TP-Link TL-SL5428E - Manual

9.1.7 Packet Statistics ............................................................................................. 144 9.1.8 Querier Config................................................................................................ 145 9.2 MLD Snooping ...........................................

13.2.2 Traps Config................................................................................................... 230 13.3 RMON....................................................................................................................... 233 13.3.1 History Control ........................

VII 16.4 Network Diagnostics ................................................................................................. 270 16.4.1 Ping................................................................................................................ 270 16.4.2 Tracert..............................

Package Contents The following items should be found in your box:  One TL-SL5428E switch  One power cord  One console cable  Two mounting brackets and other fittings  Installation Guide  Resource CD for TL-SL5428E switch, including:  This User Guide  The CLI Reference Guide  SNMP Mibs  802...

Chapter 1 About This Guide This User Guide contains information for setup and management of TL-SL5428E switch. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for network managers familiar with IT concepts and network terminologies. 1.2 Conventions In t...

Chapter Introduction Chapter 8 Ethernet OAM This module is used to configure Ethernet OAM function of the switch. Here mainly introduces:  Basic Config: Enable the Ethernet OAM function, configure its OAM mode, and check out the connection status.  Link Monitoring: Configure the parameters about O...

Chapter Introduction Chapter 16 Maintenance This module is used to assemble the commonly used system tools to manage the switch. Here mainly introduces:  System Monitor: Monitor the memory and CPU of the switch.  Log: View configuration parameters on the switch.  Network Diagnostics: Including Ca...

Chapter 2 Introduction Thanks for choosing the TL-SL5428E 24-Port 10/100Mbps + 4-Port Gigabit JetStream L2 Managed Switch! 2.1 Overview of the Switch Designed for workgroups and departments, TL-SL5428E from TP-LINK provides wire-speed performance and full set of layer 2 management features. It provi...

+ Supports Telnet, CLI, SNMP v1/v2c/v3, RMON and web access. + Port Mirroring enables monitoring selected ingress/egress traffic. 2.3 Appearance Description 2.3.1 Front Panel Figure 2-1 Front Panel The following parts are located on the front panel of the switch:  10/100Mbps RJ45 Ports: Designed to...

2.3.2 Rear Panel The rear panel of TL-SL5428E features a power socket and a Grounding Terminal (marked with ). Figure 2-2 Rear Panel  Grounding Terminal: TL-SL5428E already comes with Lightning Protection Mechanism. You can also ground the switch through the PE (Protecting Earth) cable of AC cord o...

Chapter 3 Login to the Switch 3.1 Login  In the IPv4 network: 1) To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP add...

Figure 3-5 Login Tips: After logging in to the switch, you can add a global IPv6 address to your switch manually in 4.1.6 System IPv6 . Then you can configure your PC’s global IPv6 address in the same subnet and login to the switch via its global IPv6 address. For the detailed instructions, please r...

Config . You are suggested to click Save Config before cutting off the power or rebooting the switch to avoid losing the new configurations. Return to CONTENTS 13

Chapter 4 System The System module is mainly for system configuration of the switch, including four submenus: System Info , User Management, System Tools and Access Security . 4.1 System Info The System Info, mainly for basic properties configuration, can be implemented on System Summary , Device De...

Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. Indicates the SFP port is not connected to a device. Indicates the SFP port is at the speed of 1000Mbps. Indicates the SFP port is at the speed of 100Mbps. When the cursor moves on the port, the detailed information of the port will b...

The following entries are displayed on this screen:  Time Info Current System Date: Displays the current date and time of the switch. Current Time Source: Displays the current time source of the switch.  Time Config Manual: When this option is selected, you can set the date and time manually. Get ...

The following entries are displayed on this screen:  DST Config DST Status: Enable or Disable DST. Predefined Mode: Select a predefined DST configuration:  USA: Second Sunday in March, 02:00 – First Sunday in November, 02:00.  Australia: First Sunday in October, 02:00 – First Sunday in April, 03:...

Figure 4-7 System IP The following entries are displayed on this screen:  IP Config MAC Address: Displays MAC Address of the switch. IP Address Mode: Select the mode to obtain IP Address for the switch.  Static IP: When this option is selected, you should enter IP Address, Subnet Mask and Default ...

 Introduction to IPv6 address 1. IPv6 address format An IPv6 address is represented as a series of 16-bit hexadecimals, separated by colons (:). An IPv6 address is divided into eight groups, and the 16 bits of each group are represented by four hexadecimal numbers which are separated by colons, for...

An interface ID is used to identify interfaces on a link. The interface ID must be unique to the link. It may also be unique over a broader scope. In many cases, an interface ID will be the same as or based on the link-layer address of an interface. Interface IDs used in global unicast and other IPv...

Choose the menu System → System Info → System IPv6 to load the following page. Figure 4-10 System IPv6 The following entries are displayed on this screen:  Global Config IPv6: Enable/Disable IPv6 function globally on the Switch.  Link-local Address Config Config Mode: Select the link-local address...

Status: Displays the status of the global address.  Normal: Indicates that the global address is normal.  Try: Indicates that the global address may be newly configured.  Repeat: Indicates that the corresponding address is duplicate. It is illegal to access the switch using this address. 4.2 User...

Figure 4-12 User Config The following entries are displayed on this screen:  User Info User Name: Create a name for users’ login. Access Level: Select the access level to login.  Admin: Admin can edit, modify and view all the settings of different functions.  Guest: Guest only can view the settin...

4.3 System Tools The System Tools function, allowing you to manage the configuration file of the switch, can be implemented on Config Restore , Config Backup , Firmware Upgrade , System Reboot and System Reset pages. 4.3.1 Config Restore On this page you can upload a backup configuration file to res...

Figure 4-14 Config Backup The following entries are displayed on this screen:  Config Backup Backup Config: Click the Backup Config button to save the current configuration as a file to your computer. You are suggested to take this measure before upgrading. Note: It will take a few minutes to backu...

4.3.4 System Reboot On this page you can reboot the switch and return to the login page. Please save the current configuration before rebooting to avoid losing the configuration unsaved Choose the menu System → System Tools → System Reboot to load the following page. Figure 4-16 System Reboot Note: ...

Figure 4-18 Access Control The following entries are displayed on this screen:  Access Control Config Control Mode: Select the control mode for users to log on to the Web management page.  IP-based: Select this option to limit the IP-range of the users for login.  MAC-based: Select this option to...

Figure 4-19 SSL Config The following entries are displayed on this screen:  Global Config SSL: Enable/Disable the SSL function on the switch.  Certificate Download Certificate File: Select the desired certificate to download to the switch. The certificate must be BASE64 encoded.  Key Download Key...

Comprising server and client, SSH has two versions, V1 and V2 which are not compatible with each other. In the communication, SSH server and client can auto-negotiate the SSH version and the encryption algorithm. After getting a successful negotiation, the client sends authentication request to the ...

 Network Requirements 1. Log on to the switch via key authentication using SSH and the SSH function is enabled on the mmended. 1. Select the key type and key length, and generate SSH key. switch. 2. PuTTY client software is reco  Configuration Procedure Note: 1. The key length is in the range of 2...

5. Click Browse to download the private key file to SSH client software and click Open . After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully loaded. 40

Chapter 5 Switching Switching module is used to configure the basic functions of the switch, including four submenus: Port , LAG , Traffic Monitor and MAC Address . 5.1 Port The Port function, allowing you to configure the basic features for the port, is implemented on the Port Config , Port Mirror ...

Status: Allows you to Enable/Disable the port. When Enable is selected, the port can forward the packets normally. Speed and Duplex: Select the Speed and Duplex mode for the port. The deviceconnected to the switch should be in the same Speed andDuplex mode with the switch. When “Auto” is selected, t...

Figure 5-3 Port Security The following entries are displayed on this screen:  Port Security Select: Select the desired port for Port Security configuration. It is multi-optional. Port: Displays the port number. Max Learned MAC: Specify the maximum number of MAC addresses that can be learned on the ...

5.1.4 Port Isolation Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding the port to forward packets to the ports that are not on its forward portlist. Choose the menu Switching → Port → Port Isolation to load the following page. Figure 5-4 Port...

Choose the menu Switching → Port → LoopbackDetection to load the following page. Figure 5-5 Loopback Detection Config The following entries are displayed on this screen:  Global Config LoopbackDetection Status: Here you can enable or disable Loopback Detection function globally. Detection Interval:...

2. The traffic load of the LAG will be balanced among the ports according to the Aggregate Arithmetic. If the connections of one or several ports are broken, the traffic of these ports will be transmitted on the normal ports, so as to guarantee the connection reliability. Depending on different aggr...

Figure 5-7 Detail Information 5.2.2 Static LAG On this page, you can manually configure the LAG. The LACP feature is disabled for the member ports of the manually added Static LAG. Choose the menu Switching → LAG → Static LAG to load the following page. Figure 5-8 Static LAG Config The following ent...

Figure 5-9 LACP Config The following entries are displayed on this screen:  Global Config System Priority: Specify the system priority for the switch. The system priority andMAC address constitute the system identification (ID). A lower systempriority value indicates a higher system priority. When ...

Status: Enable/Disable the LACP feature for your selected port. LAG: Displays the LAG number which the port belongs to. 5.3 Traffic Monitor The Traffic Monitor function, monitoring the traffic of each port, is implemented on the Traffic Summary and Traffic Statistics pages. 5.3.1 Traffic Summary Tra...

Packets Tx: Displays the number of packets transmitted on the port. Octets Rx: Displays the number of octets received on the port. The error octetsare counted in. Octets Tx: Displays the number of octets transmitted on the port. Statistics: Click the Statistics button to view the detailed traffic st...

Sent: Displays the details of the packets transmitted on the port. Broadcast: Displays the number of good broadcast packets received or transmitted on the port. The error frames are not counted in. Multicast: Displays the number of good multicast packets received or transmitted on the port. The erro...

Type: Select the type of your desired entry.  All: This option allows the address table to display all the address entries.  Static: This option allows the address table to display the static address entries only.  Dynamic: This option allows the address table to display the dynamic address entri...

On this page, you can configure the dynamic MAC address entry. Choose the menu Switching → MAC Address → Dynamic Address to load the following page. Figure 5-14 Dynamic Address The following entries are displayed on this screen:  Aging Config Auto Aging: Allows you to Enable/Disable the Auto Aging ...

Bind: Click the Bind button to bind the MAC address of your selected entry to the corresponding port statically. Tips: Setting aging time properly helps implement effective MAC address aging. The aging time that is too long or too short results decreases the performance of the switch. If the aging t...

61  Filtering Address Table Select: Select the entry to delete the corresponding filtering address. It ismulti-optional. MAC Address: Displays the filtering MAC Address. VLAN ID: Displays the corresponding VLAN ID. Port: Here the symbol “__” indicates no specified port. Type: Displays the Type of t...

Chapter 6 VLAN The traditional Ethernet is a data network communication technology basing on CSMA/CD (Carrier Sense Multiple Access/Collision Detect) via shared communication medium. Through the traditional Ethernet, the overfull hosts in LAN will result in serious collision, flooding broadcasts, po...

6.1 802.1Q VLAN VLAN tags in the packets are necessary for the switch to identify packets of different VLANs. The switch works at the data link layer in OSI model and it can identify the data link layer encapsulation of the packet only, so you can add the VLAN tag field into the data link layer enca...

 PVID PVID (Port Vlan ID) is the default VID of the port. When the switch receives an un-VLAN-tagged packet, it will add a VLAN tag to the packet according to the PVID of its received port and forward the packets. When creating VLANs, the PVID of each port, indicating the default VLAN to which the ...

Click the Detail button to view the information of the corresponding VLAN. Figure 6-6 View the Current VLAN of Port The following entries are displayed on this screen:  VLAN of Port VLAN ID Select: Click the Select button to quick-select the corresponding entry based on the VLAN ID number you enter...

received port. Thus, the packet is assigned automatically to the corresponding VLAN for transmission. 2. When receiving tagged packet, the switch will process it basing on the 802.1Q VLAN. If the received port is the member of the VLAN to which the tagged packet belongs, the packet will be forwarded...

6.2.2 Port Enable On this page, you can enable the port for the MAC VLAN feature. Only the port is enabled, can the configured MAC VLAN take effect. Choose the menu VLAN → MAC VLAN → Port Enable to load the following page. Figure 6-8 Enable MAC VLAN for Port Select your desired port for VLAN Mapping...

Protocol Type Type value IPX 0x8137 IS-IS 0x8000 LACP 0x8809 802.1X 0x888E Table 6-2 Protocol types in common use The packet in Protocol VLAN is processed in the following way: 1. When receiving an untagged packet, the switch matches the packet with the current Protocol VLAN. If the packet is matche...

 Protocol VLAN Table Select: Select the desired entry. It is multi-optional. Protocol: Displays the protocol template of the VLAN. Ether Type: Displays the Ethernet protocol type field in the protocol template. VLAN ID: Displays the corresponding VLAN ID of the protocol. Operation: Click the Edit b...

6.3.3 Port Enable On this page, you can enable the port for the Protocol VLAN feature. Only the port is enabled, can the configured Protocol VLAN take effect. Choose the menu VLAN → Protocol VLAN → Port Enable to load the following page. Figure 6-11 Enable Protocol VLAN for Port Select your desired ...

6.5 Application Example for MAC VLAN  Network Requirements  Switch A and switch B are connected to meeting room A and meeting room B respectively, and the two rooms are for all departments;  Notebook A and Notebook B, special for meeting room, are of two different departments;  The two departmen...

Step Operation Description 4 Configure MAC VLAN 10 On VLAN → MAC VLAN → MAC VLAN page, create MAC VLAN10 with the MAC address as 00-19-56-8A-4C-71. 5 Configure MAC VLAN 20 On VLAN → MAC VLAN → MAC VLAN page, create MAC VLAN10 with the MAC address as 00-19-56-82-3B-70. 6 Port Enable Required. On the ...

Protocol type Value LACP 0x8809 802.1X 0x888E Table 6-3 Values of Ethernet frame protocol type in common use This VLAN VPN function is implemented on the VPN Config , VLAN Mapping and Port Enable pages. 6.7.1 VPN Config This page allows you to enable the VPN function, adjust the global TPID for VLAN...

Choose the menu VLAN → VLAN VPN → VLAN Mapping to load the following page. Figure 6-13 Create VLAN Mapping Entry The following entries are displayed on this screen:  VLAN Mapping Config C VLAN: Enter the ID number of the Customer VLAN. C VLAN refers to the VLAN to which the packet received by switc...

Figure 6-14 Enable VLAN Mapping for Port Select your desired port for VLAN Mapping function. All the ports are disabled for VLAN Mapping function by default. Configuration Procedure of VLAN VPN Function: Step Operation Description 1 Enable VPN mode. Required. On the VLAN → VLAN VPN → VPN Config page...

6.8 Private VLAN Private VLANs, designed to save VLAN resources of uplink devices and decrease broadcast, are sets of VLAN pairs that share a common primary identifier. To guarantee user information security, the ease with which to manage and account traffic for service providers, in campus network,...

 Packets from different Secondary VLANs can be forwarded to the uplink device via promiscuous port and carry no corresponding Secondary VLAN information.  Packets from Primary VLANs can be sent to end users via host port and carry no Primary VLAN information. Private VLAN is designed to save VLAN ...

Port5 5 VLAN5 Port2 2 VLAN2 Port3 3 VLAN3 Table 6-4 Port settings before configuration synchronization Port PVID Allowed VLANs Port5 5 VLAN2, 3, 5 Port2 2 VLAN2, 5 Port3 3 VLAN2, 5 Table 6-5 Port settings after configuration synchronization  MAC address duplication: After port configuration synchro...

The Private VLAN packet forwarding process (here we take traffic transmission for PC2) based on the figure above is illustrated as follows: 1) PC2 sends out its first upstream packet with the source MAC as mac_2 and the destination MAC as mac_a. This packet is untagged. 2) When the host port Port2 o...

Choose the menu VLAN → Private VLAN → PVLAN Config to load the following page. Figure 6-16 Create Private VLAN The following entries are displayed on this screen:  Create Private VLAN Primary VLAN: Enter the ID number of the Primary VLAN. Secondary VLAN: Enter the ID number of the Secondary VLAN. ...

Figure 6-17 Create and View Protocol Template The following entries are displayed on this screen:  Port Config Port: Select the desired port for configuration. Port Type: Select the Port Type from the pull-down list for the port. Primary VLAN: Specify the Primary VLAN the port belongs to. Secondary...

 LeaveAll Timer: Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveAll message after the timer times out, so that other GARP entities can re-register all the attribute information on this entity. After that, the entity restarts the LeaveAll timer to begin a new cycle....

Figure 6-18 GVRP Config Note: If the GVRP feature is enabled for a member port of LAG, please ensure all the member ports of this LAG are set to be in the same status and registration mode. The following entries are displayed on this screen:  Global Config GVRP: Allows you to Enable/Disable the GVR...

LeaveAll Timer: Once the LeaveAll Timer is set, the port with GVRP enabled can send a LeaveAll message after the timer times out, so that other GARP ports can re-register all the attribute information. After that, the LeaveAll timer will start to begin a new cycle. The LeaveAll Timer ranges from 100...

Chapter 7 Spanning Tree STP (Spanning Tree Protocol), subject to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network and block ports by exchanging information, in that way, a ring network can be disbranched...

Figure 7-1 Basic STP diagram  STP Timers Hello Time: Hello Time ranges from 1 to 10 seconds. It specifies the interval to send BPDU packets. It is used to test the links. Max. Age: Max. Age ranges from 6 to 40 seconds. It specifies the maximum time the switch can wait without receiving a BPDU befor...

Step Operation 1 If the priority of the BPDU received on the port is lower than that of the BPDU if of the port itself, the switch discards the BPDU and does not change the BPDU of the port. 2 If the priority of the BPDU is higher than that of the BPDU of the port itself, the switch replaces the BPD...

point-to-point link, it can transit to forwarding state after getting response from the downstream switch through handshake.  RSTP Elements Edge Port: Indicates the port connected directly to terminals. P2P Link: Indicates the link between two switches directly connected. MSTP (Multiple Spanning Tr...

 Port States In an MSTP, ports can be in the following four states:  Forwarding: In this status the port can receive/forward data, receive/send BPDU packets as well as learn MAC address.  Learning: In this status the port can receive/send BPDU packets and learn MAC address.  Blocking: In this st...

Figure 7-4 STP Config The following entries are displayed on this screen:  Global Config STP: Enable/Disable STP function globally on the switch. Version: Select the desired STP version on the switch.  STP: Spanning Tree Protocol.  RSTP: Rapid Spanning Tree Protocol.  MSTP: Multiple Spanning Tre...

Note: 1. The forward delay parameter and the network diameter are correlated. A too small forward delay parameter may result in temporary loops. A too large forward delay may cause a network unable to resume the normal state in time. The default value is recommended. 2. An adequate hello time parame...

7.2 Port Config On this page you can configure the parameters of the ports for CIST Choose the menu Spanning Tree → Port Config to load the following page. Figure 7-6 Port Config The following entries are displayed on this screen:  Port Config Port Select: Click the Select button to quick-select th...

Figure 7-9 Instance Port Config The following entries are displayed on this screen:  Port Config Instance ID: Select the desired instance ID for its port configuration. Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Select: Select t...

Figure 7-10 Port Protect The following entries are displayed on this screen:  Port Protect Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Select: Select the desired port for port protect configuration. It is multi-optional. Port: Di...

Figure 7-11 TC Protect The following entries are displayed on this screen:  TC Protect TC Threshold: Enter a number from 1 to 100. It is the maximum number of the TC-BPDUs received by the switch in a TC Protect Cycle. The default value is 20. TC Protect Cycle: Enter a value from 1 to 10 to specify ...

 The configuration procedure for switch E and F is the same with that for switch D.  The topology diagram of the two instances after the topology is stable  For Instance 1 (VLAN 101, 103 and 105), the red paths in the following figure are connected links; the gray paths are the blocked links.  F...

Chapter 8 Ethernet OAM  OAM Overview Ethernet OAM (Operation, Administration, and Maintenance) is a Layer 2 protocol for monitoring and troubleshooting Ethernet networks. It can report the network status to network administrators through the OAMPDUs exchanged between two OAM entities, facilitating ...

As Information OAMPDUs are sent between the OAM entities periodically, an OAM entity can inform one of its OAM peers of link faults through Information OAMPDUs. So the network administrator can get informed of the link faults and take action in time. Remote Loopback Remote loopback helps to ensure t...

Figure 8-5 Discovery Info The following entries are displayed on this screen:  Local Client The local client part shows the information of the local OAM entity. OAM: Displays whether the OAM function is enabled or disabled on the selected port. Mode: Displays the OAM mode of the selected port. Max ...

Variable Request: Displays whether the local client supports variable request. If supports, the local client can send some variable requests to the remote client to learn about the link status from the response of the remote client. PDU Revision: Displays the Information TLV revision of Information ...

PDU Revision: Displays the TLV revision of the OAMPDU. Vendor Information: Displays the vender information of the remote client. 8.2 Link Monitoring On this page, you can configure the parameters about OAM link events, including the threshold and the detection period. Also, you can choose whether to...

Select: Select the desired port for configuration. It is multi-optional. Dying Gasp Notify: Choose whether to notify the dying gasp or not. Critical Event Notify: Choose whether to notify the critical event or not. 8.4 Remote Loopback On this page, you can initiate remote loopback if the OAM connect...

Shut Mode: Once detecting a unidirectional link, the port can be shut down in one of the following two modes:  Auto : In this mode, DLDP generates logs and traps and shuts down the corresponding port on detecting unidirectional links, and the DLDP link state transits to Disable.  Manual : In this ...

After these four ports are correctly connected, select ports 1/0/27 and 1/0/28 in the Port Config table and click the Reset button to restore their state from Disable. Return to CONTENTS 130

Chapter 9 Multicast  Multicast Overview In the network, packets are sent in three modes: unicast, broadcast and multicast. In unicast, the source server sends separate copy information to each receiver. When a large number of users require this information, the server must send many pieces of infor...

ports in a VLAN. The list is constructed and maintained by snooping IPv6 multicast control packets. MLD snooping performs a similar function in IPv6 as IGMP snooping in IPv4. The Multicast module is mainly for multicast management configuration of the switch, including three submenus: IGMP Snooping ...

Static Router Ports: Enter the static router port which is mainly used in the network with stable topology.  VLAN Table VLAN ID Select: Click the Select button to quick-select the corresponding VLAN ID based on the ID number you entered. Select: Select the desired VLAN ID for configuration. It is m...

in Layer 2 network. IGMP Snooping Querier can act as an IGMP Router in Layer 2 network. It can help to create and maintain multicast forwarding table on the switch with the Query messages it generates. Choose the menu Multicast → Querier to load the following page. Figure 9-12 Packet Statistics The ...

Unknown Multicast Filter: Choose to forward or drop unknown multicast data. Unknown IPv6 multicast packets refer to those packets without corresponding forwarding entries in the IPv6 multicast table: When unknown multicast filter is enabled, the switch will discard all received unknown IPv6 multicas...

The following entries are displayed on this screen:  Auto Fresh Auto Fresh: Enable/Disable auto fresh feature. Fresh Period: Enter the time from 3 to 300 seconds to specify the auto fresh period.  MLD Packet Statistics Received MLD Query : Displays the number of MLD Query packets the switch has re...

 Multicast IP Table Multicast IP: Displays the multicast IP. VLAN ID: Displays the VLAN ID. Forward Ports: Displays the forward ports of the group. Type: Displays the type of the group. Note: The max number of multicast entries is 256. The IPv4 multicast table and IPv6 multicast table share the tot...

Chapter 10 QoS QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality.  QoS This switch classifies the ingress pac...

2. 802.1P Priority Figure 10-2 802.1Q frame As shown in the figure above, each 802.1Q Tag has a Pri field, comprising 3 bits. The 3-bit priority field is 802.1p priority in the range of 0 to 7. 802.1P priority determines the priority of the packets based on the Pri value. On the Web management page ...

Figure 10-4 SP-Mode 2. WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcom...

10.1 DiffServ This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports...

Configuration Procedure: Step Operation Description 1 Select the port priority Required. On QoS → DiffServ → Port Priority page, configure the port priority. 2 Configure the mapping relation between the CoS priority and TC Required. On QoS → DiffServ → 802.1P/CoS mapping page, configure the mapping ...

The following entries are displayed on this screen:  802.1P Priority Config 802.1P Priority: Enable/Disable 802.1P Priority.  Priority and CoS-mapping Config Tag-id/Cos-id: Indicates the precedence level defined by IEEE802.1P and the CoS ID. Queue TC-id: Indicates the priority level of egress queu...

WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue. The weight value ratio of TC0, TC1, TC2 and TC3 is 1:2:4:8. SP+WRR-Mode: Strict-Priority + Weight Round Robin Mode. In this mode, this switch provides two scheduling...

Figure 10-11 Storm Control The following entries are displayed on this screen:  Storm Control Config Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Select: Select the desired port for Storm Control configuration. It is multi-optiona...

10.3 Voice VLAN Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with voice devices attached to voice VLANs, you can perform QoS-related configuration for voice data, ensuring the transmission priority of voice data stream and voice quality....

Port Voice VLAN Mode Voice Stream Type Link type of the port and processing mode ACCESS: Not supported. TRUNK: Supported. The default VLAN of the port can not be voice VLAN. TAG voice stream GENERAL: Supported. The default VLAN of the port can not be voice VLAN and the egress rule of the access port...

Note: Don’t transmit voice stream together with other business packets in the voice VLAN except for some special requirements. The Voice VLAN function can be implemented on Global Config, Port Config and OUI Config pages. 10.3.1 Global Config On this page, you can configure the global parameters of ...

Member State: Displays the state of the port in the current voice VLAN. LAG: Displays the LAG number which the port belongs to. 10.3.3 OUI Config The switch supports OUI creation and adds the MAC address of the special voice device to the OUI table of the switch. The switch determines whether a rece...

Configuration Procedure of Voice VLAN: Step Operation Description 1 Configure the link type of the port Required. On VLAN → 802.1Q VLAN → Port Config page, configure the link type of ports of the voice device. 2 Create VLAN Required. On VLAN → 802.1Q VLAN → Port Config page, click the Create button ...

Chapter 11 ACL ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and sec...

11.1.3 Holiday Config Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays according to your work arrangement. Choose the menu ACL → Time-Range → Holiday Config to load the following page. Figure 11-3 Holiday Configuration The ...

Choose the menu ACL → ACL Config → MAC ACL to load the following page. Figure11-6 Create MAC Rule The following entries are displayed on this screen:  Create MAC-Rule ACL ID: Select the desired MAC ACL for configuration. Rule ID: Enter the rule ID. Operation: Select the operation for the switch to ...

S-Port: Configure TCP/IP source port contained in the rule when TCP/UDP is selected from the pull-down list of IP Protocol. D-Port: Configure TCP/IP destination port contained in the rule when TCP/UDP is selected from the pull-down list of IP Protocol. DSCP: Enter the DSCP information contained in t...

S-Mirror: Select S-Mirror to mirror the data packets in the policy to the specific port. S-Condition: Select S-Condition to limit the transmission rate of the data packets in the policy.  Rate: Specify the forwarding rate of the data packets those match the corresponding ACL.  Out of Band: Specify...

 Policy Bind Table Select: Select the desired entry to delete the corresponding binding policy. Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy. Interface: Displays the port number or VLAN ID bound to the policy. Direction: Displays the binding ...

Figure11-14 Bind the policy to the VLAN The following entries are displayed on this screen:  VLAN-Bind Config Policy Name: Select the name of the policy you want to bind. VLAN ID: Enter the ID of the VLAN you want to bind.  VLAN-Bind Table Index: Displays the index of the binding policy. Policy Na...

Chapter 12 Network Security Network Security module is to provide the multiple protection measures for the network security, including six submenus: IP-MAC Binding , ARP Inspection , IP Source Guard, DoS Defend, 802.1X and PPPoE Config . Please configure the functions appropriate to your need. 12.1 ...

Figure 12-2 Manual Binding The following entries are displayed on this screen:  Manual Binding Option Host Name: Enter the Host Name. IP Address: Enter the IP Address of the Host. MAC Address: Enter the MAC Address of the Host. VLAN ID: Enter the VLAN ID. Port: Select the number of port connected t...

address of the Host on Network layer. MAC address, the address of the Host on Data link layer, is necessary for the packet to reach the very device. So the destination IP address carried in a packet need to be translated into the corresponding MAC address. ARP functions to translate the IP address i...

Figure 12-4 ARP Scanning The following entries are displayed on this screen:  Scanning Option Start IP Address: Specify the Start IP Address. End IP Address: Specify the End IP Address. VLAN ID: Enter the VLAN ID. If blank, the switch will send the untaggedpackets for scanning. Scan: Click the Scan...

 DHCP Working Principle DHCP works via the “Client/Server” communication mode. The Client applies to the Server for configuration. The Server assigns the configuration information, such as the IP address, to the Client, so as to reach a dynamic employ of the network source. A Server can assign the ...

（ 2 ） DHCP-OFFER Stage: Upon receiving the DHCP-DISCOVER packet, the DHCP Server selects an IP address from the IP pool according to the assigning priority of the IP addresses and replies to the Client with DHCP-OFFER packet carrying the IP address and other information. （ 3 ） DHCP-REQUEST Stage: In...

Figure 12-7 DHCP Cheating Attack Implementation Procedure DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Snooping is to monitor the process of the Host obtaining the IP a...

Figure 12-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. The following entries are displayed on this screen:  DHCP Snooping Config DHCP Snooping: Enable/Disable the DHCP Snooping fu...

Decline Flow Control: Select the value to specify the Decline Flow Control. The trafficflow of the corresponding port will be limited to be this value ifthe transmission rate of the Decline packets exceeds theDecline Threshold.  Option 82 Config Option 82 Support: Enable/Disable the Option 82 featu...

Attack, frequently occur to the network, especially to the large network such as campus network and so on. The following part will simply introduce these ARP attacks.  Imitating Gateway The attacker sends the MAC address of a forged Gateway to Host, and then the Host will automatically update the A...

Figure 12-10 ARP Attack – Cheating Gateway As the above figure shown, the attacker sends the fake ARP packets of Host A to the Gateway, and then the Gateway will automatically update its ARP table after receiving the ARP packets. When the Gateway tries to communicate with Host A in LAN, it will enca...

Figure 12-15 ARP Statistics The following entries are displayed on this screen:  Auto Refresh Auto Refresh: Enable/Disable the Auto Refresh feature. Refresh Interval: Specify the refresh interval to display the ARP Statistics.  Illegal ARP Packet Port: Displays the port number. Trusted Port: Indic...

Figure 12-16 IP Source Guard The following entries are displayed on this screen:  IP Source Guard Config Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Select: Select your desired port for configuration. It is multi-optional. Port: ...

DoS Attack Type Description Ping Of Death ICMP ECHO Request Packet whose sum of "Fragment Offset" and "Total Length" fields in the IP header is greater than 65535 may cause Ping of Death attack. As the maximum packet length of an IPv4 packet including the IP header is 65,535 bytes, m...

protocol enabled, a supplicant can access the LAN only when it passes the authentication, whereas those failing to pass the authentication are denied when accessing the LAN.  Architecture of 802.1X Authentication 802.1X adopts a client/server architecture with three entities: a supplicant system, a...

 802.1X Authentication Procedure An 802.1X authentication can be initiated by supplicant system or authenticator system. When the authenticator system detects an unauthenticated supplicant in LAN, it will initiate the 802.1X authentication by sending EAP-Request/Identity packets to the supplicant. ...

5. Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the switch, the client program encrypts the password of the supplicant system with the key and sends the encrypted password (contained in an EAP-Response/MD5 Challenge packet) to the RADIUS server through the switch...

Figure 12-22 Global Config The following entries are displayed on this screen:  Global Config 802.1X: Enable/Disable the 802.1X function. Auth Method: Select the Authentication Method from the pull-down list.  EAP-MD5: IEEE 802.1X authentication system uses extensible authentication protocol (EAP)...

working for its fixed unauthorized status. Control Type: Specify the Control Type for the port.  MAC Based: Any client connected to the port should pass the 802.1X Authentication for access.  Port Based: All the clients connected to the port can access the network on the condition that any one of ...

Chapter 13 SNMP  SNMP Overview SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the network devices. It is used for automatically managing the various network devices no matter the ph...

failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password. SNMP v2c: SNMP v2c also adopts community name authentication. It is compatible with SNMP v1 while enlarges the function of SNMP v1. SNMP v3: Basing...

SNMP module is used to configure the SNMP function of the switch, including three submenus: SNMP Config , Notification and RMON . 13.1 SNMP Config The SNMP Config can be implemented on the Global Config , SNMP View , SNMP Group , SNMP User and SNMP Community pages. 13.1.1 Global Config To enable SNM...

13.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to manage MIB objects. Choose the menu SNMP → SNMP Config...

Figure 13-5 SNMP Group The following entries are displayed on this screen:  Group Config Group Name: Enter the SNMP Group name. The Group Name, Security Modeland Security Level compose the identifier of the SNMP Group.These three items of the Users in one group should be the same. Security Model: S...

 Group Table Select: Select the desired entry to delete the corresponding group. It's multi-optional. Group Name: Displays the Group Name here. Security Model: Displays the Security Model of the group. Security Level: Displays the Security Level of the group. Read View: Displays the Read View name ...

13.1.5 SNMP Community SNMP v1 and SNMP v2c adopt community name authentication. The community name can limit access to the SNMP agent from SNMP network management station, functioning as a password. If SNMP v1 or SNMP v2c is employed, you can directly configure the SNMP Community on this page withou...

Type: Select the type for the notifications.  Trap: Indicates traps are sent.  Inform: Indicates informs are sent. The Inform type has a higher security than the Trap type. Retry: Specify the amount of times the switch resends an inform request. The switch will resend the inform request if it does...

Figure 13-9 Traps Config The following entries are displayed on this screen:  SNMP Traps SNMP Authentication: If selected, the switch will send an SNMP Authentication trap when a received SNMP request fails the authentication. Coldstart: If selected, the switch will send a Coldstart trap when it is...

Figure 13-10 History Control The following entries are displayed on this screen:  History Control Table Select: Select the desired entry for configuration. Index: Displays the index number of the entry. Port: Specify the port from which the history samples were taken. Interval: Specify the interval...

Chapter 14 LLDP LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used for network devices to advertise their own device information periodically to neighbors on the same IEEE 802 local area network. The advertised information, including details such as device identification, capabi...

 Disable: the port cannot transmit or receive LLDPDUs. 2) LLDPDU transmission mechanism  If the ports are working in TxRx or Tx mode, they will advertise local information by sending LLDPDUs periodically.  If there is a change in the local device, the change notification will be advertised. To pr...

Figure 14-1 Global Configuration The following entries are displayed on this screen:  Global Config LLDP: Enable/disable LLDP function globally.  Parameters Config Transmit Interval: Enter the interval for the local device to transmit LLDPDU to its neighbors. The default value is 30 seconds. Hold ...

Figure 14-2 Port Configuration The following entries are displayed on this screen:  LLDP Port Config Port Select: Select the desired port to configure. Admin Status: Select the port’s LLDP operating mode:  Tx&Rx: Send and receive LLDP frames.  Rx_Only: Only receive LLDP frames.  Tx_Only: Onl...

The following entries are displayed on this screen:  Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Specify the auto refresh rate.  Neighbor Info Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Lo...

Figure 14-5 Device Statistics The following entries are displayed on this screen:  Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Specify the auto refresh rate.  Global Statistics Last Update: Displays latest update time of the statistics. Total Inserts: Display...

Chapter 15 Cluster With the development of network technology, the network scale is getting larger and more network devices are required, which may result in a more complicated network management system. As a large number of devices need to be assigned different network addresses and every managemen...

The following entries are displayed on this screen:  Neighbor Search Option: Select the information the desired entry should contain and then click the Search button to display the desired entry in the following Neighbor Information table.  Neighbor Info Native Port: Displays the port number of th...

Figure 15-4 NDP Config The following entries are displayed on this screen:  Global Config NDP: Enable/Disable NDP function globally. Aging Time: Enter the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Enter the interval to send NDP packets.  Port Config Selec...

15.2 NTDP NTDP (Neighbor Topology Discovery Protocol ） is used for the commander switch to collect NDP information. NTDP transmits and forwards NTDP topology collection request based on NDP neighbor information table, and collects the NDP information and neighboring connection information of each de...

Neighbor Info: Click the Detail button to view the complete information of this device and its neighbors. Collect Topology: Click the Collect Topology button to collect NTDP information of the switch so as to collect the latest network topology. Click the Detail button to view the complete informati...

Figure 15-7 NTDP Summary The following entries are displayed on this screen:  Global Config NTDP: Displays the NTDP status (enabled or disabled) of the switch globally. NTDP Interval Time: Displays the interval to collect topology information. NTDP Hops: Displays the hop count the switch topology c...

Figure 15-8 NTDP Config The following entries are displayed on this screen:  Global Config NTDP: Enable/Disable NTDP for the switch globally. NTDP Interval Time: Enter the interval to collect topology information. The default is 1 minute. NTDP Hops: Enter the hop count the switch topology collects....

Enable: Click the Enable button to enable NTDP feature for the port you select. Disable: Click the Disable button to disable NTDP feature for the port you select. Note: NTDP function is effective only when NTDP function is enabled globally and for the port. 15.3 Cluster A commander switch can recogn...

 For a commander switch ， the following page is displayed: Figure 15-10 Cluster Summary for Commander Switch The following entries are displayed on this screen:  Global Config Cluster: Displays the cluster status (enabled or disabled) of the switch. Cluster Role: Displays the role the switch plays...

Hops: Displays the hop count from the member switch to the commander switch.  For a member switch, the following page is displayed: Figure 15-11 Cluster Summary for Member Switch The following entries are displayed on this screen:  Global Config Cluster: Displays the cluster status (enabled or dis...

 For a candidate switch, the following page is displayed. Figure 15-13 Cluster Configuration for Candidate Switch The following entries are displayed on this screen:  Current Role Role: Displays the role the current switch plays in the cluster.  Role Change Individual: Select this option to chang...

The following entries are displayed on this screen:  Current Role Role: Displays the role the current switch plays in the cluster.  Role Change Candidate: Select this option to change the role of the switch to be candidate switch.  Cluster Config Hold Time: Enter the time for the switch to keep t...

The following entries are displayed on this screen:  Current Role Role: Displays the role the current switch plays in the cluster.  Role Change Candidate: Select this option to change the role of the switch to be candidate switch. 15.3.3 Member Config When this switch is the commander switch of th...

15.3.4 Cluster Topology On this page you can see the whole cluster topology. Click the node switch to directly log on to the corresponding Web management page for you to configure and manage this switch. Double-click the node switch to view its detailed information. Choose the menu Cluster → Cluster...

Chapter 16 Maintenance Maintenance module, assembling the commonly used system tools to manage the switch, provides the convenient method to locate and solve the network problem. （ 1 ） System Monitor: Monitor the utilization status of the memory and the CPU of switch. （ 2 ） Log: View the configurati...

16.1.2 Memory Monitor Choose the menu Maintenance → System Monitor → Memory Monitor to load the following page. Figure 16-2 Memory Monitor Click the Monitor button to enable the switch to monitor and display its Memory utilization rate every four seconds. 16.2 Log The Log system of switch can record...

The Log function is implemented on the Log Table , Local Log , Remote Log and Backup Log pages. 16.2.1 Log Table The switch supports logs output to two directions, namely, log buffer and log file. The information in log buffer will be lost after the switch is rebooted or powered off whereas the info...

16.2.2 Local Log Local Log is the log information saved in switch. By default, all system logs are saved in log buffer and the logs with severities from level_0 to level_2 are saved in log file meanwhile. On this page, you can set the output channel for logs. Choose the menu Maintenance → Log → Loca...

Figure 16-5 Log Host The following entries are displayed on this screen:  Log Host Index: Displays the index of the log host. The switch supports 4 log hosts. Host IP: Configure the IP for the log host. UDP Port: Displays the UDP port used for receiving/sending log information. Here we use the stan...

Backup Log: Click the Backup Log button to save the log as a file to your computer. Note: It will take a few minutes to backup the log file. Please wait without any operation. 16.3 Device Diagnostics This switch provides Cable Test functions for device diagnostics. Cable Test functions to test the c...

16.4 Network Diagnostics This switch provides Ping test and Tracert test functions for network diagnostics. 16.4.1 Ping Ping test function, testing the connectivity between the switch and one node of the network, facilitates you to test the network connectivity and reachability of the host so as to ...

16.4.2 Tracert Tracert test function is used to test the connectivity of the gateways during its journey from the source to destination of the test data. When malfunctions occur to the network, you can locate trouble spot of the network with this tracert test. Choose the menu Maintenance → Network D...

Chapter 17 System Maintenance via FTP The firmware can be downloaded to the switch via FTP function. FTP (File Transfer Protocol), a protocol in the application layer, is mainly used to transfer files between the remote server and the local PCs. It is a common protocol used in the IP network for fil...

2 ） The Connection Description Window will prompt shown as Figure 17-3. Enter a name into the Name field and click OK . Figure 17-3 Connection Description 3 ） Select the port to connect in Figure 17-4 and click OK . Figure 17-4 Select the port to connect 4 ） Configure the port selected in the step a...

Figure 17-5 Port Settings 3. Download Firmware via bootUtil menu To download firmware to the switch via FTP function, you need to enter into the bootUtil menu of the switch and take the following steps. 1 ） Connect the console port of the PC to the console port of the switch and open hyper terminal....

Appendix A: Specifications IEEE802.3 10Base-T Ethernet IEEE802.3u 100Base-TX/100Base-FX Fast Ethernet IEEE802.3ab 1000Base-T Gigabit Ethernet IEEE802.3z 1000Base-X Gigabit Ethernet IEEE802.3x Flow Control IEEE802.1p QoS IEEE802.1q VLAN Standards IEEE802.1X Port-based Access Authentication Ethernet: ...

Appendix B: Configuring the PCs In this section, we’ll introduce how to install and configure the TCP/IP correctly in Windows 2000 and TCP/IPv6 in WIN7. First make sure your Ethernet Adapter is working, refer to the adapter’s manual if necessary. 1. In IPv4 network ： 1) On the Windows taskbar, click...

Figure B-2 5) The following Internet Protocol (TCP/IP) Properties window will display and the IP Address tab is open on this window by default. Figure B-3 278

Figure B-6 5) The following TCP/IPv6 Properties window will display and the IP Address tab is open on this window by default. 280

281 Figure B-7 6) Select Use the following IPv6 address . And the following items will be available. If the switch's global IPv6 address is 3001::1/64, specify IPv6 address as 3001::14 for example , and the Subnet prefix length as 64. Now: Click OK to save your settings. Return to CONTENTS

Appendix C: 802.1X Client Software In 802.1X mechanism, the supplicant Client should be equipped with the corresponding client software complied with 802.1X protocol standard for 802.1X authentication. When the switch works as the authenticator system, please take the following instructions to insta...

Figure C-5 Install the Program 6. The InstallShield Wizard is installing TpSupplicant shown as the following screen. Please wait. Figure C-6 Setup Status 7. On the following screen, click Finish to complete the installation. 284

Figure C-7 InstallShield Wizard Complete Note: Please pay attention to the tips on the above screen. If you have not installed WinPcap 4.0.2 or the higher version on your computer, the 802.1X Client Software TpSupplicant can not work. It’s recommended to go to http://www.winpcap.org to download the ...

Appendix D: Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide bootup information for network devices, including IP...

293 Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Simple Network Management Protocol (SNMP) The application protocol in the Internet s...