TP Link Switch TL SG3109 User Manual

Embedded Web System User Guide

TL-SG3109

9-port Gigabit Managed Switch

TL-SL3428

24+4G Gigabit Managed Switch

TL-SL3452

48+4G Gigabit Managed Switch

Rev: 1.0

Download from Www.Somanuals.com. All Manuals Search And Download.

TABLE OF CONTENTS

Preface .............................................................................................................. 1

Guide Overview ................................................................................................................................1

Intended Audience ...........................................................................................................................2

Section 1. Getting Started.............................................................................. 3

1.1 Conﬁguring the device to use TP-Link Embedded Web Interface ........................................3

1.2 Starting the TP-Link Embedded Web Interface .....................................................................3

1.3 Understanding the TP-Link Embedded Web Interfac e ..........................................................4

1.3.1 Device Representatio n .........................................................................................................5

1.3.2 Using the TP-Link Embedded Web Interface Management Button s .................................5

1.4 Using Screen and T a ble Options .............................................................................................6

1.4.1 Adding Conﬁguration Information .........................................................................................6

1.4.2 Modifying Conﬁguration Informatio n ....................................................................................6

1.5 Deleting Conﬁguration Information .........................................................................................6

1.6 Resetting the Device ................................................................................................................7

1.7 Logging Off from the Device ....................................................................................................7

Section 2. Deﬁning Device Information ...................................................... 8

Section 3. Setting the System Tim e ............................................................. 9

3.1 Conﬁguring Daylight Savings Tim e .........................................................................................9

3.2 Configuring SNT P ................................................................................................................. 12

3.2.1 SNTP Overview ................................................................................................................. 12

3.2.1.1 Polling for Unicast Time Informatio n .............................................................................. 12

3.2.1.2 Polling for Anycast Time Information ............................................................................. 12

3.2.1.3 Polling for Broadcast Time Information .......................................................................... 12

3.2.2 Defining SNTP Global Setting s ......................................................................................... 13

3.2.3 Configuring SNT P A uthentication ..................................................................................... 13

3.2.4 Defining SNTP Servers ..................................................................................................... 14

3.2.5 Defining SNTP Interface Settings ..................................................................................... 15

Section 4. Conﬁguring System Logs ......................................................... 17

4.1 Defining General Log Properties .......................................................................................... 1 7

4.2 Viewing Memory Log s .......................................................................................................... 18

Download from Www.Somanuals.com. All Manuals Search And Download.

4.3 Viewing Flash Logs ............................................................................................................... 18

4.4 Defining System Log Servers ............................................................................................... 19

Section 5. Conﬁguring Device Security .................................................... 21

5.1 Configuring Management Security ...................................................................................... 21

5.1.1 Configuring Authentication Method s ................................................................................. 21

5.1.1.1 Defining Access Profile s .................................................................................................. 21

5.1.1.2 Defining Profile Rule s ..................................................................................................... 23

5.1.1.3 Defining Authentication Profiles ..................................................................................... 24

5.1.1.4 Mapping Authentication Profiles ..................................................................................... 25

5.1.1.5 Defining TACACS+ Host Settings .................................................................................. 2 7

5.1.1.6 Defining RADIUS Server Settings ................................................................................. 28

5.1.2 Configuring Passwords ...................................................................................................... 30

5.1.2.1 Defining Local Users ....................................................................................................... 30

5.1.2.2 Defining Line Passwords ................................................................................................ 31

5.1.2.3 Defining Enable Password s ........................................................................................... 31

5.2 Configuring Network Security ............................................................................................... 31

5.2.1 Network Security Overvie w ............................................................................................... 32

5.2.1.1 Port-Based Authentication ............................................................................................. 32

5.2.1.2 Advanced Port-Based Authenticatio n ............................................................................ 32

5.2.2 Defining Network Authentication Propertie s ..................................................................... 32

5.2.2.1 Defining Port Authentication Propertie s ......................................................................... 33

5.2.2.2 Configuring Multiple Hosts ............................................................................................. 34

5.2.2.3 Defining Authentication Host s ........................................................................................ 35

5.2.3 Configuring Traffic Contro l ................................................................................................. 3 6

5.2.3.1 Managing Port Securit y .................................................................................................. 3 6

5.2.3.2 Enabling Storm Control .................................................................................................. 3 7

Section 6. Deﬁning IP Addresse s ............................................................... 39

6.1 Defining I P A ddressing ......................................................................................................... 39

6.1.1 Defining I P A ddresses ....................................................................................................... 39

6.1.2 Defining the Default Gateway ........................................................................................... 40

6.1.3 Defining DHC P A ddresse s ................................................................................................ 40

6.1.4 Defining ARP ...................................................................................................................... 41

6.2 Defining Domain Name System ........................................................................................... 42

6.2.1 Defining DNS Servers ....................................................................................................... 42

6.2.2 Configuring Host Mapping ................................................................................................. 43

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 7. Conﬁguring Interfaces ............................................................... 45

7.1 Configuring Ports .................................................................................................................. 45

7.2 Configuring LAGs .................................................................................................................. 4 7

7.2.1 Defining LAG Member s ..................................................................................................... 4 7

7.2.2 Configuring LAC P .............................................................................................................. 48

7.3 Configuring VLAN s ............................................................................................................... 49

7.3.1 Defining VLAN Properties ................................................................................................. 49

7.3.2 Defining VLAN Membership .............................................................................................. 50

7.3.3 Defining VLAN Interface Settings ..................................................................................... 51

7.3.4 Configuring GAR P ............................................................................................................. 52

7.3.4.1 Defining GARP ................................................................................................................ 52

7.3.5 Defining GVRP ................................................................................................................... 53

Section 8. Deﬁning the Forwarding Database .......................................... 55

8.1 Configuring Static Addresse s ............................................................................................... 55

8.2 Configuring Dynamic Forwarding Addresse s ...................................................................... 5 6

Section 9. Conﬁguring the Spanning Tree Protocol ................................ 58

9.1 Configuring the Classic STP ................................................................................................ 58

9.1.1 Defining STP Propertie s .................................................................................................... 58

9.1.2 Defining STP Interface Setting s ........................................................................................ 59

9.2 Configuring the Rapid STP ................................................................................................... 6 1

9.3 Configuring the Multiple STP ................................................................................................ 6 2

9.3.1 Defining MSTP Properties ................................................................................................. 6 2

9.3.2 Configuring MSTP Instances ............................................................................................ 6 3

9.3.3 Configuring MSTP VLAN Instances ................................................................................. 6 4

9.3.4 Configuring MSTP Interface Settings ............................................................................... 6 4

Section 10. Conﬁguring Multicast Forwarding ......................................... 66

10.1 Configuring Multicast Forwarding ...................................................................................... 66

10.2 Defining Multicast Bridging Groups .................................................................................... 67

10.3 Defining Multicast Forward All Parameters ........................................................................ 6 9

Section 11. Conﬁguring SNMP Management ........................................... 70

11.1 SNMP v1 and v2c ............................................................................................................... 7 0

11.2 SNMP v3 ............................................................................................................................. 7 0

11.3 Defining SNMP Securit y ..................................................................................................... 7 0

Download from Www.Somanuals.com. All Manuals Search And Download.

11.3.1 Defining SNMP Global Parameters ................................................................................ 7 1

11.3.2 Defining SNMP Views ...................................................................................................... 7 1

11.3.3 Defining SNMP Group Profiles ........................................................................................ 7 2

11.3.4 Defining SNMP Group Members .................................................................................... 7 3

11.3.5 Defining SNMP Communities .......................................................................................... 7 5

11.3.5.1 SNMP Communities Basic T a bl e ................................................................................. 7 5

11.3.5.2 SNMP Communities Advanced T a ble .......................................................................... 7 5

11.4 Configuring SNMP Notification Settings ............................................................................ 76

11.4.1 Defining SNMP Notification Propertie s ........................................................................... 76

11.4.2 Defining Notification Filter s .............................................................................................. 76

11.4.3 Defining Notification Receivers ........................................................................................ 77

11.4.3.1 SNMPv1,2c Notification Recipien t ............................................................................... 7 8

11.4.3.2 SNMPv3 Notification Recipien t .................................................................................... 7 8

Section 12. Conﬁguring Quality of Service ............................................... 80

12.1 Quality of Service Overvie w ............................................................................................... 80

12.1.1 Mapping to Queue s ......................................................................................................... 80

12.1.2 QoS Mode s ...................................................................................................................... 81

12.1.2.1 Basic QoS Mode ........................................................................................................... 82

12.1.2.2 Advanced QoS Mod e ................................................................................................... 82

12.2 Enabling Quality of Service ................................................................................................ 82

12.2.1 Enabling Quality of Servic e ............................................................................................. 82

12.2.2 Defining Queue s .............................................................................................................. 83

12.3 Mapping Queues ................................................................................................................ 84

12.3.1 Mapping CoS Values to Queues ..................................................................................... 84

12.3.2 Mapping QoS Values to Queues .................................................................................... 84

Section 13. Managing System File s ........................................................... 86

13.1 Downloading System Files ................................................................................................. 8 6

13.1.1 Download Typ e ................................................................................................................ 8 6

13.1.2 Firmware Download ......................................................................................................... 8 7

13.1.3 Configuration Downloa d .................................................................................................. 8 7

13.2 Uploading System Files ...................................................................................................... 8 7

13.2.1 Upload Typ e ..................................................................................................................... 8 7

13.2.2 Software Image Upload .................................................................................................. 88

13.2.3 Configuration Upload ....................................................................................................... 88

13.3 Activating Image Files ......................................................................................................... 88

Download from Www.Somanuals.com. All Manuals Search And Download.

13.4 Copying System Files ......................................................................................................... 88

Section 14. Performing Device Diagnostic s ............................................. 90

14.1 Configuring Port Mirroring .................................................................................................. 90

14.2 Viewing Integrated Cable T e sts .......................................................................................... 91

14.3 Viewing Optical Transceiver s ............................................................................................. 92

Section 15. Viewing Statistic s ..................................................................... 93

15.1 Viewing Interface Statistics ................................................................................................. 93

15.1.1 Viewing Device Interface Statistic s ................................................................................. 93

15.1.2 Viewing Etherlike Statistics .............................................................................................. 94

15.1.3 Viewing GVRP Statistics ................................................................................................. 95

15.1.4 Viewing EAP Statistics ..................................................................................................... 9 6

15.2 Managing RMON Statistic s ................................................................................................ 9 6

15.2.1 Viewing RMON Statistics ................................................................................................ 9 7

15.2.2 Configuring RMON History .............................................................................................. 98

15.2.2.1 Defining RMON History Control ................................................................................... 98

15.2.2.2 Viewing the RMON History T a ble ................................................................................ 99

15.2.3 Conﬁguring RMON Events ............................................................................................ 100

15.2.3.1 Deﬁning RMON Events Control ................................................................................. 100

15.2.3.2 Viewing the RMON Events Log s ............................................................................... 101

15.2.4 Deﬁning RMON Alarm s ................................................................................................. 101

Glossary ........................................................................................................1 04

Download from Www.Somanuals.com. All Manuals Search And Download.

Preface

The Embedded Web System (EWS) is a network management system. The TP-Link Embedded Web Interface conﬁgures,

monitors, and troubleshoots network devices from a remote web browser. The TP-Link Embedded Web Interface web pages

are easy-to-use and easy-to-navigate. In addition, the TP-Link Embedded Web Inter-face provides real time graphs and

RMON statistics to help system administrators monitor network performance.

This preface provides an overview to the TP-Link Embedded Interface User Guide.

This preface includes the following sections:

Guide Overview



IntendedAudience

Guide Overview

This user guide is divided into the following sections to provide concise information for conﬁguring, and managing the TP-Link

device:

Section 1. Getting Started — Provides information about using the EWS, including the TP-Link Embedded Web Interface,

management, and information buttons, as well as information about adding, modifying, and deleting devices.

Section 2. Deﬁning Device Information — Provides information about opening the device zoom view, deﬁning general

system properties, and enabling Jumbo frames.

Section 3. Setting the System Time — Provides information about conﬁguring system time parameters, includ-ing Daylight

Savings Time (DST) and Simple Network Time Protocol (SNTP).

Section 4. Conﬁguring System Logs — Provides information about enabling and deﬁning system logs.

Section 5. Configuring Device Security — Provides information about configuring device security for management

security, trafﬁc control, and network security.

Section 7. Conﬁguring Interfaces — Provides information about conﬁguring system interfaces, ports, port groups (LAGs)

and protocols (LACP). Provides information about conﬁguring and managing VLANs, including VLAN GARP and VLAN

GVRP.

Section 6. Deﬁning IP Addresses — Provides information about deﬁning device IP addresses, ARP, and Domain Name

Servers (DNS).

Section 8. Deﬁning the Forwarding Database — Provides information about conﬁguring and managing both static and

dynamic MAC addresses.

Section 9. Conﬁguring the Spanning Tree Protocol — Provides information about conﬁguring Spanning Tree Protocol

(STP) including the Rapid Spanning Tree Protocol (RSTP) and Multiple Spanning Tree Protocol (MSTP).

Section 10. Conﬁguring Multicast Forwarding — Provides information about Multicast Forwarding.

Section 11. Conﬁguring SNMP Management — Provides information about Simple Network Management Protocol (SNMP)

management, including deﬁning SNMP v1,v2c, and v3, SNMP ﬁlters and notiﬁcations.

Section 12. Conﬁguring Quality of Service — Provides information about conﬁguring Quality of Service parameters on the

device.

Section 13. Managing System Files — Provides information about downloading, uploading, and copying system ﬁles.

ꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 14. Performing Device Diagnostics — Provides information about port mirroring conﬁguration, copper and ﬁber

cables testing, and viewing device health information.

Section 15. Viewing Statistics — Provides information about viewing device statistics, including Remote Monitoring On

Network (RMON) statistics, and device history events.

Intended Audience

This guide is intended for network administrators familiar with IT concepts and network terminology.

ꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 1. Getting Started

This section provides an introduction to the user interface, and includes the following topics:

Conﬁguring the device to use TP-Link Embedded Web Interface

Starting the TP-Link Embedded Web Interface

Understanding the TP-Link Embedded Web Interface

Using Screen and Table Options



Resetting the Device

Logging Off from the Device

1.1 Conﬁguring the device to use TP-Link Embedded Web Interface

When the device is received, the Embedded Web Interface can not be accessed until the device is properly conﬁgured. To

use TP-Link Embedded Web Interface, use the console interface to assign an IP address and subnet mask on the default

VLAN, and add a super-user with the highest privilege level (15) which is allowed to log onto the device via Embedded Web

Interface. Below is an example:

console> en

console# config

console(config)# username admin password admin level 15

console(config)# interface vlan 1

console(config-if)# ip address 192.168.1.1 255.255.255.0

console(config-if)# exit

console(config)# exit

console# copy running-config startup-config

01-Jan-2000 01:02:49 %COPY-I-FILECPY: Files Copy - source URL running-config destination URL flash://

startup-config

01-Jan-2000 01:02:50 %COPY-W-TRAP: The copy operation was completed successfully

Copy succeeded

The above example uses the following assumptions:

The user name and password are both "admin"



The IP address assigned to the default VLAN is 192.168.1.1

The subnet mask for the network is 255.255.255.0

Once the device is conﬁgured as above, you can open the Embedded Web Interface authentication page by typing the URL

"http://192.168.1.1/" into the location bar of the web browser. And then use "admin" as both the user name and password to

log onto the device.

For more detailed information on how to conﬁgure the device via console interface, read "Section 4. Starting and Conﬁguring

the Device" in the TP-Link Installation Guide.

1.2 Starting the TP-Link Embedded Web Interface

This section contains information on starting the TP-Link Embedded Web interface.

Note:

Disable the popup blocker before beginning device conﬁguration using the EWS.

ꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

To access the TP-Link user interface:

1. Open an Internet browser.

2. Ensure that pop-up blockers are disabled. If pop-up blockers are enable, modify, add, and device information messages

may not open.

3. Enter the device IP address in the address bar and press Enter. The Login Page opens:

Figure 1: Login Page

4. Enter your user name and password.

Note:

Passwords are case sensitive.



To operate the device, disable all pop-ups with a popup

blocker.

For information on using the CLI to define default

passwords, see the TP-Link CLI Reference Guide.



5. Click

. The TP-Link Embedded Web Interface Home Page opens:

Figure 2: TP-Link Embedded Web Interface Home Page

The TP-Link Embedded Web Interface Home Page

contains the following views:

Port LED Indicators — Located at the top of the home



page, the port LED indicators provide a visual repre-

sentation of the ports on the TP-Link front panel.

TabArea — Located above the LED indicators, the tab area contains a list of the device features and their components.

Device View — Located in the main part of the home page, the device view provides a view of the device, an information

or table area, and conﬁguration instructions.



1.3 Understanding the TP-Link Embedded Web Interface

The following table lists the user interface components with their corresponding numbers:

Table 1: Interface Components

View

Description

Tree View provides easy navigation through the configurable device features. The main

branches expand to display the sub-features.

1 Tree View

Device View provides information about device ports, current conﬁguration and status, table

information, and feature components. Device View also displays other device information

and dialog boxes for conﬁguring parameters.

2 Device View

The TabArea enables navigation through the different device features. Click the tabs to view

all the components under a speciﬁc feature.

3 TabArea

4 Zoom View

Provides a graphic of the device on which TP-Link Web Interface runs.

5 TP-Link Web Interface

Information Tabs

Provide access to online help, and contain information about the EWS.

ꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

This section provides the following additional information:

Device Representation — Provides an explanation of the TP-Link user interface buttons, including both management

buttons and task icons.



Using the TP-Link Embedded Web Interface Management Buttons — Provides instructions for adding, modifying,

and deleting conﬁguration parameters.



1.3.1 Device Representation

The TP-Link Embedded Web Interface Home Page contains a graphical representation of the device. This representation

varies according to the device platform.

Figure 3: Device Representation

Figure 3:Device Representation

Figures in this guide are based on the TL-SL3428 device. The ﬁgures captions may differ if another device is used.

1.3.2 Using the TP-Link Embedded Web Interface Management Buttons

Conﬁguration Management buttons and icons provide an easy method of conﬁguring device information, and include the

following:

Table 2: TP-Link Web Interface Conﬁguration Management Buttons

Button

Button Name

Back/Next

Clear Logs

Create

Description

Enables browsing table items.

Clears system logs.

Enables creation of conﬁguration entries.

Modiﬁes conﬁguration settings.

Queries the device table.

Modify

Query

Reset

Resets the device.

Save

Saves the current system conﬁguration.

Saves conﬁguration changes to the device.

Performs cable tests.

Submit

Test

Table 3: TP-Link Web Interface Information Buttons

Tab

Tab Name

Help

Description

Opens the online help.

Opens the Logout page.

Logout

ꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

1.4 Using Screen and Table Options

The TP-Link Embedded Web Interface contains screens and tables for conﬁguring devices.

This section contains the following topics:

Adding Conﬁguration Information

Modifying Conﬁguration Information

Deleting Conﬁguration Information



1.4.1 Adding Conﬁguration Information

User-deﬁned information can be added to speciﬁc TP-Link Web Interface pages, by opening a new Add page.

To add information to tables or TP-Link Web Interface pages:

1. Open an TP-Link Web Interface page.

2. Click

. An Add page opens, for example Add IP Interface Page:

Figure 4:Add IP Interface Page

3. Deﬁne the required ﬁelds.

4. Click

. The conﬁguration information is saved,

and the device is updated.

1.4.2 Modifying Conﬁguration Information

User-deﬁned information can be modiﬁed in speciﬁc TP-Link Web Interface pages, by opening a new Settings page.

To modify information in tables or TP-Link Web Interface pages:

1. Open the TP-Link Embedded Web Interface page.

2. Select a table entry.

3. Click

.ASettings page opens, for example the IPInterface Settings Page:

Figure 5: IP Interface Settings Page

4. Modify the ﬁelds.

5. Click

is updated.

. The settings are saved, and the device

1.5 Deleting Conﬁguration Information

User-deﬁned information can be deleted in speciﬁc TP-Link Web Interface pages, using the Remove function.

To delete information in tables or TP-Link Web Interface pages:

1. Open the TP-Link Embedded Web Interface page, for example IPAddressing Page.

ꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 6: IPAddressing Page

2. Select the Remove checkbox in the row of the item to

delete.

3. Click

. The information is deleted, and the

device is updated.

1.6 Resetting the Device

The Reset page enables resetting the device from a remote location.

Note:

To prevent the current configuration from being lost, save all changes from the running configuration file to the startup

conﬁguration ﬁle before resetting the device. For instructions, see Managing System Files "Copying System Files" on page

171.

To reset the device:

1. Click System > General > Reset. The Reset Page

opens.

Figure 7: Reset Page

2. Click

.Aconﬁrmation message is displayed.

Figure 8: Reset Conﬁrmation Message

3. Click

. The device is reset, and a prompt for a

user name and password is displayed.

4. Enter a user name and password to reconnect to the web Interface.

1.7 Logging Off from the Device

Click

. The Logout Conﬁrmation Message is displayed.

Figure 9: Logout Conﬁrmation Message

ꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 2. Deﬁning Device Information

This section contains information for viewing and setting general system information.

The System Description Page contains parameters for conﬁguring general device information, including the system name,

location, and contact, the system MAC Address, System Object ID, System Up Time, System IP and MAC addresses, and

both software and hardware versions.

To view and deﬁne the system description:

1. Click System Info > General > Description. The System Description Page opens:

Figure 10:System Description Page

The System Description Page contains the following ﬁelds:

Model Name — Displays the device model number

and name.



System Name — Defines the user-defined device

name. The ﬁeld range is 0-160 characters.

System Location — Defines the location where the

system is currently running. The field range is 0-160

characters.

System Contact — Deﬁnes the name of the contact

person. The ﬁeld range is 0-160 characters.



System Object ID — Displays the vendor’s authoritative identiﬁcation of the network management sub-system contained

in the entity.

System Up Time — Displays the amount of time since the most recent device reset. The system time is displayed in the

following format: Days, Hours, Minutes, and Seconds. For example, 41 days, 2 hours, 22 min-utes and 15 seconds.

Base MACAddress — Displays the device MAC address.

Hardware Version — Displays the installed device hardware version number.

Software Version — Displays the installed software version number.

Boot Version — Displays the current boot version running on the device.



2. Deﬁne the System Name, System Location and System Contact ﬁelds.

3. Click

. The system description is saved and the device is updated.

ꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 3. Setting the System Time

This section provides information for conﬁguring system time parameters, including:

Conﬁguring Daylight Savings Time

Conﬁguring SNTP



3.1 Conﬁguring Daylight Savings Time

The System Information Time Page contains ﬁelds for deﬁning system time parameters for both the local hardware clock

and the external SNTP clock. If the system time is kept using an external SNTP clock, and the external SNTP clock fails, the

system time reverts to the local hardware clock. Daylight Savings Time can be enabled on the device.

The following is a list of Daylight Savings Time start and end times in speciﬁc countries:

Albania — From the last weekend of March until the last weekend of October.

Australia — From the end of October until the end of March.



Australia - Tasmania — From the beginning of October until the end of March.

Armenia — From the last weekend of March until the last weekend of October.

Austria — From the last weekend of March until the last weekend of October.

Bahamas — FromApril to October, in conjunction with Daylight Savings Time in the United States.

Belarus — From the last weekend of March until the last weekend of October.

Belgium — From the last weekend of March until the last weekend of October.

Brazil — From the third Sunday in October until the third Saturday in March. During the period of Daylight Saving Time,

Brazilian clocks go forward one hour in most of the Brazilian southeast.

Chile — In Easter Island, from March 9 until October 12. In the rest of the country, from the ﬁrst Sunday in March or after

9th March.



China — China does not use Daylight Saving Time.



Canada — From the ﬁrst Sunday in April until the last Sunday of October. Daylight Saving Time is usually regulated by

provincial and territorial governments. Exceptions may exist in certain municipalities.

Cuba — From the last Sunday of March to the last Sunday of October.

Cyprus — From the last weekend of March until the last weekend of October.

Denmark — From the last weekend of March until the last weekend of October.

Egypt — From the last Friday inApril until the last Thursday in September.

Estonia — From the last weekend of March until the last weekend of October.

Finland — From the last weekend of March until the last weekend of October.

France — From the last weekend of March until the last weekend of October.

Germany — From the last weekend of March until the last weekend of October.

Greece — From the last weekend of March until the last weekend of October.

Hungary — From the last weekend of March until the last weekend of October.

India — India does not use Daylight Saving Time.



Iran — From Farvardin 1 until Mehr 1.

Iraq — FromApril 1 until October 1.

Ireland — From the last weekend of March until the last weekend of October.

Israel — Varies year-to-year.

Italy — From the last weekend of March until the last weekend of October.

Japan — Japan does not use Daylight Saving Time.

ordan — From the last weekend of March until the last weekend of October.

ꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

Latvia — From the last weekend of March until the last weekend of October.

Lebanon — From the last weekend of March until the last weekend of October.

Lithuania — From the last weekend of March until the last weekend of October.

Luxembourg — From the last weekend of March until the last weekend of October.

Macedonia — From the last weekend of March until the last weekend of October.

Mexico — From the ﬁrst Sunday inApril at 02:00 to the last Sunday in October at 02:00.

Moldova — From the last weekend of March until the last weekend of October.

Montenegro — From the last weekend of March until the last weekend of October.

Netherlands — From the last weekend of March until the last weekend of October.

New Zealand — From the ﬁrst Sunday in October until the ﬁrst Sunday on or after March 15.

Norway — From the last weekend of March until the last weekend of October.

Paraguay — FromApril 6 until September 7.



Poland — From the last weekend of March until the last weekend of October.

Portugal — From the last weekend of March until the last weekend of October.

Romania — From the last weekend of March until the last weekend of October.

Russia — From the last weekend of March until the last weekend of October.

Serbia — From the last weekend of March until the last weekend of October.

Slovak Republic - From the last weekend of March until the last weekend of October.

SouthAfrica — SouthAfrica does not use Daylight Saving Time.

Spain — From the last weekend of March until the last weekend of October.

Sweden — From the last weekend of March until the last weekend of October.

Switzerland — From the last weekend of March until the last weekend of October.

Syria — From March 31 until October 30.

Taiwan — Taiwan does not use Daylight Saving Time.

Turkey — From the last weekend of March until the last weekend of October.

United Kingdom — From the last weekend of March until the last weekend of October.

United States ofAmerica — From the ﬁrst Sunday inApril at 02:00 to the last Sunday in October at 02:00.

To conﬁgure the daylight savings time:

1. Click System > System Info > General > Time. The System Information Time Page opens:

Figure 11: System Information Time Page

The System Information Time Page contains the following

sections and ﬁelds:

Clock Source — The source used to set the system

clock. The possible ﬁeld values are:



– None — Indicates that a clock source is not used.

The clock is set locally.

– SNTP — Indicates that the system time is set via an

SNTP server.

The Local Settings section contains the following ﬁelds:

Date — The system date. The ﬁeld format is Day/Month/Year. For example: 04/May/50 (May 4, 2050).

Local Time — The system time. The ﬁeld format is HH:MM:SS. For example: 21:15:03.



Time Zone Offset — The hours difference between Greenwich Mean Time (GMT) and local time. For example, the Time

Zone Offset for Paris is GMT +1, while the Time Zone Offset for New York is GMT –5.

Daylight Savings — Enables the automatic Daylight Savings Time (DST) on the device based on the device’s location.



ꢀ0

Download from Www.Somanuals.com. All Manuals Search And Download.

The DST can be set according to unique start and end dates for a particular year or as a recurring period for any year.

For a speciﬁc setting in a particular year, complete the ﬁelds in the Daylight Savings area; for a recurring setting, complete

the ﬁelds in the Recurring area.

Daylight Savings:

– USA — The device switches to DST at 2:00 a.m. on the ﬁrst Sunday ofApril, and reverts to standard time at 2:00 a.m.

on the last Sunday of October.

– European — The device switches to DST at 1:00 am on the last Sunday in March and reverts to standard time at 1:00

am on the last Sunday in October. The European option applies to EU members, and other European countries using

the EU standard.

– Other — The DST deﬁnitions are user-deﬁned based on the device locality. If Other is selected, the From and To ﬁelds

must be deﬁned.

Time Set Offset (1-1440) — Used for non-USA and European countries to set the amount of time for DST (in minutes).

The default time is 60 minutes.



From — Indicates the time that DST begins in countries other than the USA and Europe, in the format Day/Month/Year

in one ﬁeld and HH:MM in another. For example, if DST begins on October 25, 2007 at 5:00 am, the two ﬁelds should be

set to 25/Oct/07 and 05:00. The possible ﬁeld values are:

– Date — The date on which DST begins. The possible ﬁeld range is 1-31.

– Month — The month of the year in which DST begins. The possible ﬁeld range is Jan-Dec.

– Year — The year in which the conﬁgured DST begins.

– Time — The time at which DST begins. The ﬁeld format is HH:MM. For example: 05:30.

To — Indicates the time that DST ends in countries other than the USA and Europe, in the format Day/Month/Year in

one ﬁeld and HH:MM in another. For example, if DST ends on March 23, 2008 at midnight, the two ﬁelds should be 23/

Mar/08 and 00:00. The possible ﬁeld values are:



– Date — The date on which DST ends. The possible ﬁeld range is 1-31.

– Month — The month of the year in which DST ends. The possible ﬁeld range is Jan-Dec.

– Year— The year in which the conﬁgured DST ends.

– Time — The time at which DST starts. The ﬁeld format is HH:MM. For example: 05:30.

Recurring:

Recurring — Enables user-deﬁned DST for countries in which DST is constant from year to year, other than the USA

and Europe.



From — The time that DST begins each year. In the example, DST begins locally every ﬁrst Sunday in April at midnight.

The possible ﬁeld values are:

– Day — The day of the week from which DST begins every year. The possible ﬁeld range is Sunday-Saturday.

– Week — The week within the month from which DST begins every year. The possible ﬁeld range is 1-5.

– Month — The month of the year in which DST begins every year. The possible ﬁeld range is Jan-Dec.

– Time — The time at which DST begins every year. The ﬁeld format is Hour:Minute. For example: 02:10.

To — The time that DST ends each year. In the example, DST ends locally every ﬁrst Sunday in October at midnight.

The possible ﬁeld values are:



– Day — The day of the week at which DST ends every year. The possible ﬁeld range is Sunday-Saturday.

– Week — The week within the month at which DST ends every year. The possible ﬁeld range is 1-5.

– Month — The month of the year in which DST ends every year. The possible ﬁeld range is Jan-Dec.

– Time — The time at which DST ends every year. The ﬁeld format is HH:MM. For example: 05:30.

2. Deﬁne the Date, Local Time and Time Zone Offset ﬁelds.

3. To conﬁgure the device to automatically switch to DST, select Daylight Savings and select either USA, Euro-pean, or

Other. If you select Other, you must deﬁne its From and To ﬁelds. To conﬁgure DST parameters that will recur every year,

select Recurring and deﬁne its From and To ﬁelds.

ꢀꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

4. Click

. The DST settings are saved, and the device is updated.

3.2 Conﬁguring SNTP

This section contains the following topics:

SNTP Overview



Deﬁning SNTP Global Settings

Conﬁguring SNTPAuthentication

Deﬁning SNTP Servers

Deﬁning SNTP Interface Settings

3.2.1 SNTP Overview

The device supports the Simple Network Time Protocol (SNTP). SNTP assures accurate network device clock time

synchronization up to the millisecond. Time synchronization is performed by a network SNTP server. The device operates

only as an SNTP client, and cannot provide time services to other systems. The device can poll the following server types for

the server time:

Unicast



Anycast

Broadcast

Time sources are established by stratums. Stratums deﬁne the accuracy of the reference clock. The higher the stratum (where

zero is the highest), the more accurate the clock. The device receives time from stratum 1 and above.

The following is an example of stratums:

Stratum 0 —Areal time clock (such as a GPS system) is used as the time source.

Stratum 1 — A server that is directly linked to a Stratum 0 time source is used. Stratum 1 time servers provide primary

network time standards.



Stratum 2 — The time source is distanced from the Stratum 1 server over a network path. For example, a Stratum 2

server receives the time over a network link, via NTP, from a Stratum 1 server.



Information received from SNTP servers is evaluated based on the Time level and server type. SNTP time deﬁnitions are

assessed and determined by the following time levels:

T1 — The time at which the original request was sent by the client.

T2 — The time at which the original request was received by the server.

T3 — The time at which the server sent the client a reply.



T4 — The time at which the client received the server's reply.

3.2.1.1 Polling for Unicast Time Information

Polling for Unicast information is used for polling a server for which the IP address is known. T1 - T4 are used to determine

the server time. This is the preferred method for synchronizing device time.

3.2.1.2 Polling for Anycast Time Information

Polling for Anycast information is used when the SNTP server IP address is unknown. The ﬁrst Anycast server to return a

response is used to set the time value. Time levels T3 and T4 are used to determine the server time. Using Anycast time

information for synchronizing device time is preferred to using Broadcast time information.

3.2.1.3 Polling for Broadcast Time Information

Broadcast information is used when the server IP address is unknown. When a broadcast message is sent from an SNTP

ꢀꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

server, the SNTP client listens for the response. The SNTP client neither sends time information requests nor receives

responses from the Broadcast server.

Message Digest 5 (MD5) Authentication safeguards device synchronization paths to SNTP servers. MD5 is an algorithm

that produces a 128-bit hash. MD5 is a variation of MD4, and increases MD4 security. MD5 verifies the integrity of the

communication, authenticates the origin of the communication.

3.2.2 Deﬁning SNTP Global Settings

The SNTPProperties Page provides information for deﬁning SNTP parameters globally.

To deﬁne the SNTP global parameters:

1. Click System > System Info > SNTP > Properties. The SNTPProperties Page opens:

Figure 12: SNTP Properties Page

The SNTPProperties Page contains the following ﬁelds:

Poll Interval — Defines the interval (in seconds) at



which the SNTP server is polled for Unicast information.

The Poll Interval default is 1024 seconds.

Enable Receive Broadcast Servers Updates —



Deﬁnes whether or not the device monitors the SNTP

servers for Broadcast server time information on the

selected interfaces. The possible values are:

– Enable — Enables the device to receive Broadcast server updates.

– Disable — Disables the device from receiving Broadcast server updates.

Enable Receive Anycast Servers Updates — Deﬁnes whether or not the device polls the SNTP server for Anycast

server time information. If both the Enable Receive Anycast Servers Update and the Enable Receive Broadcast Servers

Update ﬁelds are enabled, the system time is set according to the Anycast server time information. The possible values

are:



– Enable — Enables the device to receiveAnycast server updates.

– Disable — Disables the device from receivingAnycast server updates.

Enable Receive Unicast Servers Updates — Deﬁnes whether or not the device polls the SNTP server for Unicast

server time information. If the Enable Receive Broadcast Servers Updates, Enable Receive Anycast Servers Updates,

and Enable Receive Unicast Servers Updates ﬁelds are all enabled, the system time is set according the Unicast server

time information. The possible values are:

– Enable — Enables the device to receive Unicast server updates.

– Disable — Disables the device from receiving Unicast server updates.

Enable Poll Unicast Servers — Deﬁnes whether or not the device sends SNTP Unicast forwarding information to the

SNTP server. The possible values are:

– Enable — Enables the device to receive Poll Unicast server updates.

– Disable — Disables the device from receiving Poll Unicast server updates.

2. Deﬁne the Poll Interval, Enable Receive Broadcast Servers Update, Enable Receive Anycast Servers Update, Enable

Receive Unicast Servers Update, and Enable Poll Unicast Servers ﬁelds and select at least one of the Enable ﬁelds.

3. Click

. The SNTP global settings are deﬁned, and the device is updated.

3.2.3 Conﬁguring SNTP Authentication

The SNTPAuthentication Page enables conﬁguring the SNTP authentication method.

ꢀꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

To conﬁgure SNTP authentication:

1. Click System > System Info > SNTP >Authentication. The SNTPAuthentication Page opens:

Figure 13: SNTPAuthentication Page

The SNTP Authentication Page contains the following

ﬁelds:

Enable SNTP Authentication — Indicates if

authenticating an SNTP session between the device

and an SNTP server is enabled on the device. The

possible ﬁeld values are:



– Checked — Authenticates SNTP sessions between

the device and SNTP server.

– Unchecked — Disables authenticating SNTP

sessions between the device and SNTP server.

Encryption Key ID — Indicates if the encryption key identiﬁcation is used to authenticate the SNTP server and device.

The ﬁeld value is up to 4294967295.



Authentication Key — Indicates the key used for authentication.

Trusted Key — Indicates the encryption key used (Unicast/Anycast) or elected (Broadcast) to authenticate the SNTP

server.



Remove — Removes Encryption Key IDs. The possible ﬁeld values are:

– Checked — Removes the selected Encryption Key ID.

– Unchecked — Maintains the Encryption Key IDs. This is the default value.



2. Check the Enable SNTPAuthentication checkbox.

3. Click

. SNTPAuthentication is deﬁned, and the device is updated.

To deﬁne SNTP authentication parameters:

1. Click

. The Add SNTPAuthentication Page opens:

Figure 14:Add SNTPAuthentication Page

2. Deﬁne the Encryption Key ID, Authentication Key, and

Trusted Key ﬁelds.

3. Click

. The SNTP Authentication Key is

added, and the device is updated.

3.2.4 Deﬁning SNTP Servers

The SNTP Servers Page contains information for enabling SNTP servers, as well as adding new SNTP servers. In addition,

the SNTPServers Page enables the device to request and accept SNTP server trafﬁc.

To deﬁne SNTP servers:

1. Click System > System Info > SNTP > Servers. The SNTPServers Page opens:

ꢀꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 15: SNTP Servers Page

The SNTPServers Page contains the following ﬁelds:

SNTP Server — Displays user-deﬁned SNTP server IP



addresses. Up to eight SNTP servers can be deﬁned.

Poll Interval — Indicates whether or not the device



polls the selected SNTP server for system time informa-

tion.

Encryption Key ID — Displays the encryption key identiﬁcation used to communicate between the SNTP server and

device. The ﬁeld range is 1-4294967295.



Preference — Indicates which SNTP server provides the SNTP system time. The possible ﬁeld values are:

– Primary — Indicates the primary server provides SNTP information.

– Secondary — Indicates the backup server provides SNTP information.

Status — The operating SNTP server status. The possible ﬁeld values are:

– Up — Indicates the SNTP server is currently operating normally.



– Down — Indicates that a SNTP server is currently not available. For example, the SNTP server is currently not

connected or is currently down.

– In progress — Indicates the SNTP server is currently sending or receiving SNTP information.

– Unknown — Indicates the progress of the SNTP information currently being sent is unknown. For example, the device

is currently looking for an interface.

Last Response — Displays the last time a response was received from the SNTP server.

Offset — Indicates the time difference between the device local clock and the acquired time from the SNTP server.

Delay — Indicates the amount of time it takes for a device request to reach the SNTP server.

Remove — Removes SNTP servers from the SNTP server list. The possible ﬁeld values are:

– Checked — Removes the SNTP server.



– Unchecked — Maintains the SNTP server. This is the default value.

2. Click

. The Add SNTPServer Page opens:

Figure 16:Add SNTP Server Page

3. Define the SNTP Server, Enable Poll Interval, and

Encryption Key ID ﬁelds.

4. Click

. The SNTP Server is added, and the

device is updated.

3.2.5 Deﬁning SNTP Interface Settings

The SNTPInterface Settings Page contains ﬁelds for setting SNTP on different interfaces.

To deﬁne SNTP interface settings:

1. Click System > System Info > SNTP > Interface. The SNTPInterface Settings Page opens:

ꢀꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 17: SNTP Interface Settings Page

The SNTP Interface Settings Page contains the following

ﬁelds:

Interface — Indicates the interface on which SNTP

can be enabled.



The possible ﬁeld values are:

– Port — Indicates the speciﬁc port number on which

SNTP is enabled.

– LAG — Indicates the speciﬁc LAG number on which SNTP is enabled.

– VLAN — Indicates the speciﬁc VLAN number on which SNTP is enabled.

Receive Servers Updates — Enables the server to receive or not receive updates.

Remove — Removes SNTP interfaces.



– Checked — Removes the selected SNTP interface.

– Unchecked — Maintains the deﬁned SNTP interfaces.

2. Click

. The Add SNTPInterface Page opens.

Figure 18:Add SNTP Interface Page

3. Select the Interface.

4. Check the Receive Server Updates option.

5. Click

. The SNTP interface is added, and the

device is updated.

ꢀꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 4. Conﬁguring System Logs

This section provides information for managing system logs. The system logs enable viewing device events in real time, and

recording the events for later usage. System logs record and manage events and report errors and informational messages.

Event messages have a unique format, as per the Syslog protocols recommended message format for all error reporting.

For example, Syslog and local device reporting messages are assigned a severity code, and include a message mnemonic,

which identiﬁes the source application generating the message. It allows messages to be ﬁltered based on their urgency or

relevancy. Each message severity determines the set of event logging devices that are sent per each event message.

The following table lists the log severity levels:

Table 4: System Log Severity Levels

Level

Severity

Emergency

Alert

Message

0 (Highest)

The system is not functioning.

The system needs immediate attention.

The system is in a critical state.

Asystem error has occurred.

Critical

Error

Warning

Notice

Asystem warning has occurred.

The system is functioning properly, but a system notice has occurred.

Provides device information.

Informational

Provides detailed information about the log. If a Debug error occurs, contact

Customer Tech Support.

Debug

This section contains the following topics:

Deﬁning General Log Properties

Viewing Memory Logs



Viewing Flash Logs

Deﬁning System Log Servers

4.1 Deﬁning General Log Properties

The Syslog Properties Page contains fields for defining which events are recorded to which logs. It contains fields for

enabling logs globally, and parameters for deﬁning logs. Log messages are listed from the highest severity to the lowest

severity level.

To view the system log properties:

1. Click System > System Info > Syslog > Properties. The Syslog Properties Page opens:

ꢀꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 19: Syslog Properties Page

The Syslog Properties Page contains the following ﬁelds:

Enable Logging — Indicates if device global logs for

Cache, File, and Server Logs are enabled. Console

logs are enabled by default. The possible ﬁeld values

are:



– Checked — Enables device logs.

– Unchecked — Disables device logs.

Severity —



– Notice — Provides device information.

– Informational — Provides device information.

– Debug — Provides debugging messages.

Note:

When a severity level is selected, all severity level choices above the selection are selected automatically.

Console — Deﬁnes the minimum severity level from which logs are sent to the console.



RAM Logs — Deﬁnes the minimum severity level from which logs are sent to the RAM Log kept in RAM (Cache).

Log File — Deﬁnes the minimum severity level from which logs are sent to the log ﬁle kept in FLASH memory.

2. Check the Enable Logging option.

3. Check the options for each severity level.

4.2 Viewing Memory Logs

The Syslog Memory Page contains all system logs in a chronological order that are saved in RAM (Cache).

To view memory logs:

1. Click System > System Info > Syslog > Memory. The Syslog Memory Page opens:

Figure 20: Syslog Memory Page

The Syslog Memory Page contains the following ﬁelds:

Log Index — Lists the log number.

Log Time — Lists the date and time that the log was

entered.



Severity — Lists the severity of the event for which the

log was entered.



Description — Lists the event description.

2. To clear all logs, click

3. Click

.All log items are removed from the table, and the device is updated.

4.3 Viewing Flash Logs

The Syslog Flash Page contains information about log entries saved to the log ﬁle in Flash, including the time the log was

generated, the log severity, and a description of the log message. The message log is available after reboot.

ꢀꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

To view Flash memory logs:

1. Click System > System Info > Syslog > Flash. The Syslog Flash Page opens:

Figure 21: Syslog Flash Page

The Syslog Flash Page contains the following information:

Log Index — Lists the log index number.

Log Time — Lists the date and time that the log was

entered.



Severity — Lists the severity of the event for which the

log was created in Flash memory.



Description — Lists the event description.

2. To remove current Flash memory logs, click

3. Click . Logs are removed from the table.

4.4 Deﬁning System Log Servers

The Syslog Servers Page contains information for viewing and conﬁguring the remote log servers. New log servers can be

deﬁned, and the log severity sent to each server.

To deﬁne Syslog servers:

1. Click System > System Info > Syslog > Servers. The Syslog Servers Page opens:

Figure 22: Syslog Servers Page

The Syslog Servers Page list the server parameters and

contains the following ﬁelds:

Server — Specifies the server to which logs can be



sent.

UDP Port — Deﬁnes the UDP port to which the server



logs are sent. The possible range is 1 - 65535. The

default value is 514.

Port-Facility — Deﬁnes an application from which system logs are sent to the remote server. Only one facility can be

assigned to a single server. If a second facility level is assigned, the ﬁrst facility is overridden.All applications deﬁned for a

device utilize the same facility on a server. The ﬁeld default is Local 7. The possible ﬁeld values are Local 0 - Local 7.

Description — Provides a user-deﬁned server description.



Minimum Severity — Indicates the minimum severity from which logs are sent to the server. For example, if Notice is

selected, all logs with a severity level of Notice and higher are sent to the remote server.

Remove — Deletes the currently selected server from the Servers list. The possible ﬁeld values are:

– Checked — Removes the selected server from the Syslog Properties Page. Once removed, logs are no longer sent to

the removed server.



– Unchecked — Maintains the remote servers.

2. Click

. The Add Syslog Server Page opens.

ꢀꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 23:Add Syslog Server Page

3. Deﬁne the IP Address, UDP Port, Facility, Description,

and Minimum Severity ﬁelds.

4. Click

. The Log server is defined and the

device is updated.

ꢁ0

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 5. Conﬁguring Device Security

This section describes pages that contain fields for setting security parameters for ports, device management methods,

users, and server security for the TP-Link device.

This section contains the following topics:

Conﬁguring Management Security

Conﬁguring Network Security



5.1 Conﬁguring Management Security

This section provides information for conﬁguring device management security.

This section includes the following topics:

ConﬁguringAuthentication Methods

Conﬁguring Passwords



5.1.1 Conﬁguring Authentication Methods

This section provides information for conﬁguring device authentication methods.

This section includes the following topics:

DeﬁningAccess Proﬁles



Deﬁning Proﬁle Rules

DeﬁningAuthentication Proﬁles

MappingAuthentication Proﬁles

Deﬁning TACACS+ Host Settings

Deﬁning RADIUS Server Settings

5.1.1.1 Deﬁning Access Proﬁles

Access proﬁles are proﬁles and rules for accessing the device. Access to management functions can be limited to user

groups. User groups are deﬁned for interfaces according to IP addresses or IP subnets.Access proﬁles contain management

methods for accessing and managing the device. The device management methods include:

All



Telnet

Secure Telnet (SSH)

HTTP

Management access to different management methods may differ between user groups. For example, User Group 1 can

access the switch module only via an HTTPS session, while User Group 2 can access the switch module via both HTTPS

and Telnet sessions. TheAccess Proﬁle Page contains the currently conﬁgured access proﬁles and their activity status.

Assigning an access proﬁle to an interface denies access via other interfaces. If an access proﬁle is assigned to any interface,

the device can be accessed by all interfaces.

To conﬁgure access proﬁles:

1. Click System > Management Security >Authentication >Access Proﬁles. The Access Proﬁle Page opens:

ꢁꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 24:Access Proﬁle Page

The Access Proﬁle Page contains the following ﬁelds:

Access Profile Name — Defines the access profile

name. The access proﬁle name can contain up to 32

characters.



Active Proﬁle — Deﬁnes the access proﬁle currently

active.



Remove — Removes the selected access proﬁle. The possible ﬁeld values are:

– Checked — Removes the selected access proﬁle.Access Proﬁles cannot be removed whenActive.

– Unchecked — Maintains the access proﬁles.

DisableActive Proﬁle — Disables the active access proﬁle. The possible ﬁeld values are:

– Checked — Disables the active access proﬁles.



– Unchecked — Indicates the access proﬁle is currently active. This is the default value.

2. Click

. The AddAccess Proﬁle Page opens:

Figure 25:AddAccess Proﬁle Page

In addition to the ﬁelds in the Access Proﬁle Page, the Add

Access Proﬁle Page contains the following ﬁelds:

Access Proﬁle Name — Deﬁnes a new access proﬁle



name.

Rule Priority — Defines the rule priority. When the



packet is matched to a rule, user groups are either

granted permission or denied device management

access. The rule number is essential to matching

packets to rules, as packets are matched on a ﬁrst-ﬁt basis. The rule priorities are assigned in the Proﬁle Rules Page.

Management Method — Deﬁnes the management method for which the rule is deﬁned. Users with this access proﬁle

can access the device using the management method selected. The possible ﬁeld values are:

– All —Assigns all management methods to the rule.



– Telnet —Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access proﬁle

criteria are permitted or denied access to the device.

– Secure Telnet (SSH) — Assigns SSH access to the rule. If selected, users accessing the device using Telnet meeting

access proﬁle criteria are permitted or denied access to the device.

– HTTP —Assigns HTTP access to the rule. If selected, users accessing the device using HTTP meeting access proﬁle

criteria are permitted or denied access to the device.

– Secure HTTP (HTTPS) — Assigns HTTPS access to the rule. If selected, users accessing the device using HTTPS

meeting access proﬁle criteria are permitted or denied access to the device.

– SNMP — Assigns SNMP access to the rule. If selected, users accessing the device using SNMP meeting access

proﬁle criteria are permitted or denied access to the device.

Interface — Deﬁnes the interface on which the access proﬁle is deﬁned. The possible ﬁeld values are:

– Port — Speciﬁes the port on which the access proﬁle is deﬁned.



– LAG — Speciﬁes the LAG on which the access proﬁle is deﬁned.

– VLAN — Speciﬁes the VLAN on which the access proﬁle is deﬁned.

– Source IP Address — Deﬁnes the interface source IP address to which the access proﬁle applies. The Source IP

Address ﬁeld is valid for a subnetwork.

– Network Mask — Deﬁnes the network mask of the source IP address.

ꢁꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

– Preﬁx Length — Deﬁnes the number of bits that comprise the source IP address preﬁx, or the network mask of the

source IP address.

Action —Deﬁnes the action attached to the access rule. The possible ﬁeld values are:

– Permit — Permits access to the device.



– Deny — Denies access to the device. This is the default.

3. Click

. The access proﬁle is saved and the device is updated.

5.1.1.2 Deﬁning Proﬁle Rules

Access profiles can contain up to 128 rules that determine which users can manage the switch module, and by which

methods. Users can also be blocked from accessing the device. Rules are composed of ﬁlters including:

Rule Priority



Interface

Management Method

IPAddress

Preﬁx Length

ForwardingAction

To deﬁne proﬁle rules:

1. Click System > Management Security >Authentication > Proﬁle Rules. The Proﬁle Rules Page opens:

Figure 26: Proﬁle Rules Page

The Proﬁle Rules Page contains the following ﬁelds:

Access Proﬁle Name — Displays the access proﬁle to



which the rule is attached.

Priority — Deﬁnes the rule priority. When the packet is



matched to a rule, user groups are either granted per-

mission or denied device management access. The

rule number is essential to matching packets to rules, as packets are matched on a ﬁrst-ﬁt basis.

Interface — Indicates the interface type to which the rule applies. The possible ﬁeld values are:

– Port —Attaches the rule to the selected port.



– LAG —Attaches the rule to the selected LAG.

– VLAN —Attaches the rule to the selected VLAN.

Management Method — Deﬁnes the management method for which the rule is deﬁned. Users with this access proﬁle

can access the device using the management method selected. The possible ﬁeld values are:

– All —Assigns all management methods to the rule.

– Telnet —Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access proﬁle

criteria are permitted or denied access to the device.

– Secure Telnet (SSH) — Assigns SSH access to the rule. If selected, users accessing the device using Telnet meeting

access proﬁle criteria are permitted or denied access to the device.

– HTTP —Assigns HTTP access to the rule. If selected, users accessing the device using HTTP meeting access proﬁle

criteria are permitted or denied access to the device.

– Secure HTTP (HTTPS) — Assigns HTTPS access to the rule. If selected, users accessing the device using HTTPS

meeting access proﬁle criteria are permitted or denied access to the device.

– SNMP — Assigns SNMP access to the rule. If selected, users accessing the device using SNMP meeting access

proﬁle criteria are permitted or denied access to the device.

Source IPAddress — Deﬁnes the interface source IP address to which the rule applies.



ꢁꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

Preﬁx Length — Deﬁnes the number of bits that comprise the source IP address preﬁx, or the network mask of the

source IP address.



Action — Deﬁnes the action attached to the rule. The possible ﬁeld values are:

– Permit — Permits access to the device.

– Deny — Denies access to the device. This is the default.

Remove — Removes rules from the selected access proﬁles. The possible ﬁeld values are:

– Checked — Removes the selected rule from the access proﬁle.

– Unchecked — Maintains the rules attached to the access proﬁle.



2. Click

. TheAdd Proﬁle Rule Page opens:

Figure 27:Add Proﬁle Rule Page

3. Deﬁne the ﬁelds.

4. Click

. The proﬁle rule is added to the access

proﬁle, and the device is updated.

To modify a Proﬁle Rule:

1. Click Security > Management Security >

Authentication > Access Proﬁle. The Access Proﬁle

Page opens.

2. Click

. The Proﬁle Rule Settings Page opens:

Figure 28: Proﬁle Rule Settings Page

3. Modify the ﬁelds.

4. Click

. The profile rule is modified, and the

device is updated.

5.1.1.3 Deﬁning Authentication Proﬁles

Authentication profiles allow network administrators to assign authentication methods for user authentication. User

authentication can be performed either locally or on an external server. User authentication occurs in the order the methods

are selected. If the ﬁrst authentication method is not available, the next selected method is used. For example, if the selected

authentication methods are RADIUS and Local, and the RADIUS server is not available, then the user is authenticated

locally.

To deﬁneAuthentication proﬁles:

1. Click System > Management Security > Authentication > Authentication Proﬁles. The Authentication Proﬁles Page

opens:

Figure 29:Authentication Proﬁles Page

The Authentication Profiles Page provides the following

tables:

LoginAuthentication Proﬁles

EnableAuthentication Proﬁles



ꢁꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

Each of the tables contains the following ﬁelds:

Proﬁle Name — Contains a list of user-deﬁned authentication proﬁle lists to which user-deﬁned authentication proﬁles

are added.



Methods — Deﬁnes the user authentication methods. The possible ﬁeld values are:

– None —Assigns no authentication method to the authentication proﬁle.

– Local —Authenticates the user at the device level. The device checks the user name and password for authentication.

– RADIUS —Authenticates the user at the RADIUS server. For more information, see Deﬁning RADIUS Server Settings.

– Line —Authenticates the user using a line password.



– Enable —Authenticates the user using an enable password.

Remove — Removes the selected authentication proﬁle. The possible ﬁeld values are:

– Checked — Removes the selected authentication proﬁle.



– Unchecked — Maintains the authentication proﬁles.

2. Click

. The AddAuthentication Proﬁle Page opens.

Figure 30:AddAuthentication Proﬁle Page

3. Deﬁne the Proﬁle Method and enter the Proﬁle Name

ﬁelds.

4. Select theAuthentication Method using the move arrow

5. Click

. The authentication profile is defined,

and the device is updated.

To modify an authentication proﬁle:

1. Click System > Management Security > Authentication > Authentication Proﬁles. The Authentication Proﬁles Page

opens.

2. Click

. The Authentication Proﬁle Settings Page opens:

Figure 31:Authentication Proﬁle Settings Page

3. Select theAuthentication Method using the move arrow

4. Click

. The authentication method is selected,

and the device is updated.

5.1.1.4 Mapping Authentication Proﬁles

After authentication proﬁles are deﬁned, they can be applied to management access methods. For example, console users

can be authenticated by Authentication Proﬁle List 1, while Telnet users are authenticated by Authentication Method List 2.

Authentication methods are selected using arrows. The order in which the methods are selected is the order by which the

authentication methods are used.

To map authentication methods:

1. Click System > Management Security > Authentication > Authentication Mapping. The Authentication Mapping

Page opens:

ꢁꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 32:Authentication Mapping Page

The Authentication Mapping Page contains the following

ﬁelds:

Console — Indicates that authentication profiles are



used to authenticate console users.

Telnet — Indicates that authentication proﬁles are used

to authenticate Telnet users.

Secure Telnet (SSH) — Indicates that authentication

profiles are used to authenticate Secure Shell (SSH)

users. SSH provides clients secure and encrypted

remote connections to a device.

Secure HTTP — Indicates that authentication methods



are used for Secure HTTP access. Possible ﬁeld values are:

– None — Indicates that no authentication method is used for access.

– Local — Indicates that authentication occurs locally.

– RADIUS — Indicates that authentication occurs at the RADIUS server.

– Line — Indicates that authentication uses a line password.

– Enable — Indicates that authentication uses an Enable password.

– Local, RADIUS — Indicates that authentication first occurs locally. If authentication cannot be verified locally, the

RADIUS server authenticates the management method. If the RADIUS server cannot authenticate the management

method, the session is blocked.

– RADIUS, Local — Indicates that authentication ﬁrst occurs at the RADIUS server. If authentication cannot be veriﬁed

at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the session is

blocked.

– Local, RADIUS, None — Indicates that authentication ﬁrst occurs locally. If authentication cannot be veriﬁed locally, the

RADIUS server authenticates the management method. If the RADIUS server cannot authenticate the management

method, the session is permitted.

– RADIUS, Local, None — Indicates that authentication ﬁrst occurs at the RADIUS server. If authentication cannot be

veriﬁed at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the

session is permitted.

HTTP — Indicates that authentication methods are used for HTTP access. Possible ﬁeld values are:

– None — Indicates that no authentication method is used for access.

– Local — Indicates that authentication occurs locally.



– RADIUS — Indicates that authentication occurs at the RADIUS server.

– Line — Indicates that authentication uses a line password.

– Enable — Indicates that authentication uses an Enable password.

– Local, RADIUS — Indicates that authentication first occurs locally. If authentication cannot be verified locally, the

RADIUS server authenticates the management method. If the RADIUS server cannot authenticate the management

method, the session is blocked.

– RADIUS, Local — Indicates that authentication ﬁrst occurs at the RADIUS server. If authentication cannot be veriﬁed

at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the session is

blocked.

– Local, RADIUS, None — Indicates that authentication ﬁrst occurs locally. If authentication cannot be veriﬁed locally, the

RADIUS server authenticates the management method. If the RADIUS server cannot authenticate the management

method, the session is permitted.

– RADIUS, Local, None — Indicates that authentication ﬁrst occurs at the RADIUS server. If authentication cannot be

veriﬁed at the RADIUS server, the session is authenticated locally. If the session cannot be authenticated locally, the

ꢁꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

session is permitted.

2. Deﬁne the Console, Telnet, and Secure Telnet (SSH) ﬁelds.

3. Map the authentication method in the Secure HTTP selection box.

4. Map the authentication method in the HTTP selection box.

5. Click

. The authentication mapping is saved, and the device is updated.

5.1.1.5 Deﬁning TACACS+ Host Settings

Terminal Access Controller Access Control System (TACACS+) provides centralized security user access validation. The

system supports up-to 4 TACACS+ servers.

TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other

authentication processes. TACACS+ provides the following services:

Authentication — Provides authentication during login and via user names and user-deﬁned passwords.

Authorization — Performed at login. Once the authentication session is completed, an authorization session starts using

the authenticated user name.



The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between the client and TACACS+

server.

Note:

The TACACS+ default parameters are user-assigned defaults. The default settings are applied to newly deﬁned TACACS+

servers. If default values are not deﬁned, the system defaults are applied to the new TACACS+ servers.

To deﬁne TACACS+ authentication settings:

1. Click Security > Management Security >Authentication > TACACS+. The TACACS+ Page opens:

Figure 33: TACACS+ Page

The Default Parameters section contains the following

ﬁelds:

Source IP Address — Defines the default device



source IP address used for the TACACS+ session

between the device and the TACACS+ server.

Key String (1-128 Characters) — Defines the



authentication and encryption key for TACACS+

communications between the device and the TACACS+ server. This key must match the encryption used on the

TACACS+ server.

Timeout for Reply — Deﬁnes the default time that passes before the connection between the device and the TACACS+

times out. The default is 5.



The TACACS+ Page also contains the following ﬁelds:

Host IPAddress — Deﬁnes the TACACS+ Server IP address.



Priority — Deﬁnes the order in which the TACACS+ servers are used. The ﬁeld range is 0-65535. The default is 0.

Source IP Address — Deﬁnes the device source IP address used for the TACACS+ session between the device and

the TACACS+ server.

Authentication Port (0-65535) — Deﬁnes the port number via which the TACACS+ session occurs. The default port is

port 49.



ꢁꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

Timeout for Reply — Deﬁnes the amount of time in seconds that passes before the connection between the device and

the TACACS+ times out. The ﬁeld range is 1-1000 seconds.



Single Connection — Maintains a single open connection between the device and the TACACS+ server. The possible

ﬁeld values are:

– Checked — Enables a single connection.

– Unchecked — Disables a single connection.

Status — Indicates the connection status between the device and the TACACS+ server. The possible ﬁeld values are:

– Connected — Indicates there is currently a connection between the device and the TACACS+ server.

– Not Connected — Indicates there is not currently a connection between the device and the TACACS+ server.

Remove — Removes TACACS+ server. The possible ﬁeld values are:

– Checked — Removes the selected TACACS+ server.



– Unchecked — Maintains the TACACS+ servers.

2. Click

. The Add TACACS+ Host Page opens:

Figure 34:Add TACACS+ Host Page

3. Deﬁne the ﬁelds.

4. Click

. The TACACS+ server is deﬁned, and

the device is updated.

To modify the TACACS+ server settings:

1. Click Security > Management Security >Authentica-

tion > TACACS+. The TACACS+ Page opens.

2. Select TACACS+ server entry.

3. Click

. The TACACS+ Host Settings Page opens.

Figure 35: TACACS+ Host Settings Page

4. Modify the ﬁelds.

5. Click

. The TACACS+ host settings are saved,

and the device is updated.

5.1.1.6 Deﬁning RADIUS Server Settings

Remote Authorization Dial-In User Service (RADIUS) servers provide additional security for networks. RADIUS servers

provide a centralized authentication method for web access.

The default parameters are user-deﬁned, and are applied to newly deﬁned RADIUS servers. If new default parameters are

not deﬁned, the system default values are applied to newly deﬁned RADIUS servers.

To conﬁgure RADIUS servers:

1. Click System > Management Security >Authentication > Radius. The Radius Page opens:

ꢁꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 36: Radius Page

The Default Parameters section of the Radius Page

contains the following ﬁelds:

Retries — Deﬁnes the number of transmitted requests



sent to the RADIUS server before a failure occurs.

Possible ﬁeld values are 1-10. The default value is 3.

Timeout for Reply — Defines the amount of time



(in seconds) the device waits for an answer from the

RADIUS server before retrying the query, or switching to

the next server. Possible ﬁeld values are 1-30. The default value is 3.

Dead Time — Deﬁnes the default amount of time (in minutes) that a RADIUS server is bypassed for service requests.

The range is 0-2000. The default value is 0.



Key String — Defines the default key string used for authenticating and encrypting all RADIUS communications

between the device and the RADIUS server. This key must match the RADIUS encryption.

Source IPAddress — Deﬁnes the default IP address of a device accessing the RADIUS server.

The Radius Page also contains the following ﬁelds:

IPAddress — Lists the RADIUS server IP addresses.



Priority — Displays the RADIUS server priority. The possible values are 1-65535, where 1 is the highest value. The

RADIUS server priority is used to conﬁgure the server query order.

Authentication Port — Identiﬁes the authentication port. The authentication port is used to verify the RADIUS server

authentication. The authenticated port default is 1812.



Number of Retries — Deﬁnes the number of transmitted requests sent to the RADIUS server before a failure occurs.

The possible ﬁeld values are 1-10. Three is the default value.

Timeout for Reply — Deﬁnes the amount of time (in seconds) the device waits for an answer from the RADIUS server

before retrying the query, or switching to the next server. The possible ﬁeld values are 1-30. Three is the default value.

Dead Time — Deﬁnes the amount of time (in minutes) that a RADIUS server is bypassed for service requests. The

range is 0-2000. The default is 0 minutes.

Source IPAddress — Deﬁnes the source IP address that is used for communication with RADIUS servers.

Usage Type — Speciﬁes the RADIUS server authentication type. The default value isAll. The possible ﬁeld values are:

– Log in — Indicates the RADIUS server is used for authenticating user name and passwords.

– 802.1X — Indicates the RADIUS server is used for 802.1X authentication.



– All — Indicates the RADIUS server is used for authenticating user names and passwords, and 802.1X port

authentication.

Remove — Removes a RADIUS server. The possible ﬁeld values are:



– Checked — Removes the selected RADIUS server.

– Unchecked — Maintains the RADIUS servers. This is the default value.

2. Click

. The Add Radius Server Page opens:

Figure 37:Add Radius Server Page

3. Deﬁne the ﬁelds.

4. Click

. The RADIUS server is added, and the

device is updated.

To modify RADIUS server settings:

ꢁꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

1. Click

. The RADIUS Server Settings Page opens:

Figure 38: RADIUS Server Settings Page

2. Modify the ﬁelds.

3. Click

. The RADIUS server settings are saved,

and the device is updated.

5.1.2 Conﬁguring Passwords

This section contains information for deﬁning device passwords, and includes the following topics.

Deﬁning Local Users



Deﬁning Line Passwords

Deﬁning Enable Passwords

5.1.2.1 Deﬁning Local Users

Network administrators can deﬁne users, passwords, and access levels for users using the Local Users Page.

To deﬁne local users:

1. Click System > Management Security > Passwords > Local Users. The Local Users Page opens:

Figure 39: Local Users Page

The Local Users Page contains the following ﬁelds:

User Name — Displays the user name.



Access Level — Displays the user access level. The

lowest user access level is 1 and the highest is 15.

Users with access level 15 are Privileged Users.

Reactivate User — Changes the user status to active.

Remove — Removes the user from the User Name list. The possible ﬁeld values are:

– Checked — Removes the selected local user.



– Unchecked — Maintains the local users.

2. Click

. The Add Local User Page opens:

Figure 40:Add Local User Page

In addition to the ﬁelds in the Local Users Page, the Add

Local User Page contains the following ﬁelds:

Password — Deﬁnes the local user password. Local

user passwords can contain up to 159 characters.

Conﬁrm Password — Veriﬁes the password.



3. Deﬁne the ﬁelds.

4. Click . The Local User password is saved, and the device is updated.

ꢂ0

Download from Www.Somanuals.com. All Manuals Search And Download.

5.1.2.2 Deﬁning Line Passwords

Network administrators can define line passwords in the Line Password Page. After the line password is defined, a

management method is assigned to the password. The device can be accessed using the following methods:

Console Passwords

Telnet Passwords



Secure Telnet Passwords

To conﬁgure line passwords:

1. Click System > Management Security > Passwords > Line Password. The Line Password Page opens:

Figure 41: Line Password Page

The Line Password Page contains the following ﬁelds:

Console Line Password — Deﬁnes the line password



for accessing the device via a Console session. Pass-

words can contain a maximum of 159 characters.

Telnet Line Password — Deﬁnes the line password



for accessing the device via a Telnet session. Pass-

words can contain a maximum of 159 characters.

Secure Telnet Line Password — Defines the line password for accessing the device via a secure Telnet session.

Passwords can contain a maximum of 159 characters.



Conﬁrm Password — Conﬁrms the new line password. The password appears in the ***** format.

2. Deﬁne the Console Line Password, Telnet Line Password, and Secure Telnet Line Password ﬁelds.

3. Redeﬁne the Conﬁrm Password ﬁeld for each of the passwords deﬁned in the previous steps to verify the passwords.

4. Click

. Line password is conﬁgured and device is updated.

5.1.2.3 Deﬁning Enable Passwords

The Enable Password Page sets a local password for a particular access level.

To enable passwords:

1. Click System > Management Security > Passwords > Enable Password. The Enable Password Page opens:

Figure 42: Enable Password Page

The Enable Password Page contains the following ﬁelds:

Enable Access Level — Defines the access level

associated with the enable password. Possible field

val-ues are 1-15.



Password — Deﬁnes the enable password.

Confirm Password — Confirms the new enable

password. The password appears in the ***** format.



2. Conﬁgure the ﬁelds and click

.The password is enabled and the device is updated.

5.2 Conﬁguring Network Security

Network security manages both access control lists and locked ports. This section contains the following topics:

ꢂꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

Network Security Overview



Deﬁning NetworkAuthentication Properties

Conﬁguring Trafﬁc Control

5.2.1 Network Security Overview

This section provides an overview of network security and contains the following topics:

Port-BasedAuthentication



Advanced Port-BasedAuthentication

5.2.1.1 Port-Based Authentication

Port-based authentication authenticates users on a per-port basis via an external server. Only authenticated and approved

system users can transmit and receive data. Ports are authenticated via the RADIUS server using the Extensible

Authentication Protocol (EAP). Port-based authentication includes:

Authenticators — Speciﬁes the device port which is authenticated before permitting system access.

Supplicants — Speciﬁes the host connected to the authenticated port requesting to access the system ser-vices.

Authentication Server — Specifies the server that performs the authentication on behalf of the authenticator, and

indicates whether the supplicant is authorized to access system services.



Port-based authentication creates two access states:

ControlledAccess — Permits communication between the supplicant and the system, if the supplicant is authorized.



UncontrolledAccess — Permits uncontrolled communication regardless of the port state.

The device currently supports port-based authentication via RADIUS servers.

5.2.1.2 Advanced Port-Based Authentication

Advanced port-based authentication enables multiple hosts to be attached to a single port. Advanced port-based

authentication requires only one host to be authorized for all hosts to have system access. If the port is unautho-rized, all

attached hosts are denied access to the network.

Advanced port-based authentication also enables user-based authentication. Specific VLANs in the device are always

available, even if specific ports attached to the VLAN are unauthorized. For example, Voice over IP does not require

authentication, while data traffic requires authentication. VLANs for which authorization is not required can be defined.

Unauthenticated VLANs are available to users, even if the ports attached to the VLAN are deﬁned as authorized.

Advanced port-based authentication is implemented in the following modes:

Single Host Mode —Allows port access only to the authorized host.



Multiple Host Mode — Multiple hosts can be attached to a single port. Only one host must be authorized for all hosts

to access the network. If the host authentication fails, or an EAPOL-logoff message is received, all attached clients are

denied access to the network.

Guest VLANs — Provides limited network access to authorized ports. If a port is denied network access via port-

based authorization, but the Guest VLAN is enabled, the port receives limited network access. For example, a network

administrator can use Guest VLANs to deny network access via port-based authentication, but grant Internet access to

unauthorized users.



Unauthenticated VLANS —Are available to users, even if the ports attached to the VLAN are deﬁned as unauthorized.

5.2.2 Deﬁning Network Authentication Properties

The Network Security Authentication Properties Page allows network managers to configure network authentication

ꢂꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

parameters. In addition, Guest VLANs are enabled from the Network SecurityAuthentication Properties Page.

To deﬁne the network authentication properties:

1. Click System > Network Security > Authentication > Properties. The Network Security Authentication Properties

Page opens:

Figure 43: Network Security Authentication Properties

Page

The Network Security Authentication Properties Page

contains the following ﬁelds:

Port-Based Authentication State — Indicates if Port



Authentication is enabled on the device. The possible

ﬁeld values are:

– Enable — Enables port-based authentication on the device.

– Disable — Disables port-based authentication on the device.

Authentication Method — Speciﬁes the authentication method used for port authentication. The possible ﬁeld values

are:



– None — Indicates that no authentication method is used to authenticate the port.

– RADIUS — Provides port authentication using the RADIUS server.

– RADIUS, None — Provides port authentication, ﬁrst using the RADIUS server. If the port is not authenticated, then no

authentication method is used, and the session is permitted.

Guest VLAN — Speciﬁes whether the Guest VLAN is enabled on the device. The possible ﬁeld values are:

– Enable — Enables using a Guest VLAN for unauthorized ports. If a Guest VLAN is enabled, the unauthorized port

automatically joins the VLAN selected in the VLAN List ﬁeld.



– Disable — Disables port-based authentication on the device. This is the default.

Guest VLAN ID — Contains a list of VLANs. The Guest VLAN is selected from the VLAN list.

2. Enable the Port-Based Authentication, and deﬁne the Authentication Method, enable Guest VLAN, and select the Guest

VLAN ID.

3. Click

. The network security authentication properties are saved, and the device is updated.

5.2.2.1 Deﬁning Port Authentication Properties

The PortAuthentication Page allows network managers to conﬁgure port-based authentication global parameters.

To deﬁne the port-based authentication global properties:

1. Click System > Network Security >Authentication > PortAuthentication. The PortAuthentication Page opens:

Figure 44: PortAuthentication Page

The PortAuthentication Page contains the following ﬁelds:

Copy from Entry Number — Copies port authentica-

tion information from the selected port.



to Entry Number(s) — Copies port authentication

information to the selected port.

Port — Displays a list of interfaces on which port-based

authentication is enabled.

User Name — Displays the supplicant user name.

ꢂꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

Current Port Control — Displays the current port authorization state. The possible ﬁeld values are:

– Auto — Enables port-based authentication on the device. The interface moves between an authorized or unauthorized

state based on the authentication exchange between the device and the client.



– Authorized — Indicates the interface is in an authorized state without being authenticated. The interface re-sends and

receives normal trafﬁc without client port-based authentication.

– Unauthorized — Denies the selected interface system access by moving the interface into unauthorized state. The

device cannot provide authentication services to the client through the interface.

Enable Periodic Reauthentication — Permits immediate port reauthentication. The possible ﬁeld values are:

– Enable — Enables immediate port reauthentication. This is the default value.



– Disable — Disables port reauthentication.

Reauthentication Period — Displays the time span (in seconds) in which the selected port is reauthenticated. The ﬁeld

default is 3600 seconds.

Authenticator State — Displays the current authenticator state.



Quiet Period — Displays the number of seconds that the device remains in the quiet state following a failed

authentication exchange. The possible ﬁeld range is 0-65535. The ﬁeld default is 60 seconds.

Resending EAP — Defines the amount of time (in seconds) that lapses before EAP requests are resent. The field

default is 30 seconds.



Max EAP Requests — Displays the total amount of EAP requests sent. If a response is not received after the deﬁned

period, the authentication process is restarted. The ﬁeld default is 2 retries.

Supplicant Timeout — Displays the amount of time (in seconds) that lapses before EAP requests are resent to the

supplicant. The ﬁeld default is 30 seconds.

Server Timeout — Displays the amount of time (in seconds) that lapses before the device re-sends a request to the

authentication server. The ﬁeld default is 30 seconds.

Termination Cause — Indicates the reason for which the port authentication was terminated.

2. Click

. The PortAuthentication Settings Page opens:

Figure 45: PortAuthentication Settings Page

3. Deﬁne the ﬁelds.

4. Check "Reauthenticate Now" to immediately

reauthenticate the selected port when submitting.

5. Click

. The port authentication settings are

saved, and the device is updated.

5.2.2.2 Conﬁguring Multiple Hosts

The Multiple Hosts Page allows network managers to

configure advanced port-based authentication settings

for specific ports and VLANs. For more information on

advanced port-based authentication, see Advanced Port-

BasedAuthentication.

To deﬁne the network authentication global properties:

1. Click System > Network Security >Authentication > Multiple Hosts. The Multiple Hosts Page opens:

ꢂꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 46: Multiple Hosts Page

The Multiple Hosts Page contains the following ﬁelds:

Port — Displays the port number for which advanced



port-based authentication is enabled.

Multiple Hosts — Indicates whether multiple hosts



are enabled. Multiple hosts must be enabled in order

to either disable the ingress-filter, or to use port-lock

security on the selected port. The possible ﬁeld values

are:

– Multiple — Multiple hosts are enabled.

– Disable — Multiple hosts are disabled.

Action on Violation — Deﬁnes the action to be applied to packets arriving in single-host mode, from a host whose MAC

address is not the supplicant MAC address. The possible ﬁeld values are:

– Forward — Forwards the packet.



– Discard — Discards the packets. This is the default value.

– Shutdown — Discards the packets and shuts down the port. The port remains shut down until reactivated, or until the

device is reset.

Traps — Indicates if traps are enabled for Multiple Hosts. The possible ﬁeld values are:

– True — Indicates that traps are enabled for Multiple hosts.

– False — Indicates that traps are disabled for Multiple hosts.

Trap Frequency — Deﬁnes the time period by which traps are sent to the host. The Trap Frequency (1-1000000) ﬁeld

can be deﬁned only if multiple hosts are disabled. The default is 10 seconds.

Status — Indicates the host status. If there is an asterisk (*), the port is either not linked or is down. The possible ﬁeld

values are:



– Unauthorized — Indicates that either the port control is Force Unauthorized and the port link is down, or the port

control isAuto but a client has not been authenticated via the port.

– Not inAuto Mode — Indicates that the port control is ForcedAuthorized, and clients have full port access.

– Single-host Lock — Indicates that the port control isAuto and a single client has been authenticated via the port.

– No Single Host — Indicates that Multiple Host is enabled.

Number of Violations — Indicates the number of packets that arrived on the interface in single-host mode, from a host

whose MAC address is not the supplicant MAC address.



2. Click

. The Multiple Host Settings Page opens:

Figure 47: Multiple Host Settings Page

3. Deﬁne the ﬁelds.

4. Click

. The multiple host settings are saved,

and the device is updated.

5.2.2.3 Deﬁning Authentication Hosts

The Authenticated Hosts Page contains a list of

authenticated users.

To deﬁne authenticated users:

1. Click System > Network Security >Authentication >Authenticated Hosts. The Authenticated Hosts Page opens:

ꢂꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 48:Authenticated Hosts Page

The Authenticated Hosts Page contains the following ﬁelds:

User Name — Lists the supplicants that were

authenticated, and are permitted on each port.



Port — Displays the port number.



Session Time — Displays the amount of time (in

seconds) the supplicant was logged on the port.

Authentication Method — Displays the method by

which the last session was authenticated. The possible

ﬁeld values are:



– Remote — 802.1x authentication is not used on this port (port is forced-authorized).

– None — The supplicant was not authenticated.

– RADIUS — The supplicant was authenticated by a RADIUS server.

MACAddress — Displays the supplicant MAC address.



5.2.3 Conﬁguring Trafﬁc Control

This section contains information for managing both port security and storm control, and includes the following topics:

Managing Port Security

Enabling Storm Control



5.2.3.1 Managing Port Security

Network security can be increased by limiting access on a speciﬁc port only to users with speciﬁc MAC addresses. The MAC

addresses can be dynamically learned or statically conﬁgured. Locked port security monitors both received and learned

packets that are received on speciﬁc ports. Access to the locked port is limited to users with speciﬁc MAC addresses. These

addresses are either manually deﬁned on the port, or learned on that port up to the point when it is locked. When a packet

is received on a locked port, and the packet TP-Link source MAC address is not tied to that port (either it was learned on a

different port, or it is unknown to the system), the protection mechanism is invoked, and can provide various options.

Unauthorized packets arriving at a locked port are either:

Forwarded



Discarded with no trap

Discarded with a trap

Shuts down the port

Locked port security also enables storing a list of MAC addresses in the conﬁguration ﬁle. The MAC address list can be

restored after the device has been reset.

Disabled ports are activated from the Port Security Page.

To view port security parameters:

1. Click System > Network Security > Trafﬁc Control > Port Security. The Port Security Page opens:

ꢂꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 49: Port Security Page

The Port Security Page contains the following ﬁelds:

Interface — Displays the Port or LAG name.



Interface Status — Indicates the host status. The

possible ﬁeld values are:

– Unauthorized — Indicates that the port control

is Force Unauthorized, the port link is down or

the port control is Auto, but a client has not been

authenticated via the port.

– Not in Auto Mode — Indicates that the port control is

ForcedAuthorized, and clients have full port access.

– Single-host Lock — Indicates that the port control isAuto and a single client has been authenticated via the port.

Learning Mode — Deﬁnes the locked port type. The Learning Mode ﬁeld is enabled only if Locked is selected in the Set

Port ﬁeld.The possible ﬁeld values are:



– Classic Lock — Locks the port using the classic lock mechanism. The port is immediately locked, regardless of the

number of addresses that have already been learned.

– Limited Dynamic Lock — Locks the port by deleting the current dynamic MAC addresses associated with the port.

The port learns up to the maximum addresses allowed on the port. Both relearning and aging MAC addresses are

enabled.

Max Entries — Speciﬁes the number of MAC address that can be learned on the port. The Max Entries ﬁeld is enabled

only if Locked is selected in the Set Port ﬁeld. In addition, the Limited Dynamic Lock mode is selected. The default is 1.

Action — Indicates the action to be applied to packets arriving on a locked port. The possible ﬁeld values are:

– Forward — Forwards packets from an unknown source without learning the MAC address.

– Discard — Discards packets from any unlearned source. This is the default value.

– Shutdown — Discards packets from any unlearned source and shuts down the port. The port remains shut down until

reactivated, or until the device is reset.



Trap — Enables traps when a packet is received on a locked port. The possible ﬁeld values are:

– Checked — Enables traps.



– Unchecked — Disables traps.

Trap Frequency (Sec.) — The amount of time (in seconds) between traps. The default value is 10 seconds To modify

port security:

1. Click

. The Port Security Settings Page opens:

Figure 50: Port Security Settings Page

2. Modify port security settings ﬁelds.

3. Click

. The port security settings are saved,

and the device is updated.

5.2.3.2 Enabling Storm Control

Storm control limits the amount of Multicast and Broadcast

frames accepted and forwarded by the device. When

Layer 2 frames are forwarded, Broadcast, and Multicast

frames are ﬂooded to all ports on the relevant VLAN. This

occupies bandwidth, and loads all nodes on all ports.

ꢂꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network

by a single port. Forwarded message responses are heaped onto the network, straining network resources or causing the

network to time out. Storm control is enabled for all Gigabit ports by deﬁning the packet type and the rate the packets are

transmitted. The system measures the incoming Broadcast and Multicast frame rates separately on each port, and discards

the frames when the rate exceeds a user-deﬁned rate. The Storm Control Page provides ﬁelds for conﬁguring broadcast

storm control.

To enable storm control for a port:

1. Click System > Network Security > Trafﬁc Control > Storm Control. The Storm Control Page opens:

Figure 51: Storm Control Page

The Storm Control Page contains the following ﬁelds:

Port — Indicates the type of storm control which is



enabled on the selected port. The possible ﬁeld values

are:

– U, cast B, cast M — tbd

– B, cast M, cast — tbd

– B, cast — tbd

Enable Broadcast Control — Indicates if forwarding



Broadcast packet types on the interface.

Broadcast Mode — Speciﬁes the Broadcast mode currently enabled on the device. The possible ﬁeld values are:

– Unknown Unicast, Multicast & Broadcast — Counts Unicast, Multicast, and Broadcast trafﬁc.

– Multicast & Broadcast — Counts both Broadcast and Multicast trafﬁc together.

– SOHO Broadcast — Counts only the Broadcast trafﬁc.

Broadcast Rate Threshold — Indicates the maximum rate (kilobytes per second) at which unknown packets are

forwarded. The range is 0-1,000,000. The default value is zero. All values are rounded to the nearest 64 Kbps. If the ﬁeld

value is under 64 Kbps, the value is rounded up to 64 Kbps, with the exception of the value zero.



2. Click

next to the port to conﬁgure. The Storm Control Settings Page opens:

Figure 52: Storm Control Settings Page

3. Select the Port Storm Control Settings.

4. Click Enable Broadcast Control, and define the Rate

Threshold.

5. Click

. Storm control is enabled on the device

for the selected port.

ꢂꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 6. Deﬁning IPAddresses

This section provides information for deﬁning IP addresses on the device using DHCP and ARP. In addition, this section

contains parameters for deﬁning device default gateways, and Domain Name Servers.

This section contains the following topics:

Deﬁning IPAddressing



Deﬁning Domain Name System

6.1 Deﬁning IP Addressing

This section provides information for assigning interface and default gateway IP addresses, and deﬁning ARP and DHCP

parameters for the interfaces.

This section contains the following topics:

Deﬁning IPAddresses

Deﬁning the Default Gateway

Deﬁning DHCPAddresses

DeﬁningARP



6.1.1 Deﬁning IP Addresses

The IP Interface Page contains ﬁelds for assigning IP addresses. Packets are forwarded to the default IP when frames are

sent to a remote network. The conﬁgured IP address must belong to the same IP address subnet of one of the IP interfaces.

1. Click System > System Info > IP Conﬁguration > IPAddressing. The IPInterface Page opens:

Figure 53: IP Interface Page

The IPInterface Page contains the following ﬁelds:

IP Address — Displays the currently configured IP

address.



Mask — Displays the currently conﬁgured IP address

mask.

Interface — Displays the interface used to manage the

device.

Dynamic — Indicates that the IP address is

dynamically created.

Static — Indicates the IP address is a static IP address.

Remove — Removes the selected IP address from the interface. The possible ﬁeld values are:

– Checked — Removes the IP address from the interface.

– Unchecked — Maintains the IP address assigned to the Interface.



2. Click

. The Add IPInterface Page opens:

ꢂꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 54:Add IP Interface Page

3. Define the IP Address, Network Mask, Prefix Length

and Interface (Port, LAG or VLAN).

4. Click

. The new interface is added and the

device is updated.

To modify IP interface settings:

1. Click System > System Info > IP Conﬁguration > IPAddressing. The IPInterface Page opens.

2. Click

. The IPInterface Settings Page opens:

Figure 55: IP Interface Settings Page

3. Modify the IPAddress and Interface ﬁelds.

4. Click

. The interface is modified and the

device is updated.

6.1.2 Deﬁning the Default Gateway

Packets are forwarded to the default IP when frames are sent to a remote network via the default gateway. The conﬁgured IP

address must belong to the same subnet of one of the IP interfaces.

To deﬁne a default gateway for the system:

1. Click System > System Info > IP Conﬁguration > IP Addressing > Default Gateway. The Default Gateway Page

opens:

Figure 56: Default Gateway Page

The Default Gateway Page contains the following ﬁelds:

User Deﬁned Default Gateway — Indicates the name

of the current default gateway.



Active Default Gateway — Indicates if the current

default gateway is deﬁned as active.

Remove — Removes the deﬁned default gateway.

2. Enter the name of the User Deﬁned Default Gateway.

3. Click . The gateway is saved and the device is updated.

6.1.3 Deﬁning DHCP Addresses

The Dynamic Host Conﬁguration Protocol (DHCP) assigns dynamic IP addresses to devices on a network. DHCP ensures

that network devices can have a different IP address every time the device connects to the network.

To deﬁne DHCP addressing:

1. Click System > System Info > IP Conﬁguration > IPAddressing > DHCP. The DHCPPage opens:

ꢃ0

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 57: DHCP Page

The DHCPPage contains the following ﬁelds:

Interface — Displays the IP address of the interface

which is connected to the DHCP server.



Host Name — Displays the system name.

Remove — Removes DHCP interfaces. The possible

ﬁeld values are:



– Checked — Removes the selected DHCP interface.

– Unchecked — Maintains the DHCP interfaces.

2. Click

. The Add IPInterface Page page opens:

Figure 58:Add IP Interface Page

3. Select the Interface (Port, LAG or VLAN).

4. Enter the Host Name.

5. Click

. The new interface is added to DHCP,

and the device is updated.

To remove the DHCP deﬁnition:

Click the Remove checkbox. The current DHCP deﬁnition is removed and system information is updated.



6.1.4 Deﬁning ARP

The Address Resolution Protocol (ARP) converts IP addresses into physical addresses, and maps the IP address to a MAC

address.ARP allows a host to communicate with other hosts only when the IP address of its neighbors is known.

To deﬁneARP:

1. Click System > System Info > IP Conﬁguration > IPAddressing >ARP. The ARPPage opens:

Figure 59:ARP Page

The ARPPage contains the following ﬁelds:

ARP Entry Age Out — Speciﬁes the amount of time

(in seconds) that passes between ARP Table entry.

requests. Following theARP EntryAge period, the entry

is deleted from the table. The range is 1 - 40000000.

The default value is 60000 seconds.



Clear ARP Table Entries — Specifies the types of

ARP entries that are cleared. The possible values are:

– None — Maintains theARP entries.



– All — Clears allARP entries.

– Dynamic — Clears only dynamicARP entries.

– Static — Clears only staticARP entries.

Interface — Displays the interface type forARP parameters. The possible ﬁeld values are:

– Port — Indicates the port for whichARP parameters are deﬁned.

– LAG — Indicates the LAG for whichARP parameters are deﬁned.

– VLAN — Indicates the VLAN for whichARP parameters are deﬁned.



ꢃꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

IPAddress - Indicates the station IP address, which is associated with the MAC address ﬁlled in below.

MACAddress - Displays the station MAC address, which is associated in theARP table with the IP address.

Status - Displays theARP table entry type. Possible ﬁeld values are:

– Dynamic — Indicates theARP entry is learned dynamically.



– Static — Indicates theARP entry is a static entry.

Remove — Removes a speciﬁcARP entry. The possible ﬁeld values are:

– Checked — Removes the selectedARP entries.



– Unchecked - Maintains the currentARP entries.

2. Deﬁne the ARPEntryAge Out parameter.

3. Deﬁne the ClearARPTable Entries parameter.

4. Click

. The AddARPEntry Page opens:

Figure 60:AddARP Entry Page

5. Select the Interface (Port, LAG or VLAN).

6. Deﬁne the IPAddress and the MACAddress.

7. Click

. The new entry is added to ARP, and

the device is updated.

6.2 Deﬁning Domain Name System

Domain Name System (DNS) converts user-defined domain names into IP addresses. Each time a domain name is

assigned, the DNS service translates the name into a numeric IP address. For example, www.ipexample.com is translated

into 192.87.56.2. DNS servers maintain databases of domain names and their corresponding IP addresses.

This section contains the following topics:

Deﬁning DNS Servers



Conﬁguring Host Mapping

6.2.1 Deﬁning DNS Servers

The DNS Server Page contains ﬁelds for enabling and activating speciﬁc DNS servers.

To enable DNS and deﬁne the DNS server:

1. Click System > System Info > IP Conﬁguration > Domain Name System. The DNS Server Page opens:

Figure 61: DNS Server Page

The DNS Server Page contains the following ﬁelds:

Enable DNS — Enables translating the DNS names

into IP addresses. The possible ﬁeld values are:

– Checked — Translates the domains into IP

addresses.



– Unchecked — Disables translating domains into IP

addresses.

Default Domain Name — Speciﬁes the user-deﬁned

DNS server name.



Type — Displays the IP address type. The possible

ꢃꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

ﬁeld values are:

– Dynamic — The IP address is dynamically created.

– Static — The IP address is a static IP address.

Remove — Removes DNS servers. The possible ﬁeld values are:

– Checked — Removes the selected DNS server



– Unchecked — Maintains the current DNS server list.

DNS Server — Displays the DNS server IP address. DNS servers are added in theAdd DNS Server Page.

Active Server — Speciﬁes the DNS server that is currently active. The possible ﬁeld values are:

– Selected —Activates the selected DNS server after the device is reset.

– Unselected — Deactivates the selected DNS server after the device is reset. This is the default value.



2. Click the Enable DNS checkbox.

3. Deﬁne the Default Domain Name.

4. Click

. The Add DNS Server Page opens:

Figure 62:Add DNS Server Page

5. Enter the DNS Server name and click Set DNS Server

Active.

6. Click

. The new server is added, and device

information is updated.

6.2.2 Conﬁguring Host Mapping

The DNS Host Mapping Page provides information for deﬁning DNS Host Mapping.

To deﬁne DNS host mapping:

1. Click System > System Info > IP Conﬁguration > Domain Name System > Host Mapping. The Host Mapping Page

opens:

Figure 63: Host Mapping Page

The Host Mapping Page contains the following ﬁelds:

Host Names — Displays a user-defined default

domain name. When deﬁned, the default domain name

is applied to all unqualified host names. The Host

Name ﬁeld can contain up to 158 characters.



IPAddress — Displays the DNS host IP address.

Remove — Removes default domain names. The

possible ﬁeld values are:



– Checked — Removes the selected DNS host.

– Unchecked — Maintains the current DNS host mapping list.

2. Click

. The Add DNS Host Page opens:

ꢃꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 64:Add DNS Host Page

3. Enter the Host Name and IPAddress.

4. Click

. The new DNS host is added to the

hosts list in the Host Mapping Page.

ꢃꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 7. Conﬁguring Interfaces

This section contains the following topics:

Conﬁguring Ports

Conﬁguring LAGs

Conﬁguring VLANs



7.1 Conﬁguring Ports

The Interface Conﬁguration Page contains ﬁelds for deﬁning port parameters.

To deﬁne port parameters:

1. Click System > Bridging Conﬁg > Interface > Interface Conﬁguration. The Interface Conﬁguration Page opens:

Figure 65: Interface Conﬁguration Page

The Interface Configuration Page is divided into the

following sections:

Interface Conﬁguration Ports Table



Interface Conﬁguration LAG Ports Table

The Interface Configuration Ports Table contains the

following ﬁelds:

Interface — Displays the port number.



Port Status — Indicates whether the port is currently

operational or non-operational. The possible ﬁeld values are:

– Up — Indicates the port is currently operating.

– Down — Indicates the port is currently not operating.

Port Speed — Displays the configured rate for the port. The port type determines what speed setting options are

available. Port speeds can only be conﬁgured when auto negotiation is disabled. The possible ﬁeld values are:

– 10 — Indicates the port is currently operating at 10 Mbps.



– 100 — Indicates the port is currently operating at 100 Mbps.

– 1000 — Indicates the port is currently operating at 1000 Mbps.

Duplex Mode — Displays the port duplex mode. This ﬁeld is conﬁgurable only when auto negotiation is disabled,

and the port speed is set to 10M or 100M. This ﬁeld cannot be conﬁgured on LAGs. The possible ﬁeld

values are:

– Full — The interface supports transmission between the device and its link partner in both directions simultaneously.

– Half — The interface supports transmission between the device and the client in only one direction at a time.

Auto Negotiation — Displays the auto negotiation status on the port. Auto negotiation is a protocol between two link

partners that enables a port to advertise its transmission rate, duplex mode, and ﬂow control abilities to its partner.

Advertisement — Deﬁnes the auto negotiation setting the port advertises. The possible ﬁeld values are:

– Max Capability — Indicates that all port speeds and duplex mode settings are accepted.

– 10 Half — Indicates that the port advertises for a 10 Mbps speed port and half duplex mode setting.

– 10 Full — Indicates that the port advertises for a 10 Mbps speed port and full duplex mode setting.

– 100 Half — Indicates that the port advertises for a 100 Mbps speed port and half duplex mode setting.

– 100 Full — Indicates that the port advertises for a 100 Mbps speed port and full duplex mode setting.

– 1000 Full — Indicates that the port advertises for a 1000 Mbps speed port and full duplex mode setting.



ꢃꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

– 1000 Half — Indicates that the port advertises for a 1000 Mbps speed port and half duplex mode setting.

Back Pressure — Displays the back pressure mode on the port. Back pressure mode is used with half duplex mode to

disable ports from receiving messages.



Flow Control — Displays the ﬂow control status on the port. Operates when the port is in full duplex mode.

MDI/MDIX — Displays the MDI/MDIX status on the port. Hubs and switches are deliberately wired opposite the way

end stations are wired, so that when a hub or switch is connected to an end station, a straight through Ethernet cable

can be used, and the pairs are matched up properly. When two hubs or switches are connected to each other, or two

end stations are connected to each other, a crossover cable is used to ensure that the correct pairs are connected. The

possible ﬁeld values are:



– Auto — Use to automatically detect the cable type.

– MDI (Media Dependent Interface) — Use for end stations.

– MDIX (Media Dependent Interface with Crossover) — Use for hubs and switches.

LAG — Indicates whether the port is part of a LinkAggregation Group (LAG).



The Interface Conﬁguration LAG table contains the following ﬁelds:

LAG — Indicates whether the port is part of a LinkAggregation Group (LAG).

LAG Type — Indicates the type of LAG deﬁned by the ﬁrst port assigned to the LAG. For example, 100-Copper, or

100-Fiber.



LAG Status — Indicates whether the LAG is up or down.



LAG Speed — Displays the conﬁgured aggregated rate for the LAG. The possible ﬁeld values are:

– 10 — Indicates the port is currently operating at 10 Mbps.

– 100 — Indicates the port is currently operating at 100 Mbps.

– 1000 — Indicates the port is currently operating at 1000 Mbps.

Auto Negotiation — Displays the auto negotiation status of the LAG. Auto negotiation is a protocol between two link

partners that enables a port to advertise its transmission rate, duplex mode, and ﬂow control abilities to its partner.

Back Pressure — Displays the back pressure mode on the LAG. Back pressure mode is used with half duplex mode to

disable ports in the LAG from receiving messages.



Flow Control — Displays the ﬂow control status of the LAG.

2. Click

next to the item to modify. The Port or LAG Interface Conﬁguration Settings Page opens:

Figure 66: Interface Conﬁguration Settings Page

In addition to the ﬁelds in the Interface Conﬁguration Page,

the Port or LAG Interface Configuration Settings Page

contains the following additional ﬁeld:

Reactivate Suspended Port - Reactivates a suspended

port. The possible ﬁeld values are:

– Checked — Reactivates or unlocks the suspended

port.



– Unchecked — Maintains the port's locked/

suspended state.

3. Modify the Admin Speed, Admin Duplex, and Admin

Advertisement ﬁelds.

4. Click

. The parameters are saved, and the

device is updated.

ꢃꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

7.2 Conﬁguring LAGs

Link Aggregation optimizes port usage by linking a group of ports together to form a single LAG. Aggregating ports multiplies

the bandwidth between the devices, increases port ﬂexibility, and provides link redundancy.

The TP-Link device supports both static LAGs and Link Aggregation Control Protocol (LACP) LAGs. LACP LAGs negotiate

aggregating port links with other LACP ports located on a different device. If the other device ports are also LACP ports, the

devices establish a LAG between them.

When conﬁguring LAGs, ensure the following:

All ports within a LAG must be the same media type.



AVLAN is not conﬁgured on the port.

The port is not assigned to a different LAG.

Auto-negotiation mode is not conﬁgured on the port.

The port is in full-duplex mode.

All ports in the LAG have the same ingress ﬁltering and tagged modes.

All ports in the LAG have the same back pressure and ﬂow control modes.

All ports in the LAG have the same priority.

All ports in the LAG have the same transceiver type.

The device supports up to eight LAGs, and eight ports in each LAG.

Ports can be conﬁgured as LACP ports only if the ports are not part of a previously conﬁgured LAG.

Ports added to a LAG lose their individual port conﬁguration. When ports are removed from the LAG, the original port

conﬁguration is applied to the ports.

This section contains the following topics:

Deﬁning LAG Members

Conﬁguring LACP



7.2.1 Deﬁning LAG Members

To deﬁne LAG members:

1. Click System > Bridging Conﬁg > Interface > LAG Membership. The LAG Membership Page opens:

Figure 67: LAG Membership Page

The LAG Membership Page contains the following ﬁelds:

LAG Port — Displays the LAG number.

Name — Displays the user-deﬁned port name.

Link State — Displays the link operational status.

Members— Displays the ports conﬁgured to the LAG.

Membership groups are indicated as bold when active

and as grayed when passive.



Remove — Removes the LAG. The possible field

values:



– Checked — Removes the selected LAG.

– Unchecked— Maintains the LAGs.

To modify LAG Membership:

1. Click . The LAG Membership Settings Page opens.

ꢃꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 68: LAG Membership Settings Page

The LAG Membership Settings Page contains the following

ﬁelds:

LAG — Contains a user-deﬁned drop-down LAG list.

Lag Name — Displays the user-deﬁned LAG name.

LACP — Indicates if LACP is deﬁned on the LAG. The

possible ﬁeld values are:



– Enable — Enables LACP on the LAG.

– Disable — Disables LACP on the LAG. This is the

default value.

Port List — Displays a list of ports. Ports in the Port List

can be added to the LAG.



LAG Members — Displays the list of the ports included

in the LAG.

2. Deﬁne the LAG ﬁelds for the LAG port.

3. Click ports in the Port List and add the ports to the LAG Members list, using

4. Click

. The interface LAG membership properties are modiﬁed, and the device is updated.

7.2.2 Conﬁguring LACP

LAG ports can contain different media types if the ports are operating at the same speed. Aggregated links can be set

up manually or automatically established by enabling LACP on the relevant links. Aggregate ports can be linked into link-

aggregation port-groups. Each group is comprised of ports with the same speed. The LACP Parameters Page contains ﬁelds

for conﬁguring LACP LAGs.

To view and conﬁgure LACP:

1. Click System > Bridging Conﬁg > Interface > LACP Parameters. The LACPParameters Page opens:

Figure 69: LACP Parameters Page

The LACPParameters Page contains the following ﬁelds:

LACP System Priority — Specifies system priority

value. The ﬁeld range is 1-65535. The ﬁeld default is 1.

Port — Displays the port number to which timeout and

priority values are assigned.



Port Priority — Displays the LACP priority value for the

port. The ﬁeld range is 1-65535.

LACP Timeout — Displays the administrative LACP

timeout.

2. Deﬁne the LACPSystem Priority and click

. The system priority for LACP is saved and the device is updated.

To modify LACP parameters:

1. Click System > Bridging Conﬁg > Interface > LACP Parameters. The LACPParameters Page opens.

2. Click . The LACPParameters Settings Page opens:

ꢃꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 70: LACP Parameters Settings Page

3. Deﬁne the Port Priority and LACPTimeout settings.

4. Click

. The LACP settings are saved and the

device is updated.

7.3 Conﬁguring VLANs

VLANs are logical subgroups with a Local Area Network (LAN) which combine user stations and network devices into a

single unit, regardless of the physical LAN segment to which they are attached. VLANs allow network trafﬁc to ﬂow more

efﬁciently within subgroups. VLANs use software to reduce the amount of time it takes for network changes, additions, and

moves to be implemented.

VLANs have no minimum number of ports, and can be created per unit, per device, or through any other logical connection

combination, since they are software-based and not deﬁned by physical attributes.

VLANs function at Layer 2. Since VLANs isolate traffic within the VLAN, a Layer 3 router working at a protocol level is

required to allow trafﬁc ﬂow between VLANs. Layer 3 routers identify segments and coordinate with VLANs. VLANs are

Broadcast and Multicast domains. Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is

generated.

VLAN tagging provides a method of transferring VLAN information between VLAN groups. VLAN tagging attaches a 4-byte

tag to packet headers. The VLAN tag indicates to which VLAN the packets belong. VLAN tags are attached to the VLAN by

either the end station or the network device. VLAN tags also contain VLAN network priority information.

Combining VLANs and GARP (Generic Attribute Registration Protocol) allows network managers to deﬁne network nodes

into Broadcast domains.

This section contains the following topics:

Adding VLAN



Deﬁning VLAN Properties

Deﬁning VLAN Membership

Deﬁning VLAN Interface Settings

Conﬁguring GARP

Deﬁning GVRP

7.3.1 Deﬁning VLAN Properties

The VLAN Member Properties Page provides information and global parameters for conﬁguring and working with VLANs.

To add a new VLAN:

1. Click System > Bridging Conﬁg > VLAN > Membership. The VLAN Member Properties Page opens:

ꢃꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 71: VLAN Member Properties Page

The VLAN Member Properties Page contains the following

ﬁelds:

Select VLAN ID — Displays the properties of the

selected VLAN in the VLANs table below.



Show All — Displays the properties of all defined

VLANS in the VLANs table below.



VLAN ID — Displays the VLAN ID.



Name — Displays the user-deﬁned VLAN name.

Type— Displays the VLAN type. The possible field

values are:

– Dynamic — Indicates the VLAN was dynamically created through GARP.

– Static — Indicates the VLAN is user-deﬁned.

– Default — Indicates the VLAN is the default VLAN.

Unauthenticaed VLAN — Indicates whether unauthorized users can access a Guest VLAN. The possible ﬁeld values

are:



– Enabled — Enables unauthorized users to use the Guest VLAN.

– Disabled — Disables unauthorized users from using the Guest VLAN.

Remove — Removes VLANs. The possible ﬁeld values are:

– Checked — Removes the selected VLAN.

– Unchecked — Maintains the current VLANs.

To add a new VLAN:

1. Click

. The Add VLAN Page opens:

Figure 72:Add VLAN Page

2. Deﬁne the VLAN ID and VLAN Name.

3. Click

. The new VLAN is saved and the

device is updated.

To deﬁne VLAN properties:

1. Click

. The Edit VLAN Page opens.

Figure 73: Edit VLAN Page

2. Modify the VLAN Name and Disable Authentication

ﬁelds.

3. Click

. The VLAN properties are saved.

4. In the VLAN Member Properties Page, Click

The VLAN information is saved and the device is

updated.

7.3.2 Deﬁning VLAN Membership

The VLAN Member Membership Page contains a table that maps VLAN parameters to ports. Ports are assigned VLAN

membership by toggling through the Port Control settings.

ꢄ0

Download from Www.Somanuals.com. All Manuals Search And Download.

To deﬁne VLAN membership:

1. Click System > Bridging Config > VLAN >Membership > Membership. The VLAN Member Membership Page

opens:

Figure 74: VLAN Member Membership Page

The VLAN Member Membership Page contains the

following ﬁelds:

VLAN ID — Displays the user-deﬁned VLAN ID.



VLAN Name — Displays the name of the VLAN

VLAN Type — Indicates the VLAN type. The possible

ﬁeld values are:

– Dynamic — Indicates the VLAN was dynamically

created through GARP.

– Static — Indicates the VLAN is user-deﬁned.

– Default — Indicates the VLAN is the default VLAN.

Port — Indicates the port membership.



LAG — Indicates the LAG membership.

U — Indicates the interface is an untagged VLAN member. Packets forwarded by the interface are untagged.

T — Indicates the interface is a tagged member of a VLAN.All packets forwarded by the interface are tagged.

The packets contain VLAN information.

I — Includes the port in the VLAN.



E — Excludes the interface from the VLAN. However, the interface can be added to the VLAN through GARP.

R — Denies the interface VLAN membership, even if GARP indicates the port is to be added.

7.3.3 Deﬁning VLAN Interface Settings

The VLAN Interface Settings Page contains ﬁelds for managing ports that are part of a VLAN. The Port Default VLAN ID (PVID)

is conﬁgured on the VLAN Interface Settings Page.All untagged packets arriving at the device are tagged with the port PVID.

To deﬁne VLAN interfaces:

1. Click System > Bridging Conﬁg > VLAN > Membership > Interface Settings. The VLAN Interface Settings Page

opens.

Figure 75: VLAN Interface Settings Page

The VLAN Interface Settings Page contains the following

ﬁelds:

Interface — Displays the port number included in the

VLAN.



Interface VLAN Mode — Displays the port mode. The

possible values are:



– General — Indicates the port belongs to VLANs, and

each VLAN is user-deﬁned as tagged or untagged

(full IEEE802.1q mode).

– Access — Indicates a port belongs to a single

untagged VLAN. When a port is inAccess mode, the

packet types which are accepted on the port cannot

be designated. Ingress ﬁltering cannot be enabled or

ꢄꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

disabled on an access port.

– Trunk — Indicates the port belongs to VLANs in which all ports are tagged, except for one port that can be untagged.

– PVE - Promiscuous — Indicates the port is part of a PV Promiscuous VLAN.

– PVE - Isolated — Indicates the port is part of a PV Isolated VLAN.

– PVE - Community — Indicates the port is part of a PV Community VLAN.

Dynamic —Assigns a port to a VLAN based on the host source MAC address connected to the port.

PVID — Assigns a VLAN ID to untagged packets. The possible values are 1-4094. VLAN 4095 is defined as per

standard and industry practice as the Discard VLAN. Packets classiﬁed to the Discard VLAN are dropped.

Frame Type — Speciﬁes the packet type accepted on the port. The possible ﬁeld values are:

– Admit Tag Only — Only tagged packets are accepted on the port.



– AdmitAll — Both tagged and untagged packets are accepted on the port.

Ingress Filtering — Indicates whether ingress ﬁltering is enabled on the port. The possible ﬁeld values are:

– Enable — Enables ingress ﬁltering on the device. Ingress ﬁltering discards packets that are deﬁned to VLANs of which

the speciﬁc port is not a member.

– Disable — Disables ingress ﬁltering on the device.

Reserve VLAN — Indicates that the VLAN selected by the user is reserved, if not in use by the system.



To modify VLAN interface or LAG settings:

1. Click

. The VLAN / LAG Interface Settings Page opens.

Figure 76: VLAN / LAG Interface Settings Page

2. Modify the Port VLAN Mode, Dynamic, Frame Type,

Ingress FIltering, and Reserve VLAN ﬁelds.

3. Click

. The VLAN or LAG interface is

conﬁgured and device information is updated.

7.3.4 Conﬁguring GARP

This section contains information for conﬁguring Generic Attribute Registration Protocol (GARP). This section includes the

following topics:

Deﬁning GARP

Deﬁning GVRP



7.3.4.1 Deﬁning GARP

Generic Attribute Registration Protocol (GARP) protocol is a general-purpose protocol that registers any network connectivity

or membership-style information. GARP deﬁnes a set of devices interested in a given network attribute, such as VLAN or

multicast address.

When conﬁguring GARP, ensure the following:

The leave time must be greater than or equal to three times the join time.



The leave-all time must be greater than the leave time.

Set the same GARP timer values on all Layer 2-connected devices. If the GARP timers are set differently on the Layer

2-connected devices, the GARP application does not operate successfully.

To deﬁne GARP:

ꢄꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

1. Click System > Bridging Conﬁg > VLAN > GARP. The GARPParameters Page opens:

Figure 77: GARP Parameters Page

The GARPParameters Page contains the following ﬁelds:

Copy from Entry Number — Indicates the row

number from which GARP parameters are copied.



To Entry Number — Indicates the row number to

which GARP parameters are copied.

Interface — Displays the port or LAG on which GARP

is enabled.

Join Timer— Indicates the amount of time, in

centiseconds, that PDUs are transmitted. The default

value is 20 centiseconds.

Leave Timer— Indicates the amount of time lapse,

in centiseconds, that the device waits before leaving

its GARP state. Leave time is activated by a Leave All

Time message sent/received, and cancelled by the Join

message received. Leave time must be greater than or

equal to three times the join time. The default value is 60 centiseconds.

Leave All Timer — Indicates the amount of time lapse, in centiseconds, that all device waits before leaving the GARP

state. The leave all time must be greater than the leave time. The default value is 1000 centiseconds.



2. In the Copy From Entry Number ﬁeld, enter the interface #; in the To Row Number(s) ﬁeld, enter the row number of the

required interface.

3. Click

. The GARP parameters are modiﬁed, and the device is updated.

To modify GARP settings:

1. Click

next to the item to modify. The GARPParameters Settings Page opens:

Figure 78: GARP Parameters Settings Page

2. Modify the Timer parameters.

3. Click

. The GARP parameters are modified,

and the device is updated.

7.3.5 Deﬁning GVRP

GARP VLAN Registration Protocol (GVRP) is specifically provided for automatic distribution of VLAN membership

information among VLAN-aware bridges. GVRP allows VLAN-aware bridges to automatically learn VLANs to bridge ports

mapping, without having to individually conﬁgure each bridge and register VLAN membership.

To deﬁne GVRP on the device:

1. Click System > Bridging Conﬁg > VLAN > GARP > GVRP. The GVRPParameters Page opens:

ꢄꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 79: GVRP Parameters Page

The GVRP Parameters Page is divided into port and LAG

parameters. The ﬁeld deﬁnitions are the same.

The GVRPParameters Page contains the following ﬁelds:

GVRP Global — Indicates if GVRP is enabled on the

device. The possible ﬁeld values are:



– Enable — Enables GVRP on the selected device.

– Disable — Disables GVRP on the selected device.

Interface — Displays the port on which GVRP is

enabled. The possible ﬁeld values are:



– Port — Indicates the port number on which GVRP is

enabled.

– LAG — Indicates the LAG number on which GVRP

is enabled.

GVRP State — Indicates if GVRP is enabled on the

port. The possible ﬁeld values are:



– Enable — Enables GVRP on the selected port.

– Disable — Disables GVRP on the selected port.

Dynamic VLAN Creation — Indicates if Dynamic VLAN creation is enabled on the interface. The possible ﬁeld values

are:

– Enable — Enables Dynamic VLAN creation on the interface.

– Disable — Disables Dynamic VLAN creation on the interface.

GVRP Registration — Indicates if VLAN registration through GVRP is enabled on the device. The possible ﬁeld values

are:

– Enable — Enables GVRP registration on the device.

– Disable — Disables GVRP registration on the device.

2. Select the GVRPGlobal status and click

To modify global GVRP or LAG parameters:

1. Click next to GVRP or LAG global interface settings item. The GVRPParameters Settings Page opens:

. The global GVRP parameters are saved.

Figure 80: GVRP Parameters Settings Page

2. Enable or disable GVRP State, Dynamic VLAN

Creation and GVRPRegistration.

3. Click

. The global GVRP or LAG parameters

are modiﬁed, and the device is updated.

ꢄꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 8. Deﬁning the Forwarding Database

Packets addressed to destinations stored in either the Static or Dynamic databases are immediately forwarded to the

port. The Dynamic MAC Address Table can be sorted by interface, VLAN, or MAC Address, whereas MAC addresses are

dynamically learned as packets from sources that arrive at the device. Static addresses are conﬁgured manually.

An address becomes associated with a port by learning the port from the frame’s source address, but if a frame that is

addressed to a destination MAC address is not associated with a port, that frame is ﬂooded to all relevant VLAN ports. To

prevent the bridging table from overﬂowing, a dynamic MAC address, from which no trafﬁc arrives for a set period, is erased.

This section contains information for defining both static and dynamic forwarding addresses, and includes the following

topics:

Conﬁguring StaticAddresses



Conﬁguring Dynamic ForwardingAddresses

8.1 Conﬁguring Static Addresses

The Forwarding Database Static Addresses Page contains parameters for deﬁning the age interval on the device. To prevent

static MAC addresses from being deleted when the device is reset, ensure that the port attached to the MAC address is

locked. To prevent static MAC addresses from being deleted when the device is reset, ensure that the port attached to the

MAC address is locked.

To deﬁne Static addressing for the forwarding database:

1. Click System > Bridging Config > Forwarding Database > Static Addresses. The Forwarding Database Static

Addresses Page opens:

Figure 81: Forwarding Database StaticAddresses Page

The Forwarding Database Static Addresses Page contains

the following ﬁelds:

VLAN ID — Displays the VLAN ID number to which

the entry refers.



MAC Address — Displays the MAC address to which

the entry refers.

Interface — Displays the interface to which the entry

refers:

– Port — The specific port number to which the

forwarding database parameters refer.

– LAG — The speciﬁc LAG number to which the forwarding database parameters refer.

Status — Displays how the entry was created. The possible ﬁeld values are:

– Secure — The MACAddress is deﬁned for locked ports.

– Permanent — The MAC address is permanent.

– Delete on Reset — The MAC address is deleted when the device is reset.

– Delete on Timeout — The MAC address is deleted when a timeout occurs.

Remove — Removes the entry. The possible ﬁeld values are:

– Checked — Removes the selected entry.



– Unchecked — Maintains the current static forwarding database.

ꢄꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

2. Click

opens:

. The Add Forwarding Database Page

Figure 82:Add Forwarding Database Page

3. Deﬁne the Interface, MAC Address, VLAN ID or VLAN

Name, and Status ﬁelds.

4. Click

. The forwarding database information is

modiﬁed, and the device is updated.

8.2 Conﬁguring Dynamic Forwarding Addresses

The Dynamic Addresses Page contains parameters for querying information in the Dynamic MAC Address Table, including

the interface type, MAC addresses, VLAN, and table storing. The Dynamic MAC Address Table contains information about

the aging time before a dynamic MAC address is erased, and includes parameters for querying and viewing the Dynamic

MACAddress table. The Dynamic MACAddress table contains address parameters by which packets are directly forwarded

to the ports. The DynamicAddress Table can be sorted by interface, VLAN, and MACAddress.

To deﬁne the dynamic forwarding addresses:

1. Click System > Bridging Config > Forwarding Database > Dynamic Addresses. The Dynamic Addresses Page

opens:

Figure 83: DynamicAddresses Page

The DynamicAddresses Page contains the following ﬁelds:

Address Aging (Sec.) — Specifies the amount of

time in seconds that the MAC address remains in the

Dynamic MAC Address table before being timed out, if

no trafﬁc from the source is detected. The default value

is 300 seconds.



Clear Table — Clears the CurrentAddress Table.



The Query by: section contains the following ﬁelds:

Interface — Speciﬁes the interface (Port or LAG) for

which the table is queried.



MAC Address — Specifies the MAC address for

which the table is queried.

VLAN ID — Speciﬁes the VLAN ID for which the table

is queried.

Address Table Sort Key —Speciﬁes the means by which the Dynamic MACAddress Table is sorted. The address table

can be sorted by address, VLAN, or interface.

The Current Address Table section displays the parameters of the dynamic addresses deﬁned: VLAN ID, MAC (Address)

and Interface.

2. To browse the addresses, click

To query the Dynamic MACAddress Table:

ꢄꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

1. Click System > Bridging Config > Forwarding Database > Dynamic Addresses. The Dynamic Addresses Page

opens.

2. Select the Interface, the MACAddress, and the VLAN ID.

3. Select an Address Table Sort Key.

4. Click

. The Dynamic MACAddress Table is queried, and the results are displayed in the CurrentAddress Table.

ꢄꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 9. Conﬁguring the Spanning Tree Protocol

The Spanning Tree Protocol (STP) provides tree topography for any arrangement of bridges. STP also provides a single

path between end stations on a network, eliminating loops. Loops occur when alternate routes exist between hosts. Loops

in an extended network can cause bridges to forward trafﬁc indeﬁnitely, resulting in increased trafﬁc and reducing network

efﬁciency.

The TP-Link device supports the following STP versions:

Classic STP — Provides a single path between end stations, avoiding and eliminating loops.

For more information on conﬁguring Classic STP, see Conﬁguring the Classic STP.

Rapid STP — Detects and uses network topologies that provide faster convergence of the spanning tree, without

creating forwarding loops.



For more information on conﬁguring Rapid STP, see Conﬁguring the Rapid STP.

Multiple STP — Provides various load balancing scenarios. For example, if port A is blocked in one STP instance, the

same port can be placed in the Forwarding State in another STP instance.



For more information on conﬁguring Multiple STP, see Conﬁguring the Multiple STP.

This section contains the following topics:

Conﬁguring the Classic STP

Conﬁguring the Rapid STP

Conﬁguring the Multiple STP



9.1 Conﬁguring the Classic STP

This section describes the following topics:

Deﬁning STP Properties



Deﬁning STP Interface Settings

9.1.1 Deﬁning STP Properties

The STPProperties Page contains parameters for enabling STP on the device.

To deﬁne STP properties:

1. Click System > Bridging Info > Spanning Tree > STP

> Properties. The STPProperties Page opens:

Figure 84: STP Properties Page

The STPProperties Page contains the following ﬁelds:

Spanning Tree State — Indicates whether STP is

enabled on the device. The possible ﬁeld values are:

– Enable — Enables STP on the device.



– Disable — Disables STP on the device.

STP Operation Mode — Speciﬁes the STP mode that

is enabled on the device. The possible ﬁeld values are:

– Classic STP — Enables Classic STP on the device.

This is the default value.



ꢄꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

– Rapid STP — Enables Rapid STP on the device.

– Multiple STP — Enables Multiple STP on the device.

BPDU Handling — Determines how BPDU packets are managed when STP is disabled on the port or device. BPDUs

are used to transmit spanning tree information. The possible ﬁeld values are:

– Filtering — Filters BPDU packets when spanning tree is disabled on an interface. This is the default value.

– Flooding — Floods BPDU packets when spanning tree is disabled on an interface.

Path Cost Default Values — Speciﬁes the method used to assign default path cost to STP ports.

The possible ﬁeld values are:



– Short — Speciﬁes 1 through 65,535 range for port path cost. This is the default value.

– Long — Speciﬁes 1 through 200,000,000 range for port path cost. The default path cost assigned to an interface varies

according to the selected method (Hello Time, MaxAge, or Forward Delay).

The Bridge Settings section contains the following ﬁelds:

Priority (0-65535) — Speciﬁes the bridge priority value. When switches or bridges are running STP, each is assigned a

priority. After exchanging BPDUs, the device with the lowest priority value becomes the Root Bridge. The default value is

32768. The port priority value is provided in increments of 4096.



Hello Time (1-10) — Speciﬁes the device Hello Time. The Hello Time indicates the amount of time in seconds a Root

Bridge waits between conﬁguration messages. The default is 2 seconds.



Max Age (6-40) — Speciﬁes the device Maximum Age Time. The Maximum Age Time is the amount of time in seconds

a bridge waits before sending conﬁguration messages. The default MaximumAge Time is 20 seconds.

Forward Delay (4-30) — Speciﬁes the device Forward Delay Time. The Forward Delay Time is the amount of time in

seconds a bridge remains in a listening and learning state before forwarding packets. The default is 15 seconds.

The Designated Port section contains the following ﬁelds:

Bridge ID — Identiﬁes the Bridge priority and MAC address.



Root Bridge ID — Identiﬁes the Root Bridge priority and MAC address.

Root Port — Indicates the port number that offers the lowest cost path from this bridge to the Root Bridge. This ﬁeld is

signiﬁcant when the bridge is not the Root Bridge. The default is zero.

Root Path Cost — The cost of the path from this bridge to the Root Bridge.



Topology Changes Counts — Speciﬁes the total amount of STP state changes that have occurred.

Last Topology Change — Indicates the amount of time that has elapsed since the bridge was initialized or reset, and

the last topographic change that occurred. The time is displayed in a day-hour-minute-second format, such as 2 days 5

hours 10 minutes and 4 seconds.

2. Complete the Spanning Tree State and Bridge Settings ﬁelds.

3. Click

. The new STP deﬁnition is added and device information is updated.

9.1.2 Deﬁning STP Interface Settings

Network administrators can assign STP settings to speciﬁc interfaces using the STP Interface Settings Page. The Global

LAGs section displays the STP information for LinkAggregated Groups.

To assign STP settings to an interface:

1. Click System > Bridging Info > Spanning Tree > STP > Interface Settings. The STPInterface Settings Page opens:

ꢄꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 85: STP Interface Settings Page

The STP Interface Settings Page contains the following

ﬁelds:

Interface — The interface for which the information is



displayed.

STP Status — Indicates if STP is enabled on the port.



The possible ﬁeld values are:

– Enabled — Enables the STP on the port.

– Disabled — Disables the STP on the port.

Fast Link — Indicates if Fast Link is enabled on the



port. If Fast Link mode is enabled for a port, the Port

State is automatically placed in the Forwarding state when the port link is up. Fast Link optimizes the STP protocol

convergence. STP convergence can take 30-60 seconds in large networks.

Root Guard — Prevents devices outside the network core from being assigned the spanning tree root.

Port State — Displays the current STP state of a port. If enabled, the port state determines what forwarding action is

taken on trafﬁc. Possible port states are:



– Disabled — Indicates that STP is currently disabled on the port. The port forwards traffic while learning MAC

addresses.

– Blocking — Indicates that the port is currently blocked and cannot forward trafﬁc or learn MAC addresses. Blocking is

displayed when Classic STP is enabled.

Speed — Indicates the speed at which the port is operating.



Path Cost — Indicates the port contribution to the root path cost. The path cost is adjusted to a higher or lower value,

and is used to forward trafﬁc when a path is re-routed.

Priority — Indicates the priority value of the port. The priority value inﬂuences the port choice when a bridge has two

ports connected in a loop. The priority value is between 0 -240. The priority value is determined in increments of 16.

Designated Bridge ID — Indicates the bridge priority and the MACAddress of the designated bridge.

Designated Port ID — Indicates the selected port priority and interface.

Designated Cost — Indicates the cost of the port participating in the STP topology. Ports with a lower cost are less likely

to be blocked if STP detects loops.



Forward Transitions — Indicates the number of times the port has changed from Forwarding state to Blocking state.

LAG — Indicates the LAG to which the port belongs.



To modify the STP settings:

1. Click

. The STPInterface Settings Page opens.

Figure 86: STP Interface Settings Page

2. Click the STP enable checkbox.

3. Deﬁne the ﬁelds.

4. Click

. The settings for the selected interface

are modiﬁed, and device information is updated.

ꢅ0

Download from Www.Somanuals.com. All Manuals Search And Download.

9.2 Conﬁguring the Rapid STP

While Classic STP prevents Layer 2 forwarding loops in a general network topology, convergence can take between 30-60

seconds. This time may delay detecting possible loops and propagating status topology changes. Rapid Spanning Tree

Protocol (RSTP) detects and uses network topologies that allow a faster STP convergence without creating forwarding

loops. The Global System LAG information displays the same ﬁeld information as the ports, but represent the LAG RSTP

information.

To view and deﬁne RSTP:

1. Click System > Bridging Info > Spanning Tree > RSTP. The RSTPPage opens:

Figure 87: RSTP Page

The RSTPPage contains the following ﬁelds:

Interface — Displays the port or LAG on which Rapid



STP is enabled.

Role — Displays the port role assigned by the STP



algorithm to provide to STP paths.

The possible ﬁeld values are:

– Root — Provides the lowest cost path to forward

packets to the root switch.

– Designated — Indicates the port or LAG through

which the designated switch is attached to the LAN.

– Alternate — Provides an alternate path to the root

switch from the root interface.

– Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur

only when two ports are connected in a loop by a point-to-point link, or when a LAN has two or more connections

connected to a shared segment.

– Disabled — Indicates that the port is not participating in the Spanning Tree.

Mode — Displays the current STP mode. The STP mode is selected in the STPProperties Page.

The possible ﬁeld values are:



– STP— Indicates that Classic STP is enabled on the device.

– Rapid STP — Indicates that Rapid STP is enabled on the device.

– Multiple STP — Indicates that Multiple STP is enabled on the device.

Fast Link Operational Status — Indicates whether Fast Link is enabled or disabled for the port or LAG. If Fast Link is

enabled for a port, the port is automatically placed in the forwarding state.

Point-to-Point Admin Status — Indicates whether a point-to-point link is established, or if the device is permitted to

establish a point-to-point link. The possible ﬁeld values are:



– Enable — The device is permitted to establish a point-to-point link, or is conﬁgured to automatically establish a point-to-

point link. To establish communications over a point-to-point link, the originating PPP ﬁrst sends Link Control Protocol

(LCP) packets to conﬁgure and test the data link. After a link is established and optional facilities are negotiated as

needed by the LCP, the originating PPP sends Network Control Protocol (NCP) packets to select and conﬁgure one

or more network layer protocols. When each of the chosen network layer protocols has been conﬁgured, packets from

each network layer protocol can be sent over the link. The link remains conﬁgured for communications until explicit

LCP or NCP packets close the link, or until some external event occurs. This is the actual switch port link type. It may

differ from the administrative state.

– Disable — Disables point-to-point link.

– Auto — Enables a point-to-point link automatically.

ꢅꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

Point-to-Point Operational Status — Displays the point-to-point operating state.



LAG — Displays the LAG to which the interface is attached.

2. Click

. The RSTPSettings Page opens:

Figure 88: RSTP Settings Page

The RSTP Settings Page contains the following fields in

addition to the settings listed in the RSTPPage:

Activate Protocol Migration — Indicates whether

sending Link Control Protocol (LCP) packets to

conﬁgure and test the data link is enabled. The possible

ﬁeld values are:



– Checked — Enables the Protocol Migration.

– Unchecked — Disables the Protocol Migration.

3. In the RSTP Settings Page, modify the following fields as required: Point-to-Point Admin Status, Point-to-Point

Operational Status.

4. Check the "Activate Protocol Migration Test" check box to activate Protocol Migration.

5. Click

6. Click

in the RSTPPage. The RSTP parameters are saved, and the device is updated.

9.3 Conﬁguring the Multiple STP

Multiple Spanning Tree Protocol (MSTP) provides differing load balancing scenarios. For example, while port A is blocked in

one STP instance, the same port can be placed in the Forwarding state in another STP instance.

This section contains the following topics:

Deﬁning MSTP Properties



Conﬁguring MSTP Instances

Conﬁguring MSTP VLAN Instances

Conﬁguring MSTP Interface Settings

9.3.1 Deﬁning MSTP Properties

The MSTP Properties Page contains information for deﬁning global MSTP settings, including region names, MSTP revisions,

and maximum hops.

To deﬁne MSTP:

1. Click System > Bridging Conﬁg > Spanning Tree > MSTP > Properties. The MSTPProperties Page opens:

ꢅꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 89: MSTP Properties Page

The MSTPProperties Page contains the following ﬁelds:

Region Name — Indicates the name of the user-



deﬁned STP region.

Revision — Indicates that an unsigned 16-bit number



that identifies the revision of the current MSTP

conﬁguration. The revision number is required as part

of the MSTP conﬁguration.

The possible range is 0-65535.

Max Hops — Speciﬁes the total number of hops that occur in a speciﬁc region before the BPDU is discarded. Once the

BPDU is discarded, the port information is aged out. The possible ﬁeld range is 1-40. The default value is 20 hops.

IST Master — Identiﬁes the Spanning Tree Master instance. The IST Master is the speciﬁed instance root.



2. Deﬁne the Region Name, Revision and Max Hops ﬁelds.

3. Click . The device information is updated.

9.3.2 Conﬁguring MSTP Instances

MSTP maps VLANs into STP instances. Packets assigned to various VLANs are transmitted along different paths within

Multiple Spanning Tree Regions (MST Regions). Regions are one or more Multiple Spanning Tree bridges by which frames

can be transmitted. In conﬁguring MSTP, the MST region to which the device belongs is deﬁned. A conﬁguration consists of

the name, revision, and region to which the device belongs.

Network administrators can deﬁne the MSTP instance settings using the MSTPInstance Settings Page.

To deﬁne instance settings for MSTP:

1. Click System > Bridging Conﬁg > Spanning Tree > MSTP > Instance Settings. The MSTP Instance Settings Page

opens:

Figure 90: MSTP Instance Settings Page

The MSTP Instance Settings Page page contains the

following ﬁelds:

Instance ID — Speciﬁes the VLAN group to which the

interface is assigned.



Included VLAN — Maps the selected VLANs to

the selected instance. Each VLAN belongs to one

instance.



Bridge Priority — Specifies the selected spanning

tree instance device priority. The ﬁeld range is 0-61440

Designated Root Bridge ID — Indicates the ID of the

bridge with the lowest path cost to the instance ID.

Root Port — Indicates the selected instance’s root port.

Root Path Cost — Indicates the selected instance’s path cost.

Bridge ID — Indicates the bridge ID of the selected instance.

Remaining Hops — Indicates the number of hops remaining to the next destination.



2. Deﬁne the ﬁelds.

ꢅꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

3. Click

. The MSTP settings are saved and the device is updated.

9.3.3 Conﬁguring MSTP VLAN Instances

NetworkAdministrator can assign MSTP for VLAN instances.

To deﬁne MSTP for VLAN instances:

1. Click System > Bridging Info > Spanning Tree > MSTP > Instance Settings > VLAN Instance Conﬁguration. The

MSTPVLAN Instance Conﬁguration Page opens:

Figure 91: MSTP VLAN Instance Conﬁguration Page

The MSTP VLAN Instance Configuration Page page

contains the following ﬁelds:

VLAN ID — Maps the selected VLANs to the selected

instance. Each VLAN belongs to one instance.

Instance ID — Speciﬁes the VLAN group to which the

interface is assigned.



VLAN — Maps the selected VLANs to the selected

instance. Each VLAN belongs to one instance.

Instance ID — Lists the configured instances for the

selected VLAN.

To add a new VLAN instance:

1. Select the VLAN ID and enter the Instance ID.

2. Click

. The device information is updated.

9.3.4 Conﬁguring MSTP Interface Settings

NetworkAdministrators can assign MSTP interface settings using the MSTPInterface Settings Page.

To deﬁne interface for MSTP:

1. Click System > Bridging Config > Spanning Tree > MSTP > Interface Settings > Interface Table. The MSTP

Interface Settings Page opens:

Figure 92: MSTP Interface Table Page

The MSTP Interface Settings Page contains the following

ﬁelds:

Instance — Lists the MSTP instances conﬁgured on

the device. The possible range is 0-15.



Interface — Displays the interface for which the MSTP

settings are displayed. The possible ﬁeld values are:

– Port — Specifies the port for which the MSTP

settings are displayed.



– LAG — Specifies the LAG for which the MSTP

settings are displayed.

Role — Indicates the port role assigned by the STP

algorithm to provide to STP paths.



ꢅꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

The possible ﬁeld values are:

– Root — Provides the lowest cost path to forward packets to the root device.

– Designated — Indicates the port or LAG through which the designated device is attached to the LAN.

– Alternate — Provides an alternate path to the root device from the root interface.

– Backup — Provides a backup path to the designated port path toward the Spanning Tree leaves. Backup ports occur

only when two ports are connected in a loop by a point-to-point link or when a LAN has two or more connections

connected to a shared segment.

– Disabled — Indicates the port is not participating in the Spanning Tree.

Mode — Indicates the STP mode by which STP is enabled on the device. The possible ﬁeld values are:

– Classic STP — Classic STP is enabled on the device. This is the default value.

– Rapid STP — Rapid STP is enabled on the device.



– Multiple STP — Multiple STP is enabled on the device.

Type — Indicates whether the port is a Boundary or Master port. The possible ﬁeld values are:

– Boundary Port — Indicates that the port is a Boundary port. A Boundary port attaches MST bridges to LANs in an

outlying region. If the port is a Boundary port, this ﬁeld also indicates whether the device on the other side of the link is

working in RSTP or STP mode

– Master Port — Indicates the port is a master port. A Master port provides connectivity from a MSTP region to the

outlying CIST root.

Interface Priority — Deﬁnes the Interface priority for the speciﬁed instance. The default value is 128.

Path Cost — Indicates the port contribution to the Spanning Tree instance. The range should always be 1-200,000,000.

Port State — Indicates whether the port is enabled for the speciﬁc instance. The possible ﬁeld values are:

– Enabled — Enables the port for the speciﬁc instance.



– Disabled — Disables the port for the speciﬁc instance.

Designated Cost — Indicates that the default path cost is assigned according to the method selected on the Spanning

Tree Global Settings page.



Designated Bridge ID — Displays the ID of the bridge that connects the link or shared LAN to the root.

Designated Port ID — Displays the ID of the port on the designated bridge that connects the link or the shared LAN to

the root.



Remain Hops — Indicates the hops remaining to the next destination.



2. Select the Instance.

3. Modify the Port Priority and Path Cost.

4. Click

. The device information is updated.

To add new interface settings for MSTP:

Figure 93: MSTP Interface Settings Page

1. Deﬁne the instance properties ﬁelds.

2. Click

list in the MSTP Interface Settings Page. The device

information is updated.

. The interface settings are added to the

ꢅꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 10. Conﬁguring Multicast Forwarding

Multicast forwarding enables transmitting packets from either a speciﬁc multicast group to a source, or from a nonspeciﬁc

source to a multicast group.

This section contains the following topics:

Enabling IGMP Snooping



Deﬁning Multicast Bridging Groups

Deﬁning Multicast ForwardAll Parameters

10.1 Conﬁguring Multicast Forwarding

When IGMP Snooping is enabled globally, all IGMP packets are forwarded to the CPU. The CPU analyzes the incoming

packets and determines:

Which ports want to join which Multicast groups.



Which ports have Multicast routers generating IGMP queries.

Which routing protocols are forwarding packets and Multicast trafﬁc.

Ports requesting to join a specific Multicast group issue an IGMP report, specifying that Multicast group is accepting

members. This results in the creation of the Multicast ﬁltering database.

To enable IGMP Snooping:

1. Click System > Bridging Conﬁg > Multicast Support > IGMP Snooping. The IGMPSnooping Page opens:

Figure 94: IGMP Snooping Page

The IGMPSnooping Page contains the following ﬁelds:

Enable IGMP Snooping Status — Indicates if IGMP

Snooping is enabled on the device. IGMP Snooping

can be enabled only if Bridge Multicast Filtering is

enabled. The possible ﬁeld values are:



– Checked — Enables IGMP Snooping on the device.

– Unchecked — Disables IGMP Snooping on the

device.

VLAN ID — Speciﬁes the VLAN ID.



IGMP Snooping Status — Indicates if IGMP Snooping is enabled on the VLAN.

The possible ﬁeld values are:

– Enable — Enables IGMP Snooping on the VLAN.

– Disable — Disables IGMP Snooping on the VLAN.

Auto Learn — Indicates ifAuto Learn is enabled on the device. IfAuto Learn is enabled, the devices automatically learns

where other Multicast groups are located. Enables or disables Auto Learn on the Ethernet device.The possible field

values are:



– Enable — Enables auto learn

– Disable — Disables auto learn

Host Timeout — Indicates the amount of time host waits to receive a message before timing out. The default time is 260

seconds.



MRouter Timeout — Indicates the amount of the time the Multicast router waits to receive a message before it times out.

ꢅꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

The default value is 300 seconds.

Leave Timeout — Indicates the amount of time the host waits, after requesting to leave the IGMP group and not

receiving a Join message from another station, before timing out. If a Leave Timeout occurs, the switch notifies the

Multicast device to stop sending trafﬁc The Leave Timeout value is either user-deﬁned, or an immediate leave value. The

default timeout is 10 seconds.



2. Click the Enable IGMPSnooping Status checkbox.

3. Click . IGMP Snooping is enabled on the device.

To modify IGMP Snooping:

1. Click

. The Multicast Global Parameters Settings Page opens:

Figure 95: Multicast Global Parameters Settings Page

2. Modify the VLAN ID, IGMP Status Enable, Enable Auto

Learn, Host Timeout, MRouter Timeout, and Leave

Timeout ﬁelds.

3. Click

. The IGMP global parameters are

modiﬁed, and the device is updated.

10.2 Deﬁning Multicast Bridging Groups

The Multicast Group Page displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs tables.

The Port and LAG tables also reﬂect the manner in which the port or LAGs joined the Multicast group. Ports can be added

either to existing groups or to new Multicast service groups. The Multicast Group Page permits new Multicast service groups

to be created. The Multicast Group Page also assigns ports to a speciﬁc Multicast service address group.

To deﬁne multicast groups:

1. Click System > Bridging Conﬁg > Multicast Support > Bridge Multicast > Multicast Group. The Multicast Group

Page opens:

Figure 96: Multicast Group Page

The Multicast Group Page contains the following

information:

Enable Bridge Multicast Filtering — Indicates if

Bridge Multicast ﬁltering is enabled on the device.

The possible ﬁeld values are:



– Checked — Enables Multicast ﬁltering on the device.

– Unchecked — Disables Multicast filtering on the

device. If Multicast filtering is disabled, Multicast

frames are ﬂooded to all ports in the relevant VLAN.

Disabled is the default value.

VLAN ID — Identiﬁes a VLAN and contains information

about the Multicast group address.



ꢅꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

Bridge MulticastAddress — Identiﬁes the Multicast group MAC address/IP address.

Port — Displays the port that can be added to a Multicast service.



LAG — Displays the LAG that can be added to a Multicast service.

The following table contains the IGMP port and LAG members management settings:

Table 5: IGMP Port/LAG Members Table Control Settings

Port Control

Deﬁnition

Dynamically joins ports/LAG to the Multicast group in the Current Row.

Attaches the port to the Multicast group as static member in the Static Row.The port/LAG has joined

the Multicast group statically in the Current Row.

Forbidden ports are not included the Multicast group, even if IGMP snooping designated the port to

join a Multicast group.

Blank

The port is not attached to a Multicast group.

2. Click

. TheAdd Multicast Group Page opens:

Figure 97:Add Multicast Group Page

3. Deﬁne the VLAN ID, Bridge Multicast IP Address, and

Bridge Multicast MACAddress ﬁelds.

4. Click

5. In the Multicast Group Page, select ports to join the

Multicast group.

6. Deﬁne the Multicast port settings.

7. Click

. The Multicast group is deﬁned, and the

device is updated.

To modify the Multicast group settings:

1. Click System > Bridging Conﬁg > Multicast Support > Bridge Multicast > Multicast Group. The Multicast Group

Page opens.

2. Click

. The Multicast Group Settings Page opens:

Figure 98: Multicast Group Settings Page

3. Select Ports/LAGs for the selected VLAN and deﬁne

the port settings.

4. Click

. The Multicast group settings are

modiﬁed and device information is updated.

ꢅꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

10.3 Deﬁning Multicast Forward All Parameters

The Multicast Forward All Page contains ﬁelds for attaching ports or LAGs to a device that is attached to a neighboring

Multicast router/switch. Once IGMP Snooping is enabled, Multicast packets are forwarded to the appropriate port or VLAN.

Unless LAGs are deﬁned, only a Multicast ForwardAll table displays.

To deﬁne Multicast ForwardAll settings:

1. Click System > Bridging Conﬁg > Multicast Support > Bridge Multicast > Multicast Forward All. The Multicast

ForwardAll Page opens:

Figure 99: Multicast ForwardAll Page

The Multicast Forward All Page contains the following

ﬁelds:

VLAN ID — Lists the VLAN for which Multicast

parameters are displayed.



Port/LAG — Ports that can be added to a Multicast

service.



The following table summarizes the Multicast settings which

can be assigned to ports, using the Multicast Forward All

Page.

Table 6: Bridge Multicast ForwardAll Router/Port Control Settings Table

Port Control

Deﬁnition

Attaches the port to the Multicast router or switch as a dynamic port.

Attaches the port to the Multicast router or switch as a static port.

Forbidden.

The port is not attached to a Multicast router or switch.

2. Select a VLAN in the VLAN ID dropdown list.

3. Deﬁne the VLAN port settings.

4. Click

. The Multicast ForwardAll settings for the selected VLAN are deﬁned and the device is updated.

ꢅꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 11. Conﬁguring SNMPManagement

Simple Network Management Protocol (SNMP) provides a method for managing network devices. The device supports the

following SNMP versions:

SNMP version 1

SNMP version 2c

SNMP version 3



11.1 SNMP v1 and v2c

The SNMP agents maintain a list of variables, which are used to manage the device. The variables are defined in the

Management Information Base (MIB). The SNMP agent deﬁnes the MIB speciﬁcation format, as well as the format used to

access the information over the network.Access rights to the SNMP agents are controlled by access strings.

11.2 SNMP v3

SNMP v3 applies access control and a new traps mechanism. In addition, User Security Model (USM) parameters are

deﬁned for SNMPv3, including:

Authentication — Provides data integrity and data origin authentication.



Privacy — Protects against the disclosure of message content. Cipher Block-Chaining (CBC) is used for encryption.

Either authentication is enabled on a SNMP message, or both authentication and privacy are enabled on a SNMP

message. However, privacy cannot be enabled without authentication.

Timeliness — Protects against message delay or message redundancy. The SNMP agent compares incoming

message to the message time information.



Key Management — Deﬁnes key generation, key updates, and key use.

The device supports SNMP notiﬁcation ﬁlters based on Object IDs (OIDs). OIDs are used by the system to manage device

features.

SNMP v3 supports the following features:

Security



FeatureAccess Control

Traps

The device generates the following traps:

Copy trap



This section contains the following topics:

Deﬁning SNMP Security



Conﬁguring SNMP Notiﬁcation Settings

11.3 Deﬁning SNMP Security

This section describes conﬁguring of SNMP security parameters, and contains the following topics:

Deﬁning SNMP Global Parameters

Deﬁning SNMP Views



Deﬁning SNMP Group Proﬁles

ꢆ0

Download from Www.Somanuals.com. All Manuals Search And Download.

Deﬁning SNMP Group Members

Deﬁning SNMP Communities



11.3.1 Deﬁning SNMP Global Parameters

The SNMP Security Global Parameters Page permits the enabling of both SNMP andAuthentication notiﬁcations.

To deﬁne SNMP security global parameters:

1. Click System > SNMP Management > Security > Global Parameters. The SNMP Security Global Parameters Page

opens:

Figure 100: SNMP Security Global Parameters Page

The SNMP Security Global Parameters Page contains the

following ﬁelds:

Local Engine ID (0-32 Characters) — Displays the



local device Engine ID. The ﬁeld value is a hexadecimal

string. Each byte in hexadecimal character strings

is two hexadecimal digits. Each byte can be separated by a period or a colon. The Engine ID must be deﬁned before

SNMPv3 is enabled. Select a default Engine ID that is comprised of an Enterprise number and the default MAC address.

Use Default — Uses the device-generated Engine ID. The default Engine ID is based on the device MAC address and

is deﬁned per standard as:



– First 4 octets — ﬁrst bit = 1, the rest is IANAEnterprise number.

– Fifth octet — Set to 3 to indicate the MAC address that follows.

– Last 6 octets — MAC address of the device.

2. Deﬁne the Local Engine ID and Use Default ﬁelds.

3. Click

. The SNMP global security parameters are set, and the device is updated.

11.3.2 Deﬁning SNMP Views

SNMP Insert space views provide or block access to device features or portions of features. For example, a view can be

deﬁned which provides that SNMP group A has Read Only (R/O) access to Multicast groups, while SNMP group B has

Read-Write (R/W) access to Multicast groups. Feature access is granted via the MIB name or MIB Object ID.

To deﬁne SNMP views:

1. Click System > SNMP Management > Security > Views. The SNMPSecurity Views Page opens:

Figure 101: SNMP Security Views Page

The SNMP Security Views Page contains the following

ﬁelds:

View Name — Displays the user-defined views. The

view name can contain a maximum of 30 alphanumeric

characters.



Object ID Subtree — Displays the device feature OID

included in or excluded from the selected SNMP view.

View Type — Indicates whether the defined OID

branch will be included in or excluded from the selected



ꢆꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

SNMP view.

Remove — Deletes the currently selected view. The possible ﬁeld values are:

– Checked — Removes the selected view.

– Unchecked — Maintains the list of views.



2. Click

. The Add SNMPView Page opens:

Figure 102:Add SNMP View Page

3. Deﬁne the View Name ﬁeld.

4. Deﬁne the view using

and

5. Deﬁne the View Type ﬁeld.

6. Click

updated.

. The view is deﬁned, and the device is

11.3.3 Deﬁning SNMP Group Proﬁles

The SNMPSecurity Group Proﬁle Page provides information for creating SNMP groups, and assigning SNMP access control

privileges to SNMP groups. Groups allow network managers to assign access rights to speciﬁc device features, or feature

aspects.

To deﬁne an SNMP group:

1. Click System > SNMP Management > Security > Group Proﬁle. The SNMPSecurity Group Proﬁle Page opens:

Figure 103: SNMP Security Group Proﬁle Page

The SNMP Security Group Profile Page contains the

following ﬁelds:

Group Name — Displays the user-defined group to



which access control rules are applied. The ﬁeld range

is up to 30 characters.

Security Model — Deﬁnes the SNMP version attached



to the group. The possible ﬁeld values are:

– SNMPv1 — SNMPv1 is deﬁned for the group.

– SNMPv2c — SNMPv2c is deﬁned for the group.

– SNMPv3 — SNMPv3 is deﬁned for the group.

Security Level — Deﬁnes the security level attached to the group. Security levels apply to SNMPv3 only.

The possible ﬁeld values are:



– NoAuthentication — Indicates that neither theAuthentication nor the Privacy security levels are assigned to the group.

– Authentication —Authenticates SNMP messages, and ensures that the SNMP message’s origin is authenticated.

– Privacy — Encrypts SNMP messages.

Operation — Deﬁnes the group access rights. The possible ﬁeld values are:

– Read — Management access is restricted to read-only, and changes cannot be made to the assigned SNMP view.

– Write — Management access is read-write and changes can be made to the assigned SNMP view.

– Notify — Sends traps for the assigned SNMP view.



Remove — Removes SNMP groups. The possible ﬁeld values are:

– Checked — Removes the selected SNMP group.

– Unchecked — Maintains the SNMP groups.

ꢆꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

2. Click

. The Add SNMPGroup Proﬁle Page opens:

Figure 104:Add SNMP Group Proﬁle Page

3. Deﬁne the Group Name, Security Model, Security Level,

and Operation ﬁelds.

4. Click

. The SNMP group proﬁle is added, and

the device is updated.

To modify the SNMP Group settings:

1. Click System > SNMP Management > Security > Group Proﬁle. The SNMPSecurity Group Proﬁle Page opens.

2. Click

. The SNMPGroup Proﬁle Settings Page opens:

Figure 105: SNMP Group Proﬁle Settings Page

3. Modify the Group Name, Security Model, Security

Level, and Operation ﬁelds.

4. Click

. The SNMP group profile is modified,

and the device is updated.

11.3.4 Deﬁning SNMP Group Members

The SNMPSecurity Group Membership Page enables assigning system users to SNMP groups, as well as deﬁning the user

authentication method.

To deﬁne SNMP group membership:

1. Click System > SNMP Management > Security > Group Membership. The SNMP Security Group Membership Page

opens:

Figure 106: SNMP Security Group Membership Page

The SNMP Security Group Membership Page contains the

following ﬁelds:

User Name — Contains a list of user-defined user



names. The field range is up to 30 alphanumeric

characters.

Group Name — Contains a list of user-deﬁned SNMP



groups. SNMP groups are deﬁned in the SNMP Group Proﬁle Page.

Engine ID — Displays either the local or remote SNMP entity to which the user is connected. Changing or removing the

local SNMP Engine ID deletes the SNMPv3 user database.

– Local — Indicates that the user is connected to a local SNMP entity.

– Remote — Indicates that the user is connected to a remote SNMP entity. If the Engine ID is deﬁned, remote devices

receive inform messages.

Authentication — Displays the method used to authenticate users. The possible ﬁeld values are:

– MD5 Key — Users are authenticated using the HMAC-MD5 algorithm.

– SHAKey — Users are authenticated using the HMAC-SHA-96 authentication level.

– MD5 Password — The HMAC-MD5-96 password is used for authentication. The user should enter a password.



ꢆꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

– SHA Password — Users are authenticated using the HMAC-SHA-96 authentication level. The user should enter a

password.

– NoAuthentication — No user authentication is used.

Remove — Removes users from a speciﬁed group. The possible ﬁeld values are:

– Checked — Removes the selected user.



– Unchecked — Maintains the list of users.

2. Click

. TheAdd SNMP Group Membership Page opens:

Figure 107:Add SNMP Group Membership Page

In addition to the fields in the SNMP Security Group

Membership Page, The Add SNMP Group Membership

Page contains the following ﬁelds:

Authentication Method — Defines the SNMP



authentication method.

Authentication Key — Deﬁnes the HMAC-MD5-96 or



HMAC-SHA-96 authentication level. The authentication

and privacy keys are entered to deﬁne the authentication key. If only authentication is required, 16 bytes are deﬁned. If

both privacy and authentication are required, 32 bytes are deﬁned. Each byte in hexadecimal character strings is two

hexadecimal digits. Each byte can be separated by a period or a colon.

Privacy Key — Deﬁnes the privacy key (LSB). If only authentication is required, 20 bytes are deﬁned. If both privacy and

authentication are required, 36 bytes are deﬁned. Each byte in hexadecimal character strings is two hexadecimal digits.

Each byte can be separated by a period or colon.



Password — Deﬁnes the password for the group member

3. Deﬁne the User Name, Group Name, Engine ID, Authentication Method, Password, Authentication Key, and Privacy Key

ﬁelds.

4. Click

. The SNMP group membership is modiﬁed, and the device is updated.

To modify SNMP Group Membership settings:

1. Click System > SNMP Management > Security > Group Membership. The SNMP Security Group Membership Page

opens.

2. Click

. The SNMPGroup Membership Settings Page opens:

Figure 108: SNMP Group Membership Settings Page

3. Modify the Group Name, Engine ID, Authentication

Method, Password, Authentication Key, and Privacy

Key ﬁelds.

4. Click

. The SNMP group membership is

modiﬁed, and the device is updated.

ꢆꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

11.3.5 Deﬁning SNMP Communities

Access rights are managed by deﬁning communities in the SNMP Communities Page. When the community names are

changed, access rights are also changed. SNMP communities are deﬁned only for SNMP v1 and SNMP v2c.

To deﬁne SNMP communities:

1. Click System > SNMP Management > Security > Communities. The SNMPSecurity Communities Page opens:

Figure 109: SNMP Security Communities Page

The SNMP Security Communities Page is divided into the

following tables:

Basic Table



Advanced Table

11.3.5.1 SNMP Communities Basic Table

The SNMPCommunities Basic Table contains the following ﬁelds:

Management Station — Displays the management station IP address for which the basic SNMP community is deﬁned.

Community String — Deﬁnes the password used to authenticate the management station to the device.

Access Mode — Deﬁnes the access rights of the community. The possible ﬁeld values are:

– Read Only — Management access is restricted to read-only, and changes cannot be made to the community.

– Read Write — Management access is read-write and changes can be made to the device conﬁguration, but not to the

community.



– SNMPAdmin — User has access to all device conﬁguration options, as well as permissions to modify the community.

View Name — Contains a list of user-deﬁned SNMP views



Remove — Removes a community. The possible ﬁeld values are:

– Checked — Removes the selected SNMP community.

– Unchecked — Maintains the SNMP communities.

11.3.5.2 SNMP Communities Advanced Table

The SNMPCommunitiesAdvanced Table contains the following ﬁelds:

Management Station — Displays the management station IP address for which the advanced SNMP community is

deﬁned.



Community String — Deﬁnes the password used to authenticate the management station to the device.

Group Name — Deﬁnes advanced SNMP community group names.

Remove — Removes a community. The possible ﬁeld values are:

– Checked — Removes the selected SNMP communities.



– Unchecked — Maintains the SNMP communities.

2. Click

. The Add SNMPCommunity Page opens:

Figure 110:Add SNMP Community Page

3. Define the SNMP Management Station, Community

String, and Basic orAdvanced ﬁelds.

4. Click

. The SNMP community is added, and

ꢆꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

the device is updated.

To modify SNMP Group Membership settings:

1. Click System > SNMP Management > Security > Communities. The SNMPCommunity Settings Page opens:

Figure 111: SNMP Community Settings Page

2. Modify the SNMP Management Station, Community

String, and Basic orAdvanced ﬁelds.

3. Click

. The SNMP community is modified,

and the device is updated.

11.4 Conﬁguring SNMP Notiﬁcation Settings

This section describes conﬁguring of SNMP Notiﬁcations, and contains the following topics:

Deﬁning SNMP Notiﬁcation Properties

Deﬁning Notiﬁcation Filters



Deﬁning Notiﬁcation Receivers

11.4.1 Deﬁning SNMP Notiﬁcation Properties

The SNMPNotiﬁcation Properties Page contains parameters for deﬁning SNMP notiﬁcation parameters.

To deﬁne SNMP notiﬁcation global parameters:

1. Click System > SNMP Management > Notiﬁcation > Properties. The SNMPNotiﬁcation Properties Page opens:

Figure 112: SNMP Notiﬁcation Properties Page

The SNMP Notification Properties Page contains the

following ﬁelds:

Enable SNMP Notiﬁcations — Speciﬁes whether the

device can send SNMP notiﬁcations. The possible ﬁeld

values are:



– Enable — Enables SNMP notiﬁcations.

– Disable — Disables SNMP notiﬁcations.

Enable Authentication Notiﬁcations — Speciﬁes whether SNMP authentication failure notiﬁcation is enabled on the

device. The possible ﬁeld values are:



– Enable — Enables the device to send authentication failure notiﬁcations.

– Disable — Disables the device from sending authentication failure notiﬁcations.

2. Deﬁne the Enable SNMPNotiﬁcation and EnableAuthentication Notiﬁcations ﬁelds.

3. Click . The SNMP notiﬁcation properties are deﬁned, and the device is updated.

11.4.2 Deﬁning Notiﬁcation Filters

The SNMP Notiﬁcation FiIter Page permits ﬁltering traps based on OIDs. Each OID is linked to a device feature or a portion

of a feature. The SNMP Notiﬁcation FiIter Page also allows network managers to ﬁlter notiﬁcations.

To deﬁne notiﬁcation ﬁlters:

ꢆꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

1. Click System > SNMP Management > Notiﬁcation > Notiﬁcation Filter. The SNMPNotiﬁcation FiIter Page opens:

Figure 113: SNMP Notiﬁcation FiIter Page

The SNMP Notiﬁcation FiIter Page contains the following

ﬁelds:

Filter Name — Contains a list of user-defined

notiﬁcation ﬁlters.



Object ID Subtree — Displays the OID for which

notiﬁcations are sent or blocked. If a ﬁlter is attached to

an OID, traps or informs are generated and sent to the

trap recipients. OIDs are selected from either the Select

from ﬁeld or the Object ID ﬁeld.



Filter Type — Indicates whether to send traps or informs relating to the selected OID.

– Excluded — Does not send traps or informs.

– Included — Sends traps or informs.



Remove — Deletes ﬁlters.

– Checked — Deletes the selected ﬁlter.

– Unchecked — Maintains the list of ﬁlters.

2. Click

. The Add SNMPNotiﬁcation Filter Page opens:

Figure 114:Add SNMP Notiﬁcation Filter Page

3. Deﬁne the Filter Name, New Object Identiﬁer Tree, and

Filter Type ﬁelds.

4. Click

. The SNMP notiﬁcation ﬁlter is deﬁned,

and the device is updated.

11.4.3 Deﬁning Notiﬁcation Receivers

The SNMP Notification Receiver Page contains information for defining filters that determine whether traps are sent to

speciﬁc users, and the trap type sent. SNMP notiﬁcation ﬁlters provide the following services:

Identifying Management Trap Targets

Trap Filtering



Selecting Trap Generation Parameters

ProvidingAccess Control Checks

To deﬁne SNMP notiﬁcation ﬁlters:

1. Click System > SNMP Management > Notiﬁcation > Notiﬁcation Receiver. The SNMP Notiﬁcation Receiver Page

opens:

ꢆꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 115: SNMP Notiﬁcation Receiver Page

The SNMP Notiﬁcation Receiver Page c is divided into the

following tables:

SNMPv1,2c Notiﬁcation Recipient

SNMPv3 Notiﬁcation Recipient



11.4.3.1 SNMPv1,2c Notiﬁcation Recipient

The SNMPv1, v2c Recipient table contains the following ﬁelds:

Recipients IP — Displays the IP address to which the traps are sent.

Notiﬁcation Type — Displays the type of notiﬁcation sent. The possible ﬁeld values are:

– Trap — Indicates traps are sent.



– Inform — Indicates informs are sent.

Community String — Displays the community string of the trap manager.

Notiﬁcation Version — Displays the trap type. The possible ﬁeld values are:

– SNMPV1 — Indicates that SNMP Version 1 traps are sent.



– SNMPV2c — Indicates that SNMP Version 2 traps are sent.

UDP Port — Displays the UDP port used to send notiﬁcations. The ﬁeld range is 1-65535. The default is 162.

Filter Name — Indicates if the SNMP ﬁlter for which the SNMP Notiﬁcation ﬁlter is deﬁned.

Timeout — Indicates the amount of time (in seconds) the device waits before resending informs. The ﬁeld range is 1-300.

The default is 15 seconds.



Retries — Indicates the number of times the device resends an inform request. The ﬁeld range is 1-255. The default is 3.

Remove — Deletes the currently selected recipient. The possible ﬁeld values are:

– Checked — Removes the selected recipient from the list of recipients.

– Unchecked — Maintains the list of recipients.



11.4.3.2 SNMPv3 Notiﬁcation Recipient

The SNMPv3 Notiﬁcation Recipient table contains the following ﬁelds:

Recipient IP — Displays the IP address to which the traps are sent.



Notiﬁcation Type — Displays the type of notiﬁcation sent. The possible ﬁeld values are:

– Trap — Indicates that traps are sent.

– Inform — Indicates that informs are sent.

User Name — Displays the user to which SNMP notiﬁcations are sent.

Security Level — Displays the means by which the packet is authenticated. The possible ﬁeld values are:

– NoAuthentication — Indicates that the packet is neither authenticated nor encrypted.

– Authentication — Indicates that the packet is authenticated.



UDP Port — Displays the UDP port used to send notiﬁcations. The ﬁeld range is 1-65535. The default is 162.

Filter Name — Includes or excludes SNMP ﬁlters.



Timeout — Indicates the amount of time (in seconds) the device waits before resending informs. The ﬁeld range is 1-300.

The default is 15 seconds.

Retries — Indicates the number of times the device resends an inform request. The ﬁeld range is 1-255. The default is 3.

Remove — Deletes the currently selected recipient. The possible ﬁeld values are:

– Checked — Removes the selected recipient from the list of recipients.



ꢆꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

– Unchecked — Maintains the list of recipients.

2. Click

. The Add SNMPNotiﬁcation Receiver Page opens:

Figure 116:Add SNMP Notiﬁcation Receiver Page

3. Deﬁne the Recipient IP, Notiﬁcation Type, SNMPV1,v2c

or SNMPv3, UPD Port, Filter Name, Timeout, and

Retries ﬁelds.

4. Click

. The SNMP Notification recipients are

deﬁned, and the device is updated.

To modify SNMP notiﬁcation recipients:

1. Click System > SNMP Management > Notification

> Notification Receiver. The SNMP Notification

Receiver Page opens:

2. Click

. The SNMP Notification Receiver Settings

Page opens:

Figure 117: SNMP Notiﬁcation Receiver Settings Page

3. Modify the Notiﬁcation Type, SNMPV1,v2c or SNMPv3,

UPD Port, Filter Name, TImeout, and Retries ﬁelds.

4. Click

. The SNMP notification recipients are

deﬁned, and the device is updated.

ꢆꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 12. Conﬁguring Quality of Service

This section contains the following topics:

Quality of Service Overview

Enabling Quality of Service

Mapping Queues



12.1 Quality of Service Overview

Network trafﬁc is usually unpredictable, and the only basic assurance that can be offered is best effort trafﬁc delivery. To

overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network trafﬁc is

prioritized according to speciﬁed criteria, and that speciﬁc trafﬁc receives preferential treatment. QoS in the network optimizes

network performance and entails two basic facilities:

Classifying incoming trafﬁc into handling classes, based on an attribute, including:



– The ingress interface

– Packet content

–Acombination of these attributes

Providing various mechanisms for determining the allocation of network resources to different handling classes, including:

– The assignment of network trafﬁc to a particular hardware queue

– The assignment of internal resources



– Trafﬁc shaping

In this document, the terms Class of Service (CoS) and QoS are used in the following context:

CoS provides varying Layer 2 trafﬁc services. CoS refers to classiﬁcation of trafﬁc to trafﬁc-classes, which are handled as

an aggregate whole, with no per-ﬂow settings. CoS is usually related to the 802.1p service that classiﬁes ﬂows according

to their Layer 2 priority, as set in the VLAN header.



QoS refers to Layer 2 trafﬁc and above. QoS handles per-ﬂow settings, even within a single trafﬁc class.

The QoS facility involves the following elements:



Trafﬁc Classiﬁcation — Classiﬁes each incoming packet as belonging to a given trafﬁc class, based on the packet

contents and/or the context.

Assignment to Hardware Queues — Assigns incoming packets to forwarding queues. Packets are sent to a particular

queue for handling as a function of the trafﬁc class to which they belong, as deﬁned by the classiﬁcation mechanism.

Trafﬁc Class-HandlingAttributes —Applies QoS/CoS mechanisms to different classes, including:

– Bandwidth Management



– Shaping/ Rate Limiting

– Policing

12.1.1 Mapping to Queues

Queues are used in both Basic and Advanced QoS modes. Default settings are applied to maps in Service QoS mode. A

Trust Behavior can be selected, or the output service ﬁelds can be selected, including:

VLAN Priority Tags (VPT) — VPTs are mapped to an output queues based on the VPT. While queue mapping is user-

deﬁned, the VPT default mapping to the output queue is as follows. In the VPT default mapping, Queue 1 has the lowest

priority.



ꢇ0

Download from Www.Somanuals.com. All Manuals Search And Download.

The following table contains the VPT to Queue default settings:

Table 7: VPT Default Mapping Table

VPT Value

Queue Number

Mapping of the VPT to the output queue is performed on a system-wide basis, and can be enabled or disabled per port.

Default CoS— Packets arriving untagged are assigned to a default VPT, which can be set by the user on a per port

basis. Once the VPT is assigned, the packet is treated as if it had arrived with this tag. The VPT mapping to the output

queue is based on the same user-deﬁned 802.1p tag-based deﬁnitions.



DSCP — Users can conﬁgure the system to use the IP DSCP of the incoming packet to the output priority queues. The

mapping of the IP DSCP to priority queue is set on a per system basis. If this mode is active, a non-IP packet is always

classiﬁed to the best effort queue.



The default mapping is shown in the following table:

Table 8: DSCP Default Mapping Table

DSCP Value

0-15

Queue Number

q1 (lowest priority)

16-31

32-47

48-64

All network trafﬁc which is not assigned a DSCP value is forwarded with Best Effort service.

After packets are assigned to a speciﬁc queue, using the chosen classiﬁcation method various services can be applied.

Scheduling for output queues can be conﬁgured, including:

Strict priority



Weighted Round Robin (WRR)

Scheduling schemes are speciﬁed per system. WRR weights to the queues can be assigned in any order. For each interface

or queue, the following output shaping can also be conﬁgured:

Committed Burst Size (CBS)

Committed Information Rate (CIR)

Actions for over-the-limit trafﬁc



12.1.2 QoS Modes

The device supports the following QoS modes:

Basic QoS Mode



Advanced QoS Mode

ꢇꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

Note:

When moving to and from basic and advanced QoS modes, some settings may be lost.

12.1.2.1 Basic QoS Mode

Basic Mode supports activating one of the following Trust settings:

VLAN Point Tag

DiffServ Code Point

None



In addition, a single IP-based ACL can be attached directly to the interface (see section on network security for more

information). Only packets that have a Forward action are assigned to the output queue, based on the specified

classiﬁcation. By properly conﬁguring the output queues, the following basic mode services can be set:

Minimum Delay — The queue is assigned to a strict priority policy, and trafﬁc is assigned to the highest priority queue.

Best Effort — Trafﬁc is assigned to the lowest priority queue



Bandwidth Assignments — Bandwidths are assigned by conﬁguring the WRR scheduling scheme and choosing the

right weights.

12.1.2.2 Advanced QoS Mode

Advanced QoS mode provides rules for specifying ﬂow classiﬁcation and assigning rule actions that relate to bandwidth

management.

After assigning packets to a specific queue, services such as configuring output queues for the scheduling scheme, or

conﬁguring output shaping for burst size, CIR, or CBS per interface or per queue, can be applied. InAdvanced Mode packets

may egress with a different VPT tag than expected.

12.2 Enabling Quality of Service

This section contains the following topics:

Enabling Quality of Service

Mapping Queues



12.2.1 Enabling Quality of Service

The CoS Settings Page contains ﬁelds for enabling or disabling QoS. In addition, the Trust mode can be selected. The Trust

mode relies on predeﬁned ﬁelds within the packet to determine the egress queue settings.

To enable QoS and deﬁne basic settings:

1. Click System > Quality of Service > General Settings > CoS Settings. The CoS Settings Page opens:

ꢇꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 118: CoS Settings Page

The CoS Settings Page contains the following ﬁelds:

Quality of Service— Indicates if QoS is enabled on

the interface. The possible values are:



– Enable — Enables QoS on the interface.

– Disable — Disables QoS on the interface.

Trust Mode — Selects the trust mode. If a packet’

s CoS tag and DSCP tags are mapped to different

queues, the Trust mode determines the queue to which

the packet is assigned. The possible ﬁeld values are:

– None — Sets the Trust mode to none. All packets

are sent to the lowest queue.



– CoS — Sets the Trust mode to CoS. Packets are

queued based on their CoS tag value.

– DSCP — Sets the Trust mode to CoS. Packets are

queued based on their DSCP tag value.

In the QoS parameters list:

# Number — Indicates the number of the interface for which the global QoS parameters are deﬁned.

Interface — Displays the name of the interface for which the global QoS parameters are deﬁned.

Trust Mode — Indicates if the trust mode is enabled for the interface.



Default CoS for Incoming Trafﬁc — Displays the current settings for the default CoS value for incoming packets for

which a VLAN tag is not deﬁned. The possible ﬁeld values are 0-7. The default CoS is 0.

2. Select Enable in the Quality of Service ﬁeld.

3. Select the Trust Mode.

4. Click

. QoS is conﬁgured and enabled on the device.

To modify interface settings:

1. Click

. The QoS Interface Settings Page opens.

Figure 119: QoS Interface Settings Page

2. Deﬁne the ﬁelds.

3. Click

. The interface settings are updated.

12.2.2 Deﬁning Queues

The QoS Queue Settings Page contains ﬁelds for deﬁning the QoS queue forwarding types. The queue settings are set

system-wide.

To deﬁne queue settings for Quality of Service:

1. Click System > Quality of Service > General Settings > Queue Settings. The QoS Queue Settings Page opens:

ꢇꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 120: QoS Queue Settings Page

The QoS Queue Settings Page contains the following

ﬁelds:

Queue — Indicates the queue number.



Scheduling

– Strict Priority — Indicates that trafﬁc scheduling for

the selected queue is based strictly on the queue

priority.

– WRR — Indicates that trafﬁc scheduling for the selected queue is based strictly on the WRR.

– WWR Weight — If WRR is selected, indicates the predetemined weights 8, 2, 4, and 1 for queues 4,3,2 and 1.

– % of WWR Bandwidth — If WWR weight is selected, indicates the percentage

2. Deﬁne the ﬁelds.

3. Click

. The QoS queue settings are saved and the device is updated.

12.3 Mapping Queues

This section contains the following topics:

Mapping CoS Values to Queues

Mapping QoS Values to Queues



12.3.1 Mapping CoS Values to Queues

The CoS to Queue Page contains ﬁelds for classifying CoS settings to trafﬁc queues.

To set CoS to Queue:

1. Click System > Quality of Service > Queue Mapping > CoS to Queue. The CoS to Queue Page opens:

Figure 121: CoS to Queue Page

Class of Service — Specifies the CoS priority tag

values, where zero is the lowest and 8 is the highest.

Queue — Deﬁnes the trafﬁc forwarding queue to which

the CoS priority is mapped. Four trafﬁc priority queues

are supported, where zero is the lowest and 8 is the

highest.



Restore Defaults — Allows you to restore default

settings.



2. Modify the Queue values or select Restore Defaults.

3. Click

. The CoS to Queue mapping settings

are saved and the device is updated.

12.3.2 Mapping QoS Values to Queues

The DSCPto Queue Page contains ﬁelds for classifying DSCP settings to trafﬁc queues. For example, a packet with a DSCP

tag value of 3 can be assigned to queue 2.

To set DSCP to queues:

ꢇꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

1. Click System > Quality of Service > Queue Mapping > DSCP to Queue. The DSCPto Queue Page opens:

Figure 122: DSCP to Queue Page

The CoS Settings Page page contains the following ﬁelds:

DSCP In — Displays the incoming packet’s DSCP

value.



Queue — Defines the traffic forwarding queue to

which the DSCP priority is mapped. Four trafﬁc priority

queues are supported.



2. Modify the Queue values.

3. Click

updated.

. The DSCP to Queue mapping is

ꢇꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 13. Managing System Files

File maintenance on the device includes conﬁguration ﬁle management and device access. The conﬁguration ﬁle structure

consists of the following conﬁguration ﬁles:

Startup conﬁguration ﬁle — Contains the commands required to reconﬁgure the device to the same settings as when

the device is powered down or rebooted. The Startup ﬁle is created by copying the conﬁguration commands from the

Running Conﬁguration ﬁle or the Backup Conﬁguration ﬁle.



Running configuration file — Contains all configuration file commands, as well as all commands entered during

the current session. After the device is powered down or rebooted, all commands stored in the Running Conﬁguration

ﬁle are lost. During the startup process, all commands in the Startup ﬁle are copied to the Running Conﬁguration File

and applied to the device. During the session, all new commands entered are added to the commands existing in the

Running Conﬁguration ﬁle. Commands are not overwritten. To update the Startup ﬁle, before powering down the device,

the Running Conﬁguration ﬁle must be copied to the Startup Conﬁguration ﬁle. The next time the device is restarted, the

commands are copied back into the Running Conﬁguration ﬁle from the Startup Conﬁguration ﬁle.

Image ﬁles — Software upgrades are used when a new version ﬁle is downloaded. The ﬁle is checked for the right

format, and that it is complete. After a successful download, the new version is marked, and is used after the device is

reset.



This section contains the following topics:

Downloading System Files

Uploading System Files

Activating Image Files

Copying System Files



13.1 Downloading System Files

To download system ﬁles:

1. Click System > Maintenance > File Management > File Download. The File Download Page opens:

Figure 123: File Download Page

The File Download Page is divided into the following

sections:

Download Type



Firmware Download

Conﬁguration Download

13.1.1 Download Type

The Upload Type section contains the following ﬁelds:

Firmware Download — Indicates that the download



is for ﬁrmware. If Firmware Download is selected, the

Conﬁguration Download ﬁelds are grayed out.

Conﬁguration Download — Indicates that the download is for conﬁguration ﬁles. If Conﬁguration Download is selected,

the Firmware Download ﬁelds are grayed out.



ꢇꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

13.1.2 Firmware Download

The Firmware Download section contains the following ﬁelds:

TFTP Server IPAddress — Speciﬁes the address of the TFTP server from which ﬁles are downloaded.

Source File Name — Speciﬁes the ﬁle to be downloaded.



Destination File — Speciﬁes the destination ﬁle to which system ﬁle is downloaded. The possible ﬁeld values are:

– Software Image — Downloads the Image ﬁle.

– Boot Code — Downloads the Boot ﬁle.

Download to Master Only — Downloads the system ﬁle only to the Master.

Download toAll Units — Downloads the system ﬁle to all units.



13.1.3 Conﬁguration Download

The Conﬁguration Download section contains the following ﬁelds:

TFTP Server IPAddress — Speciﬁes the address of the TFTP server from which the conﬁguration ﬁles are downloaded.

Source File Name — Speciﬁes the conﬁguration ﬁles to be downloaded.



Destination File — Speciﬁes the destination ﬁle to which the conﬁguration ﬁle is downloaded. The possible ﬁeld values

are:

– Running Conﬁguration — Downloads commands into the Running Conﬁguration ﬁle.

– Startup Conﬁguration — Downloads the Startup Conﬁguration ﬁle, and overwrites the old Startup Conﬁguration ﬁle.

2. Open the File Download Page.

3. Select the download type.

4. Deﬁne the TFTP server address.

5. Deﬁne the Source File Name and Destination File ﬁelds.

6. Click

. The requested ﬁles are downloaded to the speciﬁed destination.

13.2 Uploading System Files

The Copy Files Page contains ﬁelds for uploading the software from the device to the TFTP server.

To upload system ﬁles:

1. Click System > Maintenance > File Management > File Upload. The File Upload Page opens:

Figure 124: File Upload Page

The File Upload Page is divided into the following sections:

Upload Type



Software Image Upload

Conﬁguration Upload

13.2.1 Upload Type

The Upload Type section contains the following ﬁelds:

Firmware Upload — Speciﬁes that the software image



file is uploaded. If Firmware Upload is selected, the

Conﬁguration Upload ﬁelds are grayed out.

Configuration Upload — Specifies that the Configuration file is uploaded. If Configuration Upload is selected, the

Software Image Upload ﬁelds are grayed out.



ꢇꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

13.2.2 Software Image Upload

The Software Image Upload section contains the following ﬁelds:

TFTP Server IPAddress — Speciﬁes the address of the TFTP server to which the Software Image is uploaded.



Destination File Name — Speciﬁes the name of the software image ﬁle to which the Software Image is uploaded.

13.2.3 Conﬁguration Upload

The Conﬁguration Upload section contains the following ﬁelds:

TFTP Server IPAddress — Speciﬁes the address of the TFTP server to which the Conﬁguration ﬁle is uploaded.

Destination File Name — Speciﬁes the name of the ﬁle to which the Startup Conﬁguration ﬁle is uploaded.

Transfer File Name — Speciﬁes the name of the Conﬁguration ﬁle that is uploaded.

The possible ﬁeld values are:



– Running Conﬁguration — Uploads the Running Conﬁguration ﬁle.

– Startup Conﬁguration — Uploads the Startup Conﬁguration ﬁle.

2. Open the Copy Files Page. See “Copying System Files” in section 13.4.

3. Deﬁne the ﬁle type to upload.

4. Deﬁne the ﬁelds.

5. Click

. The software is uploaded to the device.

13.3 Activating Image Files

The Active Image Page allows network managers to select and reset the Image ﬁles.

To download system ﬁles:

1. Click System > Maintenance > File Management >Active Image. The Active Image Page opens:

Figure 125:Active Image Page

The Active Image Page contains the following ﬁelds:

Unit No. — The unit number for which the Image ﬁle is

selected.



Active Image — The Image file which is currently

active on the unit.

After Reset — The Image file which is active on the

unit after the device is reset.

The possible ﬁeld values are:

– Image 1 —Activates Image ﬁle 1 after the device is reset.

– Image 2 —Activates Image ﬁle 2 after the device is reset.

2. Deﬁne the After Reset ﬁeld.

3. Click

. The selected image ﬁle is activated after the device is reset.

13.4 Copying System Files

Files can be copied and deleted using the Copy Files Page.

To copy system ﬁles:

1. Click System > Maintenance > File Management > Copy Files. The Copy Files Page opens:

ꢇꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 126: Copy Files Page

The Copy Files Page contains the following ﬁelds:

Copy Configuration — Copies the Running



Conﬁguration ﬁle to the Startup Conﬁguration ﬁle.

Source — Indicates the Running Conﬁguration ﬁle is



selected.

Destination — Indicates the Startup Conﬁguration ﬁle is selected.

Restore Conﬁguration Factory Defaults — Resets the Conﬁguration ﬁle to the factory defaults. The factory defaults are

reset after the device is reset. When unselected, the device maintains the current Conﬁguration ﬁle.



2. Select Copy Conﬁguration.

3. Click

. The ﬁle is copied.

To restore the default conﬁguration:

1. Click System > File Management > Copy Files. The Copy Files Page opens.

2. Select Restore Conﬁguration Factory Defaults.

3. Click

. The factory defaults are restored, and the device is updated.

ꢇꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 14. Performing Device Diagnostics

This section contains the following topics:

Conﬁguring Port Mirroring



Viewing Integrated Cable Tests

Viewing Optical Transceivers

14.1 Conﬁguring Port Mirroring

Port mirroring monitors and mirrors network trafﬁc by forwarding copies of incoming and outgoing packets from one port to a

monitoring port. Port mirroring can be used as a diagnostic tool as well as a debugging feature. Port mirroring also enables

switch performance monitoring.

Network administrators can conﬁgure port mirroring by selecting a speciﬁc port from which to copy all packets, and other

ports to which the packets copied.

To perform port mirroring diagnostics:

1. Click System > Maintenance > Diagnostics > Port Mirroring. The Port Mirroring Page opens:

Figure 127: Port Mirroring Page

The Port Mirroring Page contains the following ﬁelds:

Destination Port — Deﬁnes the port number to which

port trafﬁc is copied.



Transmit Packets — Deﬁnes the how the packets are

mirrored. The possible ﬁeld values are:



– Untagged — Mirrors packets as untagged VLAN

packets. This is the default value.

– Tagged — Mirrors packets as tagged VLAN packets.

Source Port — Indicates the port from which the packets are mirrored.

Type — Indicates the port mode conﬁguration for port mirroring. The possible ﬁeld values are:

– RX — Deﬁnes the port mirroring on receiving ports.



– TX — Deﬁnes the port mirroring on transmitting ports.

– Both — Deﬁnes the port mirroring on both receiving and transmitting ports. This is the default value.

Remove — Removes the port mirroring session. The possible ﬁeld values are:

– Checked — Removes the selected port mirroring sessions.

– Unchecked — Maintains the port mirroring session.



2. Click

. TheAdd Port Mirroring Page opens:

Figure 128:Add Port Mirroring Page

3. Select a port in the Source Port ﬁeld.

4. Select a port type in the Type ﬁeld.

5. Click

. The port mirroring session is deﬁned,

and the device is updated.

ꢈ0

Download from Www.Somanuals.com. All Manuals Search And Download.

To modify port mirroring settings:

1. Click

. The Port Mirroring Settings Page opens.

Figure 129: Port Mirroring Settings Page

2. Modify the Type ﬁeld.

3. Click

. Port mirroring settings are modified,

and the device is updated.

To remove port mirroring:

1. Click Maintenance > Diagnostics > Port Mirroring. The Port Mirroring Page opens.

2. Click the Remove checkbox for selected item, and click

14.2 Viewing Integrated Cable Tests

The Copper Cable Page contains ﬁelds for performing tests on copper cables. Cable testing provides information about

where errors occurred in the cable, the last time a cable test was performed, and the type of cable error, which occurred. The

tests use Time Domain Reﬂectometry (TDR) technology to test the quality and characteristics of a copper cable attached to a

port. Cables up to 120 meters long can be tested. Cables are tested when the ports are in the down state, with the exception

of the Approximated Cable Length test.

To view cable test results:

Click System > Maintenance > Diagnostics > Copper Cable. The Copper Cable Page opens:



Figure 130: Copper Cable Page

The Copper Cable Page contains the following ﬁelds:

Port — Specifies the port to which the cable is



connected.

Test Result — Displays the cable test results. Possible



values are:

– No Cable — Indicates that a cable is not connected

to the port.

– Open Cable — Indicates that a cable is connected

on only one side.

– Short Cable — Indicates that a short has occurred in

the cable.

– OK — Indicates that the cable passed the test.

Cable Fault Distance — Indicates the distance from the port where the cable error occurred.

Last Update — Indicates the last time the port was tested.

Cable Length — Indicates the approximate cable length. This test can only be performed when the port is up and

operating at 1 Gbps.



To perform a test:

1. Click . The test parameters are displayed in the Copper Cable Test Page:

ꢈꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

14.3 Viewing Optical Transceivers

The Optical Transceivers Page allows network managers to perform tests on ﬁber-optic cables.

Note:

Optical transceiver diagnostics can be performed only when the link is present.

To test cables:

Click System > Maintenance > Diagnostics > Optical Transceivers. The Optical Transceivers Page opens:



Figure 131: Optical Transceivers Page

The Optical Transceivers Page contains the following

ﬁelds:

Port — Displays the port IP address on which the

cable is tested.



Temperature — Displays the temperature (^oC) at



which the cable is operating.

Voltage — Displays the voltage at which the cable is operating.

Current — Displays the current at which the cable is operating.

Output Power — Indicates the rate at which the output power is transmitted.

Input Power — Indicates the rate at which the input power is transmitted.

Transmitter Fault — Indicates if a fault occurred during transmission.

Loss of Signal — Indicates if a signal loss occurred in the cable.

Data Ready — Indicates the transceiver has achieved power up and data is ready.



ꢈꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

Section 15. Viewing Statistics

This section describes how to view and manage device statistics for interfaces, GVRP, EAP, and Etherlike and how to view

and deﬁne as RMON statistics, history and alarms.

This section contains the following topics:

Viewing Interface Statistics

Managing RMON Statistics



15.1 Viewing Interface Statistics

This section contains the following topics:

Viewing Device Interface Statistics

Viewing Etherlike Statistics

Viewing GVRP Statistics



Viewing EAP Statistics

15.1.1 Viewing Device Interface Statistics

The Interface Statistics Page contains statistics for both received and transmitted packets.

To view interface statistics:

1. Click System > Statistics > Interface Statistics. The Interface Statistics Page opens:

Figure 132: Interface Statistics Page

The Interface Statistics Page contains the following ﬁelds:

Interface — Indicates the device for which statistics

are displayed. The possible ﬁeld values are:



– Port — Deﬁnes the speciﬁc port for which interface

statistics are displayed.

– LAG — Deﬁnes the speciﬁc LAG for which interface

statistics are displayed.

Refresh Rate — Defines the amount of time that

passes before the interface statistics are refreshed.

The possible ﬁeld values are:



– 15 Sec —Indicates that the Interface statistics are

refreshed every 15 seconds.

– 30 Sec —Indicates that the Interface statistics are refreshed every 30 seconds.

– 60 Sec —Indicates that the Interface statistics are refreshed every 60 seconds.

– No Refresh —Indicates that the Interface statistics are not refreshed.

Receive Statistics

Total Bytes (Octets) — Displays the number of octets received on the selected interface.

Unicast Packets — Displays the number of Unicast packets received on the selected interface.

Multicast Packets — Displays the number of Multicast packets received on the selected interface.

Broadcast Packets — Displays the number of Broadcast packets received on the selected interface.



ꢈꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

Packets with Errors — Displays the number of error packets received from the selected interface.



Transmit Statistics

Total Bytes (Octets) — Displays the number of octets transmitted from the selected interface.

Unicast Packets — Displays the number of Unicast packets transmitted from the selected interface.

Multicast Packets — Displays the number of Multicast packets transmitted from the selected interface.

Broadcast Packets — Displays the number of Broadcast packets transmitted from the selected interface.



2. Select an interface in the Interface ﬁeld. The interface statistics are displayed.

To reset interface statistics counters:

1. Open the Interface Statistics Page.

2. Click

. The interface statistics counters are cleared.

15.1.2 Viewing Etherlike Statistics

The Etherlike Statistics Page contains interface statistics.

To view Etherlike interface statistics:

1. Click System > Statistics > Interface Statistics > Etherlike. The Etherlike Statistics Page opens:

Figure 133: Etherlike Statistics Page

The Etherlike Statistics Page contains the following ﬁelds:

Interface — Indicates the device for which statistics are



displayed. The possible ﬁeld values are:

– Port — Deﬁnes the speciﬁc port for which Etherlike

statistics are displayed.

– LAG — Deﬁnes the speciﬁc LAG for which Etherlike

statistics are displayed.

Refresh Rate — Defines the amount of time that



passes before the interface statistics are refreshed. The

possible ﬁeld values are:

– 15 Sec — Indicates that the Etherlike statistics are refreshed every 15 seconds.

– 30 Sec — Indicates that the Etherlike statistics are refreshed every 30 seconds.

– 60 Sec — Indicates that the Etherlike statistics are refreshed every 60 seconds.

– No Refresh — Indicates that the Etherlike statistics are not refreshed.

Frame Check Sequence (FCS) Errors — Displays the number of FCS errors received on the selected interface.

Single Collision Frames — Displays the number of single collision frames received on the selected interface.

Late Collisions — Displays the number of late collision frames received on the selected interface.

Excessive Collisions — Displays the number of excessive collisions received on the selected interface.

Internal MAC Transmit Errors — Displays the number of internal MAC transmit errors on the selected interface.

Oversize Packets — Displays the number of oversized packet errors on the selected interface.

Internal MAC Receive Errors — Number of internal MAC received errors on the selected interface.

Received Pause Frames — Displays the number of received paused frames on the selected interface.

Transmitted Paused Frames — Displays the number of paused frames transmitted from the selected interface.



2. Select an interface (Port or LAG) in the Interface ﬁeld. The Etherlike statistics are displayed.

ꢈꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

To update the refresh time:

To change the refresh rate for statistics, select another rate from the Refresh Rate dropdown list.



To reset Etherlike interface statistics counters:

1. Open the Etherlike Statistics Page.

2. Click

. The Etherlike interface statistics counters are cleared.

15.1.3 Viewing GVRP Statistics

The GVRP Statistics Page contains device statistics for GVRP.

To view GVRP interface statistics:

1. Click System > Statistics > Interface Statistics > GVRP. The GVRPStatistics Page opens:

Figure 134: GVRP Statistics Page

The GVRPStatistics Page contains the following ﬁelds:

Interface — Speciﬁes the interface type for which the

statistics are displayed.



– Port — Indicates port statistics are displayed.

– LAG — Indicates LAG statistics are displayed.

Refresh Rate — Indicates the amount of time that

passes before the GVRP statistics are refreshed. The

possible ﬁeld values are:



– 15 Sec — Indicates that the GVRP statistics are

refreshed every 15 seconds.

– 30 Sec — Indicates that the GVRP statistics are

refreshed every 30 seconds.

– 60 Sec — Indicates that the GVRP statistics are

refreshed every 60 seconds.

– No Refresh — Indicates that the GVRP statistics are not refreshed.

Join Empty — Displays the device GVRP Join Empty statistics.

Empty — Displays the device GVRP Empty statistics.

Leave Empty — Displays the device GVRP Leave Empty statistics.

Join In — Displays the device GVRP Join In statistics.

Leave In — Displays the device GVRP Leave in statistics.

LeaveAll — Displays the device GVRP Leave all statistics.

Invalid Protocol ID — Displays the device GVRP Invalid Protocol ID statistics.

InvalidAttribute Type — Displays the device GVRP InvalidAttribute ID statistics.

InvalidAttribute Value — Displays the device GVRP InvalidAttribute Value statistics.

InvalidAttribute Length — Displays the device GVRP InvalidAttribute Length statistics.

Invalid Event — Displays the device GVRP Invalid Event statistics.



2. Select an interface (Port or LAG) in the Interface ﬁeld. The GVRP statistics are displayed.

To update the refresh time:

To change the refresh rate for statistics, select another rate from the Refresh Rate dropdown list.



To reset GVRP interface statistics counters:

ꢈꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

1. Open the GVRPStatistics Page.

2. Click

. The GVRP interface statistics counters are cleared.

15.1.4 Viewing EAP Statistics

The EAPStatistics Page contains information about EAP packets received on a speciﬁc port.

To view the EAP Statistics:

1. Click System > Statistics > Interface Statistics > EAP. The EAPStatistics Page opens:

Figure 135: EAP Statistics Page

The EAPStatistics Page contains the following ﬁelds:

Port — Indicates the port, which is polled for statistics.



Refresh Rate — Indicates the amount of time that

passes before the EAP statistics are refreshed. The

possible ﬁeld values are:

– 15 Sec — Indicates that the EAP statistics are

refreshed every 15 seconds.

– 30 Sec — Indicates that the EAP statistics are

refreshed every 30 seconds.

– 60 Sec — Indicates that the EAP statistics are

refreshed every 60 seconds.

– No Refresh — Indicates that the EAP statistics are not refreshed.

Frames Receive — Indicates the number of valid EAPOLframes received on the port.

Frames Transmit — Indicates the number of EAPOLframes transmitted via the port.

Start Frames Receive — Indicates the number of EAPOLStart frames received on the port.

Log off Frames Receive — Indicates the number of EAPOLLogoff frames that have been received on the port.

Respond ID Frames Receive — Indicates the number of EAP Resp/Id frames that have been received on the port.

Respond Frames Receive — Indicates the number of valid EAP Response frames received on the port.

Request ID Frames Transmit — Indicates the number of EAP Req/Id frames transmitted via the port.

Request Frames Transmit — Indicates the number of EAP Request frames transmitted via the port.

Invalid Frames Receive — Indicates the number of unrecognized EAPOL frames that have been received by on this

port.



Length Error Frames Receive — Indicates the number of EAPOL frames with an invalid Packet Body Length received

on this port.



Last Frame Version — Indicates the protocol version number attached to the most recently received EAPOLframe.

Last Frame Source — Indicates the source MAC address attached to the most recently received EAPOLframe.



2. Select a port from the Port dropdown list. The port statistics are displayed.

To update the refresh time:

To change the refresh rate for statistics, select another rate from the Refresh Rate dropdown list.



15.2 Managing RMON Statistics

This section describes how to view and manage Remote Monitoring On Network (RMON) statistics, history and alarms.

This section contains the following topics:

Viewing RMON Statistics



ꢈꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

Conﬁguring RMON History

Deﬁning RMONAlarms



15.2.1 Viewing RMON Statistics

The RMON Statistics Page contains ﬁelds for viewing information about device utilization and errors that occurred on the

device.

To view RMON statistics:

1. Click System > Statistics > RMON > Statistics. The RMON Statistics Page opens:

Figure 136: RMON Statistics Page

The RMON Statistics Page contains the following ﬁelds:

Interface — Indicates the device for which statistics



are displayed. The possible ﬁeld values are:

– Port — Defines the specific port for which RMON

statistics are displayed.

– LAG — Deﬁnes the speciﬁc LAG for which RMON

statistics are displayed.

Refresh Rate — Defines the amount of time that



passes before the interface statistics are refreshed.

The possible ﬁeld values are:

– 15 Sec — Indicates that the RMON statistics are

refreshed every 15 seconds.

– 30 Sec — Indicates that the RMON statistics are refreshed every 30 seconds.

– 60 Sec — Indicates that the RMON statistics are refreshed every 60 seconds.

Received Bytes (Octets) — Displays the number of octets received on the interface since the device was last refreshed.

This number includes bad packets and FCS octets, but excludes framing bits.

Received Packets — Displays the number of packets received on the interface, including bad packets, Multicast and

broadcast packets, since the device was last refreshed.



Broadcast Packets Received — Displays the number of good broadcast packets received on the interface since the

device was last refreshed. This number does not include Multicast packets.

Multicast Packets Received — Displays the number of good Multicast packets received on the interface since the

device was last refreshed.

CRC & Align Errors — Displays the number of CRC and Align errors that have occurred on the interface since the

device was last refreshed.

Undersize Packets — Displays the number of undersized packets (less than 64 octets) received on the interface since

the device was last refreshed.

Oversize Packets — Displays the number of oversized packets (over 1518 octets) received on the interface since the

device was last refreshed.

Fragments — Displays the number of fragments (packets with less than 64 octets, excluding framing bits, but including

FCS octets) received on the interface since the device was last refreshed.

Jabbers — Displays the total number of received packets that were longer than 1518 octets. This number excludes

frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of

octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The ﬁeld range to detect jabbers is

between 20 ms and 150 ms.

Collisions — Displays the number of collisions received on the interface since the device was last refreshed.



ꢈꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

Frames of xx Bytes — Number of xx-byte frames received on the interface since the device was last refreshed.



2. Select an interface (Port or LAG) in the Interface ﬁeld. The RMON statistics are displayed.

To update the refresh time:

To change the refresh rate for statistics, select another rate from the Refresh Rate dropdown list.



To reset RMON statistics counters:

1. Open the RMON Statistics Page.

2. Click

. The RMON statistics counters are cleared.

15.2.2 Conﬁguring RMON History

This section contains the following topics:

Deﬁning RMON History Control

Viewing the RMON History Table



15.2.2.1 Deﬁning RMON History Control

The RMON History Control Page contains information about samples of data taken from ports. For example, the samples

may include interface deﬁnitions or polling periods.

To set RMON history control:

1. Click System > Statistics > RMON > History. The RMON History Control Page opens:

Figure 137: RMON History Control Page

The RMON History Control Page contains the following

ﬁelds:

History Entry No. — Displays the entry number for



the History Control Table page.

Source Interface — Displays the interface from which



the history samples were taken. The possible field

values are:

– Port — Speciﬁes the port from which the RMON information was taken.

– LAG — Speciﬁes the port from which the RMON information was taken.

Sampling Interval — Indicates in seconds the time that samplings are taken from the ports. The ﬁeld range is 1-3600.

The default is 1800 seconds (equal to 30 minutes).



Samples Requested — Displays the number of samples to be saved. The ﬁeld range is 1-65535. The default value is

50.

Current Number of Samples in List — Displays the current number of samples taken.

Owner — Displays the RMON station or user that requested the RMON information. The ﬁeld range is 0-20 characters.

Remove — Removes History Control entries. The possible ﬁeld values are:

– Checked — Removes the selected History Control entry.



– Unchecked — Maintains the current History Control entries.

2. Click

. The Add History Entry User Page opens:

ꢈꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 138:Add History Entry User Page

3. Deﬁne the ﬁelds.

4. Click

. The entry is added to the RMON

History Control Page, and the device is updated.

To modify a history entry user:

1. Open the RMON History Control Page.

2. Click

. The Edit Local History Entry User Page opens:

Figure 139: Edit Local History Entry User Page

3. Deﬁne the ﬁelds.

4. Click

.The entry is updated in the RMON

History Control Page, and the device is updated.

15.2.2.2 Viewing the RMON History Table

The RMON History Table Page contains interface speciﬁc

statistical network samplings. Each table entry represents all counter values compiled during a single sample.

To view the RMON History Table:

1. Click System > Statistics > RMON > History > History Table. The RMON History Table Page opens:

Figure 140: RMON History Table Page

The RMON History Table Page contains the following

ﬁelds:

History Entry No. — Displays the entry number for the



History Control Table page.

Owner — Displays the RMON station or user that



requested the RMON information. The field range is

0-20 characters.

Sample No. — Indicates the sample number from which the statistics were taken.

Drop Events — Displays the number of dropped events that have occurred on the interface since the device was last

refreshed.



Received Bytes (Octets) — Displays the number of octets received on the interface since the device was last refreshed.

This number includes bad packets and FCS octets, but excludes framing bits.

Received Packets — Displays the number of packets received on the interface since the device was last refreshed,

including bad packets, Multicast and Broadcast packets.



Broadcast Packets — Displays the number of good Broadcast packets received on the interface since the device was

last refreshed. This number does not include Multicast packets.

Multicast Packets — Displays the number of good Multicast packets received on the interface since the device was last

refreshed.

CRC Align Errors — Displays the number of CRC and Align errors that have occurred on the interface since the device

was last refreshed.

Undersize Packets — Displays the number of undersized packets (less than 64 octets) received on the interface since

ꢈꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

the device was last refreshed.

Oversize Packets — Displays the number of oversized packets (over 1518 octets) received on the interface since the

device was last refreshed.



Fragments — Displays the number of fragments (packets with less than 64 octets, excluding framing bits, but including

FCS octets) received on the interface since the device was last refreshed.

Jabbers — Displays the total number of received packets that were longer than 1518 octets. This number excludes

frame bits, but includes FCS octets that had either a bad Frame Check Sequence (FCS) with an integral number of

octets (FCS Error) or a bad FCS with a non-integral octet (Alignment Error) number. The ﬁeld range to detect jabbers is

between 20 ms and 150 ms.

Collisions — Displays the number of collisions received on the interface since the device was last refreshed.

Utilization — Displays the percentage of the interface utilized.



2. Select an entry in the History Entry No. ﬁeld.

3. Click . The statistics are displayed.

15.2.3 Conﬁguring RMON Events

This section includes the following topics:

Deﬁning RMON Events Control

Viewing the RMON Events Logs



15.2.3.1 Deﬁning RMON Events Control

The RMON Events Control Page contains ﬁelds for deﬁning RMON events.

To set RMON events:

1. Click System > Statistics > RMON > Events. The RMON Events Control Page opens:

Figure 141: RMON Events Control Page

The RMON Events Control Page contains the following

ﬁelds:

Event Entry — Displays the event.



Community — Displays the community to which the

event belongs.

Description — Displays the user-defined event

description.



Type — Describes the event type. Possible values are:

– Log — Indicates that the event is a log entry.

– Trap — Indicates that the event is a trap.

– Log and Trap — Indicates that the event is both a log entry and a trap.

– None — Indicates that no event occurred.

Time — Displays the time that the event occurred.

Owner — Displays the device or user that deﬁned the event.

Remove — Removes a RMON event. The possible ﬁeld values are:

– Checked — Removes a selected RMON event.

– Unchecked — Maintains RMON events.



2. Click

. The Add RMON Event User Page opens:

ꢀ00

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 142:Add RMON Event User Page

3. Deﬁne the ﬁelds.

4. Click

. The entry is added to the RMON

Events Control Page, and the device is updated.

To modify an RMON Event user:

1. Click System > Statistics > RMON > Events. The

RMON Events Control Page opens, displaying deﬁned event entries.

2. Click

next to an entry. The Edit RMON Event User Page opens:

Figure 143: Edit RMON Event User Page

3. Modify the local user properties ﬁelds.

4. Click

. The entry is updated in the RMON

Events Control Page, and the device is updated.

15.2.3.2 Viewing the RMON Events Logs

The RMON Events Logs Page contains a list of RMON

events.

To view RMON event logs:

1. Click System > Statistics > RMON > Events. The RMON Events Logs Page opens:

Figure 144: RMON Events Logs Page

The RMON Events Logs Page contains the following

ﬁelds:

Event — Displays the RMON Events Log entry

number.



Log No. — Displays the log number.

Log Time — Displays the time when the log entry was

entered.



Description — Displays the log entry description.



15.2.4 Deﬁning RMON Alarms

The RMON Alarm Page contains ﬁelds for setting network alarms. Network alarms occur when a network problem, or event,

is detected. Rising and falling thresholds trigger alarms.

To set RMON alarms:

1. Click System > Statistics > RMON >Alarm. The RMONAlarm Page opens:

Figure 145: RMONAlarm Page

The RMONAlarm Page contains the following ﬁelds:

Alarm Entry — Indicates a speciﬁc alarm.



Counter Name — Displays the selected MIB variable.

ꢀ0ꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

Interface — Displays interface for which RMON statistics are displayed. The possible ﬁeld values are:

– Port — Displays the RMON statistics for the selected port.



– LAG — Displays the RMON statistics for the selected LAG.

Counter Value — Displays the selected MIB variable value.



Sample Type — Deﬁnes the sampling method for the selected variable and comparing the value against the thresholds.

The possible ﬁeld values are:

– Delta — Subtracts the last sampled value from the current value. The difference in the values is compared to the

threshold.

– Absolute — Compares the values directly with the thresholds at the end of the sampling interval.

Rising Threshold — Displays the rising counter value that triggers the rising threshold alarm. The rising threshold is

presented on top of the graph bars. Each monitored variable is designated a color.

Rising Event — Displays the mechanism in which the alarms are reported. The possible ﬁeld values are:

– LOG — Indicates there is not a saving mechanism for either the device or in the management system. If the device is

not reset, the entry remains in the Log Table.



– TRAP — Indicates that an SNMP trap is generated, and sent via the Trap mechanism. The Trap can also be saved

using the Trap mechanism.

– Both — Indicates that both the Log and Trap mechanism are used to report alarms.

Falling Threshold — Displays the falling counter value that triggers the falling threshold alarm. The falling threshold is

graphically presented on top of the graph bars. Each monitored variable is designated a color.

Falling Event — Displays the mechanism in which the alarms are reported.

Startup Alarm — Displays the trigger that activates the alarm generation. Rising is deﬁned by crossing the threshold

from a low-value threshold to a higher-value threshold.



Interval — Deﬁnes the alarm interval time in seconds.



Owner — Displays the device or user that deﬁned the alarm.

Remove — Removes the RMONAlarms Table entry.

2. Click

. The Add RMONAlarm User Page opens:

Figure 146:Add RMONAlarm User Page

3. Deﬁne the ﬁelds.

4. Click

. The RMON alarm user is added to the

list in RMONAlarm Page, and the device is updated.

To modify an RMON alarm user:

1. Click . The Edit RMONAlarm User Page opens.

ꢀ0ꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

Figure 147: Edit RMONAlarm User Page

2. Modify the ﬁelds.

3. Click

. The entry is updated in the RMON

Alarm Page, and the device is updated.

ꢀ0ꢂ

Download from Www.Somanuals.com. All Manuals Search And Download.

Glossary

This glossary contains terms commonly used in Embedded Web System documentation.

Term

Deﬁnition

Access Mode

Speciﬁes the method by which user access is granted to the system.

Allows network managers to define profiles and rules for accessing the device. Access to

management functions can be limited to user groups, which are deﬁned by the following criteria:

• Ingress interfaces.

Access Proﬁle

• Source IP address and/or Source IP subnets.

Filters in Access Control Lists (ACL) that determine which network trafﬁc is forwarded.

ACE are based on the following criteria:

• Protocol.

• Protocol ID.

ACE

• Source Port.

• Destination Port.

• Wildcard Mask.

• Source IPAddress.

• Destination IPAddress.

Access Control List. Access Control Lists are used to grant, deny, or limit access to

ACL

devices, features, or applications.

Groups several VLANs into a single aggregated VLAN. Aggregating VLANs enables

routers to respond to ARP requests for nodes located on different sub-VLANs belonging

to the same Super VLAN. Routers respond with their MAC address.

Aggregated VLAN

Authentication Header Protocol. Provides source host authentication and data integrity.

Address Resolution Protocol. A TCP/IP protocol that converts IP addresses into physical

ARP

addresses.

ASIC

Application Speciﬁc Integrated Circuit.Acustom chip designed for a speciﬁc application.

Asset Tag

Speciﬁes the user-deﬁned device reference.

Authentication Proﬁle

Set of rules that enable login to and authentication of users and applications.

Allows 10/100 Mpbs or 10/100/1000 Mbps Ethernet ports to establish for the following features:

• Duplex/ Half Duplex Mode.

• Flow Control.

Auto-negotiation

• Speed.

Back Pressure

Amechanism used with Half Duplex mode that enables a port not to receive a message.

The main segment of a network. Backbone types include:

• Building.

• Campus.

Backbone

• Metropolitan.

• National Data.

• Telecommunications.

ꢀ0ꢃ

Download from Www.Somanuals.com. All Manuals Search And Download.

Term

Deﬁnition

Backplane

The main BUS that carries information in the device.

Speciﬁes the amount of data that can be transmitted in a ﬁxed amount of time. For digital

devices, bandwidth is deﬁned in Bits per Second (bps) or Bytes per Second.

Bandwidth

BandwidthAssignment

Baud

Indicates the amount of bandwidth assigned to a speciﬁc application, user, and/or interface.

Indicates the number of signaling elements transmitted each second.

Best Effort

Indicates that trafﬁc is assigned to the lowest priority queue, and packet delivery is not guaranteed.

Border Gateway Protocol. Enables information sharing, routing information between

BGP

groups of routers.

Boot Version

BootP

Indicates the boot version.

Bootstrap Protocol. Enables a workstation to discover its IP address, an IP address of a

BootP server on a network, or a conﬁguration ﬁle loaded into the boot of a device.

Bridge Protocol Data Unit. Provide bridging information in a message format. BPDUs

are sent across switch information with in Spanning Tree conﬁguration. BPDU packets

contain information on ports, addresses, priorities, and forwarding costs.

BPDU

A device that connects two networks. Bridges are hardware-speciﬁc, however they are

protocol-independent. Bridges operate at Layer 1 and Layer 2 levels.

Bridge

Device sets that receive broadcast frames originating from any device within a designated

set. Routers bind broadcast domains, because routers do not forward broadcast frames.

Broadcast Domain

An excessive amount of broadcast messages simultaneously transmitted across a

network by a single port. Forwarded message responses are heaped onto the network,

overloading network resources or causing the network to time out.

Broadcast Storm

Broadcasting

Burst

Amethod of transmitting packets to all ports on a network.

A packet transmission at faster than normal rates. Bursts are limited in time and only

occur under speciﬁc conditions.

Burst Size

Indicates the burst size transmitted at a faster than normal rate.

Committed Burst Size. Indicates the maximum number of data bits transmitted within a

speciﬁc time interval.

CBS

CDB

Conﬁguration Data Base.Aﬁle containing a device’s conﬁguration information.

Classless Interdomain Routing. Based on route aggregation. Routers group routes

together, and reduce the amount of routing information carried by the core routers.

Several IP networks appear to networks outside the group as a single, larger entity.

CIDR

Committed Information Rate. Indicates the rate (Bps) that data is transmitted using frame

CIR

relay services (FRS). The rate is averaged over a minimum time increment.

An aspect of Quality of Service system that is comprised of an IP ACL and/or a MAC

ACL. Class maps are conﬁgured to match packet criteria, and are matched to packets in

a ﬁrst-ﬁt fashion.

Class Map

Class of Service (CoS). The 802.1p priority scheme. CoS provides a method for tagging

packets with priority information.ACoS value between 0-7 is added to the Layer II header

of packets, where zero is the lowest priority and seven is the highest.

Class of Service

Creates new addresses on the internet. The new addresses are distributed to ISPs for

their customers’ use. CIDR reduces the Internet routers’ burden by combining routes.

One IP address represents thousands of addresses serviced by a major backbone

provider.

Classless Inter-Domain

Routing

ꢀ0ꢄ

Download from Www.Somanuals.com. All Manuals Search And Download.

Term

Deﬁnition

CLI

Command Line Interface.Aset of line commands used to conﬁgure the system.

A computer system or process that requires services or processes for another computer,

typically a server.

Client

CLL

Classiﬁcation Control Lists. Devices that grant, deny, or limit access to devices, features,

or applications in QoS.

A overlapping transmission of two or more packets that collide. The data transmitted

cannot be used, and the session is restarted.

Collision

A single logical port with two physical connections, including an RJ-45 connection and a

SFP connection.

Combo Port

Community

CPU

Speciﬁes a group of users which retains the same system access rights.

Central Processing Unit. The part of a computer that processes information.CPUs are

composed of a control unit and anALU.

Indicates a state where an interface is not advertising links to the neighboring interface

due to Flapping.

Damp

Dynamic Host Conﬁguration Protocol. DHCP dynamically assigns IP addresses to devices on

a network. With dynamic addressing, a device can have a different IP address every time it

connects to the network. DHCP also supports a mix of static and dynamic IP addresses.

DHCP

An Internet host using DHCP to obtain configuration parameters, such as a network

address.

DHCP Client

DHCP Server

Domain

An Internet host that returns conﬁguration parameters to DHCP clients.

Agroup of computers and devices on a network that are grouped with common rules and

procedures.

DiffServe Code Point. DSCP provides a method of tagging IP packets with QoS priority

DSCP

DSL

information.

Digital Subscriber Line. Increases the digital capacity of telephone lines.

Permits simultaneous transmissions and reception of data. There are two different types

of duplex mode:

• Full Duplex Mode — Permits bisynchronous communication, for example, a telephone.

Two parties can transmit information at the same time.

Duplex Mode

• Half Duplex Mode — Permits asynchronous communication, for example, a walkie-

talkie. Only one party can transmit information at a time.

Distance Vector Multicast Routing Protocol. DVMRP tunnels multicast messages

within unicast packets. DVMRP supports rate limiting and distribution control based on

destination address.

DVMRP

Egress Port

Port from which network trafﬁc is transmitted.

Enhanced Interior Gateway Routing Protocol. Provides fast convergence, support for

EIGRP

End System

EPG

variable-length subnet mask, and supports multiple network layer protocols.

An end user device on a network.

Exterior Gateway Protocol. Permits exchanging routing information between two

neighboring gateway hosts in an autonomous systems network.

ESP

Encapsulating Security Payload. Provides a variety of security services for IPv4 and IPv6.

ꢀ0ꢅ

Download from Www.Somanuals.com. All Manuals Search And Download.

Term

Deﬁnition

Uses a bus or star topology and supports data transfer rates of Mpbs. A newer version

called Fast Ethernet supports 100 Mbps. Ethernet is standardized as per IEEE 802.3.

Ethernet is the most commonly implemented LAN standard.

Ethernet

Embedded Web Server. Provides device management via a standard web browser.

EWS

Embedded Web Servers are used in addition to or in place of a CLI or NMS.

Fast Ethernet. Fast Ethernet transmits at 100 Mbps rather than 10 Mbps.

Fast Forward Table. Provides information about forwarding routes. If a packet arrives at a

device with a known route, the packet is forwarded via a route listed in the FFT. If there is

not a known route, the CPU forwards the packet and updates the FFT.

FFT

First In First Out. A queuing process where the ﬁrst packet in the queue is the ﬁrst to be

FIFO

transmitted.

Flapping occurs when an interface’s state is constantly changing. For example, an

STP port constantly changes from listening to learning to forwarding. This may cause

detrimental trafﬁc loss.

Flapping

Flow Control

Enables lower speed devices to communicate with higher speed devices. This is

implemented by the higher speed device refraining from sending packets.

Ethernet packets smaller than 576 bits.

Fragment

Frame

FTP

Packets containing the header and trailer information required by the physical medium.

File Transfer Protocol. Transfers ﬁles between network nodes.

GARP

GeneralAttributes Registration Protocol. Registers client stations into a multicast domain.

GigaBit Interface Converter. A hardware module used to attach network devices to ﬁber-

based transmission systems. GBIC converts the serial electrical signals to serial optical

signals and vice versa.

GBIC

Gigabit Ethernet transmits at 1000 Mbps, and is compatible with existing 10/100 Ethernet

standards.

Gigabit Ethernet

GRE

Generic Routing Encapsulation. Enables tunneling using encapsulation with various

protocol packet types. GRE creates a virtual point-to-point link to remote IP internetwork

routers.

GVRP

GARPVLAN Registration Protocol. Registers client stations into a VLAN.

Host Monitoring Protocol. Collects network information from various networks hosts.

HMP monitors hosts spread over the internet as well as hosts in a single network.

Head of Line. Packets are queued. Packets at the head of the queue are forwarded

before packets at the end.

HMP

HOL

Hop

The path between two network devices, for example, two routers.

Acomputer that acts as a source of information or services to other computers.

Host

Allows speciﬁc modules to be removed and/or replaced while the host device is running

without reconﬁguring the device.

Hot Swapping

HyperText Transport Protocol. Transmits HTML documents between servers and clients

HTTP

on the internet.

ꢀ0ꢆ

Download from Www.Somanuals.com. All Manuals Search And Download.

Term

Deﬁnition

Integrated Access Device. Device that multiplexes varied communication technologies

IAD

onto a single telephone line for transmission to the carrier.

Integrated Circuit. Small electronic devices composed from semiconductor material.

Internet Control Message Protocol. Allows the gateway or destination host to

ICMP

communicate with the source host. For example, to report a processing error.

Inter-Domain Routing Protocol. Speciﬁes how routers communicate with different domain

IDRP

IEEE

routers.

Institute of Electrical and Electronics Engineers. An engineering organization that

develops communications and networking standards.

Used in the Spanning Tree Protocol, IEEE 802.1d supports MAC bridging to avoid

network loops.

IEEE 802.1d

IEEE 802.1p

EEE 802.1q

Prioritizes network trafﬁc at the data-link/MAC sub-layer.

Defines the operation of VLAN Bridges that permit the definition, operation, and

administration of VLANs within Bridged LAN infrastructures.

Internet Group Management Protocol. Allows hosts to notify their local switch or router

that they want to receive transmissions assigned to a speciﬁc multicast group.

Interior Gateway Protocol. Allows for routing information exchange between gateways in

an autonomous network.

IGMP

IGP

System images are saved in two Flash sectors called images image 1 and image 2). The

active image stores the active copy; while the other image stores a second copy.

Ports on which network trafﬁc is received.

Image File

Ingress Port

Internet Protocol. Specifies the format of packets and their addressing method.IP

addresses packets and forwards the packets to the correct port.

Internet Protocol Address. A unique address assigned to a network device with two or

IPAddress

IPM

more interconnected LANs or WANs.

IP Multicast. Transmits multicast packets in a network. Multicast routing copies one

packet to several ports.

IP Version 6. Provides a newer version of the Internet Protocol, and follows IP version

4 (IPv4). IPv6 increases the IP address size from 32 bits to 128 bits. In addition, IPv6

support more levels of addressing hierarchy, more addressable nodes, and supports

simpler auto-conﬁguration of addresses.

TPv6

IPX

Internetwork Packet Exchange. Transmits connectionless communications.

Intermediate System to Intermediate System. Provides Link State PDUs (LSPs)

ISIS

authentication by including authentication information as part of the LSP.

Enable transporting identical data in fewer frames. Jumbo Frames reduce overhead,

lower the processing time, and ensure fewer interruptions.

Jumbo Frames

Group of MD5 keys assigned to an interface. Key chains are assigned to interfaces in the

RIP or OSPF interface parameters.

Key Chain

ꢀ0ꢇ

Download from Www.Somanuals.com. All Manuals Search And Download.

Term

L2TP

LAG

LAN

Deﬁnition

Layer 2 Tunnel Protocol. Helps build virtual private networks in the dial access space, and

provides Layer 2 Forwarding L2F) protocol and Point-to-Point Tunneling Protocol (PPTP).

LinkAggregated Group.Aggregates ports or VLANs into a single virtual port or VLAN.

Local Area Network. Anetwork contained within a single room, building, campus or other

limited geographical area.

Data Link Layer or MAC Layer. Contains the physical address of a client or server station.

Layer 2 processing is faster than Layer 3 processing because there is less information to

process.

Layer 2

Layer 3

Network Layer. Contains the logical address and protocol type (IP, IPX, etc.). Layer

3 traffic can also be prioritized and forwarded based on packet information, such as

the source and destination address. Layer 3 processing takes longer than Layer 2

processing, as there is more information to process.

Establishes connections and ensures that all data arrives at the correct destination.

Packets inspected at the Layer 4 level are analyzed and forwarding decisions are based

on their applications.

Layer 4

LCP

Link Control Protocol. Manages authentication, compression, and encryption.

Enables the even distribution of data and/or processing packets across available network

resources. For example, load balancing may distribute the incoming packets evenly to all

servers, or redirect the packets to the next available server.

Load Balancing

Media Access Control Address. The MAC Address is a hardware speciﬁc address that

MACAddress

identiﬁes each network node.

Characterizes a learning bridge, in which the packet’s source MAC address is recorded.

Packets destined for that address are forwarded only to the bridge interface on which that

address is located. Packets addressed to unknown addresses are forwarded to every

bridge interface. MACAddress Learning minimizes trafﬁc on the attached LANs.

MACAddress Learning

MAC Layer

MAN

Asub-layer of the Data Link Control (DTL) layer.

Metropolitan Area Network. Acommunications network covering a metropolitan area or a

suburb.

Mask

Aﬁlter that includes or excludes certain values, for example parts of an IP address.

Message Digest 5. An algorithm that produces a 128-bit hash. MD5 is a variation of

MD4, and increases MD4 security. MD5 veriﬁes the integrity of the communication and

authenticates the origin of the communication.

MD5

MDI

Media Dependent Interface.Acable used for end stations.

MDIX

Media Dependent Interface with Crossover (MDIX).Acable used for hubs and switches.

Multiply-Divide Unit. A high-speed circuit that performs multiplication and division within

MDU

MIB

the CPU.

Management Information Base. MIBs contain information describing speciﬁc aspects of

network components.

Maximum Transfer Unit. Speciﬁes the maximum frame size that can be transmitted over

a network. Frames that exceed the MTU must be broken into smaller frames.

Transmits copies of a single packet to multiple ports.

MTU

Multicast

Network Processor

CPU chips that are optimized for networking and communications functions.

ꢀ0ꢈ

Download from Www.Somanuals.com. All Manuals Search And Download.

Term

Deﬁnition

Network Management System. An interface that provides a method of managing a

NMS

system.

A network connection endpoint or a common junction for multiple network lines. Nodes

include:

Node

• Processors.

• Controllers.

• Workstations.

Object Identiﬁer. Used by SNMP to identify managed objects. In the SNMP Manager/

Agent network management paradigm, each managed object must have an OID to

identify it.

OID

Open Shortest Path First. A TCP/IP Interior Gateway protocol that calculates the lowest-

OSPF

cost route, multipath routing, and load balancing.

Packet

Blocks of information for transmission in packet switched systems.

Protocol Data Unit. A data unit speciﬁed in a layer protocol consisting of protocol control

information and layer user data.

PDU

Packet Internet Groper. Veriﬁes if a speciﬁc IP address is available. A packet is sent to

another IP address and waits for a reply.

PING

Determines if trafﬁc levels are within a speciﬁed proﬁle. Policing manages the maximum

trafﬁc rate used to send or receive packets on an interface.

Policing

Port

Physical ports provide connecting components that allow microprocessors to

communicate with peripheral equipment.

Monitors and mirrors network traffic by forwarding copies of incoming and outgoing

packets from one port to a monitoring port.

Port Mirroring

Indicates port speed. Port speeds include:

• Ethernet 10 Mbps.

Port Speed

• Fast Ethernet 100Mbps.

• Gigabit Ethernet 1000 Mbps.

Point-to-Point Protocol. Enables connecting to the Internet over a serial link. PPP

establishes sessions between a PC and an ISP using the Link Control Protocol (LCP).

An authorizations set that performs security-relevant functions, for example, user access

to a device.

PPP

Privilege

Protocol

Protocol Stack

Aset of rules that governs how devices exchange information across networks.

Layered set of protocols working together to provide networking functions.

Quality of Service. QoS provides policies that contain sets of ﬁlters (rules). QoS allows

network managers to decide how and what network traffic is forwarded according to

priorities, application types, and source and destination addresses.

QoS

Query

Extracts information from a database and presents the information for use.

Remote Authentication Dial-In User Service. A method for authenticating system users,

RADIUS

RDP

and tracking connection time.

Remote Desktop Protocol.Allows a clients to communicate with the Terminal Server over

the network.

ꢀꢀ0

Download from Www.Somanuals.com. All Manuals Search And Download.

Term

Deﬁnition

Provides duplication of devices, services, or events. If a device, service, or event fails,

redundancy provides a backup that can replace the lost functionality.

Redundancy

An Internet host or router that passes DHCP messages between DHCP clients and

DHCP servers.

RelayAgent

RIP

Routing Information Protocol. Stipulates how routing table information is exchanged

between routers.

Grips up to four wires. RJ-11 connector plugs the handset into the telephone, and the

telephone into the wall.

RJ-11 Connector

RJ-45 Connector

RMON

Grips up to eight copper wires and resembles a standard RJ-11 telephone connector.

RJ-45 connectors are commonly used with Ethernet devices.

Remote Monitoring on Network. Provides network information to be collected from a

single workstation.

Real Time Operating System. An operating system designed for use in a real time

ROS

computer system.

A device that connects to separate networks. Routers forward packets between two or

more networks. Routers operate at a Layer 3 level.

Router

Rapid Spanning Tree Protocol. Detects and uses network topologies that allow a faster

RSTP

convergence of the spanning tree, without creating forwarding loops.

Contains all Startup ﬁle commands, as well as all commands entered during the current

session. After the device is powered down or rebooted, all commands stored in the

Running Conﬁguration ﬁle are lost.

Running Conﬁguration

File

Resource V....Reservation Protocol. Enables Internet applications to obtain differing

RVSP

service resources for trafﬁc ﬂows.

Divides LANs into separate LAN segments for bridging and routing. Segmentation

eliminates LAN bandwidth limitations.

Segmentation

Acentral computer that provides services to other computers on a network. Services may

include ﬁle storage and access to applications.

Server

Simple Network Management Protocol. Manages LANs. SNMP-based software

communicates with network devices with embedded SNMP agents. SNMP agents

gather network activity and device status information and send the information back to a

workstation.

SNMP

System on a Chip. AnASIC that contains an entire system. For example, a telecom SoC

SoC

application can contain a microprocessor, digital signal processor, RAM, and ROM.

Prevents loops in network traffic. The Spanning Tree Protocol (STP) provides tree

topography for any arrangement of bridges. STP provides one path between end stations

on a network, eliminating loops.

Spanning Tree Protocol

Secure Shell. Logs into a remote computer via a network, executes commands, and

transfers ﬁles from one computer to another.

SSH

Stand-alone Mode

Permits a device to operate independently from other devices.

Startup Conﬁguration

Retains the exact device conﬁguration when the device is powered down or rebooted.

Sub-network. Subnets are portions of a network that share a common address

component. In TCP/IP networks, devices that share a preﬁx are part of the same subnet.

For example, all devices with a preﬁx of 157.100.100.100 are part of the same subnet.

Subnet

ꢀꢀꢀ

Download from Www.Somanuals.com. All Manuals Search And Download.

Term

Deﬁnition

Used to mask all or part of an IP address used in a subnet address. Switch Filters and

forwards packets between LAN segments. Switches support any packet protocol type.

Subnet Mask

Transmissions Control Protocol. Enables two hosts to communicate and exchange data

streams. TCP guarantees packet delivery, and guarantees packets are transmitted and

received in the order the are sent.

TCP/IP

Terminal Emulation Protocol. Enables system users to log in and use resources on

Telnet

remote networks.

Trivial File Transfer Protocol. Uses User Data Protocol (UDP) without security features to

TFTP

Trap

transfer ﬁles.

Amessage sent by the SNMP that indicates that system events have occurred.

Link Aggregation. Optimizes port usage by linking a group of ports together to form a

Trunking

single trunk (aggregated groups).

User Data Protocol. Communication protocol that transmits packets but does not

guarantee their delivery.

UDP

Unicast

Aform a routing that transmits one packet to one user.

Virtual Local Area Networks. Logical subgroups that constitute a Local Area Network

VLAN

VSDL

(LAN). This is done in software rather than deﬁning a hardware solution.

Very High Bit Rate DSL. An asymmetric DSL version used at the ﬁber optic junction point

ﬁnal drop to nearby customers.

WAN

WideArea Networks. Networks that cover a large geographical area.

Speciﬁes which IP address bits are used, and which bits are ignored. Awild card mask of

255.255.255.255 indicates that no bit is important. A wildcard of 0.0.0.0 indicates that all

the bits are important.

Wildcard Mask

For example, if the destination IP address is 149.36.184.198 and the wildcard mask is

255.36.184.00, the ﬁrst two bits of the IP address are used, while the last two bits are

ignored.

ꢀꢀꢁ

Download from Www.Somanuals.com. All Manuals Search And Download.

TP-LINK TECHNOLOGIES CO., LTD.

E-mail: [email protected]

Website: http://www.tp-link.com

Add: 3/F., Building R1-B, Hi-tech Industrial Park, Shennan Rd., Shenzhen, P.R.China

Download from Www.Somanuals.com. All Manuals Search And Download.

Toshiba Cash Register FDS 50 User Manual
Toshiba Flat Panel Television AM40 User Manual
TP Link Switch TL PS110U User Manual
Tripp Lite Network Card P222 010 User Manual
Troy Bilt Cultivator TB225 User Manual
Velodyne Acoustics Speaker FSX 12 User Manual
ViewEra Computer Monitor V151BN User Manual
ViewSonic Computer Monitor VA1616W User Manual
ViewSonic Flat Panel Television NB2750w User Manual
Vulcan Hart Hot Beverage Maker K12ETT User Manual