the source MAC addresses of the packets.

DST MAC: The computation is based on the destination MAC addresses of the

packets.

SRC MAC+DST MAC: The computation is based on the source and destination MAC

addresses of the packets.

SRC IP: The computation is based on the source IP addresses of the packets.

DST IP: The computation is based on the destination IP addresses of the packets.

SRC IP+DST IP: The computation is based on the source and destination IP

addresses of the packets.

Tips:

Load-balancing algorithm is effective only for outgoing traffic. If the data stream is not

well shared by each link, you can change the algorithm of the outgoing interface.

Please properly choose the load-balancing algorithm to avoid data stream transferring

only on one physical link. For example, Switch A receives packets from several hosts

and forwards them to the Server with the fixed MAC address and IP address, you can

set the algorithm as “SRC MAC+SRC IP” to allow Switch A to determine the forwarding

port based on the source MAC addresses and source IP addresses of the received

packets.

Configuration Guide 114

Configuring LAG LAG Configuration

Figure 2-2 Hash Algorithm Configuration

Switch A Switch B

Hosts Server

2.1.2 Configuring Static LAG or LACP

For one port, you can choose only one LAG mode: Static LAG or LACP. And make sure both

ends of a link use the same LAG mode.

Configuring Static LAG

Choose the menu Switching > LAG > Static LAG to load the following page.

Figure 2-3 Static LAG

Follow these steps to configure the static LAG:

1) In the LAG Config section, select an LAG for configuration.

Group Number Select an LAG for static LAG configuration.

Description Displays the LAG mode.

2) In the Member Port section, select the member ports for the LAG. It is multi-optional.

3) Click Apply.

Note:

Clearing all member ports will delete the LAG.

Configuring LAG LAG Configuration

Configuration Guide 115

Configuring LACP

Choose the menu Switching > LAG > LACP to load the following page.

Figure 2-4 LACP Config

Follow these steps to configure LACP:

1) Specify the system priority for the switch and click Apply.

System Priority Specify the system priority for the switch. A smaller value means a higher priority.

To keep active ports consistent at both ends, you can set the priority of one

device to be higher than that of the other device. The device with higher priority

will determine its active ports, and the other device can select its active ports

according to the selection result of the device with higher priority. If the two ends

have the same system priority value, the end with a smaller MAC address has the

higher priority.

2) Select member ports for the LAG and configure the related parameters. Click Apply.

Admin Key Specify the Admin Key which you can regard as the group number of the LAG.

Note that the group number of other static LAGs cannot be set as an Admin Key.

The valid value of the Admin Key is determined by the maximum number of LAG

supported by your switch. For example, if your switch supports up to 14 LAGs,

the valid value is from 1 to 14.

Configuration Guide 116

Configuring LAG LAG Configuration

Port Priority

(0-65535)

Specify the Port Priority. A smaller value means a higher port priority.

The port with higher priority in an LAG will be selected as the active port to

forward data. If two ports have the same priority value, the port with a smaller

port number has the higher priority.

Mode Select the LACP mode for the port.

In LACP, the switch uses LACPDU (Link Aggregation Control Protocol Data Unit)

to negotiate the parameters with the peer end. In this way, the two ends select

active ports and form the aggregation link. The LACP mode determines whether

the port will take the initiative to send the LACPDU. There are two modes:

Passive: The port will not send LACPDU before receiving the LACPDU from the

peer end.

Active: The port will take the initiative to send LACPDU.

Status Enable the LACP function of the port. By default, it is disabled.

2.2 Using the CLI

2.2.1 Configuring Load-balancing Algorithm

Follow these steps to configure the load-balancing algorithm:

Step 1 configure

Enter global configuration mode.

Step 2 port-channel load-balance { src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip }

Select the Hash Algorithm. The switch will choose the ports to transfer the packets based

on the Hash Algorithm. In this way, different data flows are forwarded on different physical

links to implement load balancing.

src-mac: The computation is based on the source MAC addresses of the packets.

dst-mac: The computation is based on the destination MAC addresses of the packets.

src-dst-mac: The computation is based on the source and destination MAC addresses of

the packets.

src-ip: The computation is based on the source IP addresses of the packets.

dst-ip: The computation is based on the destination IP addresses of the packets.

src-dst-ip: The computation is based on the source and destination IP addresses of the

packets.

Step 3 show etherchannel load-balance

Verify the configuration of load-balancing algorithm.

Configuring LAG LAG Configuration

Configuration Guide 117

Step 4 end

Return to privileged EXEC mode.

Step 5 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set the global load-balancing mode as src-dst-mac:

Switch#configure

Switch(config)#port-channel load-balance src-dst-mac

Switch(config)#show etherchannel load-balance

EtherChannel Load-Balancing Configuration: src-dst-mac

EtherChannel Load-Balancing Addresses Used Per-Protocol:

Non-IP: Source XOR Destination MAC address

IPv4: Source XOR Destination MAC address

IPv6: Source XOR Destination MAC address

Switch(config)#end

Switch#copy running-config startup-config

2.2.2 Configuring Static LAG or LACP

You can choose only one LAG mode for a port: Static LAG or LACP. And make sure both

ends of a link use the same LAG mode.

Configuring Static LAG

Follow these steps to configure static LAG:

Step 1 configure

Enter global configuration mode.

Step 2 interface {

fastEthernet

port

| range fastEthernet

port-list

| gigabitEthernet

port

| range

gigabitEthernet

port-list

}

Enter interface configuration mode.

Step 3 channel-group

num

mode { on | active | passive }

Add the port to a static LAG.

num

: The group number of the LAG.

mode:LAG mode. Select on to add the port to a static LAG. Active and passive are two

LACP modes.

Configuration Guide 118

Configuring LAG LAG Configuration

Step 4 show ether-channel

num

summary

Verify the configuration of the static LAG.

num

: The group number of the LAG.

Step 5 end

Return to privileged EXEC mode.

Step 6 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to add ports1/0/5-8 to LAG 2 and set the mode as static

LAG:

Switch#configure

Switch(config)#interface range gigabitEthernet 1/0/5-8

Switch(config-if-range)#channel-group 2 mode on

Switch(config-if-range)#show etherchannel 2 summary

Flags: D - down P - bundled in port-channel U - in use

I - stand-alone H - hot-standby(LACP only) s - suspended

R - layer3 S - layer2 f - failed to allocate aggregator

u - unsuitable for bundling w - waiting to be aggregated d - default port

Group Port-channel Protocol Ports

----- --------- ------- -------------------------------

2 Po2(S) - Gi1/0/5(D) Gi1/0/6(D) Gi1/0/7(D) Gi1/0/8(D)

Switch(config-if-range)#end

Switch#copy running-config startup-config

Configuring LACP

Follow these steps to configure LACP:

Step 1 configure

Enter global configuration mode.

Configuring LAG LAG Configuration

Configuration Guide 119

Step 2 lacp system-priority

pri

Specify the system priority for the switch.

To keep active ports consistent at both ends, you can set the priority of one device to be

higher than that of the other device. The device with higher priority will determine its active

ports, and the other device can select its active ports according to the selection result of

the device with higher priority. If the two ends have the same system priority value, the end

with a smaller MAC address has the higher priority.

pri: System priority. The valid values are from 0 to 65535, and the default value is 32768. A

smaller value means a higher device priority.

Step 3 interface {fastEthernet

port

ange fastEthernet

port-list

gigabitEthernet

port

| range

gigabitEthernet

port-list

}

Enter interface configuration mode.

Step 4 channel-group

num

mode { on | active | passive }

Add the port to an LAG and set the mode as LACP.

num

: The group number of the LAG.

mode: LAG mode. Here you need to select LACP mode: active or passive.

In LACP, the switch uses LACPDU (Link Aggregation Control Protocol Data Unit) to

negotiate the parameters with the peer end. In this way, the two ends select active ports

and form the aggregation link. The LACP mode determines whether the port will take the

initiative to send the LACPDU.

on: Enable LACP function on the port.

passive: The port will not send LACPDU before receiving the LACPDU from the peer end.

active: The port will take the initiative to send LACPDU.

Step 5 lacp port-priority

pri

Specify the Port Priority. The port with higher priority in an LAG will be selected as the active

port. If two ports have the same priority value, the port with a smaller port number has the

higher priority.

pri: Port priority. The valid values are from 0 to 65535, and the default value is 32768. A

smaller value means a higher port priority.

Step 6 show lacp sys-id

Verify the global system priority.

Step 7 show lacp internal

Verify the LACP configuration of the local switch.

Step 8 end

Return to privileged EXEC mode.

Step 9 copy running-config startup-config

Save the settings in the configuration file.

Configuration Guide 120

Configuring LAG LAG Configuration

The following example shows how to specify the system priority of the switch as 2:

Switch#configure

Switch(config)#lacp system-priority 2

Switch(config)#show lacp sys-id

2, 000a.eb13.2397

Switch(config)#end

Switch#copy running-config startup-config

The following example shows how to add ports 1/0/1-4 to LAG 6, set the mode as LACP,

and select the LACPDU sending mode as active:

Switch#configure

Switch(config)#interface range gigabitEthernet 1/0/1-4

Switch(config-if-range)#channel-group 6 mode active

Switch(config-if-range)#show lacp internal

Flags: S - Device is requesting Slow LACPDUs

F - Device is requesting Fast LACPDUs

A - Device is in active mode

P - Device is in passive mode

Channel group 6

Port Flags State LACP Port Priority Admin Key Oper Key Port Number Port State

Gi1/0/1 SA Up 32768 0x6 0x4b1 0x1 0x7d

Gi1/0/2 SA Down 32768 0x6 0 0x2 0x45

Gi1/0/3 SA Down 32768 0x6 0 0x3 0x45

Gi1/0/4 SA Down 32768 0x6 0 0x4 0x45

Switch(config-if-range)#end

Switch#copy running-config startup-config

Configuring LAG Configuration Example

Configuration Guide 121

3 Configuration Example

3.1 Network Requirements

As shown below, users and servers are connected to Switch A and Switch B, and heavy

traffic is transmitted between the two switches. To achieve high speed and reliability

of data transmission, users need to improve the bandwidth and redundancy of the link

between the two switches.

3.2 Configuration Scheme

LAG function can bundle multiple physical ports into one logical interface to increase

bandwidth and improve reliability. In this case, we take LACP as an example.

As shown below, you can bundle up to eight physical ports into one logical aggregation

group to transmit data on the two switches, and respectively connect the ports of the

groups. In addition, another two redundant links can be set as the backup. To avoid traffic

bottleneck between the servers and Switch B, you also need to configure LAG on them to

increase link bandwidth. Here we mainly introduce the LAG configuration between the two

switches.

Figure 3-1 Network Topology

Switch A Switch B

Hosts

Gi1/0/1 Gi1/0/1

Gi1/0/10

Servers

The overview of the configuration is as follows:

1) Considering there are multiple devices on each end, configure the load-balancing

algorithm as ‘SRC MAC+DST MAC’.

2) Specify the system priority for the switches. Here we choose Switch A as the dominate

device and specify a higher system priority for it.

3) Add ports 1/0/1-10 to the LAG and set the mode as LACP.

4) Specify a high port priority for ports 1/0/1-8 to set them as the active ports, and a low

port priority for ports 1/0/9-10 to set them as the backup ports. When any of the active

ports is down, the backup ports will be enabled to transmit data.

Demonstrated with T2600G-52TS, the following sections provide configuration procedure

in two ways: using the GUI and using the CLI.

Configuration Guide 122

Configuring LAG Configuration Example

3.3 Using the GUI

The configurations of Switch A and Switch B are similar. The following introductions take

Switch A as an example.

1) Choose the menu Switching > LAG > LAG Table to load the following page. Select the

hash algorithm as ‘SRC MAC+DST MAC’.

Figure 3-2 Global Configuration

2) Choose the menu Switching > LAG > LACP Config to load the following page. In the

Global Config section, specify the system priority of Switch A as 0 and Click Apply.

Remember to ensure that the system priority value of Switch B is bigger than 0.

Figure 3-3 System Priority Configuration

3) In the LACP Config section, select ports 1/0/1-10, and respectively set the admin key,

port priority, mode and status for each port as follows. Click Apply.

Figure 3-4 LACP Configuration

4) Click Save Config to save the settings.

Configuring LAG Configuration Example

Configuration Guide 123

3.4 Using the CLI

The configurations of Switch A and Switch B are similar. The following introductions take

Switch A as an example.

1) Configure the load-balancing algorithm as “src-dst-mac”.

Switch#configure

Switch(config)#port-channel load-balance src-dst-mac

2) Specify the system priority of Switch A as 0. Remember to ensure that the system

priority value of Switch B is bigger than 0.

Switch(config)#lacp system-priority 0

3) Add ports 1/0/1-8 to LAG 1 and set the mode as LACP. Then specify the port priority as

0 to make them active.

Switch(config)#interface range gigabitEthernet 1/0/1-8

Switch(config-if-range)#channel-group 1 mode active

Switch(config-if-range)#lacp port-priority 0

Switch(config-if-range)#exit

4) Add port 1/0/9 to LAG 1 and set the mode as LACP. Then specify the port priority

as 1 to set it as a backup port. When any of the active ports is down, this port will be

preferentially selected to work as an active port.

Switch(config)#interface gigabitEthernet 1/0/9

Switch(config-if)#channel-group 1 mode active

Switch(config-if)#lacp port-priority 1

Switch(config-if)#exit

5) Add port 1/0/10 to LAG 1 and set the mode as LACP. Then specify the port priority as 2

to set it as a backup port. The priority of this port is lower than port 1/0/9.

Switch(config)#interface gigabitEthernet 1/0/10

Switch(config-if)#channel-group 1 mode active

Switch(config-if)#lacp port-priority 2

Switch(config-if)#end

Switch#copy running-config startup-config

Verify the Configuration

Verify the system priority:

Switch#show lacp sys-id

Configuration Guide 124

Configuring LAG Configuration Example

0, 000a.eb13.2397

Verify the LACP configuration:

Switch#show lacp internal

Flags: S - Device is requesting Slow LACPDUs

F - Device is requesting Fast LACPDUs

A - Device is in active mode

P - Device is in passive mode

Channel group 1

Port Flags State LACP Port Priority Admin Key Oper Key Port Number Port State

Gi1/0/1 SA Down 0 0x1 0 0x1 0x45

Gi1/0/2 SA Down 0 0x1 0 0x2 0x45

Gi1/0/3 SA Down 0 0x1 0 0x3 0x45

Gi1/0/4 SA Down 0 0x1 0 0x4 0x45

Gi1/0/5 SA Down 0 0x1 0 0x5 0x45

Gi1/0/6 SA Down 0 0x1 0 0x6 0x45

Gi1/0/7 SA Down 0 0x1 0 0x7 0x45

Gi1/0/8 SA Down 0 0x1 0 0x8 0x45

Gi1/0/9 SA Down 1 0x1 0 0x9 0x45

Gi1/0/10 SA Down 2 0x1 0 0xa 0x45

Configuring LAG Appendix: Default Parameters

Configuration Guide 125

4 Appendix: Default Parameters

Default settings of Switching are listed in the following tables.

Table 4-1 Default Settings of LAG

Parameter Default Setting

LAG Table

Hash Algorithm SRC MAC+DST MAC

LACP Config

System Priority 32768

Admin Key 0

Port Priority 32768

Mode Passive

Status Disable

Part 5

Monitoring Traffic

CHAPTERS

1. Traffic Monitor

2. Appendix: Default Parameters

Monitoring Traffic Traffic Monitor

Configuration Guide 127

1 Traffic Monitor

With Traffic Monitor function, you can monitor the traffic on the switch, including:

Traffic Summary

Traffic Statistics in Detail

1.1 Using the GUI

1.1.1 Viewing the Traffic Summary

Choose the menu Switching > Traffic Monitor > Traffic Summary to load the following

page.

Figure 1-1 Traffic Summary

Follow these steps to view the traffic summary of each port:

1) To get the real-time traffic summary, enable auto refresh in the Auto Refresh section,

or click Refresh at the bottom of the page.

Auto Refresh: With this potion enabled, the switch refreshes the web timely.

Refresh Rate: Specify the refresh interval in seconds.

2) In the Traffic Summary section, click 1 to show the information of the physical ports,

and click LAGS to show the information of the LAGs.

Configuration Guide 128

Monitoring Traffic Traffic Monitor

Packets Rx: Displays the number of packets received on the port. Error packets are not

counted in.

Packets Tx: Displays the number of packets transmitted on the port. Error packets are not

counted in.

Octets Rx: Displays the number of octets received on the port. Error octets are counted in.

Octets Tx: Displays the number of octets transmitted on the port. Error octets are counted

in.

Statistics: Click this button to view the detailed traffic statistics of the port.

1.1.2 Viewing the Traffic Statistics in Detail

Choose the menu Switching > Traffic Monitor > Traffic Statistics to load the following

page.

Figure 1-2 Traffic Statistics

Follow these steps to view the traffic statistics in detail:

1) To get the real-time traffic statistics, enable auto refresh in the Auto Refresh section,

or click Refresh at the bottom of the page.

Auto Refresh: With this option enabled, the switch refreshes the web timely.

Monitoring Traffic Traffic Monitor

Configuration Guide 129

Refresh Rate: Specify the refresh interval in seconds.

2) In Port Select, select a port or LAG, and click Select.

3) In the Statistics section, view the detailed information of the selected port or LAG.

Received: Displays the detailed information of received packets.

Broadcast: Displays the number of valid broadcast packets received on the port.

Error frames are not counted in.

Multicast: Displays the number of valid multicast packets received on the port.

Error frames are not counted in.

Unicast: Displays the number of valid unicast packets received on the port. Error

frames are not counted in.

Jumbo: Displays the number of valid jumbo packets received on the port. Error

frames are not counted in.

Alignment Errors: Displays the number of the received packets that have a Frame

Check Sequence (FCS) with a non-integral octet (Alignment Error). The size of the

packet is between 64 bytes and 1518 bytes.

UndersizePkts: Displays the number of the received packets (excluding error

packets) that are less than 64 bytes long.

Pkts64Octets: Displays the number of the received packets (including error

packets) that are 64 bytes long.

Pkts65to127Octets: Displays the number of the received packets (including error

packets) that are between 65 and 127 bytes long.

Pkts128to255Octets: Displays the number of the received packets (including

error packets) that are between 128 and 255 bytes long.

Pkts256to511Octets: Displays the number of the received packets (including

error packets) that are between 256 and 511 bytes long.

Pkts512to1023Octets: Displays the number of the received packets (including

error packets) that are between 512 and 1023 bytes long.

PktsOver1023Octets: Displays the number of the received packets (including

error packets) that are over 1023 bytes.

Sent: Displays the detailed information of sent packets.

Broadcast: Displays the number of valid broadcast packets transmitted on the

port. Error frames are not counted in.

Multicast: Displays the number of valid multicast packets transmitted on the port.

Error frames are not counted in.

Unicast: Displays the number of valid unicast packets transmitted on the port.

Error frames are not counted in.

Jumbo: Displays the number of valid jumbo packets transmitted on the port.

Error frames are not counted in.

Collisions: Displays the number of collisions experienced by a half-duplex port

during packet transmissions.

Configuration Guide 130

Monitoring Traffic Traffic Monitor

1.2 Using the CLI

On privileged EXEC mode or any other configuration mode, you can use the following

command to view the traffic information of each port or LAG:

show interface counters [ fastEthernet

port

| gigabitEthernet

port

| ten-gigabitEthernet

port

| port-

channel

port-channel-id

]

port

: The port number.

port-channel-id :

The group number of the LAG.

If you enter no port number or group number, the information of all ports and LAGs will be displayed.

The displaying information includes:

Broadcast: Displays the number of valid broadcast packets received and transmitted on the port. Error

frames are not counted in.

Multicast: Displays the number of valid multicast packets received and transmitted on the port. Error

frames are not counted in.

Unicast: Displays the number of valid unicast packets received and transmitted on the port. Error frames

are not counted in.

Jumbo: Displays the number of valid jumbo packets received and transmitted on the port. Error frames are

not counted in.

Alignment Errors: Displays the number of the received packets that have a Frame Check Sequence (FCS)

with a non-integral octet (Alignment Error). The size of the packet is between 64 bytes and 1518 bytes.

UndersizePkts: Displays the number of the received packets (excluding error packets) that are less than 64

bytes long.

Pkts64Octets: Displays the number of the received packets (including error packets) that are 64 bytes

long.

Pkts65to127Octets: Displays the number of the received packets (including error packets) that are

between 65 and 127 bytes long.

Pkts128to255Octets: Displays the number of the received packets (including error packets) that are

between 128 and 255 bytes long.

Pkts256to511Octets: Displays the number of the received packets (including error packets) that are

between 256 and 511 bytes long.

Pkts512to1023Octets: Displays the number of the received packets (including error packets) that are

between 512 and 1023 bytes long.

PktsOver1023Octets: Displays the number of the received packets (including error packets) that are over

1023 bytes.

Collisions: Displays the number of collisions experienced by a port during packet transmissions.

Monitoring Traffic Appendix: Default Parameters

Configuration Guide 131

2 Appendix: Default Parameters

Table 2-1 Traffic Statistics Monitoring

Parameter Default Setting

Traffic Summary

Auto Refresh Disable

Refresh Rate 10 seconds

Traffic Statistics

Auto Refresh Disable

Refresh Rate 10 seconds

Part 6

Managing MAC

Address Table

CHAPTERS

1. MAC Address Table

2. Address Configurations

3. Security Configurations

4. Example for Security Configurations

5. Appendix: Default Parameters

Managing MAC Address Table MAC Address Table

Configuration Guide 133

1 MAC Address Table

1.1 Overview

The MAC address table contains address information that the switch uses to forward

traffic between ports. As shown below, the table lists map entries of MAC addresses, VLAN

IDs and ports. These entries can be manually input or automatically learned by the switch.

Based on the MAC-address-to-port mapping in the table, the switch forwards the packet

only to the associated port.

Table 1-1 The MAC Address Table

MAC Address VLAN ID Port Type Aging Status

00:00:00:00:00:01 1 1 Dynamic Aging

00:00:00:00:00:02 1 2 Config static no-Aging

……

1.2 Supported Features

The address table of the switch contains dynamic addresses, static addresses and filtering

addresses. You can add or remove these entries to your needs. Furthermore, you can

configure notification traps and limit the number of MAC addresses in a VLAN for traffic

safety.

Address Configurations

Dynamic address

Dynamic addresses are source addresses learned by the switch automatically. Then the

switch regularly ages out those that are not in use. That is, the switch removes the MAC

address entries related to a network device if no packet is received from the device within

the aging time. And you can configure the aging time when needed.

Static address

Static addresses are configured manually and do not age. For some relatively fixed

connection, for example, frequently visited server, you can manually set the MAC address

of the server as a static entry to enhance the forwarding efficiency of the switch.

Filtering address

Filtering addresses are manually added to configure the switch to automatically drop the

packets with specific source or destination MAC addresses.

Configuration Guide 134

Managing MAC Address Table MAC Address Table

Security Configurations

Configuring MAC Notification Traps

You can configure traps and SNMP (Simple Network Management Protocol) to monitor and

receive notifications of the usage of the MAC address table and the MAC address change

activity. For example, you can configure the switch to send you notifications when new

users access the network.

Limiting the Number of MAC Addresses in VLANs

You can configure VLAN Security to limit the number of MAC addresses that can be

learned in specified VLANs. The switch will not learn addresses when the number of

learned addresses has reached the limit, preventing the address table from being used up

by broadcast packets of MAC address attacks.

Managing MAC Address Table Address Configurations

Configuration Guide 135

2 Address Configurations

With MAC address table, you can:

Add static MAC address entries

Change the address aging time

Add filtering address entries

View address table entries

2.1 Using the GUI

2.1.1 Adding Static MAC Address Entries

You can add static MAC address entries by manually specifying the desired MAC address

or binding dynamic MAC address entries.

Adding MAC Addresses Manually

Choose the menu Switching > MAC Address > Static Address to load the following page.

Figure 2-1 Adding MAC Addresses Manually

Follow these steps to add a static MAC address entry:

1) Enter the MAC address, VLAN ID and select a port to bind them together.

Configuration Guide 136

Managing MAC Address Table Address Configurations

VLAN ID Specify an existing VLAN in which packets with the specific MAC address are

received.

Port Specify a port to which packets with the specific MAC address are forwarded. The

port must belong to the specified VLAN.

After you have added the static MAC address, if the corresponding port number

of the MAC address is not correct, or the connected port (or the device) has been

changed, the switch cannot forward the packets correctly. Please reset the static

address entry appropriately.

2) Click Create.

Binding Dynamic Address Entries

Choose the menu Switching > MAC Address > Dynamic Address to load the following

page.

Figure 2-2 Binding Dynamic MAC Address Entries

Follow these steps to bind dynamic MAC address entries:

1) Select your desired MAC address entries. You can select the entries from the Dynamic

Address Table, or quickly search them out by MAC address/ VLAN ID/ port in the

Search Option section.

2) Click Bind, and then the selected entries will not age.

Note:

• In the same VLAN, once an address is configured as a static address, it cannot be set as a filter-

ing address, and vice versa.

• Multicast or broadcast addresses cannot be set as static addresses.

• Ports in LAGs (Link Aggregation Group) are not supported for static address configuration.

Managing MAC Address Table Address Configurations

Configuration Guide 137

2.1.2 Modifying the Aging Time of Dynamic Address Entries

Choose the menu Switching > MAC Address > Dynamic Address to load the following

page.

Figure 2-3 Modifying the Aging Time of Dynamic Address Entries

Follow these steps to modify the aging time of dynamic address entries:

1) In the Aging Config section, enable Auto Aging, and enter your desired length of time.

Auto Aging Enable Auto Aging, then the switch automatically updates the dynamic address

table with the aging mechanism. By default, it is enabled.

Aging Time Set the length of time that a dynamic entry remains in the MAC address table after

the entry is used or updated. The valid values are from 10 to 630 seconds, and the

default value is 300.

A short aging time is applicable to networks where network topology changes

frequently, and a long aging time is applicable to stable networks. We recommend

that you keep the default value if you are unsure about settings in your case.

2) Click Apply.

Configuration Guide 138

Managing MAC Address Table Address Configurations

2.1.3 Adding MAC Filtering Address Entries

Choose the menu Switching > MAC Address > Filtering Address to load the following

page.

Figure 2-4 Adding MAC Filtering Address Entries

Follow these steps to add MAC filtering address entries:

1) In the Create Filtering Address section, enter the MAC Address and VLAN ID.

MAC Address Specify a MAC address to configure the switch to drop packets which include this

MAC address as the source address or destination address.

VLAN ID Specify an existing VLAN in which packets with the specific MAC address are

dropped.

2) Click Create.

Note:

• In the same VLAN, once an address is configured as a filtering address, it cannot be set as a

static address, and vice versa.

• Multicast or broadcast addresses cannot be set as filtering addresses .

2.1.4 Viewing Address Table Entries

You can view entries in MAC address table to check your former operations and address

information.

Managing MAC Address Table Address Configurations

Configuration Guide 139

Choose the menu Switching > MAC Address > Address Table to load the following page.

Figure 2-5 Viewing Address Table Entries

2.2 Using the CLI

2.2.1 Adding Static MAC Address Entries

Follow these steps to add static MAC address entries:

Step 1 configure

Enter global configuration mode.

Step 2 mac address-table static

mac-addr

vid

interface gigabitEthernet

port

Bind the MAC address, VLAN and port together to add a static address to the VLAN.

mac-addr

: Enter the MAC address and packets with this destination address received in the

specified VLAN are forwarded to the specified port. The format is xx:xx:xx:xx:xx:xx, for example,

00:00:00:00:00:01.

vid

: Specify an existing VLAN in which packets with the specific MAC address are received.

port:

Specify a port to which packets with the specific MAC address are forwarded. The port

must belong to the specified VLAN.

Configuration Guide 140

Managing MAC Address Table Address Configurations

Step 3 end

Return to privileged EXEC mode.

Step 4 copy running-config startup-config

Save the settings in the configuration file.

Note:

• In the same VLAN, once an address is configured as a static address, it cannot be set as a filter-

ing address, and vice versa.

• Multicast or broadcast addresses cannot be set as static addresses.

• Ports in LAGs (Link Aggregation Group) are not supported for static address configuration.

The following example shows how to add a static MAC address entry with MAC address

00:02:58:4f:6c:23, VLAN 10 and port 1. When a packet is received in VLAN 10 with this

address as its destination, the packet will be forwarded only to port 1.

Switch#configure

Switch(config)# mac address-table static 00:02:58:4f:6c:23 vid 10 interface

gigabitEthernet

1/0/1

Switch(config)#show mac address-table static

MAC Address Table

----------------------------------------------------------------------------

MAC VLAN Port Type Aging

----------------- ------ -------- ----------- ---------

00:02:58:4f:6c:23 10 Gi1/0/1 config static no-aging

Total MAC Addresses for this criterion: 1

Switch(config)#end

Switch#copy running-config startup-config

2.2.2 Modifying the Aging Time of Dynamic Address Entries

Follow these steps to modify the aging time of dynamic address entries:

Step 1 configure

Enter global configuration mode.

Managing MAC Address Table Address Configurations

Configuration Guide 141

Step 2 mac address-table aging-time

aging-time

Set your desired length of address aging time for dynamic address entries.

aging-time:

Set the length of time that a dynamic entry remains in the MAC address table after

the entry is used or updated. The valid values are from10 to 630. When 0 is entered, the Auto

Aging function is disabled. The default value is 300 and we recommend you keep the default

value if you are unsure about settings in your case.

Step 3 end

Return to privileged EXEC mode.

Step 4 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to modify the aging time to 500 seconds. A dynamic

entry remains in the MAC address table for 500 seconds after the entry is used or updated.

Switch#configure

Switch(config)# mac address-table aging-time 500

Switch(config)#show mac address-table aging-time

Aging time is 500 sec.

Switch(config)#end

Switch#copy running-config startup-config

2.2.3 Adding MAC Filtering Address Entries

Follow these steps to add MAC filtering address entries:

Step 1 configure

Enter global configuration mode.

Step 2 mac address-table filtering

mac-addr

vid

Add the filtering address to the VLAN.

mac-addr:

Specify a MAC address to configure the switch to drop packets which include this

MAC address as the source address or destination address. The format is xx:xx:xx:xx:xx:xx, for

example, 00:00:00:00:00:01.

vid:

Specify an existing VLAN in which packets with the specific MAC address are dropped.

Step 3 end

Return to privileged EXEC mode.

Configuration Guide 142

Managing MAC Address Table Address Configurations

Step 4 copy running-config startup-config

Save the settings in the configuration file.

Note:

• In the same VLAN, once an address is configured as a filtering address, it cannot be set as a

static address, and vice versa.

• Multicast or broadcast addresses cannot be set as filtering addresses .

The following example shows how to add the MAC filtering address 00:1e:4b:04:01:5d to

VLAN 10. Then the switch will drop the packet that is received in VLAN 10 with this address

as its source or destination.

Switch#configure

Switch(config)# mac address-table filtering 00:1e:4b:04:01:5d vid 10

Switch(config)#show mac address-table filtering

MAC Address Table

---------------------------------------------------------------------

MAC VLAN Port Type Aging

--- ------ ---- ---- -----

00:1e:4b:04:01:5d 10 filter no-aging

Total MAC Addresses for this criterion: 1

Switch(config)#end

Switch#copy running-config startup-config

Managing MAC Address Table Security Configurations

Configuration Guide 143

3 Security Configurations

With security configurations of the MAC address table, you can:

Configure MAC notification traps

Limit the number of MAC addresses in VLANs

3.1 Using the GUI

3.1.1 Configuring MAC Notification Traps

Choose the menu Switching > MAC Address > MAC Notification to load the following

page.

Figure 3-1 Configuring MAC Notification Traps

Configuration Guide 144

Managing MAC Address Table Security Configurations

Follow these steps to configure MAC notification traps:

1) In the MAC Notification Global Config section, enable this feature, configure the

relevant options, and click Apply.

Global Status Enable MAC notification feature globally.

Table Full

Notification

Enable Table Full Notification, and when address table is full, a notification will be

generated and sent to the management host .

Notification

Interval

Specify a time value in seconds between 1 to 1000 to bundle the notifications and

reduce traffic. Notification Interval is the interval time between each set of New

MAC Learned notifications that are generated. By default, it is 1 second.

2) In the MAC Notification Port Config section, select your desired port and enable its

notification traps. You can enable these three types: Learned Mode Change, Exceed

Max Learned and New MAC Learned. Click Apply.

Learned Mode

Change

Enable Learned Mode Change, and when the learned mode of the specified port

is changed, a notification will be generated and sent to the management host.

Exceed Max

Learned

Enable Exceed Max Learned, and when the maximum number of learned MAC

addresses on the specified port is exceeded, a notification will be generated and

sent to the management host.

For Exceed-max-learned notification, you need to enable Port Security and set

the maximum number of learned MAC addresses on the specified port. For more

information about Port Security, please refer to Physical Interface.

New MAC

Learned

Enable New MAC Learned, and when the specified port learns a new MAC

address, a notification will be generated and sent to the management host.

3) Configure SNMP and set a management host. For detailed SNMP configurations, please

refer to Configuring SNMP & RMON

Managing MAC Address Table Security Configurations

Configuration Guide 145

3.1.2 Limiting the Number of MAC Addresses in VLANs

Choose the menu Switching > MAC Address > MAC VLAN Security to load the following

page.

Figure 3-2 Limiting the Number of MAC Addresses in VLANs

Follow these steps to limit the number of MAC addresses in VLANs:

1) Enter the VLAN ID to limit the number of MAC addresses that can be learned in the

specified VLAN.

VLAN ID Specify an existing VLAN in which you want to limit the number of MAC addresses.

2) Enter your desired value in Max Learned MAC to set a threshold.

Max Learned

MAC

Set the maximum number of MAC addresses in the specific VLAN. It ranges from

0 to 16383.

You can control the available address table space by setting maximum learned

MAC number for VLANs. However, an improper maximum number can cause

unnecessary floods in the network or a waste of address table space. Therefore,

before you set the number limit, please be sure you are familiar with the network

topology and the switch system configuration.

3) Choose the mode that the switch adopts when the maximum number of MAC addresses

in the specified VLAN is exceeded.

Drop Packets of new source MAC addresses in the VLAN will be dropped when the

maximum number of MAC addresses in the specified VLAN is exceeded.

Forward Packets of new source MAC addresses will be forwarded but the addresses will

not be learned when the maximum number of MAC addresses in the specified

VLAN is exceeded.

Disable The number limit on the VLAN is not valid, and the switch follows the original

forwarding rules.

4) Click Create.

Configuration Guide 146

Managing MAC Address Table Security Configurations

3.2 Using the CLI

3.2.1 Configuring MAC Notification Traps

Follow these steps to configure MAC notification traps:

Step 1 configure

Enter global configuration mode.

Step 2 mac address-table notification global-status {enable | disable}

Enable MAC Notification globally.

enable | disable: Enable or disable MAC Notification globally.

Step 3 mac address-table notification table-full-status

[enable | disable]

(Optional) Enable Table Full Notification.

enable | disable: With Table Full Notification enabled, when address table is full, a notification

will be generated and sent to the management host.

Step 4 mac address-table notification interval

time

Set your desired interval time between each set of New MAC Learned notifications that are

generated.

time:

Specify a time value in seconds between 1to 1000 to bundle the notifications and reduce

traffic. By default, it is 1 second.

Step 5 interface {[ gigabitEthernet

port

] | [ range gigabitEthernet

port-list

]}

Configure notification traps on the specified port.

port/ port-list:

The number or the list of the Ethernet port that you want to configure notification

traps.

Step 6 mac address-table notification {[learn-mode-change

enable | disable] [exceed-max-learned

enable | disable] [new-mac-learned enable | disable]}

Enable learn-mode-change, exceed-max-learned, or new-MAC-learned notification traps on

the specified port.

enable | disable:Enable or disable learn-mode-change, exceed-max-learned, or new-MAC-

learned notification traps on the specified port.

learn-mode-change: With learn-mode-change enabled, when the learned mode of the

specified port is changed, a notification will be generated and sent to the management host.

exceed-max-learned: With exceed-max-learned enabled, when the maximum number of MAC

addresses on the specified port is exceeded, a notification will be generated and sent to the

management host.

For Exceed Max Learned notification, you need to enable Port Security and set the maximum

number of MAC addresses on the specified port. For more information about Port Security,

please refer to Physical Interface.

new-mac-learned: With new-mac-learned enabled, when the specified port learns a new MAC

address, a notification will be generated and sent to the management host.

Step 7 end

Return to privileged EXEC mode.

Step 8 copy running-config startup-config

Save the settings in the configuration file.

Managing MAC Address Table Security Configurations

Configuration Guide 147

Now you have configured MAC notification traps. To receive notifications, you need to

further enable SNMP and set a management host. For detailed SNMP configurations,

please refer to

Configuring SNMP & RMON.

The following example shows how to enable new-MAC-learned trap on port 1, and set the

interval time as 10 seconds. After you have further configured SNMP, the switch will bundle

notifications of new addresses in every 10 seconds and send to the management host.

Switch#configure

Switch(config)#mac address-table notification global-status enable

Switch(config)#mac address-table notification interval 10

Switch(config)#interface gigabitEthernet 1/0/1

Switch(config-if)#mac address-table notification new-mac-learned enable

Switch(config-if)#show mac address-table notification interface gigabitEthernet 1/0/1

Mac Notification Global Config

Notification Global Status : enable

Table Full Notification Status: disable

Notification Interval : 10

Port LrnMode Change Exceed Max Limit New Mac Learned

---- -------------- ---------------- ----------------

Gi1/0/1 disable disable enable

Switch(config-if)#end

Switch#copy running-config startup-config

3.2.2 Limiting the Number of MAC Addresses in VLANs

Follow these steps to limit the number of MAC addresses in VLANs:

Step 1 configure

Enter global configuration mode.

Configuration Guide 148

Managing MAC Address Table Security Configurations

Step 2 mac address-table security vid

vid

max-learn

num

{drop | forward | disable}

Configure the maximum number of MAC addresses in the specified VLAN and select a mode

for the switch to adopt when the maximum number is exceeded.

vid

: Specify an existing VLAN in which you want to limit the number of MAC addresses.

num

: Set the maximum number of MAC addresses in the specific VLAN. It ranges from 0 to

16383.

drop | forward | disable: The mode that the switch adopts when the maximum number of MAC

addresses in the specified VLAN is exceeded.

drop: Packets of new source MAC addresses in the VLAN will be dropped when the maximum

number of MAC addresses in the specified VLAN is exceeded.

forward: Packets of new source MAC addresses will be forwarded but the addresses not

learned when the maximum number of MAC addresses in the specified VLAN is exceeded.

disable: The number limit on the VLAN is not valid, and the switch follows the original forwarding

rules.

Step 3 end

Return to privileged EXEC mode.

Step 4 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to limit the number of MAC addresses to 100 in VLAN

10, and configure the switch to drop packets of new source MAC addresses when the limit

is exceeded.

Switch#configure

Switch(config)#mac address-table security vid 10 max-learn 100 drop

Switch(config)#show mac address-table security vid 10

VlanId Max-learn Current-learn Status

------ --------- ------------- ------

10 100 0 Drop

Switch(config)#end

Switch#copy running-config startup-config

Managing MAC Address Table Example for Security Configurations

Configuration Guide 149

4 Example for Security Configurations

4.1 Network Requirements

Several departments are connected to the company network as shown in Figure 4-1. Now

the Marketing Department that is in VLAN 10 has network requirements as follows:

Free the network system from illegal accesses and MAC address attacks by limiting the

number of access users in this department to 100.

Assist the network manager supervising the network with notifications of any new

access users.

Figure 4-1 The Network Topology

Gi1/0/1

Gi1/0/3

Gi1/0/2

R&D Department

VLAN 30

Marketing Department

VLAN 10

Switch

......

Internet

4.2 Configuration Scheme

VLAN Security can be configured to limit the number of access users and in this way to

prevent illegal accesses and MAC address attacks.

MAC Notification and SNMP can be configured to monitor the interface which is used by

the Marketing Department. Enable the new-MAC-learned notification and the SNMP, then

the network manager can get notifications when new users access the network.

Demonstrated with T2600G-52TS, this chapter provides configuration procedures in two

ways: using the GUI and using the CLI.

Configuration Guide 150

Managing MAC Address Table Example for Security Configurations

4.3 Using the GUI

1) Choose the menu Switching > MAC Address > MAC VLAN Security to load the

following page. Set the maximum number of MAC address in VLAN 10 as 100, choose

drop mode and click Create.

Figure 4-2 Configuring VLAN Security

2) Choose the menu Switching > MAC Address > MAC Notification to load the following

page. Enable Global Status, set notification interval as 10 seconds, and click Apply.

Then, enable new-mac-learned trap on port 1/0/2 and click Apply.

Figure 4-3 Configuring New-MAC-learned Traps

Managing MAC Address Table Example for Security Configurations

Configuration Guide 151

3) Click Save Config to save the settings.

4) Enable SNMP and set a management host. For detailed SNMP configurations, please

refer to Configuring SNMP & RMON.

4.4 Using the CLI

1) Set the maximum number of MAC address in VLAN 10 as 100, and choose drop mode.

Switch#configure

Switch(config)#mac address-table security vid 10 max-learn 100 drop

2) Configure the new-MAC-learned trap on port 2 and set notification interval as 10

seconds.

Switch(config)#mac address-table notification global-status enable

Switch(config)#mac address-table notification interval 10

Switch(config)#interface gigabitEthernet 1/0/2

Switch(config-if)#mac address-table notification new-mac-learned enable

Switch(config-if)#end

Switch#copy running-config startup-config

3) Configure SNMP and set a management host. For detailed SNMP configurations, please

refer to Configuring SNMP & RMON.

Verify the Configurations

Verify the configuration of VLAN Security.

Switch#show mac address-table security vid 10

VlanId Max-learn Current-learn Status

------ --------- ------------- ------

10 100 0 Drop

Verify the configuration of MAC Notification on port 1/0/2.

Switch#show mac address-table notification interface gigabitEthernet 1/0/2

Port LrnMode Change Exceed Max Limit New Mac Learned

---- -------------- ---------------- ----------------

Gi1/0/2 disable disable enable

Configuration Guide 152

Managing MAC Address Table Appendix: Default Parameters

5 Appendix: Default Parameters

Default settings of the MAC Address Table are listed in the following tables.

Table 5-1 Entries in the MAC Address Table

Parameter Default Setting

Static Address Entries None

Dynamic Address Entries Auto-learning

Filtering Address Entries None

Table 5-2 Default Settings of Dynamic Address Table

Parameter Default Setting

Auto Aging Enable

Aging Time 300 seconds

Table 5-3 Default Settings of MAC Notification

Parameter Default Setting

Global Status Disable

Table Full Notification Disable

Notification Interval 1 Second

Learned Mode Change

Notification

Disable

Exceed Max Learned

Notification

Disable

New MAC Learned Notification Disable

Table 5-4 Default Settings of MAC VLAN Security

Parameter Default Setting

MAC VLAN Security Disable

Part 7

Configuring DDM

CHAPTERS

1. Overview

2. DDM Configuration

3. Appendix: Default Parameters

Configuration Guide 154

Configuring DDM Overview

Note：

T2600G-28MPS doesn’t support DDM feature.

1 Overview

The DDM (Digital Diagnostic Monitoring) function allows the user to monitor the status of

the SFP modules inserted into the SFP ports on the switch. The user can choose to shut

down the monitored SFP port automatically when the specified parameter exceeds the

alarm threshold or warning threshold. The monitoring parameters include: Temperature,

Voltage, Bias Current, Tx Power and Rx Power.

Configuring DDM DDM Configuration

Configuration Guide 155

2 DDM Configuration

To complete DDM configuration, follow these steps:

1) Enable DDM on the SFP port.

2) Configure the shutdown condition.

3) Configure the specified threshold for warning or alarm.

2.1 Using the GUI

2.1.1 Configuring DDM Globally

Choose the menu Switching > DDM > DDM Config to load the following page.

Figure 2-1 Configure DDM Globally

Follow these steps to configure DDM‘s global parameters:

1) In the Port Config section, configure DDM parameters on the SFP ports.

DDM Status Enable or disable DDM feature on the port.

Shutdown Specify whether to shut down the port when the alarm threshold or warning

threshold is exceeded.

Alarm: Shut down the port when the alarm threshold is exceeded.

Warning: Shut down the port when the warning threshold is exceeded.

None: The port will not be shut down even if the alarm threshold or warning

threshold is exceeded. This is the default option.

LAG Displays the LAG number which the port belongs to.

2) Click Apply.

Configuration Guide 156

Configuring DDM DDM Configuration

2.1.2 Configuring the Temperature Threshold

Choose the menu Switching > DDM > Temperature Threshold to load the following page.

Figure 2-2 Configure Temperature Threshold

Follow these steps to configure DDM‘s temperature threshold:

1) In the Port Config table, configure temperature threshold of the SFP ports.

High Alarm Specify the high threshold for the alarm. When the operating parameter rises

above this value, action associated with the alarm will be taken. The valid values

are from -128 to 127.996.

Low Alarm Specify the low threshold for the alarm. When the operating parameter falls below

this value, action associated with the alarm will be taken. The valid values are from

-128 to 127.996.

High Warning Specify the high threshold for the warning. When the operating parameter rises

above this value, action associated with the warning will be taken. The valid values

are from -128 to 127.996.

Low Warning Specify the low threshold for the warning. When the operating parameter falls

below this value, action associated with the warning will be taken. The valid values

are from -128 to 127.996.

LAG Displays the LAG number which the port belongs to.

2) Click Apply.

2.1.3 Configuring the Voltage Threshold

Choose the menu Switching > DDM > Voltage Threshold to load the following page.

Figure 2-3 Configure Voltage Threshold

Configuring DDM DDM Configuration

Configuration Guide 157

Follow these steps to configure DDM‘s voltage threshold:

1) In the Port Config table, configure voltage threshold on the SFP ports.

High Alarm Specify the high threshold for the alarm. When the operating parameter rises

above this value, action associated with the alarm will be taken. The valid values

are from 0 to 6.5535.

Low Alarm Specify the low threshold for the alarm. When the operating parameter falls below

this value, action associated with the alarm will be taken. The valid values are from

0 to 6.5535.

High Warning Specify the high threshold for the warning. When the operating parameter rises

above this value, action associated with the warning will be taken. The valid values

are from 0 to 6.5535.

Low Warning Specify the low threshold for the warning. When the operating parameter falls

below this value, action associated with the warning will be taken. The valid values

are from 0 to 6.5535.

LAG Displays the LAG number which the port belongs to.

2) Click Apply.

2.1.4 Configuring the Bias Current Threshold

Choose the menu Switching > DDM > Bias Current Threshold to load the following page.

Figure 2-4 Configure Bias Current Threshold

Follow these steps to configure DDM‘s bias current threshold:

1) In the Port Config table, configure bias current threshold on the SFP ports.

High Alarm Specify the high threshold for the alarm. When the operating parameter rises

above this value, action associated with the alarm will be taken. The valid values

are from 0 to 131.

Low Alarm Specify the low threshold for the alarm. When the operating parameter falls below

this value, action associated with the alarm will be taken. The valid values are from

0 to 131.

High Warning Specify the high threshold for the warning. When the operating parameter rises

above this value, action associated with the warning will be taken. The valid values

are from 0 to 131.

Configuration Guide 158

Configuring DDM DDM Configuration

Low Warning Specify the low threshold for the warning. When the operating parameter falls

below this value, action associated with the warning will be taken. The valid values

are from 0 to 131.

LAG Displays the LAG number which the port belongs to.

2) Click Apply.

2.1.5 Configuring the Tx Power Threshold

Choose the menu Switching > DDM > Tx Power Threshold to load the following page.

Figure 2-5 Configure Tx Power Threshold

Follow these steps to configure DDM‘s Tx power threshold:

1) In the Port Config table, configure Tx power threshold on the SFP ports.

High Alarm Specify the high threshold for the alarm. When the operating parameter rises

above this value, action associated with the alarm will be taken. The valid values

are from 0 to 6.5535.

Low Alarm Specify the low threshold for the alarm. When the operating parameter falls below

this value, action associated with the alarm will be taken. The valid values are from

0 to 6.5535.

High Warning Specify the high threshold for the warning. When the operating parameter rises

above this value, action associated with the warning will be taken. The valid values

are from 0 to 6.5535.

Low Warning Specify the low threshold for the warning. When the operating parameter falls

below this value, action associated with the warning will be taken. The valid values

are from 0 to 6.5535.

LAG Displays the LAG number which the port belongs to.

2) Click Apply.

Configuring DDM DDM Configuration

Configuration Guide 159

2.1.6 Configuring the Rx Power Threshold

Choose the menu Switching > DDM > Rx Power Threshold to load the following page.

Figure 2-6 Configure Rx Power Threshold

Follow these steps to configure DDM‘s Rx power threshold:

1) In the Port Config table, configure Rx power threshold on the SFP ports.

High Alarm Specify the high threshold for the alarm. When the operating parameter rises

above this value, action associated with the alarm will be taken. The valid values

are from 0 to 6.5535.

Low Alarm Specify the low threshold for the alarm. When the operating parameter falls below

this value, action associated with the alarm will be taken. The valid values are from

0 to 6.5535.

High Warning Specify the high threshold for the warning. When the operating parameter rises

above this value, action associated with the warning will be taken. The valid values

are from 0 to 6.5535.

Low Warning Specify the low threshold for the warning. When the operating parameter falls

below this value, action associated with the warning will be taken. The valid values

are from 0 to 6.5535.

LAG Displays the LAG number which the port belongs to.

2) Click Apply.

2.1.7 Viewing DDM Status

Choose the menu Switching > DDM > DDM Status to load the following page.

Figure 2-7 View DDM Status

Configuration Guide 160

Configuring DDM DDM Configuration

In the Port Config table, view the current operating parameters for the SFP modules

inserted into the SFP ports.

Temperature The current temperature of the SFP module inserted into this port.

Voltage The current voltage of the SFP module inserted into this port.

Bias Current The current bias current of the SFP module inserted into this port.

Tx Power The current Tx power of the SFP module inserted into this port.

Rx Power The current Rx power of the SFP module inserted into this port.

Data Ready Indicates whether SFP module is operational. The values are True and False.

Loss of Signal Reports local SFP module signal loss. The values are True and False.

Transmit Fault Reports remote SFP module signal loss. The values are True, False and No Signal.

2.2 Using the CLI

To complete DDM configuration, follow these steps:

1) Enable DDM on the SFP port.

2) Configure the shutdown condition.

3) Configure the specified threshold for warning or alarm.

2.2.1 Configuring DDM Globally

Follow these steps to enable DDM on specified SFP ports:

Step 1 configure

Enter global configuration mode.

Step 2 interface { fastEthernet

port

| range fastEthernet

port-list

gigabitEthernet

port

| range

gigabitEthernet

port-list

| ten-gigabitEthernet

port

| range ten-gigabitEthernet

port-list

}

Enter interface configuration mode.

Step 3 ddm state enable

Enable DDM on this SFP port.

Step 4 show ddm configuration state

Display the DDM state of the SFP ports.

Step 5 end

Return to Privileged EXEC Mode.

Configuring DDM DDM Configuration

Configuration Guide 161

Step 6 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to enable DDM on SFP port 1/0/17:

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/17

Switch(config-if)#ddm state enable

Switch(config-if)#show ddm configuration state

DDM Status Shutdown

Gi1/0/17 Enable None

Gi1/0/18 Enable None

Switch(config-if)#end

Switch#copy running-config startup-config

2.2.2 Configuring DDM Shutdown

Follow these steps to configure settings for shutting down SFP ports when the alarm

threshold or warning threshold is exceeded:

Step 1 configure

Enter global configuration mode.

Step 2 interface { fastEthernet

port

| range fastEthernet

port-list

gigabitEthernet

port

| range

gigabitEthernet

port-list

| ten-gigabitEthernet

port

| range ten-gigabitEthernet

port-list

}

Enter interface configuration mode.

Step 3 ddm shutdown { none | warning | alarm }

none: The port will not be shut down if the alarm threshold or warning threshold is exceeded.

warning: Shut down the port when the warning threshold is exceeded.

alarm: Shut down the port when the alarm threshold is exceeded.

Step 4 show ddm configuration state

Display the DDM state of the SFP ports.

Step 5 end

Return to Privileged EXEC Mode.

Step 6 copy running-config startup-config

Save the settings in the configuration file.

Configuration Guide 162

Configuring DDM DDM Configuration

The following example shows how to set SFP port 1/0/17 to shut down when the warning

threshold is exceeded.

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/17

Switch(config-if)#ddm shutdown warning

Switch(config-if)#show ddm configuration state

DDM Status Shutdown

Gi1/0/17 Enable Warning

Gi1/0/18 Enable None

Switch(config-if)#end

Switch#copy running-config startup-config

2.2.3 Configuring Temperature Threshold

Follow these steps to configure the threshold of the DDM temperature on the specified

SFP port.

Step 1 configure

Enter global configuration mode.

Step 2 interface { fastEthernet

port

| range fastEthernet

port-list

gigabitEthernet

port

| range

gigabitEthernet

port-list

| ten-gigabitEthernet

port

| range ten-gigabitEthernet

port-list

}

Enter interface configuration mode.

Step 3 ddm temperature_threshold { high_alarm | high_warning | low_alarm | low-warning }

value

high_alarm: Specify the high threshold for the alarm. When the operating parameter rises

above this value, action associated with the alarm will be taken.

high_warning: Specify the high threshold for the warning. When the operating parameter

rises above this value, action associated with the warning will be taken.

low_alarm: Specify the low threshold for the alarm. When the operating parameter falls

below this value, action associated with the alarm will be taken.

low_warning: Specify the low threshold for the warning. When the operating parameter falls

below this value, action associated with the warning will be taken.

value

: Enter the threshold value in Celsius. The valid values are from -128 to 127.996.

Step 4 show ddm configuration temperature

Display the DDM temperature threshold on the SFP ports.

Step 5 end

Return to Privileged EXEC Mode.

Configuring DDM DDM Configuration

Configuration Guide 163

Step 6 copy running-config startup-config

Save the settings in the configuration file.

The following example shows how to set SFP port 1/0/17’s high alarm temperature

threshold as 110 Celsius.

Switch#configure

Switch(config)#interface gigabitEthernet 1/0/17

Switch(config-if)#ddm temperature_threshold high_alarm 110

Switch(config-if)#show ddm configuration temperature

Temperature Threshold(Celsius) :

High Alarm Low Alarm High Warning Low Warning

Gi1/0/17 110.000000 -- -- --

Gi1/0/18 -- -- -- --

Switch(config-if)#end

Switch#copy running-config startup-config

2.2.4 Configuring Voltage Threshold

Follow these steps to configure the threshold of the DDM voltage on the specified SFP

port.

Step 1 configure

Enter global configuration mode.

Step 2 interface { fastEthernet

port

| range fastEthernet

port-list

gigabitEthernet

port

| range

gigabitEthernet

port-list

| ten-gigabitEthernet

port

| range ten-gigabitEthernet

port-list

}

Enter interface configuration mode.

Step 3 ddm voltage_threshold { high_alarm | high_warning | low_alarm | low-warning }