TP-Link 10GE T1700G-28TQUN V1 User Guide
TP-Link 10GE Manual
 |
View all TP-Link 10GE manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link 10GE manual content summary:
- TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 1
T1700G-28TQ JetStream 24-Port Gigabit Stackable Smart Switch with 4 10GE SFP+ Slots REV1.0.1 1910011740 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 2
without permission from TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2016 TP-LINK TECHNOLOGIES CO., LTD. All rights reserved. http://www.tp-link.com FCC and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 3
disassemble the product, or make repairs yourself. You run the risk of electric shock and voiding the limited warranty. If you need service, please contact us. Avoid water and wet locations. Explanation of the symbols on the product label Symbol Explanation AC voltage RECYCLING This - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 4
CONTENTS Package Contents ...1 Chapter 1 About this Guide ...2 1.1 Intended Readers...2 1.2 Conventions ...2 1.3 Overview of This Guide 2 Chapter 2 Introduction ...6 2.1 Overview of the Switch 6 2.2 Appearance Description 6 2.2.1 Front Panel ...6 2.2.2 Rear Panel...7 Chapter 3 Login to the Switch - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 5
4.5.1 SDM Template Config 34 Chapter 5 Stack ...36 5.1 Stack Management...43 5.1.1 Stack Info...43 5.1.2 Stack Config ...44 5.2 Application Example for Stack 46 Chapter 6 Switching...47 6.1 Port ...47 6.1.1 Port Config...47 6.1.2 Port Mirror...48 6.1.3 Port Security ...50 6.1.4 Port Isolation...52 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 6
7.5.3 Protocol Template 82 7.6 Application Example for Protocol VLAN 84 Chapter 8 Spanning Tree...86 8.1 STP Config ...91 8.1.1 STP Config ...91 8.1.2 STP Summary 93 8.2 Port Config ...94 8.3 MSTP Instance ...95 8.3.1 Region Config...96 8.3.2 Instance Config 96 8.3.3 Instance Port Config 97 8.4 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 7
9.3.3 IPv6 Multicast Table 141 9.3.4 Static IPv6 Multicast Table 142 Chapter 10 Routing...144 10.1 Interface...144 10.2 Routing Table ...150 10.2.1 IPv4 Routing Table 150 10.2.2 IPv6 Routing Table 150 10.3 Static Routing ...151 10.3.1 IPv4 Static Routing Config 151 10.3.2 IPv6 Static Routing - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 8
VLAN Binding 191 12.6 Application Example for ACL 191 Chapter 13 Network Security...194 13.1 IP-MAC Binding...194 13.1.1 Binding Table 194 13.1.2 Manual Binding 195 13.1.3 ARP Scanning 197 13.2 DHCP Snooping ...199 13.2.1 Global Config 202 13.2.2 Port Config...202 13.2.3 Option 82 Config 204 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 9
13.6.2 Privilege Elevation 222 13.6.3 RADIUS Server Config 223 13.6.4 TACACS+ Server Config 224 13.6.5 Authentication Server Group Config 224 13.6.6 Authentication Method List Config 226 13.6.7 Application Authentication List Config 227 13.6.8 802.1X Authentication Server Config 228 13.6.9 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 10
16.1.2 Memory Monitor 264 16.2 Log...264 16.2.1 Log Table ...265 16.2.2 Local Log ...266 16.2.3 Remote Log ...267 16.2.4 Backup Log...267 16.3 Device Diagnose ...268 16.3.1 Cable Test...268 16.4 Network Diagnose...269 16.4.1 Ping ...270 16.4.2 Tracert ...270 Appendix A: Specifications ...272 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 11
Switch One power cord Two mounting brackets and other fittings Installation Guide Resource CD for T1700G-28TQ, including: • This User Guide • CLI Reference Guide • SNMP Mibs • 802.1X Client Software and its User Guide • Other Helpful Information Note: Make sure that the package contains the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 12
for setup and management of T1700G-28TQ JetStream 24-Port Gigabit Stackable Smart Switch with 4 10GE SFP+ Slots. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for network managers familiar with IT concepts and network terminologies. 1.2 Conventions In - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 13
is used to configure basic functions of the switch. Here mainly introduces: • Port: Configure the basic features for the port. • LAG: Configure Link Aggregation Group. LAG is to combine a number of ports together to make a single high-bandwidth data path. • Traffic Monitor: Monitor the traffic - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 14
DHCP relay. • ARP: Displays the ARP information. This module is used to configure QoS function to provide different quality of service for various network applications and requirements. Here mainly introduces: • DiffServ: Configure priorities, port priority, 802.1P priority and DSCP priority - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 15
for LAN ports to solve mainly authentication and security problems. • AAA: Configure the authentication, authorization and LLDP function to provide information for SNMP applications to simplify troubleshooting. Here mainly introduces: • Basic Config: Configure the manual. Return to CONTENTS 5 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 16
Smart Switch with 4 10GE SFP+ Slots! 2.1 Overview of the Switch Designed for workgroups and departments, JetStream Gigabit Smart Switch from TP-LINK provides wire-speed performance and full set of L2 and L2+ management features. It provides a variety of service features and multiple powerful - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 17
/100/1000Mbps RJ45 Ports: Designed to connect to the device with a bandwidth of 10Mbps, 100Mbps or 1000Mbps. Each has a corresponding 1000Mbps LED and Link/Act LED. SFP+ Ports: Port 25-28, designed to install the 1Gbps SFP transceiver, 10Gbps SFP+ transceiver or SFP+ cable. 2.2.2 Rear Panel The - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 18
Power Socket: Connect the female connector of the power cord here, and the male connector to the AC power outlet. Please make sure the voltage of the power supply meets the requirement of the input voltage. Return to CONTENTS 8 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 19
Chapter 3 Login to the Switch 3.1 Login 1) To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP address of your PC should - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 20
3.2 Configuration After a successful login, the main page will appear as Figure 3-3, and you can configure the function by clicking the setup menu on the left side of the screen. Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 21
Chapter 4 System The System module is mainly for system configuration of the switch, including five submenus: System Info, User Management, System Tools, Access Security and SDM Template. 4.1 System Info The System Info, mainly for basic properties configuration, can be implemented on System Summary - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 22
Port Status The port status diagram shows the working status of the ports on the specified unit switch. Indicates the 1000Mbps port is not connected to a device. Indicates the 1000Mbps port is at the speed of 1000Mbps. Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. Indicates the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 23
Click a port to display the bandwidth utilization on this port. The actual rate divided by theoretical maximum rate is the bandwidth utilization. The following figure displays the bandwidth utilization monitored every four seconds. Monitoring the bandwidth utilization on each port facilitates you to - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 24
is running. On this page you can configure the system time and the settings here will be used for other time-based functions. You can manually set the system time, get time from an NTP server or synchronize with PC's clock as the system time. Choose the menu System→System Info - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 25
switch. Displays the current time source of the switch. Time Config Manual: Get Time from NTP Server: Synchronize with PC'S Clock: When this option is selected, you can set the date and time manually. When this option is selected, you can configure the time zone and - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 26
The following entries are displayed on this screen: DST Config DST Status: Predefined Mode: Recurring Mode: Date Mode: Enable or disable the DST. Select a predefined DST configuration. USA: Second Sunday in March, 02:00 ~ First Sunday in November, 02:00. Australia: First Sunday in October, - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 27
can only view some of the settings of different functions without the right to edit or modify. The Web management pages contained in this guide are subject to the admin's login without any explanation. Choose the menu System→User Management→User Config to load the following page. Figure 4-8 User - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 28
Password: Confirm Password: User Table Select: User ID, User Name, Access Level: Operation: Type a password for users' login. Retype the password. Select the desired entry to delete the corresponding user information. It is multi-optional. The current user information can't be deleted. Displays - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 29
Figure 4-9 Boot Config The following entries are displayed on this screen: Boot Table Select: Unit: Current Startup Image: Next Startup Image: Backup Image: Select the unit(s). Displays the unit ID. Displays the current startup image. Select the next startup image. Select the backup boot image. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 30
Choose the menu System→System Tools→Config Restore to load the following page. Figure 4-10 Config Restore The following entries are displayed on this screen: Config Restore Config File: Click the Browse button to select a backup file and click the Import button to restore the startup - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 31
can be upgraded via the Web management page. To upgrade the system is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware. Choose the menu System→System Tools→Firmware Upgrade to load the following page. Figure 4-12 Firmware Upgrade Please - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 32
Note: To avoid damage, please don't turn off the device while rebooting. 4.3.6 System Reset On this page you can reset the switch to the default. All the settings will be cleared after the switch is reset. Choose the menu System→System Tools→System Reset to load the following page. Figure 4-14 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 33
Choose the menu System→Access Security→Access Control to load the following page. Figure 4-15 Access Control The following entries are displayed on this screen: Access Control Config Control Mode: Access Interface: Select the control mode for users to log on to the Web management page. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 34
4.4.2 HTTP Config With the help of HTTP (Hyper Text Transfer Protocol), you can manage the switch through a standard browser. The standards development of HTTP was coordinated by the Internet Engineering Task Force and the World Wide Web Consortium. On this page you can configure the HTTP function. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 35
SSL mainly provides the following services: 1. Authenticate the users and the servers based on the ". Please add this certificate to trusted certificates or continue to this website. The switch also supports HTTPS connection for IPv6. After configuring an IPv6 address (for example, 3001::1) for the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 36
Choose the menu System→Access Security→HTTPS Config to load the following page. Figure 4-17 HTTPS Config The following entries are displayed on this screen: Global Config HTTPS: SSL Version 3: TLS Version 1: Select Enable/Disable the HTTPS function on the switch. Enable or Disable Secure - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 37
CipherSuite Config RSA_WITH_RC4_128_MD5: RSA_WITH_RC4_128_SHA: RSA_WITH_DES_CBC_SHA: RSA_WITH_3DES_EDE_CBC_SHA: Key exchange with RC4 128-bit encryption and MD5 for message digest. By default, it's enabled. Key exchange with RC4 128-bit encryption and SHA for message digest. By default, it's - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 38
the client sends authentication request to the server for login, and then the two can communicate with each other after successful authentication. This switch supports SSH server and you can log on to the switch via SSH connection using SSH client software. SSH key can be downloaded into the switch - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 39
box to enable the corresponding data integrity algorithm. Key Download Key Type: Key File: Download: Select the type of SSH Key to download. The switch supports two types: SSH-2 RSA/DSA and SSH-1 RSA. Please ensure the key length of the downloaded file is in the range of 512 to 3072 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 40
2. Click the Open button in the above figure to log on to the switch. Enter the login user name and password, and then you can continue to configure the switch. Application Example 2 for SSH: Network Requirements 1. Log on to the switch via key authentication using SSH and the SSH function is - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 41
Configuration Procedure 1. Select the key type and key length, and generate SSH key. Note: 1. The key length is in the range of 512 to 3072 bits. 2. During the key generation, randomly moving the mouse quickly can accelerate the key generation. 31 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 42
2. After the key is successfully generated, please save the public key and private key to the computer. 3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Note: 1. The key type should accord with the type of the key file. 2. The SSH key - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 43
4. After the public key and private key are downloaded, please log on to the interface of PuTTY and enter the IP address for login. 5. Click Browse to download the private key file to SSH client software and click Open. 33 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 44
After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded. 4.4.5 Telnet Config On this page you can Enable/Disable Telnet function globally on the switch. Choose the menu - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 45
Choose the menu System→SDM Template→SDM Template Config to load the following page. Select Options Current Template ID: Next Template ID: Select Next Template: Template Table SDM Template: IP ACL Rules: MAC ACL Rules: IPV6 ACL Rules: ARP Detection Entries: Figure 4-20 SDM Template Config - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 46
and maintenance of the stack, while the other stack members process services and keep a copy configuration file in accordance with the master for affecting its normal operation. 2) Distributed LACP (Link Aggregation Control Protocol) supports link aggregation across devices. Since the whole stack - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 47
failure occurs, which further ensures the normal operation of load distribution and backup across devices and links as Figure 5-2 shows. Figure 5-2 Load Distribution and Backup across Devices 3. Network scalability. Each member device in the stack system is able to process protocol packets - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 48
called stack member. Each stack member processes services packets and plays a role which is either into two or more stacks because of stack link failures, as shown in the following figure partition probably brings about routing and forwarding problems on the network since the partitioned stacks keep - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 49
a network where member devices are distributively located. • The ring topology is more reliable than the daisy chain topology. In a daisy chained stack, link failure can cause stack split. While in a ring connected stack, the system is able to operate normally with a new daisy chained topology. Note - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 50
value is, the more likely the member will be elected as the master. By default, the member priority of the switch is 5. We recommend you manually assign the highest priority value to the switch that you prefer to be the stack master before stack establishment. 2. The switch is non-preemptible when - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 51
configurations is associated with its stack member number. As mentioned in Unit Number, The stack member retains its member number until it is manually changed or it conflicts an existing stack member. • If an interface-specific configuration exists for this member number, the stack member will use - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 52
defined for switches not in the stack. The information of the provisioned member is manually created, or created/updated by the switch member when it joins the stack. stack members. The switch can quickly judge the link status of the stack port via monitoring the response of the packets. When - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 53
5.1 Stack Management Before configuring the stack, we highly recommend you to prepare the configuration planning with a clear set of the role and function of each member device. Some configuration needs device reboot to take effect, so you are kindly recommended to configure the stack at first, next - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 54
MAC Address: Priority: Version: Device Type: State: Stack Port Info Displays the MAC address of the member switch. Displays the member priority of the member switch. The higher the value is, the more likely the member will be elected as the master. Displays the current firmware version of the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 55
Choose the menu Stack Management→Stack Config to load the following page. Figure 5-8 Stack Config The following entries are displayed on this screen: Provision Info Unit ID: Device Type: Stack Member Config Configure the unit number of the provisioned stack member. Specify the device type of - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 56
Priority: Status: Stack Port Config The priority for the stack member. The priority ranges from 1 to 15. The new priority value takes effect immediately but does not affect the current stack master. The new priority helps determine which stack member is elected as the new stack master when the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 57
screen: Port Config UNIT/LAGS: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select: Port: Description: Select the desired port for configuration. It is multi-optional. Displays the port number. Give a description to - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 58
the switch. 2. By default, the SFP+ ports support 10Gbps connection. You can manually configure it as 1000M for a 1000Mbps connection. 6.1.2 Port , which is used to analyze the mirrored packets for monitoring and troubleshooting the network. Choose the menu Switching→Port→Port Mirror to load the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 59
from the port panel as the mirroring port. Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port as a mirrored port. It is multi-optional. Displays the port number. 49 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 60
Ingress: Egress: LAG: Select Enable/Disable the Ingress feature. When the Ingress is enabled, the incoming packets received by the mirrored port will be copied to the mirroring port. Select Enable/Disable the Egress feature. When the Egress is enabled, the outgoing packets sent by the mirrored port - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 61
. Static: When Static mode is selected, the learned MAC address will be out of the influence of the aging time and can only be deleted manually. The learned entries will be cleared after the switch is rebooted. Permanent: When Permanent mode is selected, the learned MAC address will be out of - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 62
Status: aging time and can only be deleted manually. The learned entries will be saved even the switch is rebooted. Select the status of Port Security. Three information of the physical ports associated with this unit member. Click LAGS to display the information of the link aggregation groups. 52 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 63
Port: LAG : Forward Portlist: Displays the port number. Displays the LAG number which the port belongs to. Displays the forward portlist. Click Edit to configure the forward portlist. Figure 6-6 Port Isolation Config 6.1.5 Loopback Detection With loopback detection feature enabled, the switch can - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 64
Choose the menu Switching→Port→Loopback Detection to load the following page. Figure 6-7 Loopback Detection Config The following entries are displayed on this screen: Global Config LoopbackDetection Status: Detection Interval: Automatic Recovery Time: Web Refresh Status: Web Refresh Interval: - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 65
or unblock. Displays the LAG number the port belongs to. Click the Recover button to manually remove the block status of selected ports. Note: Loopback Detection must coordinate with storm control. 6.2 LAG LAG (Link Aggregation Group) is to combine a number of ports together to make a single high - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 66
2. The traffic load of the LAG will be balanced among the ports according to the Aggregate Arithmetic. If the connections of one or several ports are broken, the traffic of these ports will be transmitted on the normal ports, so as to guarantee the connection reliability. The LAG function is - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 67
of the LAG. Click the Detail button for the detailed information of your selected LAG. Figure 6-9 Detailed Information 6.2.2 Static LAG On this page, you can manually configure the LAG. 57 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 68
→LAG→Static LAG to load the following page. Figure 6-10 Manually Config The following entries are displayed on this screen: LAG The switch can dynamically group similarly configured ports into a single logical link, which will highly extend the bandwidth and flexibly balance the load. With - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 69
priority. When exchanging information between systems, the system with higher priority determines which link aggregation a link belongs to, and the system with lower priority adds the proper links to the link aggregation according to the selection of its partner. LACP Config UNIT/LAGS: Click - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 70
Select: Port: Admin Key: Port Priority: Mode: Status: LAG: Click LAGS to configure the link aggregation groups. Select the desired port for LACP configuration. It is multi-optional. Displays the port number. Specify an Admin Key for the port. The - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 71
Click unit number to display the information of the physical ports associated with this unit member. Click LAGS to display the information of the link aggregation groups. Select the desired port for clearing. It is multi-optional. Displays the port number. Displays the number of packets received on - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 72
: Click unit number to display the information of the physical ports associated with this unit member. Click LAGS to display the information of the link aggregation groups. Enter a port number and click the Select button or select the port to view the traffic statistics of the corresponding port - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 73
, which is the base for the switch to forward packets quickly. The entries in the Address Table can be updated by auto-learning or configured manually. Most entries are generated and updated by auto-learning. In the stable networks, the static MAC address entries can facilitate the switch to reduce - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 74
This function includes four submenus: Address Table, Static Address, Dynamic Address and Filtering Address. 6.4.1 Address Table On this page, you can view all the information of the Address Table. Choose the menu Switching→MAC Address→Address Table to load the following page. Figure 6-14 Address - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 75
aging status of the MAC address. 6.4.2 Static Address The static address table maintains the static address entries which can be added or removed manually, independent of the aging time. In the stable networks, the static MAC address entries can facilitate the switch to reduce broadcast packets and - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 76
VLAN ID: Enter the VLAN ID number of your desired entry. Port: Enter the Port number of your desired entry. Static Address Table Unit: Select: MAC Address: VLAN ID: Port: Type: Aging Status: Click unit number to display the static address table of this unit member. Select the entry to - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 77
Choose the menu Switching→MAC Address→Dynamic Address to load the following page. Figure 6-16 Dynamic Address The following entries are displayed on this screen: Aging Config Auto Aging: Aging Time: Allows you to Enable/Disable the Auto Aging feature. Enter the Aging Time for the dynamic - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 78
value. 6.4.4 Filtering Address The filtering address is to forbid the undesired packets to be forwarded. The filtering address can be added or removed manually, independent of the aging time. The filtering MAC address allows the switch to filter the packets which includes this MAC address as the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 79
VLAN ID: Port: Type: Aging Status: Displays the corresponding VLAN ID. Here the symbol "--" indicates no specified port. Displays the type of the MAC address. Displays the aging status of the MAC address. Note: The MAC address in the Filtering Address Table cannot be added to the Static Address - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 80
will occupy plenty of bandwidth resources, causing potential serious security problems. A Virtual Local Area Network (VLAN) is a network hosts in a VLAN can belong to different physical network segments. This switch supports 802.1Q VLAN to classify VLANs. VLAN tags in the packets are necessary for the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 81
different VLANs. The switch works at the data link layer in OSI model and it can identify the data link layer encapsulation of the packet only, so to the default VLAN of the inbound port for transmission. In this User Guide, the tagged packet refers to the packet with VLAN tag whereas the untagged - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 82
default VLAN. Different packets, tagged or untagged, will be processed in different ways, after being received by ports of different link types, which is illustrated in the following table. Port Type Receiving Packets Untagged Packets Tagged Packets Forwarding Packets Untagged Packets Tagged - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 83
The following entries are displayed on this screen: VLAN Table Select: Select the desired entry to delete the corresponding VLAN. It is multi-optional. VLAN ID: Displays the VLAN ID. Name: Displays the name of the specific VLAN. Members: Displays the port members in the VLAN. Operation: - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 84
: VLAN Port Config UNIT/LAGS: Select: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port for configuration. It is multi-optional. Port: Displays the port number. PVID: LAG: Enter the PVID number - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 85
page, click the Create button to create a VLAN. Enter the VLAN ID and the name for the VLAN. Meanwhile, specify its member ports and the link type of the ports. Optional. On the VLAN→802.1Q VLAN→VLAN Config page, click the Edit/Detail button to modify/view the information of - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 86
Untagged respectively. Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 20, owning Port 6 and Port 7. Configure the link type of Port 6 and Port 7 as Tagged and Untagged respectively. 7.3 MAC VLAN MAC VLAN technology is the way to classify VLANs according to the MAC - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 87
2. When receiving tagged packet, the switch will process it basing on the 802.1Q VLAN. If the received port is the member of the VLAN to which the tagged packet belongs, the packet will be forwarded normally. Otherwise, the packet will be discarded. 3. If the MAC address of a Host is classified into - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 88
page, click the Create button to create a VLAN. Enter the VLAN ID and the description for the VLAN. Meanwhile, specify its member ports and the link type of the ports. 2 Create MAC VLAN. Required. On the VLAN→MAC VLAN page, create the MAC VLAN. For the device in a MAC VLAN, it - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 89
Network Diagram Configuration Procedure Configure switch A Step Operation Description 1 Create VLAN10 Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 11 and Port 12, and configure the egress rule of Port 11 as Untag. 2 Create VLAN20 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 90
role always effective. By creating Protocol VLANs, the network administrator can manage the network clients basing on their actual applications and services effectively. This switch can classify VLANs basing on the common protocol types listed in the following table. Please create the Protocol - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 91
2. When receiving tagged packet, the switch will process it basing on the 802.1Q VLAN. If the received port is the member of the VLAN to which the tagged packet belongs, the packet will be forwarded normally. Otherwise, the packet will be discarded. 3. If the Protocol VLAN is created, please set its - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 92
Protocol Group Member UNIT/LAGS Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. 7.5.3 Protocol Template The Protocol Template should be created before configuring the Protocol VLAN. By default, the switch has defined the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 93
page, click the Create button to create a VLAN. Enter the VLAN ID and the description for the VLAN. Meanwhile, specify its member ports and the link type of the ports. 83 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 94
Step Operation 2 Create Protocol Template. 3 Create Protocol VLAN. 4 Modify/View VLAN. 5 Delete VLAN. Description Required. On the VLAN→Protocol VLAN→Protocol Template page, create the Protocol Template before configuring Protocol VLAN. Required. On the VLAN→Protocol VLAN→Protocol Group page, - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 95
Configuration Procedure Configure switch A Step Operation 3 Create VLAN10 4 Create VLAN20 Description Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10, owning Port 12 and Port 13, and configure the egress rule of Port 12 as Untagged and Port 13 as Tagged. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 96
to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network BPDUs between each other to exchange information and all the switches supporting STP receive and process the received BPDUs. BPDUs carry the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 97
STP Timers Hello Time: Hello Time ranges from 1 to 10 seconds. It specifies the interval to send BPDU packets. It is used to test the links. Max. Age: Max. Age ranges from 6 to 40 seconds. It specifies the maximum time the switch can wait without receiving a BPDU before attempting to reconfigure - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 98
Comparing BPDUs Each switch sends out configuration BPDUs and receives a configuration BPDU on one of its ports from another switch. The following table shows the comparing operations. Step Operation 1 If the priority of the BPDU received on the port is lower than that of the BPDU if of the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 99
rapidly: The designated port is an edge port or connecting to a point-to-point link. If the designated port is an edge port, it can directly transit to forwarding state; if the designated port is connecting to a point-to-point link, it can transit to forwarding state after getting response from the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 100
The following figure shows the network diagram in MSTP. Figure 8-2 Basic MSTP diagram MSTP MSTP divides a network into several MST regions. The CST is generated between these MST regions, and multiple spanning trees can be generated in each MST region. Each spanning tree is called an instance. As - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 101
The following diagram shows the different port roles. Figure 8-3 Port roles The Spanning Tree module is mainly for spanning tree configuration of the switch, including four submenus: STP Config, Port Config, MSTP Instance and STP Security. 8.1 STP Config The STP Config function, for global - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 102
in the switches regenerating spanning trees frequently and cause network congestions to be falsely regarded as link problems. A too large max age parameter result in the switches unable to find the link problems in time, which in turn handicaps spanning trees being regenerated in time and makes the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 103
8.1.2 STP Summary On this page you can view the related parameters for Spanning Tree function. Choose the menu Spanning Tree→STP Config→STP Summary to load the following page. Figure 8-5 STP Summary 93 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 104
Port. The edge port can transit its state from blocking to forwarding rapidly without waiting for forward delay. Select the P2P link status. If the two ports in the P2P link are root port or designated port, they can transit their states to forwarding rapidly to reduce the unnecessary forward delay - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 105
, the spanning tree instances owning this port are configured as point-to-point links. If the physical link of a port is not a point-to-point link and you forcibly configure the link as a point-to-point link, temporary loops may be incurred. 8.3 MSTP Instance MSTP combines VLANs and spanning tree - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 106
8.3.1 Region Config On this page you can configure the name and revision of the MST region. Choose the menu Spanning Tree→MSTP Instance→Region Config to load the following page. Figure 8-7 Region Config The following entries are displayed on this screen: Region Config Region Name: Revision: - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 107
The following entries are displayed on this screen: VLAN-Instance Mapping Instance ID: VLAN ID: Instance Table Select: Instance ID: Status: Priority: VLAN ID: Clear All: Enter the corresponding instance ID. Enter the desired VLAN ID. After modification here, the new VLAN ID will be added to - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 108
UNIT/LAGS: Select: Port: Priority: Path Cost: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port to specify its priority and path cost. It is multi-optional. Displays the port number of the switch - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 109
a stable network, a switch maintains the states of ports by receiving and processing BPDU packets from the upstream switch. However, when link congestions or link failures occurred to the network, a down stream switch does not receive BPDU packets for certain period, which results in spanning trees - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 110
type receives BDPU packets with higher priority, it transits its state to blocking state and stops forwarding packets (as if it is disconnected from the link). The port resumes the normal state if it does not receive any configuration BPDU packets with higher priorities for a period of two times of - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 111
-optional. Displays the port number of the switch. Loop Protect is to prevent the loops in the network brought by recalculating STP because of link failures and network congestions. Root Protect is to prevent wrong network topology change caused by the role change of the current legal root bridge - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 112
to 10 to specify the TC Protect Cycle. The default value is 5. 8.5 Application Example for STP Function Network Requirements Switch A, B, C, D and E all support MSTP function. A is the central switch. B and C are switches in the convergence layer. D, E and F are switches in the access layer - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 113
the revision of MST region Config page, configure the region as TP-LINK and keep the default revision setting. 4 Configure VLAN-to-Instance VLAN Config page, configure the link type of the related ports as Tagged, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 114
the revision of MST region Config page, configure the region as TP-LINK and keep the default revision setting. 4 Configure VLAN-to-Instance VLAN Config page, configure the link type of the related ports as Tagged, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 115
Config page, configure the link type of the related ports as Tagged, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the the revision of MST region Config page, configure the region as TP-LINK and keep the default revision setting. 4 Configure VLAN-to-Instance - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 116
Suggestion for Configuration Enable TC Protect function for all the ports of switches. Enable Root Protect function for all the ports of root bridges. Enable Loop Protect function for the non-edge ports. Enable BPDU Protect function or BPDU Filter function for the edge ports which are - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 117
users requiring this information is not certain, unicast and broadcast deliver a low efficiency. Multicast solves this problem. It can deliver a high efficiency to send data in the point to multi-point service, which can save large bandwidth and reduce the network load. In multicast, the packets are - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 118
IPv4 Multicast Address 1. IPv4 Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination addresses of multicast packets. The multicast IP addresses range from 224.0.0.0~239.255.255.255. The following table displays the range and - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 119
used to limit the scope of the multicast group. The values are as follows: Value 0、3、F 1 2 4 5 6、7、9~D Indication reserved Interface-Local scope Link-Local scope Admin-Local scope Site-Local scope unassigned 8 Organization-local scope E Global scope Table 9-2 Indications of the Scope 109 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 120
group that corresponds to an IPv6 unicast or anycast address. It is usually used for obtaining the Layer 2 link-layer addresses of neighboring nodes within the local-link or applied in IPv6 Duplicate Address Detection. A node is required to join the associated Solicited-Node multicast addresses - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 121
The high-order 16 bits of the IP multicast address are 0x3333, identifying the IPv6 multicast group. The low-order 32 bits of the IPv6 multicast IP address are mapped to the multicast MAC address. Multicast Address Table The switch is forwarding multicast packets based on the multicast address - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 122
IGMP Messages The switch, running IGMP snooping, processes the IGMP messages of different types as follows. 1. IGMP Query Message IGMP query message, sent by the router, falls into two types, IGMP general query message and IGMP group-specific-query message. The router regularly sends IGMP general - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 123
2. Timers Router Port Time: Within the time, if the switch does not receive IGMP query message from the router port, it will consider this port is not a router port any more. The default value is 300 seconds. Member Port Time: Within the time, if the switch does not receive IGMP report message from - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 124
The following entries are displayed on this screen: Global Config IGMP Snooping: Select Enable/Disable IGMP snooping function globally on the switch. Unknown Multicast: Select the operation for the switch to process unknown multicast, Forward or Discard. Report Message Suppression: Enable or - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 125
: Port: IGMP Snooping: Fast Leave: LAG: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port for IGMP snooping feature configuration. It is multi-optional. Displays the port of the switch. Select Enable - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 126
Note: 1. Fast Leave on the port is effective only when the host supports IGMPv2 or IGMPv3. 2. When Fast Leave feature is enabled, the leaving of a user connected to a port owning multi-user will result in the other users - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 127
the multicast router will duplicate this multicast information and deliver each VLAN owning a receiver one copy. This mode wastes a lot of bandwidth. The problem above can be solved by configuring a multicast VLAN. By adding switch ports to the multicast VLAN and enabling IGMP snooping, you can make - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 128
Choose the menu Multicast→IGMP Snooping→Multicast VLAN to load the following page. Figure 9-8 Multicast VLAN The following entries are displayed on this screen: Multicast VLAN Multicast VLAN: VLAN ID: Router Port Time: Member Port Time: Dynamic Router Ports: Static Router Ports: Select Enable/ - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 129
3. Configure the link type of the router port in the multicast VLAN as Tagged otherwise member ports and router ports to the VLAN on the VLAN→802.1Q VLAN→VLAN Config page. Configure the link type of the router ports as Tagged. Optional. Enable and configure a multicast VLAN on the Multicast→IGMP - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 130
VLAN5. For port 4, configure its link type as Untagged, and add it to VLAN3 and VLAN4. For port 5, configure its link type as Untagged, and add it IGMP queries and manage the multicast table. But IGMP is not supported by the devices in Layer 2 network. IGMP Snooping Querier can act as an IGMP - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 131
help to create and maintain multicast forwarding table on the switch with the Query messages it generates. Choose the menu Multicast→IGMP Snooping→Querier Config to load the following page. Figure 9-9 Querier Config The following entries are displayed on this screen: IGMP Snooping Querier Config - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 132
9.1.6 Profile Config On this page you can configure an IGMP profile. Choose the menu Multicast→IGMP Snooping→Profile Config to load the following page. Figure 9-10 Profile Config The following entries are displayed on this screen: Profile Creation Profile ID: Mode: Search Option Specify the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 133
Operation: Click the Edit button to configure the mode or IP-range of the Profile. After you have created a profile ID, click Edit to display the following figure. The following entries are displayed on this screen: Profile Mode Profile ID: Mode: Add IP-range Displays the Profile ID you - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 134
and Max Group Binding UNIT/LAGS: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select: Port: Profile ID: Select the desired entry for configuration. It is multi-optional. Displays the port number. The existing Profile - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 135
Clear Binding: Click the ClearBinding button to clear all profiles bound to the port. Configuration Procedure: Step Operation 1 Create Profile 2 Configure IP-Range 3 Configure Profile Binding for ports Description Required. Configure the Profile ID and mode on Multicast→IGMP Snooping→ - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 136
The following entries are displayed on this screen: Auto Refresh Auto Refresh: Select Enable/Disable auto refresh feature. Refresh Period: Enter the time from 3 to 300 in seconds to specify the auto refresh period. IGMP Statistics Unit: Port: Query Packet: Report Packet (V1): Click unit - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 137
2. Relevant Ports of the Switch Router Port: Indicates the switch port that links toward the MLD router. Member Port: Indicates the switch port that links toward the multicast members. 3. Timers Router Port Aging Time: Within this time, if the switch does not receive MLD queries from the router port - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 138
The MLD snooping function can be implemented on Snooping Config, Port Config, VLAN Config, Multicast VLAN, Querier Config, Profile Config, Profile Binding and Packet Statistics pages. 9.2.1 Snooping Config To configure MLD snooping on the switch, please firstly configure MLD global configuration and - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 139
Report Message Suppression: Router Port Time: Member Port Time: Last Listener Query Interval: Last Listener Query Count: MLD Snooping Status Description: Member: Enable or disable Report Message Suppression function globally. If this function is enabled, the first Report Message from the listener - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 140
: Port: MLD Snooping: Fast Leave: LAG: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the port you want to configure. Displays the port number. Select Enable/Disable MLD snooping for the desired port. Select Enable - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 141
9.2.3 VLAN Config On this page you can configure MLD snooping function with each single VLAN. You need to create VLAN if you want to enable MLD snooping function in this VLAN. Choose the menu Multicast→MLD Snooping→VLAN Config to load the following page. Figure 9-15 VLAN Config The following - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 142
the multicast router will duplicate this multicast information and deliver each VLAN owning a receiver one copy. This mode wastes a lot of bandwidth. The problem above can be solved by configuring a multicast VLAN. By adding switch ports to the multicast VLAN and enabling MLD snooping, you can make - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 143
otherwise the member ports cannot receive multicast streams. 3. Configure the link type of the router port in the multicast VLAN as Tagged otherwise to send out MLD queries and manage the multicast table. But MLD is not supported by the devices in Layer 2 network. MLD Snooping Querier can act as an - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 144
Choose the menu Multicast→MLD Snooping→Querier Config to load the following page. Figure 9-17 Querier Config The following entries are displayed on this screen: MLD Snooping Querier Config VLAN ID: Enter the VLAN ID which you want to start Querier. Query Interval: Max Response Time: General - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 145
9.2.6 Profile Config On this page you can configure an MLD profile. Choose the menu Multicast→MLD Snooping→Profile Config to load the following page. Figure 9-18 Profile Config The following entries are displayed on this screen: Profile Creation Profile ID: Mode: Search Option Specify the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 146
Operation: Click the Edit button to configure the mode or IP-range of the Profile. After you have created a profile ID, click Edit to display the following figure. The following entries are displayed on this screen: Profile Mode Profile ID: Mode: Add IP-range Displays the Profile ID you - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 147
: Port: Profile ID: Max Group: Overflow Action: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port for multicast filtering. It is multi-optional. The port to be bound. The existing Profile ID bound to - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 148
LAG: Clear Binding: The LAG number which the port belongs to. Click the Clear Binding button to clear all profiles bound to the port. Configuration Procedure: Step Operation Description 1 Create Profile Required. Configure the Profile ID and mode on Multicast→MLD Snooping→Profile Config page. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 149
The following entries are displayed on this screen: Auto Fresh Auto Fresh: Fresh Period: MLD Statistics Select Enable/Disable auto fresh feature. Enter the time from 3 to 300 seconds to specify the auto fresh period. UNIT: Port: Query Packet: Report Packet (V1): Report Packet (V2): Done - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 150
The following entries are displayed on this screen: Search Option Search Option: Multicast IP Table Select the rule for displaying multicast IP table. All: Displays all multicast IP entries. Multicast IP: Enter the multicast IP address the desired entry must carry. VLAN ID: Enter the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 151
The following entries are displayed on this screen: Create Static Multicast Multicast IP: VLAN ID: Forward Port: Search Option Enter the multicast IP address the desired entry must carry. Enter the VLAN ID the desired entry must carry. Enter the forward ports. Search Option: Select the rule - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 152
Multicast IP Table Multicast IP: VLAN ID: Forward Ports: Forward Port: Enter the port number the desired entry must carry. Displays the multicast IP. Displays the VLAN ID. Displays the forward ports of the group. 9.3.4 Static IPv6 Multicast Table On this page you can configure the static IPv6 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 153
Search Option Search Option: Select the rule for displaying multicast IP table. All: Displays all static multicast IP entries. Multicast IP: Enter the multicast IP address the desired entry must carry. VLAN ID: Enter the VLAN ID the desired entry must carry. Forward Port: Enter the port - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 154
ID of the interface corresponding to VLAN ID, loopback ID, routed port or port channel. Specify IP Address allocation mode. None: without ip. Static: setup manually. DHCP: allocated through DHCP. BOOTP: allocated through BOOTP. Specify the IP address of the interface. 144 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 155
interfaces to modify or delete. Displays the ID of the interface. Display IP address allocation mode. None: without ip. Static: setup manually. DHCP: allocated through DHCP. BOOTP: allocated through BOOTP. Displays the IP address of the interface. Displays the subnet mask of the interface - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 156
VLAN interface, loopback interface, routed port or port channel. View and modify the IP address allocation mode. None: without ip. Static: setup manually. DHCP: allocated through DHCP. BOOTP: allocated through BOOTP. View and modify the IP address of the interface. View and modify the subnet - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 157
. Enable/Disable IPv6 function globally on the switch. Link-local Address Config Config Mode: Link-local Address: Select the link-local address configuration mode. Manual: When this option is selected, you should assign a link-local address manually. Auto: When this option is selected, the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 158
illegal to access the switch using the IPv6 address (including link-local and global address). Global Address Autoconfig via obtain the global address from the DHCPv6 Server. Add a Global Address Manually Address Format: Global Address: You can select the global address format according to - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 159
using this address. Tips: After adding a global IPv6 address to your switch manually here, you can configure your PC's global IPv6 address in the same subnet with protocol status, which is up if any up-link port is connected to the interface. Displays the Admin status. Choose Disable to disable - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 160
Interface Name: Displays the name of the interface. Interface Setting Detail Information Displays the detailed setting information of the interface. 10.2 Routing Table This page displays the routing information summary generated by different routing protocols. 10.2.1 IPv4 Routing Table Choose - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 161
the metric of the route. Displays the description of the egress interface. 10.3 Static Routing Static routes are special routes manually configured by the administrator and cannot change automatically with the network topology accordingly. Hence, static routes are commonly used in a relative - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 162
Next Hop: Distance: Metric: Interface Name: Displays the IP address to which the packet should be sent next. Displays the distance metric of route. The smaller the distance, the higher the priority. Displays the metric of the route. Displays the name of the VLAN interface. 10.3.2 IPv6 Static - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 163
subnet, which require the DHCP server is available in every subnet. It is costly to build so much DHCP Server. DHCP relay agent solves the problem. Via a relay agent, DHCP clients request an IP address from the DHCP server in another subnet, and DHCP clients in different subnets can share the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 164
82 is defined, at least one sub-option should be defined. This Switch supports two sub-options, Circuit ID and Remote ID. Since there is no universal packets from DHCP Clients. Furthermore these two parameters also can be manually configured. The format of Option 82 defined on the switch by default - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 165
DHCP Relay: Enable the DHCP relay feature. Option 82 configuration Configure the Option 82 which cannot be assigned by the switch. Option 82 Support: Existed Option 82 Field: Customization: Circuit ID: Enable or disable the Option 82 feature. Select the operation for the existed Option 82 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 166
the Routing→DHCP Relay→Global Config page, enable the DHCP Relay function. 2 Configure Option 82 Optional. On the Routing→DHCP Relay→Global Config support. page, configure the Option 82 parameters. 3 Configure DHCP Server. Required. On the Routing→DHCP Relay→DHCP Server page, specify the DHCP - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 167
10.5 ARP This page displays the ARP table information and you can configure static ARP here. 10.5.1 ARP Table Choose the menu Routing→ARP→ARP Table to load the following page. Figure 10-4 ARP Table The following entries are displayed on this screen: ARP Table Interface: IP Address: Displays the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 168
MAC Address: Displays the MAC address of ARP entry. Return to CONTENTS 158 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 169
the bandwidth resource distribution so as to provide a network service experience of a better quality. QoS This switch the network is congested, the problem that many packets compete for resources must be solved, usually in the way of queue scheduling. The switch supports four schedule modes: SP, - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 170
Figure 11-3 IP datagram As shown in the figure above, the ToS (Type of Service) in an IP header contains 8 bits. The first three bits indicate IP precedence priority mode. Schedule Mode When the network is congested, the problem that many packets compete for resources must be solved, usually in the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 171
, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 172
specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms. The port priorities are labeled as CoS0, CoS1... CoS7. The DiffServ function can be implemented on Port Priority - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 173
the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port to configure its priority. It is a schedule mode for the switch. When the network is congested, the problem that many packets compete for resources must be solved, usually in the way - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 174
The following entries are displayed on this screen: Schedule Mode Config Schedule Mode: Queue Weight: Select a schedule mode. SP-Mode:Strict-Priority Mode. In this mode, the queue with higher priority will occupy the whole bandwidth. Packets in the queue with lower priority are sent only when - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 175
Choose the menu QoS→DiffServ→802.1P Priority to load the following page. Figure 11-8 802.1P Priority The following entries are displayed on this screen: Priority and CoS-mapping Config Select: Tag-id/CoS-id: Queue TC-id: Select the desired 802.1P tag-id/cos-id for 802.1P priority configuration. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 176
Choose the menu QoS→DiffServ→DSCP Priority to load the following page. Figure 11-9 DSCP Priority The following entries are displayed on this screen: DSCP Priority Config DSCP Priority: Select Enable or Disable DSCP Priority. Priority Level Select: Select the desired DSCP value for DSCP - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 177
the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port for Rate configuration. It is on the port. You can select a rate from the dropdown list or manually set Ingress rate, the system will automatically select integral multiple of 64Kbps - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 178
port, storm control feature will be disabled for this port. 2. When manually set Ingress/Egress rate, the system will automatically select integral multiple of 64Kbps of this unit member. Click LAGS to configure the link aggregation groups. Select: Select the desired port for Storm Control configuration - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 179
Port: PPS: Broadcast Rate Mode: Broadcast: Mulitcast Rate Mode: Multicast: UL-Frame Rate Mode: UL-Frame: LAG: Displays the port number of the switch. Enable or disable the PPS mode. Select the broadcast rate mode, pps mode is invalid if the PPS is disabled. kbps: Specify the threshold in kbits - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 180
VLAN Mode Voice Stream Type Link type of the port and processing mode TAG voice stream Automatic Mode Untagged: Not supported. Tagged: Supported. The default VLAN of the port cannot be voice VLAN. UNTAG voice Untagged: Supported. stream Tagged: Not supported. Manual Mode TAG voice stream - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 181
Security Mode of Voice VLAN When voice VLAN is enabled for a port, you can configure its security mode to filter data stream. If security mode is enabled, the port just forwards voice packets, and discards other packets whose source MAC addresses do not match OUI addresses. If security mode is - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 182
on this screen: Port Config UNIT/LAGS: Select: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port for voice VLAN configuration. It is multi-optional. 172 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 183
VLAN by checking whether the port receives voice data or not. Manual: In this mode, you can manually add a port to the voice VLAN or remove a port from LAG number which the port belongs to. 11.3.3 OUI Config The switch supports OUI creation and adds the MAC address of the special voice device to - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 184
, click the Create button to create a VLAN. 2 Add OUI address Optional. On QoS→Voice VLAN→OUI Config page, you can check whether the switch is supporting the OUI template or not. If not, please add the OUI address. 3 Configure the parameters Required. On QoS→Voice VLAN→Port Config page, of the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 185
Chapter 12 ACL ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 186
12.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figure 12-2 Time-Range Create Note: To successfully configure time-ranges, please firstly specify time-slices and then time-ranges. The following entries - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 187
End Time: Delete: Displays the end time of the time-slice. Click the Delete button to delete the corresponding time-slice. 12.1.3 Holiday Config Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays according to your work - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 188
Choose the menu ACL→ACL Config→ACL Summary to load the following page. Figure 12-4 ACL Summary The following entries are displayed on this screen: Search Option Select ACL: Select the ACL you have created ACL Type: Rule Order: Displays the type of the ACL you select. Displays the rule order - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 189
Figure 12-6 Create MAC Rule The following entries are displayed on this screen: Create MAC-Rule ACL ID: Select the desired MAC ACL for configuration. Rule ID: Enter the rule ID. Operation: S-MAC: Select the operation for the switch to process packets which match the rules. Permit: Forward - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 190
12.2.4 Standard-IP ACL Standard-IP ACLs analyze and process data packets based on a series of match conditions, which can be the source IP addresses and destination IP addresses carried in the packets. Choose the menu ACL→ACL Config→Standard-IP ACL to load the following page. Figure 12-7 Create - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 191
12.2.5 Extend-IP ACL Extend-IP ACLs analyze and process data packets based on a series of match conditions, which can be the source IP addresses, destination IP addresses, IP protocol and other information of this sort carried in the packets. Choose the menu ACL→ACL Config→Extend-IP ACL to load the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 192
TCP Flag: S-Port: D-Port: DSCP: IP ToS: IP Pre: Time-Range: Configure TCP flag when TCP is selected from the pull-down list of IP Protocol. Configure TCP/IP source port contained in the rule when TCP/UDP is selected from the pull-down list of IP Protocol. Configure TCP/IP destination port contained - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 193
Rule ID: Enter the rule ID. Operation: Select the operation for the switch to process packets which match the rules. Permit: Forward packets. Deny: Discard Packets. DSCP: Enter the DSCP information contained in the rule. Flow Label: Enter the Flow Label information contained in the rule. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 194
Figure 12-10 Policy Summary The following entries are displayed on this screen: Search Option Select Policy: Action Table Select name of the desired policy for view. If you want to delete the desired policy, please click the Delete button. Select: Index: ACL ID: S-Mirror: S-Condition: - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 195
Figure 12-12 Action Create The following entries are displayed on this screen: Create Action Select Policy: Select ACL: S-Mirror: S-Condition: Redirect: QoS Remark: Select the name of the policy. Select the ACL for configuration in the policy. Select S-Mirror to mirror the data packets in the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 196
The ACL Binding can be implemented on Binding Table, Port Binding and VLAN Binding pages. 12.4.1 Binding Table On this page view the ACL bound to port/VLAN. Choose the menu ACL→ACL Binding→Binding Table to load the following page. Figure 12-13 Binding Table The following entries are displayed on - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 197
12.4.2 Port Binding On this page you can bind a ACL to a port. Choose the menu ACL→ACL Binding→Port Binding to load the following page. Figure 12-14 Bind the policy to the port The following entries are displayed on this screen: Port-Bind Config ACL ID: Select the ID of the ACL you want to bind - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 198
12.4.3 VLAN Binding On this page you can bind an ACL to a VLAN. Choose the menu ACL→ACL Binding→VLAN Binding to load the following page. Figure 12-15 Bind the policy to the VLAN The following entries are displayed on this screen: VLAN-Bind Config ACL ID: VLAN ID: VLAN-Bind Table Select the ID - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 199
12.5.1 Binding Table On this page view the policy bound to port/VLAN. Choose the menu ACL→Policy Binding→Binding Table to load the following page. Figure 12-16 Binding Table The following entries are displayed on this screen: Search Option Show Mode: Select a show mode appropriate to your needs - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 200
12.5.2 Port Binding On this page you can bind a policy to a port. Choose the menu ACL→ACL Binding→Port Binding to load the following page. Figure 12-17 Bind the policy to the port The following entries are displayed on this screen: Port-Bind Config Policy Name: Port: Select the name of the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 201
12.5.3 VLAN Binding On this page you can bind a policy to a VLAN. Choose the menu ACL→Policy Binding→VLAN Binding to load the following page. Figure 12-18 Bind the policy to the VLAN The following entries are displayed on this screen: VLAN-Bind Config Policy Name: VLAN ID: VLAN-Bind Table - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 202
3. The staff of the marketing department can access to the Internet but cannot visit the forum. 4. The R&D department and marketing department cannot communicate with each other. Network Diagram Configuration Procedure Step Operation 1 Configure for requirement 1 Description On ACL→ACL - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 203
Step Operation 2 Configure for requirement 2 and 4 3 Configure for requirement 3 and 4 Description On ACL→ACL Config→ACL Create page, create ACL 500. On ACL→ACL Config→Standard-IP ACL page, select ACL 500, create Rule 1, configure operation as Deny, configure S-IP as 10.10.70.0 and mask as - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 204
access and only allow the Hosts matching the bound entries to access the network. The following three IP-MAC Binding methods are supported by the switch. (1) Manually: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 205
with the other entries. Note: Among the entries with Critical collision level, the one with the highest Source priority will take effect. 13.1.2 Manual Binding You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the related - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 206
VLAN ID: Enter the VLAN ID. Protect Type: Select the Protect Type for the entry. Port: Select the number of port connected to the Host. Manual Binding Table UNIT: Click unit number to configure the physical ports of this unit member. Select: Select the desired entry to be deleted. It is - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 207
delivered to their destinations correctly. IP address is the address of the Host on Network layer. MAC address, the address of the Host on Data link layer, is necessary for the packet to reach the very device. So the destination IP address carried in a packet need to be translated into the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 208
Choose the menu Network Security→IP-MAC Binding→ARP Scanning to load the following page. Figure 13-4 ARP Scanning The following entries are displayed on this screen: Scanning Option Start IP Address: End IP Address: Specify the Start IP Address. Specify the End IP Address. VLAN ID: Scan: - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 209
basing on the BOOTP, functions to solve the above mentioned problems. DHCP Working Principle DHCP works via the "Client/Server different DHCP Clients, DHCP Server provides three IP address assigning methods: (1) Manually assign the IP address: Allows the administrator to bind the static IP - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 210
the DHCP Client via Option 82 so as to locate the DHCP Client for fulfilling the security control and account management of Client. The Server supported Option 82 also can set the distribution policy of IP addresses and the other parameters according to the Option 82, providing more flexible address - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 211
a sub-option should be defined. This switch supports two sub-options: Circuit ID and Remote ID. in the network, network confusion and security problem will happen. The common cases incurring the It's common that the illegal DHCP server is manually configured by the user by mistake. (2) Hacker - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 212
13.2.1 Global Config Choose the menu Network Security→DHCP Snooping→Global Config to load the following page. Figure 13-8 DHCP Snooping The following entries are displayed on this screen: DHCP Snooping Configuration DHCP Snooping: Enable/Disable the DHCP Snooping function globally. VLAN ID: - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 213
MAC Verify: Rate Limit: Decline Protect: LAG: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select your desired port for configuration. It is multi-optional. Displays the port number. Select Enable/Disable the port to be - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 214
: Click 1 to configure the physical ports. Click LAGS to configure the link aggregation groups. Select your desired port for configuration. It is multi-optional. Displays the port number. Option 82 Support: Operation Strategy: Circuit ID Customization: Enable/Disable the Option 82 feature. Select - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 215
Circuit ID: Remote ID Customization: Remote ID: LAG: Enter the sub-option Circuit ID for the customized Option 82 field. Enable or disable the switch to define the Option 82 sub-option Remote ID field. With Disable selected, configure the switch system MAC address as the remote ID default value. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 216
As the above figure shown, the attacker sends the fake ARP packets with a forged Gateway address to the normal Host, and then the Host will automatically update the ARP table after receiving the ARP packets. When the Host tries to communicate with Gateway, the Host will encapsulate this false - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 217
Figure 13-13 ARP Attack - Cheating Terminal Hosts As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 218
Figure 13-14 Man-In-The-Middle Attack Suppose there are three Hosts in LAN connected with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP address is 192.168.0.103; - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 219
Trusted Port Trusted Port: Select the port for which the ARP Detect function is unnecessary as the Trusted Port. The specific ports, such as up-linked port, routing port and LAG port, should be set as Trusted Port. To ensure the normal communication of the switch, please configure the ARP Trusted - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 220
the connected Port connected Port number of number of the Host together via Manual Binding, ARP the Host together. Scanning or DHCP Snooping. 2 Enable the Detect page, specify the trusted port. The specific ports, such as up-linked port, routing port and LAG port, should be set as Trusted Port. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 221
The following entries are displayed on this screen: ARP Defend UNIT: Select: Port: Defend: Speed(10-100)pps: Current Speed(pps): Status LAG: Operation: Click unit number to configure the physical ports of this unit member. Select your desired port for configuration. It is multi-optional. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 222
. Indicates the port is an ARP Trusted Port or not. Displays the number of the received illegal ARP packets. 13.4 DoS Defend DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 223
With DoS Defend function enabled, the switch can analyze the specific fields of the IP packets and distinguish the malicious DoS attack packets. Upon detecting the packets, the switch will discard the illegal packets directly and limit the transmission rate of the legal packets if the over legal - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 224
issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to solve mainly authentication and security problems. 802.1X is a port-based network access control protocol. It authenticates and controls devices requesting for access in terms of the ports of - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 225
1X-supported network device, such as this TP-LINK switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system. (3) Authentication Server System: The authentication server system is an entity that provides authentication service - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 226
to allow them successfully reach the authentication server. This mode normally requires the RADIUS server to support the two fields of EAP: the EAP-message field and the Message-authenticator field. This switch supports EAP-MD5, EAP-TLS, EAP-TTLS and EAP-PEAP authentication way for the EAP relay - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 227
are accomplished through RADIUS protocol. In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the following figure. Figure 13-21 PAP Authentication Procedure In PAP - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 228
there are still ports that have not sent any response back, the switch will then add these ports into the Guest VLAN according to their link types. Only when the corresponding user passes the 802.1X authentication, the port will be removed from the Guest VLAN and added to the specified - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 229
Handshake feature is used to detect the connection status of the TP-LINK 802.1X Client with the switch. Please disable Handshake feature if you are using other client software instead of TP-LINK 802.1X Client. Enable/Disable the Guest VLAN feature. Enter your - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 230
Choose the menu Network Security→802.1X→Port Config to load the following page. Figure 13-23 Port Config The following entries are displayed on this screen: Port Config UNIT: Select: Port: Status: Guest VLAN: Control Mode: Control Type: Authorized: LAG: Click unit number to configure the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 231
are required to software. install the TP-LINK 802.1X Client provided on the CD. Please refer to the software guide in the same directory with the software authentication methods and their sequence to authenticate a user. The switch supports Login List for users to gain access to the switch, and - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 232
The administrator can set the authentication methods in a preferable order in the list. The switch uses the first listed method to authenticate users, if that method fails to respond, the switch selects the next authentication method in the method list. This process continues until there is a - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 233
set by the admin users using the command lines. For more details please refer to the command enable password in the Command Line Interface Guide on the resource CD. 13.6.3 RADIUS Server Config This page is used to configure the authentication servers running the RADIUS security protocols. Choose the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 234
13.6.4 TACACS+ Server Config This page is used to configure the authentication servers running the TACACS+ security protocols. Choose the menu Network Security→AAA→TACACS+ Conifg to load the following page. Figure 13-27 TACACS+ Server Config Configuration Procedure Configure the TACACS+ server's - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 235
Choose the menu Network Security→AAA→Server Group to load the following page. Figure 13-28 Create New Server Group Figure 13-29 Add Server to Server Group Configuration Procedure 1) Configure the Server Group name and Server Type to create a server group. 2) Click edit in the Server Group List - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 236
13.6.6 Authentication Method List Config Before you configure AAA authentication on a certain application, you should define an authentication method list first. An authentication method list describes the sequence and authentication method to be queried to authenticate a user. The switch uses the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 237
Entry Description Method List Name: List Type: Pri1, Pri2, Pri3, Pri4: Define a method list name. Specify the authentication type as Authentication Login or Authentication Enable. Authentication Login stands for the Authentication Login Method List, and Authentication Enable stands for the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 238
Entry Description: Module: Login List: Enable List: Lists of the configurable applications on the switch. Configure an application for the login utilizing a previously configured method list. Configure an application to promote the user level to admin-level users utilizing a previously - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 239
The application console/telnet/ssh/http use the default Login List and default Enable list by default. The 802.1X authentication uses the radius server group by default. The 802.1X accounting uses the radius server group by default. Return to CONTENTS 229 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 240
Management Station, SNMP Agent and MIB is illustrated in the following figure. Figure 14-1 Relationship among SNMP Network Elements SNMP Versions This switch supports SNMP v3, and is compatible with SNMP v1 and SNMP v2c. The SNMP versions adopted by SNMP Management Station and SNMP Agent should be - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 241
SNMP v1: SNMP v1 adopts Community Name authentication. The community name is used to define the relation between SNMP Management Station and SNMP Agent. The SNMP packets failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 242
3. Create SNMP User The User configured in a SNMP Group can manage the switch via the client program on management station. The specified User Name and the Auth/Privacy Password are used for SNMP Management Station to access the SNMP Agent, functioning as the password. SNMP module is used to - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 243
Note: The amount of Engine ID characters must be even. 14.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 244
14.1.3 SNMP Group On this page, you can configure SNMP Group to control the network access by providing the users in various groups with different management rights via the Read View, Write View and Notify View. Choose the menu SNMP→SNMP Config→SNMP Group to load the following page. Figure 14-5 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 245
Read View: Write View: Notify View: Group Table Select: Group Name: Security Model: Security Level: Read View: Write View: Notify View: Operation: Select the View to be the Read View. The management access is restricted to read-only, and changes cannot be made to the assigned SNMP View. Select - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 246
Choose the menu SNMP→SNMP Config→SNMP User to load the following page. Figure 14-6 SNMP User The following entries are displayed on this screen: User Config User Name: User Type: Group Name: Security Model: Security Level: Auth Mode: Auth Password: Privacy Mode: Privacy Password: Enter the User - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 247
User Table Select: User Name: User Type: Group Name: Security Model: Security Level: Auth Mode: Privacy Mode: Operation: Select the desired entry to delete the corresponding User. It is multi-optional. Displays the name of the User. Displays the User Type. Displays the Group Name of the User. - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 248
Access: MIB View: Community Table Select: Community Name: Access: MIB View: Operation: Defines the access rights of the community. read-only: Management right of the Community is restricted to read-only, and changes cannot be made to the corresponding View. read-write: Management right of the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 249
If SNMPv1 or SNMPv2c is employed, please take the following steps: Step 1 2 3 Operation Description Enable SNMP function globally. Required. On the SNMP→SNMP Config→Global Config page, enable SNMP function globally. Create SNMP View. Required. On the SNMP→SNMP Config→SNMP View page, - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 250
On this page, you can configure the notification function of SNMP. Choose the menu SNMP→Notification→Notification Config to load the following page. Figure 14-8 Notification Config The following entries are displayed on this screen: Host Config IP Address: User: Security Model: Type: Retry: - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 251
to manage the large-scale network since it reduces the communication traffic between management station and managed agent. RMON Group This switch supports the following four RMON Groups defined on the RMON standard (RFC1757): History Group, Event Group, Statistic Group and Alarm Group. RMON - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 252
The RMON Groups can be configured on the Statistics, History, Event and Alarm pages. 14.3.1 Statistics On this page you can configure and view the statistics entry. Choose the menu SNMP→RMON→Statistics to load the following page. Figure 14-9 Statistics The following entries are displayed on this - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 253
Displays the maximum number of buckets desired for the RMON history group of statistics, ranging from 1 to 130. The default is 50 buckets. 130 buckets supported at most so far. Enter the name of the device or user that defined the entry. Select Enable/Disable the corresponding sampling entry. 243 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 254
14.3.3 Event On this page, you can configure the RMON events. Choose the menu SNMP→RMON→Event to load the following page. Figure 14-11 Event Config The following entries are displayed on this screen: Event Table Select: Index: User: Description: Type: Owner: Status: Select the desired entry for - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 255
14.3.4 Alarm Config On this page, you can configure Statistic Group and Alarm Group for RMON. Choose the menu SNMP→RMON→Alarm to load the following page. Figure 14-12 Alarm Config The following entries are displayed on this screen: Alarm Config Select: Select the desired entry for configuration - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 256
Alarm Type: Interval: Owner: Status: Specify the type of the alarm. All: The alarm event will be triggered either the sampled value exceeds the Rising Threshold or is under the Falling Threshold. Rising: When the sampled value exceeds the Rising Threshold, an alarm event is triggered. Falling - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 257
802.1ab standard, and these TLVs are encapsulated in LLDPDU (Link Layer Discovery Protocol Data Unit). The LLDPDU distributed via LLDP is information can be used by SNMP applications to simplify troubleshooting, enhance network management, and maintain an accurate network supported by each port. 247 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 258
Tx&Rx: the port can both transmit and receive LLDPDUs. Rx_Only: the port can receive LLDPDUs only. Tx_Only: the port can transmit LLDPDUs only. Disable: the port cannot transmit or receive LLDPDUs. 2) LLDPDU transmission mechanism If the ports are working in TxRx or Tx mode, they will - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 259
VLAN ID TLV, VLAN Name TLV And Protocol Identity TLV are defined by IEEE 802.1, while MAC/PHY Configuration/Status TLV, Power Via MDI TLV, Link Aggregation TLV and Maximum Frame TLV are defined by IEEE 802.3. Some specific TLVs are for LLDP-MED protocol, such as LLDP-MED Capabilities TLV - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 260
1AB standard and ANSI/TIA-1057. In TP-LINK switch, the following LLDP optional TLVs are supported. TLV Type Description Port Description TLV The c)Whether these settings are the result of auto-negotiation during link initiation or of manual set override action. Max Frame Size TLV Power Via MDI - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 261
The LLDP module is mainly for LLDP function configuration of the switch, including three submenus: Basic Config, Device Info, Device Statistics and LLDP-MED. 15.1 Basic Config LLDP is configured on the Global Config and Port Config pages. 15.1.1 Global Config On this page you can configure the LLDP - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 262
Fast Start Times: When the port's LLDP state transforms from Disable (or Rx_Only) to Tx&Rx (or Tx_Only), the fast start mechanism will be enabled, that is, the transmit interval will be shorten to a second, and several LLDPDUs will be sent out (the number of LLDPDUs equals this parameter). The - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 263
Notification Mode: Included TLVs: Allows you to enable or disable the ports' SNMP notification. If enabled, the local device will notify the trap event to SNMP server. Select TLVs to be included in outgoing LLDPDU. 15.2 Device Info You can view the LLDP information of the local device and its - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 264
Interface: Chassis ID Subtype: Chassis ID: Port ID Subtype: Port ID: TTL: Port Description: System Name: System Description: System Capabilities Supported: System Capabilities Enabled: Management Address: Display local port number. Indicate the basis for the chassis ID, and the default subtype is - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 265
the Chassis ID of the neighbor device. Displays the system description of the neighbor device. Displays the port number of the neighbor linking to local port. Click Information to display the detailed information of the neighbor device. 15.3 Device Statistics You can view the LLDP statistics - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 266
Choose the menu LLDP→Device Statistics→Statistic Info to load the following page. Figure 15-5 LLDP Statistic Information The following entries are displayed on this screen: Auto Refresh Auto Refresh: Refresh Rate: Global Statistics Last Update: Total Inserts: Total Deletes: Total Drops: Total - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 267
Displays the number of overtime neighbors linking to this port. Displays the number providing some aspects of IP communications service, based on IEEE 802 LAN technology supports media stream capabilities. Communication Device Endpoint (Class III): The class of Endpoint Device that directly supports - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 268
, Software Revision TLV, Serial Number TLV, Manufacturer Name TLV, Model Name TLV and Asset ID TLV. If support for any of the TLVs in the Inventory Management set is implemented, then support for all Inventory Management TLVs shall be implemented. LLDP-MED is configured on the Global Config, Port - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 269
Figure 15-7 LLDP-MED Port Configuration The following entries are displayed on this screen: LLDP-MED Port Config Port: LLDP-MED Status: Included TLVs: Detail: Displays local device's port number. Configure the port's LLDP-MED status: Enable: Enable the port's LLDP-MED status, and the port's - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 270
Parameters Configure the Location Identification TLV's content in outgoing LLDPDU of the port. Emergency Number: Civic Address: Emergency number is Emergency Call Service ELIN identifier, which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. The Civic address is - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 271
15.4.3 Local Info On this page you can see all ports' LLDP-MED configuration. Choose the menu LLDP→LLDP-MED→Local Info to load the following page. Figure 15-8 LLDP-MED Local Information The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the auto - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 272
15.4.4 Neighbor Info On this page you can get the LLDP-MED information of the neighbors. Choose the menu LLDP→LLDP-MED→Neighbor Info to load the following page. Figure 15-9 LLDP-MED Neighbor Information The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/ - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 273
, provides the convenient method to locate and solve the network problem. (1) System Monitor: Monitor the utilization status of the memory tests the connection status of the cable to locate and diagnoses the trouble spot of the network. (4) Network Diagnostics: Test whether the destination device - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 274
every four seconds. 16.2 Log The Log system of switch can record, classify and manage the system information effectively, providing powerful support for network administrator to monitor network operation and diagnose malfunction. The Logs of switch are classified into the following eight levels - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 275
16-1 Log Level The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages. 16.2.1 Log Table The switch supports logs output to two directions, namely, log buffer and log file. The information in log buffer will be lost after the switch is rebooted or - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 276
Severity: Content: Displays the severity level of the log information. You can select a severity level to display the log information whose severity level value is the same or smaller. Displays the content of the log information. Note: 3. The logs are classified into eight levels based on severity - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 277
entries are displayed on this screen: Log Host Index: Host IP: UDP Port: Severity: Status: Displays the index of the log host. The switch supports 4 log hosts. Configure the IP for the log host. Displays the UDP port used for receiving/sending log information. Here we use the standard port - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 278
.3.1 Cable Test Cable Test functions to test the connection status of the cable connected to the switch, which facilitates you to locate and diagnose the trouble spot of the network. 268 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 279
Choose the menu Maintenance→Device Diagnose→Cable Test to load the following page. Figure 16-7 Cable Test The following entries are displayed on this screen: Cable Test UNIT: Port: Pair: Status: Length: Error: Click unit number to configure the physical ports of this unit member. Select the - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 280
: Interval: Enter the IP address of the destination node for Ping test. Both IPv4 and IPv6 are supported. Enter the amount of times to send test data during Ping testing. The default value is recommended. occur to the network, you can locate trouble spot of the network with this tracert test. 270 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 281
entries are displayed on this screen: Tracert Config Destination IP: Max Hop: Enter the IP address of the destination device. Both IPv4 and IPv6 are supported. Specify the maximum number of the route hops the test data can pass through. Return to CONTENTS 271 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 282
. 5 or above 1000Base-T: 4-pair UTP (≤100m) of Cat. 5e, Cat.6 or above 1000Base-X: MMF or SMF SFP Module (Optional) PWR, SYS, Master, Link/Act, 1000Mbps, 25-28, Unit ID LED Transmission Method Store and Forward Packets Forwarding Rate 10BASE-T: 14881pps/port 100BASE-TX: 148810pps/port 1000BASE - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 283
files, and the name of the boot file. Class of Service (CoS) CoS is supported by prioritizing packets based on the required level of service, and then placing them in the appropriate output queue. and timers used for flow control on full-duplex links. (Now incorporated in IEEE 802.3-2002) 273 - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 284
switch filters incoming multicast frames for services forwhich no attached host has registered, on traffic based on MAC addresses. Link Aggregation See Port Trunk. Management Information target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows - TP-Link 10GE | T1700G-28TQUN V1 User Guide - Page 285
any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets - connection-less datagrams
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
 |
 |
T1700G-28TQ
JetStream 24-Port Gigabit Stackable
Smart Switch with 4 10GE SFP+ Slots
REV1.0.1
1910011740