TP-Link T1500-28PCT T1500-28PCTTL-SL2428PUN V3 User Guide
TP-Link T1500-28PCT Manual
View all TP-Link T1500-28PCT manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link T1500-28PCT manual content summary:
- TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 1
User Guide Jetstream Smart Switches T1500G-8T (TL-SG2008)/T1500-28PCT (TL-SL2428P) TL-SG2210MP/TL-SG2210P 1910012765 REV3.3.0 March 2020 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 2
Telnet Login...16 Disable SSH Login...17 Copy running-config startup-config...17 Change the Switch's IP Address and Default Gateway...18 Managing System System...20 Overview...20 Supported Features...20 System Info Configurations...22 Using the GUI...22 Viewing the System Summary...22 Configuring - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 3
Devices)...40 Configuring the System IP...40 Configuring System IPv6 Parameters Firmware...58 Rebooting the Switch...58 Reseting the Switch...60 EEE Configuration...61 Using the CLI...61 PoE Configurations (Only for Certain Devices)...63 Using the GUI...64 Configuring the PoE Parameters Manually - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 4
...84 Network Requirements...84 Configuring Scheme...84 Using the GUI...84 Using the CLI...87 Appendix: Default Parameters...88 Managing Physical Interfaces Physical Interface...92 Overview...92 Supported Features...92 Basic Parameters Configurations...93 Using the GUI...93 Using the CLI...94 Port - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 5
Network Requirements...107 Configuration Scheme...107 Using the GUI...108 Using the CLI...109 Appendix: Default Parameters...110 Configuring LAG LAG...112 Overview...112 Supported Features...112 LAG Configuration...113 Using the GUI...114 Configuring Load-balancing Algorithm...114 Configuring Static - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 6
the GUI...148 Using the CLI...151 Appendix: Default Parameters ...154 Configuring MAC VLAN Overview...156 MAC VLAN Configuration...157 Using the GUI...157 Configuring 802.1Q VLAN...157 Binding the MAC Address to the VLAN...157 Enabling MAC VLAN for the Port...158 Using the CLI...159 Configuring - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 7
167 Appendix: Default Parameters...171 Configuring Protocol VLAN Overview...173 Protocol VLAN Configuration...174 Using the GUI...174 Configuring 802.1Q VLAN...174 Creating Protocol Template...175 Configuring Protocol VLAN...176 Using the CLI...177 Configuring 802.1Q VLAN...177 Creating a Protocol - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 8
Configuring MLD Snooping for Ports...242 Configuring Hosts to Statically Join a Group...243 MVR Configuration...245 Using the GUI...245 Configuring 802.1Q VLANs...245 Configuring MVR Globally...246 Adding Multicast Groups to MVR...247 Configuring MVR for the Port...248 (Optional) Adding Ports to MVR - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 9
Multicast Filtering...286 Network Requirements...286 Configuration Scheme...286 Network Topology...287 Using the GUI...287 Using the CLI...291 Appendix: Default Parameters ...294 Default Parameters for IGMP Snooping...294 Default Parameters for MLD Snooping...295 Default Parameters for MVR...296 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 10
Default Parameters for Multicast Filtering...296 Configuring Spanning Tree Spanning Tree...298 Overview...298 Basic Concepts...298 STP/RSTP Concepts...298 MSTP Concepts...302 STP Security... - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 11
Using the CLI...350 Appendix: Default Parameters...357 Configuring LLDP LLDP...360 Overview...360 Supported Features...360 LLDP Configurations...361 Using the GUI...361 Configuring LLDP Globally... 386 Configuration Scheme...386 Using the GUI...386 Using CLI...387 Appendix: Default Parameters...394 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 12
Service DHCP...396 Overview...396 Supported Features...396 DHCP Relay Configuration...400 Using the GUI...400 Enabling DHCP Relay and Configuring Option 82 400 Configuring DHCP VLAN Examples...414 Example for DHCP VLAN Relay...414 Network Requirements...414 the DHCP Relay Switch...422 Configuring the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 13
Configuring QoS QoS...436 Overview...436 Supported Features...436 Class of Service Configuration...438 Using the GUI...439 Control...462 Voice VLAN Configuration...465 Using the GUI...465 Configuring OUI Addresses...465 Configuring Voice VLAN Globally...466 Adding Ports to Voice VLAN...467 Using the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 14
Requirements...489 Configuration Scheme...490 Using the GUI...490 Using the CLI...495 Appendix: Default Parameters...500 Configuring Access Security Access Security...505 Overview...505 Supported Features...505 Access Security Configurations...506 Using the GUI...506 Configuring the Access Control - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 15
Password 543 Configuration Example...546 Network Requirements...546 Configuration Scheme...546 Using the GUI...547 Using the CLI...549 Appendix: Default Parameters...552 Configuring 802.1x Overview...555 802.1x Configuration...556 Using the GUI...556 Configuring the RADIUS Server...556 Configuring - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 16
ACL Counting...618 Configuration Example for ACL...619 Network Requirements...619 Configuration Scheme...619 Using the GUI...620 Using the CLI...626 Appendix: Default Parameters...628 Configuring IPv4 IMPB IPv4 IMPB...631 Overview...631 Supported Features...631 IP-MAC Binding Configuration...632 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 17
Viewing the Binding Entries...637 Using the CLI...638 Binding Entries Manually...638 Binding Entries via DHCP Snooping...640 Viewing Binding Entries...641 Ports...643 Viewing ARP Statistics...644 Using the CLI...645 Adding IP-MAC Binding Entries...645 Enabling ARP Detection...645 Configuring ARP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 18
Appendix: Default Parameters...661 Configuring IPv6 IMPB IPv6 IMPB...664 Overview...664 Supported Features...664 IPv6-MAC Binding Configuration...666 Using the GUI...666 Binding Entries Manually...666 Binding Entries via ND Snooping...667 Binding Entries via DHCPv6 Snooping...669 Viewing the Binding - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 19
Network Requirements...688 Configuration Scheme...689 Using the GUI...689 Using the CLI...691 Appendix: Default Parameters...692 Configuring DHCP Filter DHCP Filter...695 Overview...695 Supported Features...695 DHCPv4 Filter Configuration...697 Using the GUI...697 Configuring the Basic DHCPv4 Filter - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 20
the GUI...728 Using the CLI...728 Monitoring Traffic Traffic Monitor...731 Using the GUI...731 Using the CLI...735 Appendix: Default Parameters...736 Mirroring Traffic Mirroring...738 Using the GUI...738 Using the CLI...740 Configuration Examples...742 Network Requirements...742 Configuration Scheme - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 21
Configuring DLDP Overview ...747 DLDP Configuration...748 Using the GUI...748 Using the CLI...750 Appendix: Default Parameters...752 Configuring SNMP & RMON SNMP...754 Overview...754 Basic Concepts...754 SNMP Configurations...758 Using the GUI...758 Enabling SNMP...758 Creating an SNMP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 22
Diagnosing the Network...816 Using the GUI...816 Troubleshooting with Ping Testing...816 Troubleshooting with Tracert Testing...817 Using the CLI...818 Configuring the Ping Test...818 Configuring the Tracert Test...819 Appendix: Default Parameters...820 Configuring System Logs Overview...822 System - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 23
Configuration Example...830 Network Requirements...830 Configuration Scheme...830 Using the GUI ...830 Using the CLI ...831 Appendix: Default Parameters...832 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 24
Smart Switches may also vary by region or ISP. All images, steps, and descriptions in this guide are only examples and may not reflect your actual experience. Some models featured in this guide may be unavailable in your country or region. For local sales information, visit https://www.tp-link.com - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 25
be found at Download Center at https://www.tp-link.com/support. ■■ The Installation Guide (IG) can be found where you find this guide or inside the package of the switch. ■■ Specifications can be found on the product page at https://www.tp-link.com. ■■ To ask questions, find answers, and communicate - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 26
Part 1 Accessing the Switch CHAPTERS 1. Determine the Management Method 2. Web Interface Access 3. Command Line Interface Access - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 27
detailed instructions about the network topology in such situations and how to use an Omada Software Controller, Hardware Controller or Cloud-Based Controller, refer to the Omada SDN Controller User Guide. The guide can be found on the download center of our official website: https://www.tp-link.com - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 28
. 2) Launch a web browser. The supported web browsers include, but are not limited to, the following types: ■■ IE 8.0, 9.0, 10.0, 11.0 ■■ Firefox 26.0, 27.0 ■■ Chrome 32.0, 33.0 3) Enter the switch's IP address in the web browser's address bar. The switch's default IP address is 192.168.0.1. Figure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 29
the switch's running status and configure the switch on this interface. Figure 2-3 Web interface 2.2 Save Config Function The switch's The configurations will be lost when the switch reboots. If you need to keep the configurations after the switch reboots, please use the Save function on - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 30
the switch, 1) Go to SYSTEM > System Info > System IP. Specify the management VLAN ID. Specify the IP address mode as Static. Enter the new IP address, subnet mask and default gateway. Make sure that the route between the host PC and the switch's new IP address is available. Click Apply. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 31
Accessing the Switch Figure 2-7 Change the switch's IP address and default gateway Web Interface Access 2) Enter the new IP address in the web browser to access the switch. 3) Click to save the settings. User Guide 8 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 32
the switch's console port directly, while Telnet and SSH connection support both (only for switch with console port) Follow these steps to log in to the switch via the Terminal window. The default value for both of them is admin. Press Enter in the main window and Switch> will appear, indicating - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 33
in, change the password to better protect your network and devices. 4) Enter enable to enter the User EXEC Mode to further configure the switch. Figure 3-2 User EXEC Mode Note: In Windows XP, go to Start > All Programs > Accessories > Communications > Hyper Terminal to open the Hyper Terminal and - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 34
switch supports Login Local Mode for authentication by default. Login Local Mode: Username and password are required, which are both admin by default. The following steps show how to manage the switch In to the Switch 3) Type in the login username and password (both admin by default). Press Enter - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 35
EXEC Mode. By default no password is needed. Later you can set a password for users who want to access the Privileged EXEC Mode. Figure 3-6 Enter Privileged EXEC Mode Now you can manage your switch with CLI commands through Telnet connection. 3.3 SSH Login SSH login supports the following two - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 36
Password Authentication Mode 1) Open PuTTY and go to the Session page. Enter the IP address of the switch in the Host Name field and keep the default value 22 in the Port field; select SSH as the Connection type. Click RSA key pair is generated, and the length of each key is 1024 bits. User Guide 13 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 37
Accessing the Switch Figure 3-10 Generate a Public/Private Key Pair Command Line Interface Access Note: •• The key length should be between 512 and 3072 bits. •• You to a TFTP server; click Save private key to save the private key to the host PC. Figure 3-11 Save the Generated Keys User Guide 14 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 38
file from the TFTP server to the switch as shown in the following figure: Figure 3-12 Download the Public Key to the Switch Note: •• The key type should to the Session page. Enter the IP address of the switch and select SSH as the Connection type (keep the default value in the Port field). Figure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 39
log in without entering the password, the key authentication completed successfully. Figure 3-15 Log In to the Switch Note: The first time you log in, change the password to better protect your network and devices. Security > Telnet Config, disable the Telnet function and click Apply. User Guide 16 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 40
disable the SSH server and click Apply. Figure 3-17 Shut down SSH server ■■ Using the CLI: Switch#configure Switch(config)#no ip ssh server 3.6 Copy running-config startup-config The switch's configuration files fall into two types: the running configuration file and the start-up configuration file - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 41
interface of the switch. By default, VLAN 1 owning all the ports is the management VLAN and you can access the switch via any port. By default, the system IP address is 192.168.0.1, and the switch has no default gateway. The following example shows how to configure the switch's IP address as 192 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 42
Management Configurations 4. System Tools Configurations 5. EEE Configuration 6. PoE Configurations (Only for Certain Devices) 7. SDM Template Configuration 8. Time Range Configuration 9. Example for PoE Configurations 10. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 43
the firmware, reset the switch, and reboot the switch. EEE EEE (Energy Efficient Ethernet) is used to save power consumption of the switch during periods of low data activity. You can simply enable this feature on ports to allow power reduction. PoE Note: Only T1500-28PCT, TL-SG2210MP and TL-SG2210P - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 44
from the PSE, for example, IP phones and access points. According to whether PDs comply with IEEE standard, they can be classified into standard PDs and non-standard PDs. Only standard PDs can be powered via TP-Link PoE switches. SDM Template SDM (Switch Database Management) Template is used to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 45
■■ Configuring LED (Only for Certain Devices) ■■ Configure the System IP ■■ Configure the System IPv6 2.1 Using the GUI 2.1.1 Viewing the Summary page. You can view the port status and system information of the switch. Viewing the Port Status In the Port Status section, you can view the Guide 22 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 46
mode of the port. Status Displays the connection status of the port. You can click a port to view the bandwidth utilization on this port. User Guide 23 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 47
Managing System Figure 2-3 Bnadwidth Utilization System Info Configurations RX Displays the bandwidth utilization of receiving packets on this port. TX Displays the bandwidth utilization of sending packets on this port. User Guide 24 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 48
the contact information of the switch. You can edit it on the Device Description page. Hardware Version Displays the hardware version of the switch. Firmware Version Displays the firmware version of the switch. Boot Loader Version Displays the boot loader version of the switch. User Guide 25 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 49
SSH Displays the MAC address of the switch. Displays the system time of the switch. Displays the running time of the switch. Displays the serial number of the switch. Displays whether Jumbo Frame is enabled 1) In the Device Description section, configure the following parameters. User Guide 26 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 50
. Current Time Source Displays how the switch gets the current time. In the Time Config section, follow these steps to configure the system time: 1) Choose one method to set the system time and specify the related parameters. Manual Set the system time manually. Date: Specify the date of the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 51
on the internet, connect the switch to the internet first. Time Zone: Select your local time zone. Primary Server: Enter the IP Address of the primary NTP server. Secondary Server: Enter the IP Address of the secondary NTP Sunday in September to 3:00 a.m. on the First Sunday in April. User Guide 28 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 52
for the Daylight Saving Time of the switch. This configuration will be used every time range for the Daylight Saving Time of the switch. This configuration will be used only one time Configuring LED (Only for Certain Devices) Note: Only TL-SG2210P supports LED On/Off. Choose the menu System > LED On - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 53
IP Management VLAN ID Specify the management VLAN of the switch. Only the computers in the management VLAN can access the management interface of the switch. By default, VLAN 1 owning all the ports is the management VLAN and you can access the switch via any port. IP Address Mode Specify the IP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 54
interface of the switch. By default, VLAN 1 owning all the ports is the management VLAN and you can access the switch via any port. IPv6 Enable Enable the IPv6 feature of the management interface. Link-local Address Mode Select the link-local address configuration mode. Manual: With this option - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 55
: Indicates that the link-local address passes the DAD and can be used normally. Try: Indicates that the link-local address is in switch will try to obtain the global address from the DHCPv6 Server. Manually: In the Global Address Config section, click address to the interface. to manually Guide 32 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 56
Manual: Indicates that the corresponding address is configured manually be used, and you need to switch to another address. Valid Lifetime Displays . Status Displays the status of the link-local address. An IPv6 address cannot the system information of the switch: show interface status [ - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 57
Name, Device Location, System Contact, Hardware Version, Firmware Version, System Time, Run Time and so Switch with 4 SFP Slots System Name - T1500-28PCT System Location - SHENZHEN Contact Information - www.tp-link.com Hardware Version - T1500-28PCT Enter global configuration mode. User Guide 34 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 58
It should consist of no more than 32 characters. By default, it is "www.tp-link.com". Step 5 show system-info Verify the system information including system Description, Device Name, Device Location, System Contact, Hardware Version, Firmware Version, System Time, Run Time and so on. Step 6 end - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 59
support CLI command. Step 1 Step 2 configure Enter global configuration mode. Use the following command to set the system time manually: system-time manual time Configure the system time manually. time: Specify the date and time manually internet, connect the switch to the internet first Guide 36 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 60
alofa, Samoa. ntp-server: Specify the IP address of the primary NTP server. backup-ntp-server: Specify the IP address of the backup NTP server. fetching the update rate as 11. Switch#configure Switch(config)#system-time ntp UTC+08:00 133.100.9.2 139.78.100.163 11 Switch(config)#show system-time ntp - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 61
78.100.163 Last successful NTP server: 133.100.9.2 Update Rate: 11 hour(s) Switch(config)#end Switch#copy running-config startup-config 2.2.4 Configuring the Daylight Saving Time Follow these steps of HH:MM. offset: Enter the offset of Daylight Saving Time. The default value is 60. User Guide 38 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 62
: Enter the end year of Daylight Saving Time. offset: Enter the offset of Daylight Saving Time. The default value is 60. show system-time dst Verify the DST information of the switch. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 63
-vlan { vlan-id} Configure the management VLAN of the switch. Only the computers in the management VLAN can access the management interface of the switch. interface vlan { vlan-id} Enter the Interface VLAN Mode. vlan-id: The management VLAN ID. Step 4 Automatically assign an IP Address and default - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 64
in the configuration file. The following example shows how to configure the switch's IP address as 192.168.0.10/24 and configure the default gateway as 192.168.0.100. Switch#configure Switch(config)#interface vlan 1 Switch(config-if)#ip address 192.168.0.10 255.255.255.0 gateway 192.168.0.100 The - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 65
command will be invalid. Automatically configure the ipv6 link-local address for the management interface: ipv6 address are automatically computed from the switch MAC address. This enables IPv6 processing on the interface. Manually configure the IPv6 gateway address: Switch#configure User Guide 42 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 66
System System Info Configurations Switch(config)#interface vlan 1 Switch(config-if)#ipv6 enable Switch(config-if)#ipv6 address autoconfig Switch(config-if)#ipv6 address dhcp Switch(config-if)#show ipv6 interface Vlan2 is up, line protocol is up IPv6 is enable, Link-Local Address: fe80::20a - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 67
manage the user accounts for login to the switch. 3.1 Using the GUI There are four . ■■ There is a default Admin account which cannot be deleted. The default username and password of this following page. Figure 3-1 User Config Page By default, there is a default Admin account in the table. You can - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 68
2) Click Create. Retype the password. 3.1.2 Configuring Enable Password Choose the menu SECURITY > AAA > Global Config to load the following page. Figure 3-3 Configure Enable Password User Guide 45 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 69
access levels: Admin, Operator, Power User and User. ■■ There is a default Admin account which cannot be deleted. The default username and password of this account are both admin. You can also create more create an account: Step 1 configure Enter global configuration mode. User Guide 46 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 70
to the configuration file unencrypted. By default, the encryption type is 0. password can copy from another switch's configuration file. to the configuration file MD5 encrypted. By default, the encryption type is 0. password: Enter from another switch's configuration file. Step 3 show user - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 71
users' access level to Admin. By default, it is empty. 0: Specify the file unencrypted. By default, the encryption type switch's the users' access level to Admin. By default, it is empty. 0: Specify the file MD5 encrypted. By default, the encryption type is from another switch's configuration - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 72
Switch(config)#user name user1 privilege operator password 123 Switch(config)#enable admin password abc123 Switch(config)#show user account-list Index User-Name User-Type --------- 1 user1 Operator 2 admin Admin Switch(config)#end Switch#copy running-config startup-config User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 73
With System Tools, you can: ■■ Configure the boot file ■■ Restore the configuration of the switch ■■ Back up the configuration file ■■ Upgrade the firmware ■■ Reboot the switch ■■ Reset the switch 4.1 Using the GUI 4.1.1 Configuring the Boot File Choose the menu SYSTEM > System Tools > Boot - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 74
Current Startup Image Displays the current startup image. Next Startup Image Select the next startup image. When the switch is powered on, it will try to start up with the next startup image. The next startup image image. Flash Version Displays the flash version of the image. User Guide 51 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 75
desired configuration file to be imported. 3) Choose whether to reboot the switch after restoring is completed. Only after the switch is rebooted will the imported configuration take effect. 4) Click Import to import time to export the configuration. Please wait without any operation. User Guide 52 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 76
is completed. Only after the switch is rebooted will the new firmware take effect. 3) Click Upgrade to upgrade the system. Note: •• It will take some time to upgrade the switch. Please wait without any operation. •• It is recommended to backup your configuration before upgrading. User Guide 53 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 77
Choose the menu SYSTEM > System Tools > System Reboot > System Reboot to load the following page. Figure 4-5 Manually Rebooting the Switch Follow these steps to reboot the switch: 1) In the System Reboot section, select the desired unit. 2) Choose whether to save the current configuration before - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 78
the IP address of selected unit when resetting. 3) Click Reset. After reset, all configurations of the switch will be reset to the factory defaults. } { startup | backup } Specify the configuration of the boot file. By default, image1.bin is the startup image and image2.bin is the backup image. - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 79
{ startup | backup } Specify the configuration of the boot file. By default, config1.cfg is the startup configuration file and config2.cfg is the backup Startup Config - config1.cfg Backup Config - config2.cfg Switch(config)#end Switch#copy running-config startup-config User Guide 56 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 80
2 enable Enter privileged mode. copy tftp startup-config ip-address ip-addr filename name Download the configuration file to the switch from TFTP server. ip-addr: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are supported. name: Specify the name of the configuration file - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 81
TFTP server. To boot up with the new firmware, you need to choose to reboot the switch with the backup image. ip-addr: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are supported. name: Specify the name of the desired firmware file. Enter Y to continue and then enter Y to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 82
file. The following example shows how to set the switch to reboot at 12:00 on 15/08/2017. Switch#configure Switch(config)#reboot-schedule at 12:00 15/08/2017 save_before_reboot (in 25582 minutes) Save before reboot: Yes Switch(config)#end Switch#copy running-config startup-config User Guide 59 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 83
the switch will be reset to the factory defaults. except-ip: To maintain the IP address when resetting the switch, add this part to the command Follow these steps to disable the reset function of console port or reset button: Step 1 Step 2 configure Enter global configuration mode. service reset - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 84
port | range gigabitEthernet port-list | ten-gigabitEthernet port | range ten-gigabitEthernet port-list } Enter interface configuration mode. Step 3 eee Enable EEE on the port. User Guide 61 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 85
startup-config Save the settings in the configuration file. The following example shows how to enable the EEE feature on port 1/0/1. Switch#config Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#eee Switch(config-if)#show interface eee Port EEE status Gi1/0/1 Enable Gi1/0/2 Disable - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 86
(Only for Certain Devices) 6 PoE Configurations (Only for Certain Devices) Note: Only T1500-28PCT, TL-SG2210MP and TL-SG2210P support the PoE feature. With the PoE feature, you can: ■■ Configure the PoE parameters manually ■■ Configure the PoE parameters using the profile You can configure the PoE - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 87
following page. Figure 6-1 Configuring PoE Parameters Manually Follow these steps to configure the basic PoE switch. System Power Remain (W) Displays the real-time system remaining power of the PoE switch. In addition, you can click and configure the System Power Limit. Click Apply. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 88
maximum power the PoE switch can supply. 2) In system power limit, the switch will power off PDs on are provided: Auto: The switch will allocate a value as 30 W. Manual: You can enter a value manually. Power Limit Value If you select Manual as Power manually. For how to create a profile, - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 89
Power Status Displays the port's real-time power supply. Displays the port's real-time current. Displays the port's real-time voltage. Displays the class the linked PD belongs to. Displays the port's real-time power status. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 90
provided: High, Middle and Low. When the supply power exceeds the system power limit, the switch will power off PDs on low-priority ports to ensure stable running of other PDs. Power Limit (30 W): The maximum power that the port can supply is 30 W. Manual: Enter a value manually. User Guide 67 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 91
can supply. System Power Consumption (W) Displays the real-time system power consumption of the PoE switch. System Power Remain (W) Displays the real-time system remaining power of the PoE switch. In addition, you can click and configure the System Power Limit. Click Apply. User Guide 68 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 92
Power Limit Specify the maximum power the PoE switch can supply. 2) In the Port Config to modify PoE status, PoE priority or power limit manually. Power (W) Displays the port's real-time power supply linked PD belongs to. Power Status Displays the port's real-time power status. User Guide 69 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 93
switch can supply. For T1500-28PCT, the valid value ranges from 1 to 192 W. By default, the value is 192. For TL-SG2210MP, the valid value ranges from 1 to 150 W. By default, the value is 150. For TL function. By default, it is switch enter a value manually. The value enter 50. By default, it is Class4 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 94
Switch#configure Switch(config)#power inline consumption 160 Switch(config)#interface gigabitEthernet 1/0/5 Switch(config-if)#power inline supply enable Switch(config-if)#power inline priority middle Switch 0w System Power Remain: 160.0w Switch(config-if)#show power inline configuration - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 95
Switch(config-if)#end Switch switch can supply. For T1500-28PCT, the valid value ranges from 1 to 192 W. By default, the value is 192. For TL-SG2210MP, the valid value ranges from 1 to 150 W. By default, the value is 150. For TL By default, it limit, the switch will power switch a value manually. The - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 96
is selected, you will not be able to modify PoE status, PoE priority or power limit manually. name: Specify the name of the PoE profile. If the name contains spaces, enclose the profile to the port 1/0/6. Switch#configure Switch(config)#power profile profile1 supply enable priority middle consumption - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 97
profile1 Switch(config-if)#show power inline configuration interface gigabitEthernet 1/0/6 Interface PoE-Status PoE-Prio Power-Limit(w) Time-Range PoE-Profile Gi1/0/6 Enable Middle Class2 No Limit profile1 Switch(config-if)#end Switch#copy running-config startup-config User Guide 74 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 98
after the switch is Default: Select the template of default. It gives balance to the IP ACL rules and MAC ACL rules. EnterpriseV4: Select the template of enterpriseV4. It maximizes system resources for IP IP ACL Rules Displays the number of IP ACL Rules including - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 99
switch is rebooted. default: Select the template of default. It gives balance to the IP ACL rules and MAC ACL rules. enterpriseV4: Select the template of enterpriseV4. It maximizes system resources for IP as enterpriseV4. Switch#config Switch(config)#show sdm prefer enterpriseV4 User Guide 76 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 100
number of IPV6 Source Guard Entries : 0 Switch(config)#sdm prefer enterpriseV4 Switch to "enterpriseV4" tempale. Changes to the running SDM preferences have been stored, but cannot take effect until reboot the switch. Switch(config)#end Switch#copy running-config startup-config User Guide 77 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 101
range will not take effect on holiday. Include: The time range will not be affected by holiday. To configure Holiday, refer to Configuring Holiday. User Guide 78 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 102
. Time Specify the start time and end time of a day. Day of Week Select days of a week as the period of this time range. User Guide 79 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 103
of the Holiday time range. Similarly, you can add more Holiday entries. The final Holiday time range is the sum of all the entries. User Guide 80 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 104
View the configuration of Time Range. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. User Guide 81 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 105
01 - 10/01/2017 to 10/31/2017 - 08:00 to 20:00 on 1,2 Switch(config-time-range)#end Switch#copy running-config startup-config 8.2.2 Configuring Holiday Follow these steps to configure Holiday time range: Step View the configuration of Holiday. end Return to privileged EXEC mode. User Guide 82 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 106
how to create a holiday entry and set the entry name as holiday1 and set start date and end date as 07/01 and 09/01: Switch#config Switch(config)#holiday holiday1 start-date 07/01 end-date 09/01 Switch(config)#show holiday Index Holiday Name Start-End --------- 1 holiday1 07.01-09.01 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 107
. AP1 and AP2 provide the internet service and only work in the office time. Figure 9-1 Network Topology Switch A Gi1/0/1 Gi1/0/2 Gi1/0/4 Gi1 all the time, so the time range configurations can be left as the default settings here. 9.3 Using the GUI The configurations of port 1/0/4 is similar - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 108
Managing System Figure 9-2 Creating Time Range Example for PoE Configurations 2) Click and the following window will pop up. Set Date, Time and Day of Week as the following figure shows. Click Create. Figure 9-3 Creating a Periodic Time User Guide 85 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 109
load the following page. Select port 1/0/3 and set the Time Range as OfficeTime. Click Apply. Figure 9-5 Configure the Port 5) Click to save the settings. User Guide 86 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 110
:00 on 1,2,3,4,5 Verify the configuration of the PoE basic parameters: Switch_A#show power inline configuration interface gigabitEthernet 1/0/3 Gi1/0/3 Enable Low Class4 office-time None User Guide 87 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 111
Parameter Device Name Device Location System Contact Default Setting The model name of the switch. SHENZHEN www.tp-link.com Table 10-2 Default Settings of System Time Configuration Parameter Time Source Default Setting Manual Table 10-3 Default Settings of Daylight Saving Time Configuration - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 112
PoE Profile Profile Config Profile Name PoE Status PoE Priority Power Limit Default Setting 192.0 W (For T1500-28PCT) 150.0 W (For TL-SG2210MP) 58.0 W (For TL-SG2210P) Enabled Low Class 4 No Limit None None Enabled Low Auto Default settings of SDM Template are listed in the following table. Table - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 113
Managing System Appendix: Default Parameters Default settings of Time Range are listed in the following table. Table 10-9 Default Settings of Time Range Configuration Parameter Holiday Default Setting Include User Guide 90 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 114
Part 3 Managing Physical Interfaces CHAPTERS 1. Physical Interface 2. Basic Parameters Configurations 3. Port Isolation Configurations 4. Loopback Detection Configuration 5. Configuration Examples 6. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 115
are the ports on the switch panel. They forward packets based IP routing and inter-VLAN routing. This chapter introduces the configurations for physical interfaces. 1.2 Supported Features The switch supports switch to detect loops in the network. When a loop is detected on a port or VLAN, the switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 116
for all ports, then click Apply. Jumbo Configure the size of jumbo frames. By default, it is 1518 bytes. Generally, the MTU (Maximum Transmission Unit) size of a normal frame is 1518 bytes. If you want the switch supports to transmit frames of which the MTU size is greater than 1518 bytes, you - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 117
neighbor device. The default setting is Auto. It is recommended to select Auto if both ends of the link support auto-negotiation. Select the to support jumbo frames. The default MTU size for frames received and sent on all ports is 1518 bytes. To transmit jumbo frames, you can manually configure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 118
Enable the switch to synchronize the data transmission speed with the peer device, avoiding the packet loss caused by congestion. By default, it is the flowcontrol: Switch#configure Switch#jumbo-size 9216 Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#no shutdown User Guide 95 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 119
configuration gigabitEthernet 1/0/1 Port State Speed Duplex FlowCtrl Description ----------- Gi1/0/1 Enable Auto Auto Enable router connection Switch(config-if)#show jumbo-size Global jumbo size : 9216 Switch(config-if)#end Switch#copy running-config startup-config User Guide 96 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 120
by a port. The isolated port can only send packets to the ports specified in its Forwarding Port List. Choose the menu L2 FEATURES > Switching > Port > Port Isolation to load the following page. Figure 3-1 Port Isolation List The above page displays the port isolation list. Click the following - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 121
gigabitEthernet port-list | port-channel port-channel | range port-channel port-channel-list |} Specify the port to be isolated and enter interface configuration mode. User Guide 98 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 122
1/0/5 Switch(config-if)#port isolation gi-forward-list 1/0/1-3 po-forward-list 4 Switch(config-if)#show port isolation interface gigabitEthernet 1/0/5 Port LAG Forward-List ---- Gi1/0/5 N/A Gi1/0/1-3,Po4 Switch(config-if)#end Switch#copy running-config startup-config User Guide 99 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 123
loopback detection is enabled. For detailed introductions about storm control, refer to Configuring QoS. Choose the menu L2 FEATURES > Switching > Port > Loopback Detection to load the following page. Figure 4-1 Configuring Loopback Detection Follow these steps to configure loopback detection - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 124
display whether there is a loop detected on the corresponding port. It is the default setting. Port Based: In addition to displaying alerts, the switch will block the port on which the loop is detected. VLAN-Based: If a loop is detected in a VLAN on that port, in addition to displaying alerts, the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 125
default By default, default vlan-based } recoverymode { auto | manual } Set the process mode when a loopback is detected on the port. There are three modes: alert: The switch will only display alerts when a loopback is detected. It is the default manual: The blocked port can only be released manually - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 126
the configuration file. The following example shows how to enable loopback detection globally (keep the default parameters): Switch#configure Switch(config)#loopback-detection Switch(config)#show loopback-detection global Loopback detection global status : enable Loopback detection interval : 30s - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 127
switch and all belong to VLAN 10. Without changing the VLAN IP address of Host A is changed. Figure 5-1 Network Topology Switch Gi1/0/1 Gi1/0/2 Gi1/0/4 Gi1/0/3 Host A 5.1.2 Configuration Scheme Host B Host C VLAN port for port 1/0/4. Demonstrated with TL-SG2210P, the following sections provide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 128
port. Click Apply. Figure 5-3 Port Isolation Configuration 3) Select port 1/0/4 as the port to be isolated, and select port 1/0/1 as the forwarding port. Click Apply. User Guide 105 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 129
isolation gi-forward-list 1/0/4 Switch(config-if)#exit Switch(config)#interface gigabitEthernet 1/0/4 Switch(config-if)#port isolation gi-forward-list 1/0/1 Switch(config-if)#end Switch#copy running-config startup-config Verify the Configuration Switch#show port isolation interface User Guide 106 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 130
the trap notifications. For detailed instructions about SNMP, refer to Configuring SNMP & RMON. Here we introduce how to configure loopback detection and monitor the detection result on the management interface of the switch. Demonstrated with TL-SG2210P, the following sections provide configuration - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 131
FEATURES > Switching > Port > Loopback Detection to load the configuration page. 2) In the Loopback Detection section, enable loopback detection and web refresh globally. Keep the other parameters as default values and status and Block status are displayed on the right side of ports. User Guide 108 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 132
Switch#configure Switch(config)#loopback-detection Switch(config)#loopback-detection interval 30 Switch Switch(config)#interface range gigabitEthernet 1/0/1-3 Switch(config-if-range)#loopback-detection Switch loopback detection configuration on ports: Switch#show loopback-detection interface Port - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 133
Interfaces Appendix: Default Parameters 6 Appendix: Default Parameters Default settings of Switching are listed in th following tables. Table 6-1 Configurations for Ports Parameter Default Setting Port seconds Port Status Disabled Operation mode Alert Recovery mode Auto User Guide 110 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 134
Part 4 Configuring LAG CHAPTERS 1. LAG 2. LAG Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 135
to enhance the connection reliability. 1.2 Supported Features You can configure LAG in two ways: static LAG and LACP (Link Aggregation Control Protocol). Static LAG The member ports are manually added to the LAG. LACP The switch uses LACP to implement dynamic link aggregation and disaggregation by - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 136
links share the bandwidth evenly. ■■ One LACP LAG supports multiple member ports, but at most eight of them can work simultaneously, and the other member ports are backups. Using LACP protocol, the switches Snooping, 802.1Q VLAN, MAC VLAN, Protocol VLAN, VLANVPN, GVRP, Voice VLAN, STP, QoS, Guide 113 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 137
on which the switch can choose the forwarded on different physical links to implement load IP: The computation is based on the source IP addresses of the packets. DST IP: The computation is based on the destination IP addresses of the packets. SRC IP+DST IP one physical link. For example, Switch A - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 138
LAG mode: Static LAG or LACP. And make sure both ends of a link use the same LAG mode. ■■ Configuring Static LAG Choose the menu L2 FEATURES > Switching > LAG > Static LAG to load the following page. Figure 2-3 Static member ports for the LAG. It is multi-optional. 3) Click Apply. User Guide 115 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 139
steps to configure LACP: 1) Specify the system priority for the switch and click Apply. System Priority Specify the system priority for the switch. A smaller value means a higher priority. To keep active ports ports for the LAG and configure the related parameters. Click Apply. User Guide 116 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 140
number of LAGs supported by your switch. For example, if your switch supports up to 14 port. In LACP, the switch uses LACPDU (Link Aggregation Control Protocol Data Unit) active ports and form the aggregation link. The LACP mode determines whether the of the port. By default, it is disabled. 2.2 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 141
src-ip | dst-ip | src-dst-ip } Select the Hash Algorithm. The switch Switch(config)#end Switch#copy running-config startup-config 2.2.2 Configuring Static LAG or LACP You can choose only one LAG mode for a port: Static LAG or LACP. And make sure both ends of a link use the same LAG mode. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 142
to allocate aggregator u - unsuitable for bundling w - waiting to be aggregated d - default port Group Port-channel Protocol Ports ------- 2 Po2(S) - Gi1/0/5(D) Gi1/0/6(D) Gi1/0/7(D) Gi1/0/8(D) Switch(config-if-range)#end Switch#copy running-config startup-config User Guide 119 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 143
system priority for the switch. To keep active ports to 65535, and the default value is 32768. A passive. In LACP, the switch uses LACPDU (Link Aggregation Control Protocol Data Unit and form the aggregation link. The LACP mode determines from 0 to 65535, and the default value is 32768. A smaller - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 144
0x6 0x4b1 0x1 0x7d Gi1/0/2 SA Down 32768 0x6 0 0x2 0x45 Gi1/0/3 SA Down 32768 0x6 0 0x3 0x45 Gi1/0/4 SA Down 32768 0x6 0 0x4 0x45 Switch(config-if-range)#end Switch#copy running-config startup-config User Guide 121 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 145
Switch A and Switch B, and heavy traffic is transmitted between the two switches link between the two switches switches, and respectively connect the ports of the groups. In addition, another two redundant links priority for the switches. Here we choose Switch A as the dominate TL-SG2210P, the following sections - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 146
value of Switch B is bigger than 0. Figure 3-3 System Priority Configuration 3) In the LACP Table section, select ports 1/0/1-10, and respectively set the status, group ID, port priority and mode for each port as follows. Figure 3-4 LACP Configuration 4) Click to save the settings. User Guide 123 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 147
Switch(config)#interface range gigabitEthernet 1/0/1-8 Switch(config-if-range)#channel-group 1 mode active Switch(config-if-range)#lacp port-priority 0 Switch Switch(config)#interface gigabitEthernet 1/0/9 Switch(config-if)#channel-group 1 mode active Switch(config-if)#lacp port-priority 1 Switch( - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 148
Configuring LAG 0, 000a.eb13.2397 Configuration Example Verify the LACP configuration: Switch#show lacp internal Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs 0x45 Gi1/0/9 SA Down 1 0x1 0 0x9 0x45 Gi1/0/10 SA Down 2 0x1 0 0xa 0x45 User Guide 125 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 149
: Default Parameters Default settings of Switching are listed in the following tables. Table 4-1 Default Settings of LAG Parameter LAG Table Hash Algorithm LACP Config System Priority Admin Key Port Priority Mode Status Default Setting SRC MAC+DST MAC 32768 0 32768 Passive Disabled User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 150
Part 5 Managing MAC Address Table CHAPTERS 1. MAC Address Table 2. MAC Address Configurations 3. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 151
packets. As shown below, the table lists map entries of MAC addresses, VLAN IDs and ports. These entries can be manually added or automatically learned by the switch. Based on the MAC-address-to-port mapping in the table, the switch can forward packets only to the associated port. Table 1-1 The MAC - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 152
L2 FEATURES > Switching > MAC Address > Static Address and click to load the following page. Figure 2-1 Adding MAC Addresses Manually Follow these steps to add a static MAC address entry: 1) Enter the MAC address, VLAN ID and select a port to bind them together as an address entry. User Guide 129 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 153
specific MAC address are forwarded. The port must belong to the specified VLAN. After you have added the static MAC address, if the corresponding port the device) has been changed, the switch cannot forward the packets correctly. Please reset the static address entry appropriately. ■■ Guide 130 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 154
Link Aggregation Group) are not supported for static address configuration. 2.1.2 Modifying the Aging Time of Dynamic Address Entries Choose the menu L2 FEATURES > Switching . The valid values are from 10 to 630 seconds, and the default value is 300. A short aging time is applicable to networks where - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 155
: 1) Enter the MAC Address and VLAN ID. MAC Address Specify the MAC address to be used by the switch to filter the received packets. VLAN ID Specify an existing VLAN in which packets with the specific MAC MAC address table to check your former operations and address information. User Guide 132 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 156
L2 FEATURES > Switching > MAC Address , VLAN and port together to add a static address to the VLAN. mac-addr: Enter the MAC address, and packets with this destination address received in the specified VLAN 00:00:00:01. vid: Specify an existing VLAN in which packets with the specific MAC address - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 157
supported for static address configuration. The following example shows how to add a static MAC address entry with MAC address 00:02:58:4f:6c:23, VLAN 10 and port 1. When a packet is received in VLAN 10 with this address as its destination, the packet will be forwarded only to port 1/0/1. Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 158
means the Auto Aging function is disabled. The default value is 300 and we recommend you keep the default value if you are unsure. end Return to privileged address to the VLAN. mac-addr: Specify a MAC address to be used by the switch to filter the received packets. The switch will drop packets of - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 159
:1e:4b:04:01:5d vid 10 Switch(config)#show mac address-table filtering MAC Address Table MAC VLAN Port Type Aging --- ----- 00:1e:4b:04:01:5d 10 filter no-aging Total MAC Addresses for this criterion: 1 Switch(config)#end Switch#copy running-config startup-config User Guide 136 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 160
Table 3-1 Entries in the MAC Address Table Parameter Default Setting Static Address Entries None Dynamic Address Entries Auto-learning Filtering Address Entries None Table 3-2 Default Settings of Dynamic Address Table Parameter Default Setting Auto Aging Enabled Aging Time 300 seconds - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 161
Part 6 Configuring 802.1Q VLAN CHAPTERS 1. Overview 2. 802.1Q VLAN Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 162
broadcast domain: VLAN technique divides a big local area network into several VLANs, and all VLAN traffic remains within its VLAN. It reduces security. ■■ For easier management: VLANs group devices logically instead of physically, so devices in the same VLAN need not be located in the same - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 163
Configuring 802.1Q VLAN 802.1Q VLAN Configuration 2 802.1Q VLAN Configuration To complete 802.1Q VLAN configuration, follow these steps: 1) Configure the VLAN, including creating a VLAN and adding the desired ports to the VLAN. 2) Configure port parameters for 802.1Q VLAN. User Guide 140 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 164
VLAN ID Enter a VLAN ID for identification with the values between 2 and 4094. VLAN Name Give a VLAN description for identification with up to 16 characters. 2) Select the untagged port(s) and the tagged port(s) respectively to add to the created VLAN based on the network topology. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 165
Select a port and configure the parameters. Click Apply. PVID Set the default VLAN ID of the port. Valid values are from 1 to 4094. It following two ways: When the port receives an untagged packet, the switch inserts a VLAN tag to the packet based on the PVID. Ingress Checking Enable or Guide 142 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 166
Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to create VLAN 2 and name it as RD : Switch#configure Switch(config)#vlan 2 Switch(config-vlan)#name RD Switch(config-vlan)#show vlan id 2 User Guide 143 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 167
vlan vlan-list { tagged | untagged } Add ports to the specified VLAN. vlan-list: Specify the ID or ID list of the VLAN(s) VLAN 2, and specify its egress rule as tagged: Switch#configure Switch(config)#interface gigabitEthernet 1/0/5 Switch(config-if)#switchport general allowed vlan 2 tagged Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 168
Link Type: General Member in VLAN: Vlan Name Egress-rule ----------- 1 System-VLAN Untagged 2 RD Tagged Switch(config-if)#end Switch configuration mode. switchport pvid vlan-id Configure the PVID of the port(s). By default, it is 1. vlan-id: The default VLAN ID of the port Guide 145 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 169
1/0/5 Port Gi1/0/5: PVID: 2 Acceptable frame type: All Ingress Checking: Enable Member in LAG: N/A Link Type: General Member in VLAN: Vlan Name Egress-rule ----------- 1 System-VLAN Untagged Switch(config-if)#end Switch#copy running-config startup-config User Guide 146 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 170
other department. ■■ Terminal devices like computers usually do not support VLAN tags. Add untagged ports to the corresponding VLANs and specify the PVID. ■■ The intermediate link between two switches carries traffic from two VLANs simultaneously. Add the tagged ports to both VLANs. User Guide 147 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 171
and port 1/0/7 on Switch 2 respectively. Port 1/0/4 on Switch 1 is connected to port 1/0/8 on Switch 2. Figure 3-1 Network Topology VLAN 10 Host A1 Fa1/0/2 Switch 1 Fa1/0/3 Host A2 Fa1/0/8 Fa1/0/4 Fa1/0/6 Switch 2 Fa1/0/7 VLAN 20 Host B1 Host B2 Demonstrated with T1500-28PCT, the following - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 172
A Configuration Example 2) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 20 with the description of Department_B. Add port 1/0/3 as an untagged port and port 1/0/4 as a tagged port to VLAN 20. Click Create. User Guide 149 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 173
802.1Q VLAN Figure 3-3 Creating VLAN 20 for Department B Configuration Example 3) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > Port Config to load the following page. Set the PVID of port 1/0/2 as 10 and click Apply. Set the PVID of port 1/0/3 as 20 and click Apply. User Guide 150 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 174
the ports Configuration Example 4) Click to save the settings. 3.5 Using the CLI The configurations of Switch 1 and Switch 2 are similar. The following introductions take Switch 1 as an example. 1) Create VLAN 10 for Department A, and configure the description as Department-A. Similarly, create - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 175
running-config startup-config Verify the Configurations Verify the VLAN configuration: Switch_1#show vlan VLAN Name Status 1 System-VLAN active 10 Department-A 20 Department-B active active Ports , Gi1/0/25, Gi1/0/26, Gi1/0/27, Gi1/0/28 Fa1/0/2, Fa1/0/4 Fa1/0/3, Fa1/0/4 User Guide 152 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 176
Configuring 802.1Q VLAN Configuration Example Verify the VLAN configuration: Switch_1(config)#show interface switchport Port LAG Type PVID Acceptable frame type Ingress N/A General 20 All Enable Fa1/0/4 N/A General 1 All Enable Fa1/0/5 N/A General 1 All Enable ..... User Guide 153 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 177
VLAN Appendix: Default Parameters 4 Appendix: Default Parameters Default settings of 802.1Q VLAN are listed in the following table. Table 4-1 Default Settings of 802.1Q VLAN Parameter Default Setting VLAN ID 1 PVID 1 Ingress Checking Enabled Acceptable Frame Types Admit All User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 178
Part 7 Configuring MAC VLAN CHAPTERS 1. Overview 2. MAC VLAN Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 179
different VLANs, the user has to re-configure the switch to access the original VLAN. Using MAC VLAN can free the user from such a problem. It divides VLANs based MAC VLAN. Figure 1-1 Common Application Scenario of MAC VLAN Server A VLAN 10 Server B VLAN 20 Switch 1 Switch 3 Switch 2 Meeting - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 180
the MAC VLAN. If yes, the switch will insert the corresponding tag to the data packet and forward it within the VLAN. If no, the switch will continue VLAN. 2.1.2 Binding the MAC Address to the VLAN Choose the menu L2 FEATURES > VLAN > MAC VLAN and click following page. Figure 2-1 Creating MAC VLAN - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 181
. Note: One MAC address can be bound to only one VLAN. 2.1.3 Enabling MAC VLAN for the Port By default, MAC VLAN is disabled on all ports. You need to enable MAC VLAN for your desired ports manually. Choose the menu L2 FEATURES > VLAN > MAC VLAN to load the following page. Figure 2-2 Enabling MAC - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 182
56:8A:4C:71 to VLAN 10, with the address description as Dept.A. Switch#configure Switch(config)#mac-vlan mac-address 00:19:56:8a:4c:71 vlan 10 description Dept.A Switch(config)#show mac-vlan vlan 10 MAC-Addr Name VLAN-ID 00:19:56:8A:4C:71 Dept.A 10 Switch(config)#end User Guide 159 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 183
how to enable MAC VLAN for port 1/0/1. Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#mac-vlan Switch(config-if)#show mac-vlan interface Port STATUS Gi1/0/1 Enable Gi1/0/2 Disable ... Switch(config-if)#end Switch#copy running-config startup-config User Guide 160 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 184
joins, no matter which meeting room the laptops are being used in. The overview of the configuration is as follows: 1) Create VLAN 10 and VLAN 20 on each of the three switches and add the ports to the VLANs based on the network topology. For the ports connecting the laptops, set the User Guide 161 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 185
Untagged; for the ports connecting to other switch, set the egress rule as Tagged. 2) On Switch 1 and Switch 2, bind the MAC addresses of the laptops to their corresponding VLANs, and enable MAC VLAN for the ports. Demonstrated with T1500-28PCT, the following sections provide configuration procedure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 186
Configuring MAC VLAN Figure 3-2 Creating VLAN 10 Configuration Example 2) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 20, and add untagged port 1/0/1 and tagged port 1/0/2 to VLAN 20. Click Create. User Guide 163 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 187
the corresponding parameters and click Create to bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20. Figure 3-4 Creating MAC VLAN 4) Choose the menu L2 FEATURES > VLAN > MAC VLAN to load the following page. In the Port Enable section select port 1/0/1 and - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 188
Example 5) Click to save the settings. ■■ Configurations for Switch 3 1) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 10, and add untagged port 1/0/4 and tagged ports 1/0/2-3 to VLAN 10. Click Create. User Guide 165 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 189
Configuring MAC VLAN Figure 3-6 Creating VLAN 10 Configuration Example 2) Click Create to load the following page. Create VLAN 20, and add untagged port 1/0/5 and tagged ports 1/0/2-3 to VLAN 20. Click Create. User Guide 166 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 190
of Switch 1 and Switch 2 are the same. The following introductions take Switch 1 as an example. 1) Create VLAN 10 for Department A and create VLAN 20 for Department B. Switch_1#configure Switch_1(config)#vlan 10 Switch_1(config-vlan)#name deptA Switch_1(config-vlan)#exit User Guide 167 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 191
■■ Configurations for Switch 3 1) Create VLAN 10 for Department A and create VLAN 20 for Department B. Switch_3#configure Switch_3(config)#vlan 10 Switch_3(config-vlan)#name deptA Switch_3(config-vlan)#exit Switch_3(config)#vlan 20 Switch_3(config-vlan)#name deptB Switch_3(config-vlan)#exit 2) Add - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 192
#show mac-vlan all MAC Add Name VLAN-ID ---------- 00:19:56:8A:4C:71 PCA 10 00:19:56:82:3B:70 PCB 20 ■■ Switch 2 Switch_2#show mac-vlan all MAC Address Description VLAN 00:19:56:8A:4C:71 PCA 10 00:19:56:82:3B:70 PCB 20 ■■ Switch 3 Switch_3#show vlan User Guide 169 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 193
Configuring MAC VLAN Configuration Example VLAN -------1 10 20 Name Status Ports System-VLAN active Fa1/0/1, Fa1/0/2, Fa1/0/3, Fa1/0/4, Fa1/0/5, Fa1/0/6, Fa1/0/7, Fa1/0/8 ... DeptA active Fa1/0/2, Fa1/0/3, Fa1/0/4 DeptB active Fa1/0/2, Fa1/0/3, Fa1/0/5 User Guide 170 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 194
MAC VLAN Appendix: Default Parameters 4 Appendix: Default Parameters Default settings of MAC VLAN are listed in the following table. Table 4-1 Default Settings of MAC VLAN Parameter Default Setting MAC Address None Description None VLAN ID None Port Enable Disabled User Guide 171 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 195
Part 8 Configuring Protocol VLAN CHAPTERS 1. Overview 2. Protocol VLAN Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 196
, Switch 2 can forward IPv4 and IPv6 packets from different VLANs to the IPv4 and IPv6 networks respectively. Figure 1-1 Common Application Scenario of Protocol VLAN IPv4 Internet IPv6 Internet Router VLAN 10 Router VLAN 20 Switch 2 Switch 1 IPv4 Hosts VLAN 10 IPv6 Hosts VLAN 20 User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 197
Guidelines ■■ You can use the IP, ARP, RARP, and other protocol templates provided by TP-Link switches, or create new protocol templates. ■■ In a protocol VLAN, when a port receives an untagged data packet, the switch will first search for the protocol VLAN matching the protocol type value of - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 198
Configuration 2.1.2 Creating Protocol Template Choose the menu L2 FEATURES > VLAN > Protocol VLAN > Protocol Template to load the following page. Figure 2-1 Check the Protocol Template Follow these steps to create a in the frame and is used to identify the data type of the frame. User Guide 175 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 199
steps to configure the protocol group: 1) In the Protocol Group Config section, specify the following parameters. Template Name Select the previously defined protocol template. VLAN ID/Name Enter the ID number or name of the 802.1Q VLAN that will be bound to the Protocol VLAN.. User Guide 176 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 200
VLAN. The switch Link Aggregation Group) follows the configuration of the LAG and not its own. The configurations of the port can take effect only after it leaves the LAG. 2.2 Using the CLI 2.2.1 Configuring 802.1Q VLAN Before configuring protocol VLAN, create an 802.1Q VLAN -vlan -vlan template - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 201
example shows how to create an IPv6 protocol template: Switch#configure Switch(config)#protocol-vlan template name IPv6 frame ether_2 ether-type 86dd Switch(config)#show protocol-vlan template Index Protocol Name Protocol Type 1 IP EthernetII ether-type 0800 2 ARP EthernetII ether-type - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 202
protocol-vlan vlan 10 priority 5 template 6 Switch(config)#show protocol-vlan vlan Index Protocol-Name VID Priority Member -------- 1 IPv6 10 0 Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#protocol-vlan group 1 Switch(config-if)#show protocol-vlan vlan User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 203
Configuring Protocol VLAN Index Protocol-Name VID Priority Member 1 IPv6 10 5 Gi1/0/2 Switch(config-if)#end Switch#copy running-config startup-config Protocol VLAN Configuration User Guide 180 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 204
Scheme You can configure protocol VLAN on port 1/0/1 of Switch 2 to meet this requirement. When this port receives packets, Switch 2 will forward them to the corresponding VLANs according to their protocol types. The overview of the configuration on Switch 2 is as follows: User Guide 181 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 205
to the corresponding VLANs to form protocol groups, and add port 1/0/1 to the groups. For Switch 1, configure 802.1Q VLAN according to the network topology. Demonstrated with T1500-28PCT, this chapter provides configuration procedures in two ways: using the GUI and using the CLI. User Guide 182 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 206
Example 3.3 Using the GUI ■■ Configurations for Switch 1 1) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 10, and add untagged port 1/0/1 and untagged port 1/0/3 to VLAN 10. Click Create. Figure 3-2 Create VLAN 10 User Guide 183 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 207
Configuring Protocol VLAN Configuration Example 2) Click to load the following page. Create VLAN 20, and add untagged ports 1/0/2-3 to VLAN 20. Click Create. Figure 3-3 Create VLAN 20 3) Click to save the settings. User Guide 184 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 208
VLAN Configuration Example ■■ Configurations for Switch 2 1) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 10, and add tagged port 1/0/1 and untagged port 1/0/2 to VLAN 10. Click Create. Figure 3-4 Create VLAN 10 User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 209
Configuring Protocol VLAN Configuration Example 2) Click to load the following page. Create VLAN 20, and add tagged port 1/0/1 and untagged port 1/0/3 to VLAN 20. Click Create. Figure 3-5 Create VLAN 20 User Guide 186 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 210
. Tips: The IPv4 protocol template is already provided by the switch. You only need to create the IPv6 protocol template. Figure 3-7 Create the IPv6 Protocol Template 5) Choose the menu L2 FEATURES > VLAN > Protocol VLAN > Protocol VLAN Group and click to load the following page. Select the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 211
Configuring Protocol VLAN Figure 3-8 Configure the IPv4 Protocol Group Configuration Example Figure 3-9 Configure the IPv6 Protocol Group 6) Click to save the settings. 3.4 Using the CLI ■■ Configurations for Switch 1 1) Create VLAN 10 and VLAN 20. User Guide 188 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 212
-config startup-config ■■ Configurations for Switch 2 1) Create VLAN 10 and VLAN 20. Switch_2#configure Switch_2(config)#vlan 10 Switch_2(config-vlan)#name IPv4 Switch_2(config-vlan)#exit Switch_2(config)#vlan 20 Switch_2(config-vlan)#name IPv6 Switch_2(config-vlan)#exit 2) Add tagged port 1/0/1 to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 213
the protocol groups. Switch_2(config)#protocol-vlan vlan 10 priority 0 template 1 Switch_2(config)#protocol-vlan vlan 20 priority 0 template 6 5) Add port 1/0/1 to the protocol groups. Switch_2(config)#show protocol-vlan vlan Index Protocol-Name VID Member ---- 1 IP 10 User Guide 190 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 214
Switch 1 Verify 802.1Q VLAN configuration: Switch_1#show vlan VLAN Name Status --------- 1 System-VLAN Fa1/0/3 Fa1/0/2, Fa1/0/3 ■■ Switch 2 Verify 802.1Q VLAN configuration: Switch_2#show vlan VLAN Name Status Ports 1 System-VLAN active Fa1/0/1, Fa1/0/2, Fa1/0/3, - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 215
Configuring Protocol VLAN Configuration Example Verify protocol group configuration: Switch_2#show protocol-vlan vlan Index Protocol-Name VID 1 IP 10 2 IPv6 20 Priority -----0 0 Member ----------Fa1/0/1 Fa1/0/1 User Guide 192 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 216
the following table. Table 4-1 Default Settings of Protocol VLAN Parameter Default Setting 1 2 Protocol Template Table 3 4 5 IP Ethernet II ether-type 0800 ARP Ethernet II ether-type 0806 RARP Ethernet II ether-type 8035 IPX SNAP ether-type 8137 AT SNAP ether-type 809B User Guide 193 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 217
Part 9 Configuring GVRP CHAPTERS 1. Overview 2. GVRP Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 218
. VLAN 10 is configured on Switch A, and VLAN 1 is configured on Switch B and Switch C. Switch C can receive messages sent from Switch A in VLAN 10 only when the network administrator has manually created VLAN 10 on Switch B and Switch C. Figure 1-1 VLAN Topology Switch B VLAN 10 Switch A Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 219
2-1 Dynamic VLAN 2 Port 1 Port 2 Port 3 Switch B Port 4 Static VLAN 2 Static VLAN 2 Switch A Switch C Similarly, if you want to delete a VLAN from the link, two-way deregistration is required. And you need to manually delete the static VALN on both ends of the link. User Guide 196 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 220
or disable GVRP on the port. By default, it is disabled. Registration Mode Select VLANs, and can transmit only the static VLAN registration information. Forbidden: In this mode, the port is unable to dynamically register and deregister VLANs, and can transmit only information of VLAN 1. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 221
60 to 3000 centiseconds and should be an integral multiple of 5. The default value is 60 centiseconds. LAG Displays the LAG the port is in. the LAG. •• The egress rule of the ports dynamically added to the VLAN is tagged. •• The egress rule of the fixed port should be tagged. . User Guide 198 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 222
default, it is normal. normal: In this mode, the port can dynamically register and deregister VLANs, and transmit both dynamic and static VLAN deregister VLANs, and can transmit only information of VLAN 1. default value is 1000 centiseconds. For 3000 centiseconds and the default value is 60 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 223
LAG. •• The egress rule of the ports dynamically added to the VLAN is tagged. •• The egress rule of the fixed port should be default: Switch#configure Switch(config)#gvrp Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#gvrp Switch(config-if)#gvrp registration fixed Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 224
Network Topology Dept. A: VLAN 10 Switch 1 Dept. A: VLAN 10 Switch 3 Gi1/0/1 Gi1/0/1 Gi1/0/2 Gi1/0/2 Switch 5 Switch 6 ... Gi1/0/1 Gi1/0/1 Gi1/0/3 Gi1/0/3 Gi1/0/1 Gi1/0/1 Switch 2 Dept. B: VLAN 20 Switch 4 Dept. B: VLAN 20 3.2 Configuration Scheme To reduce manual configuration and - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 225
procedures take Switch 1, Switch 2 and Switch 5 as example. ■■ Configurations for Switch 1 1) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 10 and add tagged port 1/0/1 to it. Click Create. Figure 3-2 Create VLAN 10 User Guide 202 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 226
Keep the values of the timers as default. Click Apply. Figure 3-3 GVRP Configuration 3) Click to save the settings. ■■ Configurations for Switch 2 1) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 20 and add tagged port 1/0/1 to it - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 227
Create VLAN 20 Configuration Example 2) Choose the menu L2 FEATURES > VLAN > GVRP to load the following page. Enable GVRP globally, then click Apply. Select port 1/0/1, set Status as Enable, and set Registration Mode as Fixed. Keep the values of the timers as default. Click Apply. User Guide 204 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 228
settings. ■■ Configurations for Switch 5 1) Choose the menu L2 FEATURES > VLAN > GVRP to load the following page. Enable GVRP globally, then click Apply. Select ports 1/0/1-3, set Status as Enable, and keep the Registration Mode and the values of the timers as default. Click Apply. User Guide 205 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 229
Switch 1 1) Enable GVRP globally. Switch_1#configure Switch_1(config)#gvrp 2) Create VLAN 10. Switch_1(config)#vlan 10 Switch_1(config-vlan)#name Department_A Switch_1(config-vlan)#exit 3) Add tagged port 1/0/1 to VLAN 10. Enable GVRP on the port and set the registration mode as Fixed. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 230
Switch 2 1) Enable GVRP globally. Switch_2#configure Switch_2(config)#gvrp 2) Create VLAN 20. Switch_2(config)#vlan 20 Switch_2(config-vlan)#name Department_B Switch_2(config-vlan)#exit 3) Add tagged port 1/0/1 to VLAN switchport general allowed vlan 20 tagged Switch_2 Configurations for Switch 5 1) - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 231
Enabled Fixed 1000 20 60 N/A Gi1/0/2 Disabled Normal 1000 20 60 N/A ... ■■ Switch 2 Verify the global GVRP configuration: Switch_2#show gvrp global GVRP Global Status Enabled Verify JoinIn Leave LAG ---- ------ -------- Gi1/0/1 Enabled Fixed 1000 20 60 N/A User Guide 208 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 232
Configuring GVRP Configuration Example Gi1/0/2 Disabled Normal ... 1000 ■■ Switch 5 Verify global GVRP configuration: GVRP Global Status Enabled 20 60 N/A Verify GVRP 1000 20 60 N/A Gi1/0/3 Enabled Normal 1000 20 60 N/A Gi1/0/4 Disabled Normal 1000 20 60 N/A ... User Guide 209 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 233
settings of GVRP are listed in the following tables. Table 4-1 Default Settings of GVRP Parameter Global Config GVRP Port Config Status Registration Mode LeaveAll Timer Join Timer Leave Timer Default Setting Disabled Disabled Normal 1000 centiseconds 20 centiseconds 60 centiseconds User Guide 210 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 234
Part 10 Configuring Layer 2 Multicast CHAPTERS 1. Layer 2 Multicast 2. IGMP Snooping Configuration 3. MLD Snooping Configuration 4. MVR Configuration 5. Multicast Filtering Configuration 6. Viewing Multicast Snooping Information 7. Configuration Examples 8. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 235
and impacting information security. Multicast, however, solves all the problems caused by unicast and broadcast. With multicast, the source only provider can provide value-added services such as Online Live, IPTV Layer 2 Multicast allows Layer 2 switches to listen for IGMP (Internet Guide 212 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 236
Switch Source Router Port Member Port Snooping Switch IGMP querier, snooping switch, router port and member a Layer 3 switch) that sends Switch A snooping switch indicates a switch with IGMP Snooping enabled. The switch table, the switch can forward switch that is connecting to the IGMP querier. Member - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 237
Supported Features Layer 2 Multicast protocol for IPv4: IGMP Snooping On the Layer 2 device, IGMP Snooping transmits data on demand on data link MVR switch via the multicast VLAN IP multicast profiles (IGMP profiles or MLD profiles) and associating them with individual switch ports. User Guide 214 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 238
join a group. Note: IGMP Snooping takes effect only when it is enabled globally, in the corresponding VLAN and port at the same time. 2.1 Using the GUI 2.1.1 Configuring IGMP Snooping Globally Choose the global parameters. IGMP Snooping Enable or disable IGMP Snooping globally. User Guide 215 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 239
switch processes data that are sent to unknown multicast groups as Forward or Discard. By default, 2) Click Apply. Enable or disable Header Validation. By default, it is disabled. Generally, for IGMP packets, the 802.1Q VLAN. The switch supports configuring IGMP Snooping on a per-VLAN basis. After - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 240
Status Enable or disable IGMP Snooping for the VLAN. Fast Leave Enable or disable Fast Leave for the VLAN. IGMPv1 does not support Fast Leave. Without Fast Leave, after a receiver sends an IGMP leave message to leave a multicast group, the switch will forward the leave message to the Layer - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 241
port and delete it from the router port list. Specify the leave time for the VLAN. When the switch receives a leave message from a port to leave a multicast group, it will wait for enable IGMP Snooping Querier for a VLAN, IGMP Snooping should be enabled both globally and in the VLAN. User Guide 218 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 242
forwarding table. With IGMP Snooping Querier enabled, specify the source IP address of the general query messages sent by the switch. It should be a unicast address. Select one or more ports to be the static router ports in the VLAN. Static router ports do not age. Multicast streams and IGMP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 243
support fast leave. Fast Leave can be enabled on a per-port basis or per-VLAN basis. When enabled on a per-port basis, the switch will remove the port from the corresponding multicast group of all VLANs IGMP Snooping for VLANs". Displays the LAG - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 244
ports of the multicast group. Multicast IP Specify the address of the multicast group that the hosts need to join. VLAN ID Specify the VLAN that the hosts are in. Member Ports Step 2 configure Enter global configuration mode. ip igmp snooping Enable IGMP Snooping Globally. User Guide 221 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 245
IGMPv3, the way how the switch processes multicast streams that are sent to unknown multicast groups as discard. Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping version v3 Switch(config)#ipv6 mld snooping Switch(config)#ip igmp snooping drop-unknown User Guide 222 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 246
please refer to Configuring 802.1Q VLAN. The switch supports configuring IGMP Snooping on a per-VLAN basis. After IGMP Snooping is enabled VLANs. Valid values are from 60 to 600 seconds. By default, it is 260 seconds. Once the switch receives an IGMP membership report message from a port, the switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 247
to leave. ip igmp snooping vlan-config vlan-id-list report-suppression (Optional) Enable the Report Suppression for the VLANs. By default, it is disabled. When enabled, the switch will only being sent to the IGMP querier. vlan-id-list: Specify the ID or the ID list of the VLAN(s). User Guide 224 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 248
VLANs. By default, it is disabled. IGMPv1 does not support fast leave. Without Fast Leave, after a receiver sends an IGMP leave message to leave a multicast group, the switch to be configured as static router ports. ip igmp snooping vlan-config vlan-id-list router-ports-forbidden interface { - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 249
IGMP Snooping Configuration Step 9 ip igmp snooping vlan-config vlan-id-list querier (Optional) Enable the IGMP Snooping Querier for the VLAN. By default, it is disabled. When enabled, the switch acts as an IGMP Snooping Querier for the hosts in this VLAN. A querier periodically sends a general - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 250
member-query-interval 2 Switch(config)#ip igmp snooping vlan-config 1 querier last-member-query-count 3 Switch(config)#ip igmp snooping vlan-config 1 querier general-query sourceip192.168.0.5 Switch(config)#show ip igmp snooping vlan 1 Vlan Id: 1 ... Querier: Maximum Response Time: 15 User Guide 227 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 251
default, it is enabled. ip igmp snooping immediate-leave (Optional) Enable Fast Leave on the specified port. Fast Leave can be enabled on a per-port basis or per-VLAN basis. When enabled on a per-port basis, the switch IGMP Snooping and fast leave for port 1/0/13: Switch#configure User Guide 228 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 252
gigabitEthernet port-list| port-channel lag-list } vlan-id-list: Specify the ID or the ID list of the VLAN(s). ip: Specify the IP address of the multicast group that the hosts how to configure port 1/0/1-3 in VLAN 2 to statically join the multicast group 239.1.2.3: Switch#configure User Guide 229 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 253
239.1.2.3 interface gigabitEthernet 1/0/1-3 Switch(config)#show ip igmp snooping groups static Multicast-ip VLAN-id Addr-type Switch-port ------------ ------- --------- ----------- 239.1.2.3 2 static Gi1/0/1-3 Switch(config)#end Switch#copy running-config startup-config User Guide 230 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 254
MLD Snooping takes effect only when it is enabled globally, in the corresponding VLAN and port at the same time. 3.1 Using the GUI 3.1.1 Configuring MLD way in which the switch processes data that are sent to unknown multicast groups as Forward or Discard. By default, it is Forward. Unknown - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 255
that the router ports and the member ports are in. For details, please refer to Configuring 802.1Q VLAN. The switch supports configuring MLD Snooping on a per-VLAN basis. After MLD Snooping is enabled globally, you also need to enable MLD Snooping and configure the corresponding parameters for the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 256
the VLAN. Without to the switch, they will VLAN, the switch will remove the (Multicast Group, Port, VLAN VLAN. Once the switch receives an MLD report message from a port, the switch . If the switch does not receive VLAN. Once the switch receives an MLD general query message from a port, the switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 257
IP Static Router Ports Specify the leave time for the VLAN. When the switch VLAN will be forwarded through the static router ports. Multicast streams and MLD packets to the groups that have dynamic router ports will be also forwarded through the corresponding dynamic router ports. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 258
forbid them from being router ports in the VLAN. 3.1.3 Configuring MLD Snooping for Ports Choose the -VLAN basis. When enabled on a per-port basis, the switch will remove the port from the corresponding multicast group of all VLANs VLANs". LAG 2) Click Apply. Displays the LAG the port belongs - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 259
the static member ports of the multicast group. Multicast IP Specify the IPv6 address of the multicast group that the hosts need to join. VLAN ID Specify the VLAN that the hosts are in. Member Ports 2) Click configuration mode. ipv6 mld snooping Enable MLD Snooping Globally. User Guide 236 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 260
Configure the way how the switch processes multicast streams that are sent to unknown multicast groups as Discard. By default, it is Forward. Unknown details, please refer to Configuring 802.1Q VLAN. The switch supports configuring MLD Snooping on a per-VLAN basis. After MLD Snooping is enabled - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 261
router-time: Specify the aging time of the router ports in the specified VLANs. Valid values are from 60 to 600 seconds. By default, it is 300 seconds. Once the switch receives an MLD general query message from a port, the switch adds this port to the router port list. Router ports that are learned - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 262
Multicast MLD Snooping Configuration Step 5 Step 6 Step 7 Step 8 ipv6 mld snooping vlan-config vlan-id-list report-suppression (Optional) Enable Report Suppression for the VLANs. By default, it is disabled. When enabled, the switch will only forward the first MLD report message for each multicast - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 263
vlan-config vlan-id-list querier (Optional) Enable MLD Snooping Querier for the VLAN. By default, it is disabled. When enabled, the switch acts as an MLD Snooping Querier for the hosts in this VLAN switch. ip-addr: Specify the source IP address of the general query messages sent by the switch VLAN 1, - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 264
mld snooping vlan-config 1 querier last-listener-query-count 3 Switch(config)#ipv6 mld snooping vlan-config 1 querier general-query source-ip FE80::1 Switch(config)#show ipv6 mld snooping vlan 1 Vlan Id: 1 ... Querier: Enable Maximum Response Time: 15 Query Interval: 100 User Guide 241 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 265
Query Source IP: fe80::1 ... Switch(config)#end Switch#copy snooping Enable MLD Snooping for the port. By default, it is enabled. ipv6 mld snooping immediate-leave VLAN basis. When enabled on a per-port basis, the switch will remove the port from the corresponding multicast group of all VLANs - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 266
vlan-config vlan-id-list static ip vlan-id-list: Specify the ID or the ID list of the VLAN(s). ip: Specify the IP VLAN 2 to statically join the multicast group FF80::1234:01: Switch#configure Switch(config)#ipv6 mld snooping vlan-config 2 static FF80::1234:01 interface gigabitEthernet 1/0/1-3 Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 267
Configuring Layer 2 Multicast Multicast-ip VLAN-id Addr-type Switch-port ------- --------- ----------- ff80::1234:01 2 static Gi1/0/1-3 Switch(config)#end Switch#copy running-config startup-config MLD Snooping Configuration User Guide 244 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 268
Configure MVR for the ports. 5) (Optional) Statically add ports to MVR groups. Configuration Guidelines ■■ MVR does not support IGMPv3 messages. ■■ Do not configure MVR on private VLAN ports, otherwise MVR cannot take effect. ■■ MVR operates on the underlying mechanism of IGMP Snooping, but the two - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 269
switch via the multicast VLAN according to the multicast forwarding table. Multicast VLAN ID Specify an existing 802.1Q VLAN as the multicast VLAN. switch. Current Multicast Groups 2) Click Apply. Displays the current number of multicast groups that have been configured on the switch. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 270
need to manually add multicast IP / MVR Group Count Specify the start IP address and the number of contiguous series of multicast groups. Multicast data sent to the address specified here will be sent to all source ports on the switch IP Displays the IP address of multicast group. User Guide 247 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 271
Status Member Displays the status of the MVR group. In compatible mode, all the MVR groups are added manually, so the status is always active. In dynamic mode, there are two status: Inactive: The MVR group feature for the port. Mode Enable or disable MVR for the selected ports. User Guide 248 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 272
dynamic mode, you need to manually add them to the corresponding multicast groups. Receiver: Configure the ports that are connecting to the hosts as receiver ports. A receiver port can only belong to one VLAN, and cannot belong to the multicast VLAN. In both modes, the switch will add or remove the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 273
streams to the switch via the multicast VLAN according to the multicast forwarding table. mvr vlan vlan-id Specify the multicast VLAN. vlan-id: Specify the ID of the multicast VLAN. Valid values are are from 1 to100 tenths of a second, and the default value is 5 tenths of a second. User Guide 250 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 274
mvr vlan 2 Switch(config)#mvr querytime 5 Switch(config)#mvr group 239.1.2.3 3 Switch(config)#show mvr MVR :Enable MVR Multicast Vlan :2 MVR Max Multicast Groups :511 MVR Current Multicast Groups :3 MVR Global Query Response Time :5 (tenths of sec) MVR Mode Type :Compatible User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 275
Switch(config)#show mvr members MVR Group IP status Members 239.1.2.3 active 239.1.2.4 active 239.1.2.5 active Switch(config)#end Switch VLAN, and cannot belong to the multicast VLAN. mvr immediate (Optional) Enable the Fast Leave feature of MVR for the port. Only receiver ports support - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 276
add the port to an MVR group. Then the port can receive multicast traffic sent to the IP multicast address via the multicast VLAN. This command applies to only receiver ports. The switch adds or removes the receiver ports to the corresponding multicast groups by snooping the report and leave - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 277
Enable Receiver INACTIVE/InVLAN Gi1/0/7 Enable Source INACTIVE/InVLAN Switch(config-if-range)#show mvr members MVR Group IP status Members --------- 239.1.2.3 active Gi1/0/1-3, 1/0/7 Switch(config)#end Switch#copy running-config startup-config Immediate Leave Enable Enable - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 278
You can create multicast profiles for both IPv4 and IPv6 network. With multicast profile, the switch can define a blacklist or whitelist of multicast groups so as to filter multicast sources. The IPv6, choose the menu L2 FEATURES > Multicast > Multicast Filtering > IPv6 Profile. User Guide 255 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 279
multicast groups. Deny: Acts as a blacklist and prevents specific member ports from joining specific multicast groups. 2) In the IP-Range section, click to load the following page. Configure the start IP address and end IP address of the multicast groups to be filtered, and click Create. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 280
load the following page. Note: For IPv6, choose the menu L2 FEATURES > Multicast > Multicast Filtering > IPv6 Port Config. Figure 5-3 Configure Multicast Filtering for Ports User Guide 257 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 281
Valid values are from 1 to 511. Overflow Action Select the action the switch will take with the new multicast member groups when the number of multicast groups configure Enter global configuration mode. ip igmp profile id Create a new profile and enter profile configuration mode. User Guide 258 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 282
226.0.0.5 226.0.0.10 Switch(config-igmp-profile)#show ip igmp profile IGMP Profile 1 deny range 226.0.0.5 226.0.0.10 Switch(config)#end Switch#copy running-config startup-config Creating MLD Profile (Multicast Profile for IPv6) Step 1 configure Enter global configuration mode. User Guide 259 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 283
blacklist, indicating that the switch disallow specific member ports to join specific multicast groups. Step 4 range start-ip end-ip Configure the range of multicast IP addresses to be filtered. start-ip / end-ip: Specify the start IP address and end IP address of the IP range. Step 5 show ipv6 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 284
profile-id: Specify the ID of the profile to be bound. It should be an existing profile. ip igmp snooping max-groups maxgroup Configure the maximum number of multicast groups the port can join. maxgroup: Specify -config startup-config Save the settings in the configuration file. User Guide 261 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 285
Switch#configure Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#ip igmp snooping Switch(config-if)#ip igmp filter 1 Switch(config-if)#ip igmp snooping max-groups 50 Switch(config-if)#ip igmp snooping max-groups action drop Switch(config-if)#show ip profile. User Guide 262 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 286
gigabitEthernet 1/0/2 Switch(config-if)#ipv6 mld snooping Switch(config-if)#ipv6 mld filter 1 Switch(config-if)#ipv6 mld snooping max-groups 50 Switch(config-if)#ipv6 mld snooping max-groups action drop Switch(config-if)#show ipv6 mld profile MLD Profile 1 ... Binding Port(s) User Guide 263 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 287
Layer 2 Multicast Multicast Filtering Configuration Gi1/0/2 Switch(config-if)#show ipv6 mld snooping interface gigabitEthernet 1/0/2 max-groups Port Max-Groups Overflow-Action Gi1/0/2 50 Drops Switch(config)#end Switch#copy running-config startup-config User Guide 264 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 288
load the following page: Figure 6-1 IPv4 Multicast Table The multicast IP address table shows all valid Multicast IP-VLAN-Port entries: Multicast IP Displays the multicast source IP address. VLAN ID Displays the ID of the VLAN the multicast group belongs to. Source Displays the source of the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 289
Auto Refresh, or click Refresh. Auto Refresh Enable or disable Auto Refresh. When enabled, the switch will automatically refresh the multicast statistics. Refresh Interval After Auto Refresh is enabled, specify the the number of IGMPv1 report packets received by the port. User Guide 266 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 290
load the following page: Figure 6-3 IPv6 Multicast Table The multicast IP address table shows all valid Multicast IP-VLAN-Port entries: Multicast IP Displays the multicast source IP address. VLAN ID Displays the ID of the VLAN the multicast group belongs to. Source Displays the source of the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 291
Auto Refresh, or click Refresh. Auto Refresh Enable or disable Auto Refresh. When enabled, the switch will automatically refresh the multicast statistics. Refresh Interval After Auto Refresh is enabled, specify the Displays the number of done packets received by the port. User Guide 268 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 292
received by the port. 6.2 Using the CLI 6.2.1 Viewing IPv4 Multicast Snooping Information show ip igmp snooping groups [ vlan vlan-id ] [count | dynamic | dynamic count | static | static count ] Displays . clear ipv6 mld snooping statistics Clear all statistics of all MLD packets. User Guide 269 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 293
Requirements Host B, Host C and Host D are in the same VLAN of the switch. All of them want to receive multicast streams sent to multicast group Querier Gi1/0/1 Gi1/0/4 Gi1/0/3 Gi1/0/2 Host B Receiver Host C Receiver VLAN 10 Host D Receiver 7.1.2 Configuration Scheme ■■ Add the three member - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 294
■■ Enable IGMP Snooping on the ports. Demonstrated with T1500-28PCT , this section provides configuration procedures in two ways: using the GUI and using the CLI. 7.1.3 Using the GUI 1) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 295
> Global Config to load the following page. In the Global Config section, enable IGMP Snooping globally. Configure the IGMP version as v3 so that the switch can process IGMP messages of all versions. Then click Apply. Figure 7-4 Configure IGMP Snooping Globally 4) In the IGMP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 296
load the following page. Enable IGMP Snooping for ports 1/0/1-4. Figure 7-6 Enable IGMP Snooping for the Ports 6) Click to save the settings. 7.1.4 Using the CLI 1) Create VLAN 10. Switch#configure Switch(config)#vlan 10 Switch(config-vlan)#name vlan10 Switch(config-vlan)#exit User Guide 273 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 297
IGMP Snooping globally. Switch(config)#ip igmp snooping 5) Enable IGMP Snooping in VLAN 10. Switch(config)#ip igmp snooping vlan-config 10 6) Enable IGMP Snooping on port 1/0/1-4. Switch(config)#interface range fastEthernet 1/0/1-4 Switch(config-if-range)#ip igmp snooping Switch(config-if-range - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 298
the ports and in the VLAN: Switch(config)#show ip igmp snooping IGMP Snooping : C and Host D are in three different VLANs of the switch. All of them want to receive multicast streams 1/0/1, port 1/0/2 and port 1/0/3 belong to VLAN 10, VLAN 20 and VLAN 30 respectively. Port 1/0/4 is connected to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 299
to statically configure the Querier to transmit the streams of multicast group 225.1.1.1 to the switch via the multicast VLAN. Here we take the MVR dynamic mode as an example. Demonstrated with T1500-28PCT , this section provides configuration procedures in two ways: using the GUI and using the CLI - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 300
2 Multicast Figure 7-8 VLAN Configurations for Port 1/0/1-3 Configuration Examples Figure 7-9 PVID for Port 1/0/1-3 2) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 40 and add port 1/0/4 to the VLAN as Tagged port. User Guide 277 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 301
the menu L2 FEATURES > Multicast > MVR > MVR Config to load the following page. Enable MVR globally, and configure the MVR mode as Dynamic, multicast VLAN ID as 40. Figure 7-11 Configure MVR Globally 4) Choose the menu L2 FEATURES > Multicast > MVR > MVR Group Config and click to load the following - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 302
, and configure the PVID of port 1/0/1 as 10, port 1/0/2 as 20, port 1/0/3 as 30. Add port 1/0/4 to VLAN 40 as tagged port and configure the PVID as of port 1/0/4 as 40. Switch(config)#interface fastEthernet 1/0/1 Switch(config-if)#switchport general allowed vlan 10 untagged User Guide 279 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 303
/0/1-3 only belong to VLAN 10, VLAN 20 and VLAN 30 respectively. If not, delete them from the other VLANs. By default, all ports are in VLAN 1, so you need to delete them from VLAN 1. Switch(config)#show vlan brief VLAN Name Status Ports --------- 1 System-VLAN active Gi1/0/1, Gi1 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 304
Status --------- 1 System-VLAN active 10 VLAN10 active 20 VLAN20 active 30 VLAN30 active 40 VLAN40 active Show the brief information of MVR: Switch(config)#show mvr MVR Ports Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, ... Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 :Enable User Guide 281 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 305
: Switch(config)#show mvr members MVR Group IP Status ------------ 225.1.1.1 active Members Gi1/0/4 7.3 Example for Configuring Unknown Multicast and Fast Leave 7.3.1 Network Requirement A user experiences lag when he is changing channel on his IPTV. He wants solutions to this problem - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 306
VLAN 10 Gi1/0/2 VLAN and configure the switch to discard unknown T1500-28PCT , this section provides configuration procedures in two ways: using the GUI and using the CLI. 7.3.3 Using the GUI 1) Create VLAN 10. Add port 1/0/2 to the VLAN , refer to Configuring 802.1Q VLAN. 2) Choose the menu L2 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 307
following page. Enable IGMP Snooping for VLAN 10. Figure 7-16 Enable IGMP Snooping for VLAN 10 4) Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Port Config to load the following page. Enable IGMP Snooping on port 1/0/2 and port 1/0/4 and enable Fast Leave on port 1/0/2. User Guide 284 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 308
-if)#ip igmp snooping Switch(config-if)#ip igmp snooping immediate-leave Switch(config-if)#exit Switch(config)#interface fastEthernet 1/0/4 Switch(config-if)#ip igmp snooping Switch(config-if)#exit 4) Enable IGMP Snooping in VLAN 10. Switch(config)#ip igmp snooping vlan-config 10 User Guide 285 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 309
Switch(config)#end Switch#copy running-config startup-config Verify the Configurations Show global settings of IGMP Snooping: Switch(config)#show ip VLAN:10 Show settings of IGMP Snooping on port 1/0/2: Switch(config)#show ip mechanism (profile binding), the switch can only allow specific member - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 310
Querier VLAN 10 Gi1/0/1 Gi1/0/4 Gi1/0/3 Gi1/0/2 Host B Receiver Host C Receiver Host D Receiver Demonstrated with T1500-28PCT , this PVID of the four ports as 10. For details, refer to Configuring 802.1Q VLAN. 2) Choose the menu L2 FEATURES > Multicast > IGMP Snooping > Global Config to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 311
Configuring Layer 2 Multicast Figure 7-19 Enable IGMP Snooping Globally Configuration Examples 3) In the IGMP VLAN Config section, click in VLAN 10 to load the following page. Enable IGMP Snooping for VLAN 10. Figure 7-20 Enable IGMP Snooping for VLAN 10 User Guide 288 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 312
Profile and click to load the following page. Create Profile 1, specify the mode as Permit, bind the profile to port 1/0/2-3, and specify the filtering multicast IP address as 225.0.0.1. Then click Back to return to the IPv4 Profile Table page. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 313
Examples 6) Click again to load the following page. Create Profile 2, specify the mode as Deny, bind the profile to port 1/0/1, and specify the filtering multicast IP address as 225.0.0.2. User Guide 290 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 314
-vlan)#exit 2) Add port 1/0/1-3 to VLAN 10 and set the link type as untagged. Add port 1/0/4 to VLAN 10 and set the link type as tagged. Switch(config)#interface range fastEthernet 1/0/1-3 Switch(config-if-range)#switchport general allowed vlan 10 untagged Switch(config-if-range)#exit User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 315
IGMP Snooping Globally. Switch(config)#ip igmp snooping 5) Enable IGMP Snooping in VLAN 10. Switch(config)#ip igmp snooping vlan-config 10 6) Enable IGMP Snooping on port 1/0/1-4. Switch(config)#interface range fastEthernet 1/0/1-4 Switch(config-if-range)#ip igmp snooping Switch(config-if-range - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 316
:V3 ... Enable Port:Gi1/0/1-4 Enable VLAN:10 Show all profile bindings: Switch(config)#show ip igmp profile IGMP Profile 1 permit range 225.0.0.1 225.0.0.1 Binding Port(s) Gi1/0/2-3 IGMP Profile 2 deny range 225.0.0.2 225.0.0.2 Binding Port(s) Gi1/0/1 Configuration Examples User Guide 293 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 317
Default Parameters 8 Appendix: Default Parameters 8.1 Default Parameters for IGMP Snooping Table 8-1 Default Snooping Settings in the VLAN IGMP Snooping Querier Count General Query Source IP Static Router Ports Settings Static Multicast Group Entries Default Setting Disabled v3 Forward - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 318
Time Router Port Aging Time Leave Time MLD Snooping Settings in the VLAN MLD Snooping Querier Query Interval Maximum Response Time Last Listener Query Interval Last Listener Query Count General Query Source IP Static Router Ports Forbidden Router Ports MLD Snooping Settings on the Port - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 319
Configuring Layer 2 Multicast Appendix: Default Parameters 8.3 Default Parameters for MVR Table 8-3 Default Parameters of MVR Function Parameter MVR MVR Mode Global Settings of MVR Multicast VLAN ID Query Response Time Maximum Multicast Groups MVR Group Settings MVR Group Entries MVR - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 320
Part 11 Configuring Spanning Tree CHAPTERS 1. Spanning Tree 2. STP/RSTP Configurations 3. MSTP Configurations 4. STP Security Configurations 5. Configuration Example for MSTP 6. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 321
Block specific ports of the switches to build a loop-free VLANs will be transmitted along their respective paths, implementing load balancing. 1.2 Basic Concepts 1.2.1 STP/RSTP Concepts Based on the networking topology below, this section will introduce some basic concepts in STP/RSTP. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 322
6-byte MAC address. The priority is allowed to be configured manually on the switch, and the switch with the lowest priority value will be elected as the root bridge. If the priority of port for it receives better BPDUs from another switch, it will become an alternate port. User Guide 299 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 323
. ■■ Backup Port If a port is not selected as the designated port for it receives better BPDUs from the switch it belongs to, it will become an backup port. In RSTP/MSTP, the backup port is the backup for status is the grouping of STP's Blocking, Listening and Disabled, and the User Guide 300 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 324
Learning and Forwarding status specified in STP. In TP-Link switches, the port status includes: Blocking, Learning, manually configured on each port. If not, the path cost values are automatically calculated according to the link speed as shown below: Table 1-1 The Default Path Cost Value Link - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 325
downstream switch. The bridge ID, root path cost, port priority and so on. Switches share these information to help determine the spanning tree topology. 1.2.2 Region An MST region consists of multiple interconnected switches. The switches with the same following characteristics are considered as in - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 326
VLANs and instances. Multiple VLANs can be mapped to a same instance, but one VLAN can be mapped to only one instance. As Figure 1-4 shows, VLAN 3 is mapped to instance 1, VLAN 4 and VLAN 5 are mapped to instance 2, the other VLANs ID 0. By default, all the VLANs are mapped to all the switches in the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 327
failures. It is recommended to enable this function on root ports and alternate ports. If the switch cannot receive BPDUs because of link congestions or link failures, the root port will become a designated port and the alternate port will transit to forwarding status, so loops will occur. With Loop - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 328
this function on the ports of non-root switches. A switch removes MAC address entries upon receiving TC-BPDUs a large number of TC-BPDUs to a switch in a short period, the switch will be busy with removing MAC address entries, switch will not remove MAC address entries in the TC protect cycle. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 329
Guidelines ■■ Before configuring the spanning tree, it's necessary to make clear the role that each switch plays in a spanning tree. ■■ To avoid any possible network flapping caused by STP/RSTP parameter load the following page. Figure 2-1 Configuring STP/RSTP Parameters on Ports User Guide 306 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 330
designated port, it can transit its state to forwarding directly. Three options are supported: Auto, Open(Force) and Closed(Force). By default, it is Auto. Auto: The switch automatically checks if the port is connected to a P2P link, then sets the status as Open or Closed. Open(Force): A port is set - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 331
device. The MCheck configuration can take effect only once, after that the MCheck status of the port will switch to Disabled. Port Mode Port Role Port Status LAG 2) Click Apply. Displays the spanning tree mode of Spanning Tree > STP Config > STP Config to load the following page. User Guide 308 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 332
test the link failures and maintain the spanning tree. Max Age Specify the maximum time that the switch can wait without receiving a BPDU before attempting to regenerate a new spanning tree. The default value is number of BPDU that can be sent in a second. The default value is 5. User Guide 309 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 333
. Mode Select the desired spanning tree mode as STP/RSTP on the switch. By default, it's STP. STP: Specify the spanning tree mode as STP. switch after all the configurations are finished. Choose the menu L2 FEATURES > Spanning Tree > STP Config > STP Summary to load the following page. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 334
bridge. The local bridge is the current switch. Root Bridge Displays the bridge ID of the root bridge. External Path Cost Displays the root path cost from the switch to the root bridge. Regional Root Bridge It cost is the root path cost from the switch to the root bridge of IST. It is not displayed when - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 335
bridge ID of the designated bridge. The designated bridge is the switch that has designated ports. Displays the root port of the current switch. Displays the latest time when the topology is changed. Displays how mode. spanning-tree Enable spanning tree function for desired ports. User Guide 312 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 336
be an integral multiple of 16, ranging from 0 to 240. The default value is 128. Ports with lower values have higher priority. When the root to forwarding directly. Auto indicates that the switch automatically checks if the port is connected to a P2P link, then sets the status as Open or User Guide 313 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 337
LAG N/A LnkDwn N/A Switch(config-if)#end Switch#copy running-config the priority of the switch. pri: Specify the priority for the switch. The valid value is switch with the lower value has the higher priority. In STP/RSTP, the value is the priority of the switch in spanning tree. The switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 338
seconds, and the default value is 15 and the default value is 2. The link failures and maintain the spanning tree. max-age: Specify the value of Max Age. It is the maximum time that the switch default value is 5. show spanning-tree bridge (Optional) View the global STP/RSTP parameters of the switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 339
Max-Hops -------- Enable Rstp 36864 2 12 20 5 20 Switch(config)#end Switch#copy running-config startup-config 2.2.3 Enabling STP/RSTP Globally Follow verify the configurations: Switch#configure Switch(config)#spanning-tree mode rstp Switch(config)#spanning-tree User Guide 316 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 340
Configuring Spanning Tree STP/RSTP Configurations Switch(config)#show spanning-tree active Spanning tree is enabled Spanning-tree's mode: Yes(auto) Rstp Role Status LAG Desg Fwd N/A Desg Fwd N/A Desg Fwd N/A Switch(config)#end Switch#copy running-config startup-config User Guide 317 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 341
Guidelines ■■ Before configuring the spanning tree, it's necessary to make clear the role that each switch plays in a spanning tree. ■■ To avoid any possible network flapping caused by MSTP parameter changes load the following page. Figure 3-1 Configuring the Parameters of the Ports User Guide 318 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 342
the root path of the port is the same as other ports', the switch will compare the port priorities between these port and select a root port cost. The default setting is Auto, which means the port calculates the external path cost automatically according to the port's link speed. For STP Guide 319 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 343
state to forwarding directly. Three options are supported: Auto, Open(Force) and Closed(Force). By default, it is Auto. Auto: The switch automatically checks if the port is connected to a P2P link, then sets the status as Open that the port is not participating in the spanning tree. User Guide 320 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 344
revision level, VLAN-Instance mapping of the switch. The switches with the same region name, the same revision level and the same VLAN-Instance mapping are . By default, it is the MAC address of the switch. Revision 2) Click Apply. Enter the revision level. By default, it is 0. User Guide 321 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 345
root bridge for the instance. Switches with a lower value have higher priority, and the switch with the highest priority will be elected as the root bridge in the corresponding instance. Enter the VLAN ID to map the VLAN to the desired instance or unbind the VLAN-instance mapping. User Guide 322 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 346
the root path of the port is the same as other ports', the switch will compare the port priorities between these ports and select a root port to 2000000. The default setting is Auto, which means the port calculates the external path cost automatically according to the port's link speed. The port - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 347
root path cost from the region to the root bridge in CIST. In CIST, each region is regarded as a switch, and the master port is the root port of the corresponding region. Disabled: Indicates that the port is not connected to any device. Displays the LAG which the port belongs to. User Guide 324 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 348
BPDUs at an interval of Hello Time. It works with the MAX Age to test the link failures and maintain the spanning tree. Max Age Specify the maximum time that the switch can wait without receiving a BPDU before attempting to regenerate a new spanning tree. The default calue is 20. User Guide 325 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 349
from listening to learning. The default value is 15. It is used default value is 5. Specify the maximum BPDU hop counts that can be forwarded in a MST region. The default value is 20. A switch desired spanning tree mode as STP/RSTP on the switch. By default, it's STP. STP: Specify the spanning tree - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 350
of the spanning tree function. Spanning-Tree Mode Displays the spanning tree mode. Local Bridge Displays the bridge ID of the local switch. The local bridge is the current switch. Root Bridge Displays the bridge ID of the root bridge in CIST. External Path Cost Displays the external path cost - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 351
Internal Path Cost Displays the internal path cost. It is the root path cost from the current switch to the root bridge in IST. Designated Bridge Displays the bridge ID of the designated bridge in CIST id | range port-channel port-channel-list} Enter interface configuration mode. User Guide 328 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 352
the root port of the switch in IST. portfast { enable | disable }: Enable to set the port as an edge port. By default, it is disabled. When state to forwarding directly. Auto indicates that the switch automatically checks if the port is connected to a P2P link, then sets the status as Open or - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 353
Edge P2p Mode Role Status Gi1/0/3 Enable 32 Auto Auto No No(auto) N/A N/A LnkDwn MST-Instance 5 Interface Prio Cost Role Status Gi1/0/3 144 200 N/A LnkDwn Switch(config-if)#end Switch#copy running-config startup-config User Guide 330 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 354
and the priority of the switch in the instance: Step default value is 32768. It is used to determine the root bridge for the instance. Switches with a lower value have higher priority, and the switch Specify to display the digest calculated by instance-vlan map. instance-id: Specify the Instance ID - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 355
VLAN 2-VLAN 6 are mapped to instance 5: Switch#configure Switch(config)#spanning-tree mst configuration Switch(config-mst)#name R1 Switch(config-mst)#revision 100 Switch(config-mst)#instance 5 vlan 2-6 Switch port-channel port-channel-list} Enter interface configuration mode. User Guide 332 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 356
of the path cost in the corresponding instance. The valid values are from 0 to 2000000. The default setting is Auto, which means the port calculates the external path cost automatically according to the port's link speed. The port with the lowest root path cost will be elected as the root port of - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 357
test the link failures and maintain the spanning tree. max-age: Specify the value of Max Age. It is the maximum time that the switch can wait without receiving a BPDU before attempting to regenerate a new spanning tree. The valid values are from 6 to 40 in seconds, and the default value - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 358
before the BPDU is discarded. The valid values are from 1 to 40 in hop, and the default value is 20. Step 6 show spanning-tree bridge (Optional) View the global parameters of the switch. Step 7 end Return to privileged EXEC mode. Step 8 copy running-config startup-config Save the settings - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 359
as MSTP and enable spanning tree function globally : Switch#configure Switch(config)#spanning-tree mode mstp Switch(config)#spanning-tree Switch(config)#show spanning-tree active Spanning tree is enabled -13-23-97 External Cost : 200000 Root Port : Gi/0/20 Designated Bridge User Guide 336 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 360
: 32768 Address : 00-0a-eb-13-12-ba Interface Prio Cost Role Status Gi/0/16 128 200000 Altn Blk Gi/0/20 128 200000 Mstr Fwd Switch(config)#end Switch#copy running-config startup-config User Guide 337 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 361
or disable Loop Protect. It is recommended to enable this function on root ports and alternate ports. When there are link congestions or link failures in the network, the switch will not receive BPDUs from the upstream device in time. Loop Protect is used to avoid loop caused by the recalculation - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 362
situation. If edge ports receive BPDUs, it may be an attack. BPDU Protect is used to protect the switch from the attack talked above. With BPDU protect function enabled, the edge ports will be shutdown when they feature for ports: Step 1 configure Enter global configuration mode. User Guide 339 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 363
to enable this function on root ports and alternate ports. When there are link congestions or link failures in the network, the switch will not receive BPDUs from the upstream device in time. Loop Protect is used enabled, the port does not forward BPDUs from the other switches. User Guide 340 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 364
Switch(config-if)#show spanning-tree interface-security gigabitEthernet 1/0/3 Interface BPDU-Filter BPDU-Guard Loop-Protect Root-Protect TC-Protect BPDU-Flood Gi1/0/3 Enable Enable Enable Enable Disable Enable Switch(config-if)#end Switch#copy running-config startup-config User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 365
STP and RSTP, can map VLANs to instances to implement load-balancing switches. Traffic in VLAN 101-VLAN 106 is transmitted in this network. The link speed between the switches is 100Mb/s (the default to configure MSTP function on the switches. Map the VLANs to different instances to ensure traffic - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 366
storm. 5.3 Using the GUI ■■ Configurations for Switch A 1) Choose the menu L2 FEATURES > Spanning Tree > STP Config > STP Config to load the following page. Enable MSTP function globally, here we leave the values of the other global parameters as default settings. Click Apply. User Guide 343 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 367
MSTP Parameters of the Switch Configuration Example for MSTP 2) Choose the menu L2 FEATURES > Spanning Tree > STP Config > Port Config to load the following page. Enable spanning tree function on port 1/0/1 and port 1/0/2. Here we leave the values of the other parameters as default settings. Click - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 368
1 and set the priority as 32768; map VLAN104-VLAN106 to instance 2 and set the priority as 32768. Click Create. Figure 5-6 Configuring the VLAN-Instance Mapping 5) Choose the menu L2 FEATURES > Spanning Tree > MSTP Instance > Instance Port Config to load the following page. Set the path cost - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 369
MSTP Parameters of the Switch 2) Choose the menu L2 FEATURES > Spanning Tree > STP Config > Port Config to load the following page. Enable the spanning tree function on port 1/0/1 and port 1/0/2. Here we leave the values of the other parameters as default settings. Click Apply. User Guide 346 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 370
VLAN101-VLAN103 to instance 1 and set the Priority as 0; map VLAN104VLAN106 to instance 2 and set the priority as 32768. Click Create. Figure 5-11 Configuring the VLAN-Instance Mapping User Guide 347 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 371
the path cost of port 1/0/2 in instance 2 as 300000 so that port 1/0/1 of switch A can be selected as the designated port. Figure 5-12 Configure the Path Cost of other global parameters as default settings. Click Apply. Figure 5-13 Configure the Global MSTP Parameters of the Switch User Guide 348 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 372
on port 1/0/1 and port 1/0/2. Here we leave the values of the other parameters as default settings. Click Apply. Figure 5-14 Enable Spanning Tree Function on Ports 3) Choose the menu as 0. Click Create. Figure 5-16 Configuring the VLAN-Instance Mapping 5) Click to save the settings. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 373
2 vlan 104-106 Switch(config-mst)#end Switch#copy running-config startup-config ■■ Configurations for Switch B 1) Configure the spanning tree mode as MSTP, then enable spanning tree function globally. Switch#configure Switch(config)#spanning-tree mode mstp Switch(config)#spanning-tree User Guide 350 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 374
spanning-tree mst configuration Switch(config-mst)#name 1 Switch(config-mst)#revision 100 Switch(config-mst)#instance 1 vlan 101-103 Switch(config-mst)#instance 2 vlan 104-106 Switch(config-mst)#exit Switch(config)#spanning-tree mst instance 1 priority 0 Switch(config)#end Switch#copy running-config - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 375
spanning-tree mst configuration Switch(config-mst)#name 1 Switch(config-mst)#revision 100 Switch(config-mst)#instance 1 vlan 101-103 Switch(config-mst)#instance 2 vlan 104-106 Switch(config-mst)#exit Switch(config)#spanning-tree mst instance 2 priority 0 Switch(config)#end Switch#copy running-config - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 376
128 200000 Altn Blk N/A Verify the configurations of Switch A in instance 2: Switch(config)#show spanning-tree mst instance 2 MST- N/A Gi1/0/2 128 200000 Root Fwd N/A ■■ Switch B Verify the configurations of Switch B in instance 1: Switch(config)#show spanning-tree mst instance 1 MST-Instance - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 377
Cost Role Status Gi1/0/1 128 200000 Desg Fwd Gi1/0/2 128 200000 Desg Fwd Verify the configurations of Switch B in instance 2: Switch(config)#show spanning-tree mst instance 2 MST-Instance 2 Root Bridge Priority : 0 Address : 3c /0/2 128 300000 Root Fwd Configuration Example for MSTP User Guide 354 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 378
Configuring Spanning Tree ■■ Switch C Verify the configurations of Switch C in instance 1: Switch(config)#show spanning-tree 200000 Desg Fwd Gi1/0/2 128 200000 Root Fwd Verify the configurations of Switch C in instance 2: Switch(config)#show spanning-tree mst instance 2 MST-Instance 2 Root Bridge - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 379
Configuring Spanning Tree Local Bridge Priority : 0 Address : 3c-46-d8-9d-88-f7 Interface Prio Cost Role Status Gi1/0/1 128 200000 Desg Fwd Gi1/0/2 128 200000 Desg Fwd Configuration Example for MSTP User Guide 356 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 380
Port Parameters Parameter Default Setting Status Disabled Priority 128 Ext-Path Cost Auto In-Path Cost Auto Edge Port Disabled P2P Link Auto MCheck ------ Table 6-3 Default Settings of the MSTP Instance Parameter Default Setting Status Disabled Revision Level 0 User Guide 357 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 381
Port Priority 128 Path Cost Auto Table 6-4 Default Settings of the STP Security Parameter Default Setting Loop Protect Disabled Root Protect Disabled TC Guard Disabled BPDU Protect Disabled BPDU Filter Disabled BPDU Forward Enabled Appendix: Default Parameters User Guide 358 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 382
Part 12 Configuring LLDP CHAPTERS 1. LLDP 2. LLDP Configurations 3. LLDP-MED Configurations 4. Viewing LLDP Settings 5. Viewing LLDP-MED Settings 6. Configuration Example 7. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 383
switch supports LLDP and LLDP-MED. LLDP allows the local device to encapsulate its management address, device ID, interface ID and other information into a LLDPDU (Link capacity and more to the media endpoint devices (for example, IP phones) for auto-configuration. The media endpoint devices receive - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 384
port. 2.1 Using the GUI 2.1.1 Configuring LLDP Globally Choose the L2 FEATURES > LLDP > LLDP Config > Global Config to load the following page. Figure 2-1 Global Config User Guide 361 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 385
also enable the switch to forward LLDP Enable the switch to forward neighbors. The default is 30 seconds before discarding it. The default value is 4. TTL= attempted. The default value is The default value the NMS. The default value is 5. to Tx&RX (or Tx_Only). The default value is 3. In this case, - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 386
drop the received LLDP packets. Notification Mode (Optional) Enable the switch to send trap messages to the NMS when the information of the Specify the Management IP address of the port to be notified to the neighbor. Value 0.0.0.0 means the port will notify its default management address to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 387
or of manual set override action. FS: Used to advertise the maximum frame size capability of the implemented MAC and PHY. PW: Used to advertise the port's PoE (Power over Ethernet) support capabilities. 2.2 Using the CLI 2.2.1 Global Config Enable the LLDP feature on the switch and configure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 388
local device waits before sending another LLDP packet to its neighbors. The default is 2 seconds. notify-interval: Enter the interval between successive Trap -count=3. Switch#configure Switch(config)#lldp Switch(config)#lldp hold-multiplier 4 Switch(config)#lldp timer tx-interval 30 User Guide 365 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 389
Repeat Count: 4 Switch(config)#end Switch#copy running-config startup default. lldp snmp-trap (Optional) Enable the Notification Mode feature on the port. If it is enabled, the local device will send trap messages to the NMS when neighbor information changed. It is disabled by default. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 390
Switch(config-if)#show lldp interface gigabitEthernet 1/0/1 LLDP interface config: gigabitEthernet 1/0/1: Admin Status: TxRx SNMP Trap: Enabled TLV Status --- ------ Port-Description Yes System-Capability Yes System-Description Yes System-Name Yes Management-Address Yes User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 391
Configuring LLDP Port-VLAN-ID Yes Protocol-VLAN-ID Yes VLAN-Name Yes Link-Aggregation Yes MAC-Physic Yes Max-Frame-Size Yes Power Yes Switch(config-if)#end Switch#copy running-config startup-config LLDP Configurations User Guide 368 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 392
detailed instructions. 3.1 default is 4. If the switch receives LLDP-MED packets from the neighbor endpoints for the first time, it will send the specified number of LLDP-MED packets carrying LLDP-MED information. After that, the transmit interval will be restored to the specified value. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 393
device class. LLDP-MED defines two device classes, Network Connectivity Device and Endpoint Device. The switch is a Network Connectivity device. 3.1.2 Configuring LLDP-MED for Ports Choose the menu L2 FEATURES Number or select Civic Address to configure the details. Click Apply. User Guide 370 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 394
Extended Power-Via-MDI Inventory Emergency Number Used to advertise VLAN configuration and the associated Layer 2 and Layer 3 attributes of seven basic Inventory management TLVs, that is, Hardware Revision TLV, Firmware Revision TLV, Software Revision TLV, Serial Number TLV, Manufacturer Name - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 395
of the local device, DHCP Server, Switch or LLDP-MED Endpoint. Country Code: Enter lldp Enable the LLDP feature on the switch. lldp med-fast-count count (Optional from 1 to 10. The default is 4. show lldp Display the Switch#configure Switch(config)#lldp Switch(config)#lldp med-fast-count 4 Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 396
: 3 LLDP-MED Fast Start Repeat Count: 4 Switch(config)#end Switch#copy running-config startup-config 3.2.2 Port Config Select Configure the LLDP-MED TLVs included in the outgoing LLDP packets. By default, the outgoing LLDP packets include all TLVs. If LLDP-MED Location TLV port. User Guide 373 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 397
Switch(config)#lldp Switch(config)#lldp med-fast-count 4 Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#lldp med-status Switch(config-if)#lldp med-tlv-select all Switch Management-Address Yes Port-VLAN-ID Yes Protocol-VLAN-ID Yes VLAN-Name Yes Link-Aggregation Yes MAC- - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 398
Configuring LLDP LLDP-MED Status: Enabled TLV Status --- ------ Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes Switch(config)#end Switch#copy running-config startup-config LLDP-MED Configurations User Guide 375 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 399
Device Info ■■ Viewing the Local Info Choose the menu L2 FEATURES > LLDP > LLDP Config > Local Info to load the following page. Figure 4-1 Local Info User Guide 376 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 400
Displays the supported capabilities of the local system. System Capabilities Enabled Displays the primary functions of the local device. Management Address Type Displays the management IP address type of the local device. Management Address Displays the management IP address of the local - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 401
LLDP Settings Port And Protocol Supported Displays whether the local device supports port and protocol VLAN feature. Port And Protocol VLAN Enabled Displays the status of the port and protocol VLAN feature. VLAN Name of VLAN 1 Displays the VLAN name of VLAN 1 for the local device. Protocol - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 402
the port ID of the neighbor device which is connected to the local port. Information Click to view the details of the neighbor device. User Guide 379 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 403
the local device. Each port can learn a maximum of 80 neighbor device, and the subsquent neighbors will be dropped when the limit is exceeded. User Guide 380 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 404
LLDP Statistics show lldp traffic interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port } View the statistics of the corresponding port on the local device. User Guide 381 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 405
Configuring LLDP 5 Viewing LLDP-MED Settings Viewing LLDP-MED Settings 5.1 Using GUI Choose the menu L2 FEATURES > LLDP > LLDP-MED Config > Local Info to load the following page. ■■ Viewing the Local Info Figure 5-1 LLDP-MED Local Info User Guide 382 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 406
-MED. Application Type Displays the supported applications of the local device. VLAN tagged Displays the VLAN Tag type of the applications, tagged or untagged. Media Policy VLAN ID Displays the 802.1Q VLAN of the local device. Firmware Revision Displays the firmware revision of the local - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 407
of the neighbor device. Power Type Displays the power type of the neighbor device. Information View more LLDP-MED details of the neighbor device. User Guide 384 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 408
connected to the port. ■■ Viewing LLDP Statistics show lldp traffic interface { fastEthernet port | gigabitEthernet port | tengigabitEthernet port } View the statistics of the corresponding port. User Guide 385 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 409
about the link situation and network topology so that he can troubleshoot the potential Switch A and Switch B: The configurations of Switch A and Switch B are similar. The following introductions take Switch A as an example. Demonstrated with T1500-28PCT default settings as an example. User Guide 386 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 410
the TLVs included in the outgoing LLDP packets. Figure 6-3 LLDP Port Config 6.5 Using CLI 1) Enable LLDP globally and configure the corresponding parameters. Switch_A#configure User Guide 387 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 411
Delay: 2 seconds Initialization Delay: 2 seconds Trap Notification Interval: 5 seconds Fast-packet Count: 3 LLDP-MED Fast Start Repeat Count: 4 View LLDP settings on each port User Guide 388 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 412
System-Description Yes System-Name Yes Management-Address Yes Port-VLAN-ID Yes Protocol-VLAN-ID Yes VLAN-Name Yes Link-Aggregation Yes MAC-Physic Yes Max-Frame-Size Yes Power local-information interface fastEthernet 1/0/1 LLDP local Information: fastEthernet 1/0/1: User Guide 389 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 413
/0/1 Port description: FastEthernet1/0/1 Interface TTL: 120 System name: T1500-28PCT System description: JetStream 24-Port 10/100Mbps + 4 -Port Gigabit Smart PoE+ Switch System capabilities supported: Bridge System capabilities enabled: Bridge Management address type: ipv4 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 414
Application type: Unknown policy: Tagged: VLAN ID: Layer 2 Priority: DSCP: Power Value: Hardware Revision: Firmware Revision: Software Revision: Switch CN PSE Device Primary Low 30.0w T1500-28PCT 3.0 Reserved 3.0.0 Build 20180309 Rel.34341(s) Reserved TP-Link T1500-28PCT 3.0 unknown User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 415
/0/2 Port description: GigabitEthernet1/0/2 Interface TTL: 120 System name: T1500-28PCT System description: JetStream 48-Port Gigabit Smart PoE Switch with 4 SFP Slots System capabilities supported: Bridge Router System capabilities enabled: Bridge Router Management address type - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 416
Configuring LLDP Link aggregation supported: Link aggregation enabled: Aggregation port ID: Power port class: PSE power supported: PSE power enabled: PSE pairs control ability: Maximum frame size: Yes No 0 PSE Yes No No 1518 Configuration Example User Guide 393 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 417
LLDP Settings on the Port Parameter Admin Status Notification Mode Included TLVs Default Setting Tx&Rx Disabled All Default LLDP-MED Settings Table 7-3 Default LLDP-MED Settings Parameter Fast Start Repeat Count LLDP-MED Status (port) Included TLVs Default Setting 4 Disabled All User Guide 394 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 418
Part 13 Configuring DHCP Service CHAPTERS 1. DHCP 2. DHCP Relay Configuration 3. DHCP L2 Relay Configuration 4. Configuration Examples 5. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 419
Service 1 DHCP DHCP 1.1 Overview DHCP (Dynamic Host Configuration Protocol) is widely used to automatically assign IP addresses and other network configuration parameters to network devices, enhancing the utilization of IP address. 1.2 Supported Features The supported DHCP features of the switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 420
Service DHCP TP-Link switches preset a default 00 04 Default circuit ID - - Default circuit ID 00 06 Default remote ID - - - Default remote ID Customized is not customized (uses the default circuit/remote ID) while length of the default circuit ID is 4 bytes and that of default remote ID - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 421
the DHCP server using the IP address of a single agent interface. In DHCP VLAN Relay, you can simply specify the default management VLAN interface as the default agent interface for all VLANs. The switch fills this default agent interface's IP address in the Relay Agent IP Address field of the DHCP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 422
DHCP server which supports Option 82 can set the distribution policy of IP addresses and other parameters, providing a more flexible way to distribute IP addresses. Figure 1-2 Application Scenario of DHCP L2 Relay DHCP Server DHCP Clients VLAN 1 Switch DHCP L2 Relay DHCP Clients User Guide 399 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 423
needed. 2) Specify DHCP server for the Interface or VLAN. 2.1 Using the GUI 2.1.1 Enabling DHCP Relay and Configuring Option 82 Choose the menu L3 FEATURES > DHCP Service > DHCP Relay > DHCP Relay Config to load globally and configure the relay hops and time threshold. Click Apply. User Guide 400 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 424
. Enable it if you want to manually configure the circuit ID. Otherwise, the switch uses the default one when inserting Option 82 to DHCP packets. The default circuit ID is a 4-byte value which consists of 2-byte VLAN ID and 2-byte Port ID. The VLAN ID indicates which VLAN the DHCP client belongs to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 425
relay switch does not support configuring multiple Layer 3 interfaces. Choose the menu L3 FEATURES > DHCP Service > DHCP Relay > DHCP VLAN Relay to load the following page. Figure 2-2 Configure DHCP VLAN Relay Follow these steps to specify DHCP Server for the specific VLAN: 1) In the Default Relay - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 426
will not examine this field of the DHCP packets. time: Specify the threshold for the DHCP relay time. Valid values are from 1 to 65535. By default, the value is 0, which means the switch will not examine this field of the DHCP packets. show ip dhcp relay Verify the configuration of DHCP Relay. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 427
Relay, configure the relay hops as 5 and configure the relay time as 10 seconds : Switch#configure Switch(config)#service dhcp relay Switch(config)#show ip dhcp relay Switch(config)#ip dhcp relay hops 5 Switch(config)#ip dhcp relay time 10 DHCP relay state: enabled DHCP relay hops: 5 DHCP relay Time - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 428
DHCP client is connected to port 1/0/1 in VLAN 2, this field is 00:02:00:01 in hexadecimal. string: Enter the customized circuit ID with up to 64 characters. ip dhcp relay information remote-id string (Optional) The switch uses its own MAC address as the default remote ID, and you can also run this - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 429
configure Enter Global Configuration Mode. Enter VLAN Interface Configuration Mode: interface vlan vlan-id vlan-id: Specify a VLAN interface. Only the management VLAN is supported. ip dhcp relay default-interface Set the management VLAN interface as the default relay-agent interface. exit Return to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 430
as 192.168.1.8 on VLAN 10: Switch#configure Switch(config)#interface vlan 1 Switch(config-if)# ip dhcp relay default-interface Switch(config-if)#exit Switch(config)#ip dhcp relay vlan 10 helper-address 192.168.1.8 Switch(config)#show ip dhcp relay ... DHCP VLAN relay helper address is - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 431
Enabling DHCP L2 Relay Choose the menu L3 FEATURES > DHCP Service > DHCP L2 Relay > Global Config to load the following page VLAN Config section, enable DHCP L2 Relay for the specified VLAN. Click Apply. VLAN Displays the VLAN ID. Status Enable DHCP L2 Relay for the specified VLAN. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 432
L3 FEATURES > DHCP Service > DHCP L2 Relay ports to configure Option 82. Option 82 Support Select whether to enable Option 82 or not switch keeps the Option 82 field of the packets. Replace: The switch replaces the Option 82 field of the packets with a new one. The switch presets a default - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 433
. Enable it if you want to manually configure the circuit ID. Otherwise, the switch uses the default one when inserting Option 82 to DHCP packets. The default circuit ID is a 4-byte value which consists of 2-byte VLAN ID and 2-byte Port ID. The VLAN ID indicates which VLAN the DHCP client belongs to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 434
Service DHCP L2 Relay Configuration The following example shows how to enable DHCP L2 Relay globally and for VLAN 2: Switch#configure Switch(config)#ip dhcp l2relay Switch(config)#ip dhcp l2relay vlan 2 Switch(config)#show ip dhcp l2relay Global Status: Enable VLAN ID: 2 Switch(config)#end Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 435
the DHCP client is connected to port 1/0/1 in VLAN 2, this field is 00:02:00:01 in hexadecimal. string: Enter the customized circuit ID with up to 64 characters. ip dhcp l2relay information remote-id string (Optional) The switch uses its own MAC address as the default remote ID, and you can also run - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 436
Configuring DHCP Service Switch(config-if)#end Switch#copy running-config startup-config DHCP L2 Relay Configuration User Guide 413 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 437
are as follows: 1) Create one DHCP IP pool on the DHCP server, which is on 192.168.0.0/24 network segment. 2) Configure 802.1Q VLAN on the DHCP relay agent. Add all computers in the marketing department to VLAN 10, and add all computers in the R&D department to VLAN 20. User Guide 414 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 438
VLAN interface 1 (the default management VLAN interface) as the default relay agent interface, and specify the DHCP server address for VLAN 10 and VLAN 20. In this example, the DHCP server is demonstrated with T2600G-28TS and the DHCP relay agent is demonstrated with T1500-28PCT > DHCP Service > DHCP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 439
Service Configuration Examples ■■ Configuring the VLANs on the Relay Agent 1) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > VLAN Config and click to load the following page. Create VLAN 10 for the Marketing department and add port 1/0/1 as untagged port to the VLAN. Figure 4-4 Creating VLAN - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 440
load the following page. In the Global Config section, enable DHCP Relay, and click Apply. Figure 4-6 Enable DHCP Relay 2) Choose the menu L3 FEATURES > DHCP Service > DHCP Relay > DHCP VLAN Relay to load the following page. In the Default Relay Agent Interface section, specify User Guide 417 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 441
service globally. Switch#configure Switch(config)#service dhcp server 2) Create a DHCP pool and name it as "pool" and configure its network address as 192.168.0.0, subnet mask as 255.255.255.0, lease time as 120 minutes, default gateway as 192.168.0.1. Switch(config)#ip dhcp server pool pool Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 442
. Switch(config)#service dhcp relay 2) Specify the routed port 1/0/5 as the default relay agent interface. Switch(config)#interface vlan 1 Switch(config-if)#ip dhcp relay default-interface Switch(config-if)#exit 3) Specify the DHCP server for VLAN 10 and VLAN 20 Switch(config)#ip dhcp relay vlan 10 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 443
Configuring DHCP Service Configuration Examples Verify the Configurations of the DHCP Relay Agent Switch#show ip dhcp relay Switch#show ip dhcp relay DHCP relay state: enabled ... DHCP relay default relay agent interface: Interface: VLAN 1 IP address: 192.168.0.1 DHCP vlan relay helper - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 444
of the configurations are as follows: 1) Configuring Switch A a. Configure 802.1Q VLAN. Add all computers to VLAN 2. For details, refer to Configuring 802.1Q VLAN. b. Configure DHCP VLAN relay and enable Option 82 in DHCP Relay. Demonstrated with T1500-28PCT, "4.2.3 Configuring the DHCP Relay - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 445
DHCP relay and enable Option 82 in DHCP Relay on Switch A: 1) Choose the menu L3 FEATURES > DHCP Service > DHCP Relay > DHCP Relay Config to load the > DHCP Service > DHCP Relay > DHCP VLAN Relay to load the following page. In the Default Relay Agent Interface section, configure the User Guide 422 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 446
Configuring DHCP Service Configuration Examples management VLAN (by default, it is VLAN 1) as the default relay agent interface. Then click Apply. Figure 4-13 Configure the Management VLAN as the Default Relay Agent Interface 4) In the DHCP VLAN Relay Config section, click to load the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 447
Configuring DHCP Service Configuration Examples Switch(config-if)#exit 3) Configure the management VLAN (by default, it is VLAN 1) as the default relay agent interface. Switch(config)#interface vlan 1 Switch(config-if)#ip dhcp relay default-interface Switch(config-if)#exit 4) Specify the DHCP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 448
Configuring DHCP Service Configuration Examples Switch#show ip dhcp relay information interface Interface Option 82 Status Operation Strategy Format Circuit ID ... ... Gi1/0/1 Enable Replace Normal Default:VLAN-PORT ... Gi1/0/2 Enable Replace Normal Default:VLAN-PORT ... ... 4.2.4 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 449
Service Switch A is connected to the DHCP server. All devices on the network are in the default VLAN 1. All computers get dynamic IP addresses from the DHCP server. For management convenience, the administrator wants to allocate separate address spaces for the two groups of computers. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 450
Service Figure 4-15 Network Topology for DHCP L2 Relay DHCP Server 192.168.10.1/24 Gi1/0/1 Gi1/0/2 Switch IP addresses of different address pools to the PCs in different groups. The overview of the configurations are as follows: 1) Configuring Switch A a. Enable DHCP L2 Relay globally and on VLAN - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 451
and click Apply. Enable DHCP L2 Relay on VLAN 1 and click Apply. Figure 4-16 Enabling DHCP L2 Relay 2) Choose the menu L3 FEATURES > DHCP Service > DHCP L2 Relay > Port Config to load the following page. Select port 1/0/1, enable Option 82 Support and select Option 82 Policy as Replace. You - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 452
Configuring DHCP Service Configuration Examples 3) On the same page, select port 1/0/2, enable Option 82 Support and select Option Enable DHCP L2 Relay globally and on VLAN1. Switch#configure Switch(config)#ip dhcp l2relay Switch(config)#ip dhcp l2relay vlan 1 2) On port 1/0/1, enable Option 82 and - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 453
#copy running-config startup-config Verify the Configurations View global settings: Switch#show ip dhcp l2relay Global Status: Enable VLAN ID: 1 View port settings: Switch#show ip dhcp l2relay information interface gigabitEthernet 1/0/1 Interface Option 82 Status Operation Strategy Format Circuit - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 454
Service Configuration Examples On the DHCP server, you need to create two DHCP classes to identify the Option 82 payloads of DHCP request packets from Group 1 and Group 2, respectively. In this example, the DHCP relay agent uses the customized circuit ID and default the DHCP relay switch is 8 byte - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 455
DHCP Service option domain-name "example.com"; default-lease-time 600; max-lease-time 7200; authoritative; pool { range 192.168.10.100 192.168.10.150; allow members of "Group1"; } pool { range 192.168.10.151 192.168.10.200; allow members of "Group2"; } Configuration Examples User Guide 432 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 456
82 Configuration Option 82 Support Disabled Option 82 Policy Keep Format Normal Circuit ID Customization Disabled Circuit ID None Remote ID Customization Disabled Remote ID None DHCP VLAN Relay Interface ID None VLAN ID None Server Address None Default settings of DHCP L2 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 457
Configuring DHCP Service Parameter VLAN Status Port Config Option 82 Support Option 82 Policy Format Circuit ID Customization Circuit ID Remote ID Customization Remote ID Default Setting Disabled Disabled Keep Normal Disabled None Disabled None Appendix: Default Parameters User Guide 434 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 458
Part 14 Configuring QoS CHAPTERS 1. QoS 2. Class of Service Configuration 3. Bandwidth Control Configuration 4. Voice VLAN Configuration 5. Auto VoIP Configuration 6. Configuration Examples 7. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 459
services to certain types of traffic. 1.2 Supported Features You can configure the class of service, bandwidth control, Voice VLAN and Auto VoIP features on the switch Storm Control function allows the switch to monitor broadcast packets, multicast . Voice VLAN and Auto VoIP The voice VLAN and Auto - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 460
VLAN or Auto VoIP. These two features can be enabled on the ports that transmit voice traffic only or transmit both voice traffic and data traffic. Voice VLAN can change the voice packets' 802.1p priority and transmit the packets in desired VLAN. Auto VoIP can inform - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 461
based on the PRI value. In this mode, the switch only prioritizes packets with VLAN tag, regardless of the IP header of the packets. ■■ DSCP Priority DSCP priority determines the priority of packets based on the ToS (Type of Service) field in their IP header. RFC2474 re-defines the ToS field in the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 462
Priority ■■ Configuring the Trust Mode and Port to 802.1p Mapping Choose the menu QoS > Class of Service > Port Priority to load the following page. Figure 2-1 Configuring the Trust Mode and Port to 802. mode, the packets will be processed according to the port priority configuration. User Guide 439 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 463
802.1p to Queue Mapping Choose the menu QoS > Class of Service > 802.1p Priority to load the following page. Figure 2-2 of 802.1p priority. In QoS, 802.1p priority is used to represent class of service. Queue Select the TC queue for the desired 802.1p priority. The packets with the desired - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 464
2.1.2 Configuring 802.1p Priority ■■ Configuring the Trust Mode Choose the menu QoS > Class of Service > Port Priority to load the following page. Figure 2-3 Configuring the Trust Mode Follow these steps untagged packets will be processed according to the port priority configuration. User Guide 441 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 465
menu QoS > Class of Service > 802.1p Priority priority is used to represent class of service. IEEE 802.1p standard defines three packets. This function requires packets with VLAN tags. Queue Select the TC queue for priority is used to represent class of service. IEEE 802.1p standard defines three - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 466
Service Configuration Remap Select the number of 802.1p priority to which the original 802.1p priority will be remapped. 802.1p Remap is used to modify the 802.1p priority of the ingress packets. When the switch IP packets will be processed according to the DSCP priority configuration and the non - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 467
802.1p to Queue Mapping Choose the menu QoS > Class of Service > 802.1p Priority to load the following page. Figure 2-6 of 802.1p priority. In QoS, 802.1p priority is used to represent class of service. Queue Select the TC queue for the desired 802.1p priority. The packets with the desired - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 468
Class of Service >DSCP Service) is a part of IP header, and DSCP uses the first six bits of ToS to represent the priority of IP mappings. The untagged IP packets with the desired will be remapped. When the switch detects the packets with desired DSCP In Trust DSCP mode, non-IP packets will be added an - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 469
forwarding sequence of different TC queues when congestion occurs. Choose the menu QoS > Class of Service > Scheduler Settings to load the following page. Figure 2-8 Specifying the Scheduler Settings Follow these parameters. Queue TC-id Displays the ID number of priority Queue. User Guide 446 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 470
Service Displays the Management Type for the queues. The switch supports Taildrop mode. When the traffic exceeds the limit Note: With ACL Redirect feature, the switch maps all the packets that meet the | dscp} Select the trust mode for the port. By default, it is untrust. Here we set the trust mode as - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 471
Configuring QoS Class of Service Configuration Step 4 Step 5 Step 6 Step mapping. The packets with the desired 802.1p priority will be put in the corresponding queues. By default, the 802.1p priority 0 to 7 is respectively mapped to TC-1, TC-0, TC-2, TC-3, TC the configuration file. User Guide 448 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 472
Configuring QoS Class of Service Configuration The following example shows how to configure the trust mode of port 1/0/1 as untrust, map the port 1/0/1 to 802.1p priority 1 and map 802.1p priority 1 to TC3: Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#qos - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 473
Configuring QoS Class of Service Configuration Step 2 Step 3 Step 4 Step 5 Step 6 packets. When the switch detects the packets with desired 802.1p priority, it will modify the value of 802.1p priority according to the map. By default, the original 802 1p to queue mappings. User Guide 450 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 474
Switch(config)#show qos trust interface gigabitEthernet 1/0/1 Port Trust Mode LAG -------- Gi1/0/1 trust 802.1P N/A Switch(config)#show qos cos-map Dot1p Value |0 |1 |2 |3 |4 |5 |6 |7 TC |TC0 |TC1 |TC2 |TC4 |TC4 |TC5 |TC6 |TC7 Switch(config)#show qos dot1p-remap User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 475
Service Configuration Dot1p Value 0 1 2 3 4 5 6 7 LAG Dot1p Remap 0 3 2 3 4 5 6 7 N/A Switch(config)#end Switch Select the trust mode for the port. By default, it is untrust. Here we set the trust mode IP packets will be processed according to the DSCP priority configuration and the non-IP Guide 452 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 476
Remap is used to modify the DSCP priority of the ingress packets. When the switch detects the packets with the desired DSCP priority, it will modify the value of DSCP priority according to the map. By default, the original DSCP priority 0 is mapped to the DSCP priority 0, the original DSCP priority - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 477
Configuring QoS Class of Service Configuration Step 5 Step 6 Step 7 show qos dscp-remap Verify the DSCP to DSCP mappings. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. Note: In Trust DSCP mode, non-IP packets will be added an - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 478
: 48 49 50 51 52 53 54 55 DSCP to 802.1P 6 6 6 6 6 6 6 6 DSCP: 56 57 58 59 60 61 62 63 DSCP to 802.1P 7 7 7 7 7 7 7 7 Switch(config)#show qos dscp-remap DSCP: 0 1 2 3 4 5 6 7 DSCP remap value 0 1 2 3 4 5 6 7 DSCP: 8 9 10 11 12 13 14 15 Class of - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 479
Configuring QoS Class of Service Configuration DSCP remap value 63 DSCP remap value 56 57 58 59 60 61 62 63 Switch(config-if)#end Switch#copy running-config startup-config 2.2.4 Specifying the Scheduler Settings Follow these steps list} Enter interface configuration mode. User Guide 456 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 480
Service default, Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#qos queue 1 mode sp Switch(config-if)#qos queue 4 mode wrr weight 5 Switch(config-if)#show qos queue interface gigabitEthernet 1/0/1 Gi1/0/1----LAG: N/A Queue Schedule Mode Weight ----- TC0 WRR 1 User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 481
Configuring QoS TC1 Strict N/A TC2 WRR 1 TC3 WRR 1 TC4 WRR 5 TC5 WRR 1 TC6 WRR 1 TC7 WRR 1 Switch(config-if)#end Switch#copy running-config startup-config Class of Service Configuration User Guide 458 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 482
the bandwidth for sending packets on the port. The valid values are from 0 to 1000000 Kbps and 0 means the egress rate limit is disabled. User Guide 459 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 483
maximum speed of the specific kinds of traffic in kilo-bits per second. ratio: The switch will limit the percentage of bandwidth utilization for specific kinds of traffic. Broadcast Threshold (01, traffic exceeding the limit will be processed according to the Action configurations. User Guide 460 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 484
to the Action configurations. Select the action that the switch will take when the traffic exceeds its corresponding limit. Drop state automatically and you can recover the port manually. Note: The member port of an LAG (Link Aggregation Group) follows the configuration of the LAG User Guide 461 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 485
1024 Kbps for port 1/0/5: Switch#configure Switch(config)#interface gigabitEthernet 1/0/5 Switch(config-if)#bandwidth ingress 5120 egress 1024 Switch(config-if)#show bandwidth interface -channel-id | range port-channel port-channel-list} Enter interface configuration mode. User Guide 462 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 486
switch will limit the maximum speed of the specific kinds : The switch will limit switch will perform the action when the traffic exceeds its corresponding limit. By default from 0 to 3600 and the default value is 0. When the port port manually. storm-control recover (Optional) Recover the port manually. - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 487
shutdown and set the recover time as 10 for port 1/0/5: Switch#configure Switch(config)#interface gigabitEthernet 1/0/5 T2600G-28TS(config-if)#storm-control rate- ------ Gi1/0/5 kbps 1024 0 0 shutdown 10 N/A Switch(config-if)#end Switch#copy running-config startup-config User Guide 464 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 488
voice traffic. For details about 802.1Q VLAN Configuration, please refer to Configuring 802.1Q VLAN. ■■ VLAN 1 is a default VLAN and cannot be configured as the voice VLAN. ■■ Only one VLAN can be set as the voice VLAN on the switch. 4.1 Using the GUI 4.1.1 Configuring OUI Addresses The OUI address - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 489
OUI Addresses Voice VLAN Configuration Follow these OUI address of your voice devices. The OUI address is used by the switch to determine whether a packet is a voice packet. An OUI address is the OUI addresses in the OUI list, the switch identifies the packet as a voice packet and prioritizes - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 490
mode in Class of Service if needed. 4.1.1 Adding Ports to Voice VLAN Choose the menu QoS > Voice VLAN > Port Config to VLAN Follow these steps to configure voice VLAN globally: 1) Select the desired ports and choose Enable in Voice VLAN filed. Voice VLAN Select Enable to enable the voice VLAN - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 491
addresses in the OUI list, the switch identifies the packet as a voice packet and prioritizes it in transmission. Step 3 voice vlan oui oui-prefix oui-desc string the default value is 7. This is an IEEE 802.1p priority, and you can further configure its scheduler mode in Class of Service if needed - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 492
:12:43 Default CISCO2 00:0F:E2 Default H3C 00:60:B9 Default NITSUKO 00:D0:1E Default PINTEL 00:E0:75 Default VERILINK 00:E0:BB Default 3COM 00:04:0D Default AVAYA1 00:1B:4F Default AVAYA2 00:04:13 Default SNOM Switch(config)#voice vlan 8 Switch(config)#voice vlan priority 6 Switch(config - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 493
Configuring QoS Gi1/0/3 enabled Up N/A Gi1/0/4 disabled Down N/A Gi1/0/5 disabled Down N/A ... Switch(config-if)#end Switch#copy running-config startup-config Voice VLAN Configuration User Guide 470 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 494
flexible solutions for optimizing the voice traffic. It can work with other features such as VLAN and Class of Service to process the voice packets with specific fields. You can choose and configure Auto VoIP In the Port Config section, select the desired and configure the parameters. User Guide 471 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 495
and put the packets in TC-5 directly. Disabled: Disable CoS override. The switch will then put the voice packets in the corresponding TC queue according to Class of Service settings. Displays the operating status of the Voice VLAN feature on the interface. To make it enabled, you must enable the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 496
, the switch allows the voice devices to use its own configuration to send voice traffic. auto-voip vlan-id Specify the interface mode as VLAN ID. In of Service override mode. By default, it is trust, which means the Class of Service override mode is disabled. trust: In this mode, the switch will - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 497
Switch#configure Switch(config)#auto-voip Switch(config)#interface gigabitEthernet 1/0/3 Switch(config-if)#auto-voip dot1p 4 Switch(config-if)#auto-voip dscp 10 Switch(config-if)#auto-voip data priority untrust Switch Auto-VoIP DSCP Value. 0 Auto-VoIP Port Status. Disabled User Guide 474 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 498
Configuring QoS Interface.Gi1/0/3 Auto-VoIP Interface Mode. Enabled Auto-VoIP Priority. 4 Auto-VoIP COS Override. True Auto-VoIP DSCP Value. 10 Auto-VoIP Port Status. Enabled ... Switch(config-if)#end Switch#copy running-config startup-config Auto VoIP Configuration User Guide 475 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 499
Examples Configuration Examples 6.1 Example for Class of Service 6.1.1 Network Requirements As shown below, both RD 6-1 QoS Application Topology Internet Router Fa1/0/1 Fa1/0/3 Fa1/0/2 Switch A RD Dept. Marketing Dept. 6.1.2 Configuration Scheme To implement take precedence. User Guide 476 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 500
T1500-28PCT, the following sections provide configuration procedure in two ways: using the GUI and using the CLI. 6.1.3 Using the GUI 1) Choose the menu QoS > Class of Service Configuring Port Priority 2) Choose the menu QoS > Class of Service > 802.1p Priority to load the following page. Map the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 501
Configuring QoS Figure 6-3 Configuring the 802.1p to Queue Mappings Configuration Examples 3) Choose the menu QoS > Class of Service > Scheduler Settings to load the following page. Select the port 1/0/3 and set the scheduler type of TC-0 and TC-1 as Weighted. Specify the queue weight - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 502
the 802.1p priority 0 to TC-1 and map the 802.1p priority 1 to TC-0. Switch_A(config)#qos cos-map 0 1 Switch_A(config)#qos cos-map 1 0 User Guide 479 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 503
the port to 802.1p mappings: Switch_A#show qos port-priority interface Port CoS Value LAG -------- Fa1/0/1 CoS 1 N/A Fa1/0/2 CoS 0 N/A Fa1/0/3 CoS 0 N/A Fa1/0/4 CoS 0 N/A ... User Guide 480 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 504
TC7 WRR 1 6.2 Example for Voice VLAN 6.2.1 Network Requirements As shown below, the company plans to install IP phones in the office area. To ensure the good voice quality, IP phones and the computers will be connected to the different ports of the switch, and the voice traffic requires a higher - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 505
Configuring QoS Figure 6-5 Voice VLAN Application Topology Internet Switch B Configuration Examples Switch A Fa1/0/4 Fa1/0/1 VLAN 2 Fa1/0/2 Fa1/0/3 VLAN 3 IP Phone 1 IP Phone 2 PC 3 6.2.2 Configuration Scheme To implement this requirement, you can configure Voice VLAN to ensure that the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 506
Configuring QoS Figure 6-6 Configuring VLAN 2 Configuration Examples 2) Click to load the following page. Create VLAN 3 and add untagged port 1/0/3 and port 1/0/4 to VLAN 3. Click Create. User Guide 483 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 507
Configuring QoS Figure 6-7 Configuring VLAN 3 Configuration Examples 3) Choose the menu L2 FEATURES > VLAN > 802.1Q VLAN > Port Config to load the following page. Disable the Ingress Checking feature on port 1/0/1 and port 1/0/2 and specify the PVID as 2. Click Apply. User Guide 484 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 508
QoS > Voice VLAN > OUI Config to load the following page. Check the OUI table. Figure 6-9 Checking the OUI Table 5) Choose the menu QoS > Voice VLAN > Global Config to load the following page. Enable Voice VLAN globally. Specify the VLAN ID as 2 and set the priority as 7. Click Apply. User Guide 485 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 509
#configure Switch_A(config)#vlan 2 Switch_A(config-vlan)#name VoiceVLAN Switch_A(config-vlan)#exit Switch_A(config)#interface fastEthernet 1/0/1 Switch_A(config-if)#switchport general allowed vlan 2 untagged Switch_A(config-if)#exit Switch_A(config)#interface fastEthernet 1/0/2 User Guide 486 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 510
fastEthernet 1/0/2 Switch_A(config-if)#no switchport check ingress Switch_A(config-if)#switchport pvid 2 Switch_A(config-if)#exit 4) Check the OUI table. Switch(config)#show voice vlan oui 00:01:E3 Default SIEMENS 00:03:6B Default CISCO1 00:12:43 Default CISCO2 00:0F:E2 Default H3C User Guide 487 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 511
Configuring QoS Configuration Examples 00:60:B9 Default NITSUKO 00:D0:1E Default PINTEL 00:E0:75 Default VERILINK 00:E0:BB Default 3COM 00:04:0D Default AVAYA1 00:1B:4F Default AVAYA2 00:04:13 Default SNOM 5) Enable Voice VLAN globally. Specify the VLAN ID as 2 and set the priority as 7. Switch_A( - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 512
the Voice VLAN configuration: Switch_A(config)#show voice vlan interface Voice VLAN ID 2 Priority 7 Interface Voice VLAN Mode Operational plans to install IP phones in the office area. IP phones share switch ports used by computers, because no more ports are available for IP phones. To ensure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 513
Switch B Fa1/0/2 Switch A ... 6.3.2 Configuration Scheme To optimize voice traffic, configure Auto VoIP and LLDP-MED to instruct IP Phones to send traffic with desired DSCP priority. Voice traffic is put in the desired queue and data traffic is put in other queues according to the Class of Service - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 514
Auto VoIP Configuration Examples 2) Choose the menu QoS > Class of Service > Port Priority to load the following page. Set the trust 6-14 Configuring Port Priority 3) Choose the menu QoS > Class of Service > DSCP Priority to load the following page. Specify the 802.1p priority as 7 for DSCP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 515
as 5 for other DSCP priorities. Click Apply. Figure 6-16 Specifying the 802.1p priority for Other DSCP priorities 5) Choose the menu QoS > Class of Service > Scheduler Settings to load the following page. Select port 1/0/2. Set the scheduler mode as weighted and specify the queue weight as 1 for TC - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 516
Configuring QoS Figure 6-17 Configuring the TC-5 for the Port Configuration Examples 6) Select port 1/0/2. Set the scheduler mode as weighted and specify the queue weight as 10 for TC-7. Click Apply. Figure 6-18 Configuring the TC-7 for the Port User Guide 493 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 517
-MED Config > Port Config to load the following page. Enable LLDP-MED on port 1/0/1. Click Apply. Figure 6-20 Enabling LLDP-MED on the Port User Guide 494 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 518
1/0/1 Switch_A(config-if)#lldp med-status Switch_A(config-if)#lldp med-tlv-select all Switch_A(config-if)#end Switch_A#copy running-config startup-config User Guide 495 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 519
Auto-VoIP Interface Mode. Auto-VoIP COS Override. Auto-VoIP DSCP Value. Auto-VoIP Port Status. ... Disabled False 0 Disabled Verify the configuration of Class of Service: Switch_A(config)#show qos trust interface fastEthernet 1/0/1 Port Trust Mode LAG ------ Fa1/0/1 trust DSCP N/A User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 520
51 52 53 54 55 DSCP to 802.1P 5 5 5 5 5 5 5 5 DSCP: 56 57 58 59 60 61 62 63 DSCP to 802.1P 5 5 5 5 5 5 5 7 Configuration Examples User Guide 497 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 521
--- ------ Port-Description Yes System-Capability Yes System-Description Yes System-Name Yes Management-Address Yes Port-VLAN-ID Yes Protocol-VLAN-ID Yes VLAN-Name Yes Link-Aggregation Yes MAC-Physic Yes Max-Frame-Size Yes Power Yes LLDP-MED Status: Enabled TLV Status - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 522
Configuring QoS Inventory Management Yes ... Configuration Examples User Guide 499 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 523
QoS Appendix: Default Parameters 7 Appendix: Default Parameters Default settings of Class of Service are listed in the following tables. Table 7-1 Default Settings of Port Priority Configuration Parameter 802.1P Priority Trust Mode Default Setting 0 Untrusted Table 7-2 Default Settings of - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 524
DSCP 16 to 23 24 to 31 32 to 39 40 to 47 48 to 55 56 to 63 802.1p Priority 2 3 4 5 6 7 Table 7-5 Default Settings of DSCP Remap Configuration Original DSCP 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 New DSCP 0 be (000000 53 54 55 56 cs7 (111000) 57 58 59 60 61 62 63 User Guide 501 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 525
,000) UL-Frame Threshold (01,000,000) Action Recover Time Default Setting kbps 0 0 0 Drop 0 Default settings of Voice VLAN are listed in the following tables. Table 7-9 Default Settings of Global Configuration Parameter Voice VLAN VLAN ID Priority Default Setting Disabled None 7 User Guide 502 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 526
Configuration Parameter Voice VLAN Default Setting Disabled Table 7-11 Default Settings of OUI Table OUI Status Description 00:01:E3 Default SIEMENS 00:03:6B Default CISCO1 00:12:43 Default CISCO2 00:0F:E2 Default H3C 00:60:B9 Default NITSUKO 00:D0:1E Default PINTEL 00:E0 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 527
Part 15 Configuring Access Security CHAPTERS 1. Access Security 2. Access Security Configurations 3. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 528
' access to the switch based on IP address, MAC address or port. HTTP This function is based on the HTTP protocol. It can allow or deny users to access the switch via a web browser. HTTPS This function is based on the SSL or TLS protocol working in transport layer. It supports a security access via - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 529
certain IP-range can access the switch via the specified interfaces. MAC-based: Only the users with a certain MAC address can access the switch via the specified interfaces. Port-based: Only the users who are connected to certain ports can access the switch via the specified interfaces. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 530
/ Mask Enter the IP address and mask to specify an IP range. Only the users within this IP range can access the switch via the specified interfaces. ■■ When the MAC-based mode is selected, the following window will pop up. Figure 2-3 Configuring Access Control Based on MAC Address User Guide 507 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 531
where to apply the Access Control rule. If an interface is unselected, all users can access the switch via it. SNMP: A function to manage the network devices via NMS. Telnet: A connection type for protocol. Ping: A communication protocol to test the connection of the network. User Guide 508 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 532
is based on the HTTP protocol. It allows users to manage the switch through a web browser. Port Specify the port number for HTTP service. 2) In the Session Config section, specify the Session Timeout and Number Control function, specify the following parameters and click Apply. User Guide 509 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 533
maximum number of users whose access level is Power User. Number of Users Specify the maximum number of users whose access level is User. User Guide 510 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 534
Config to load the following page. Figure 2-6 Configuring the HTTPS Function 1) In the Global Config section, enable HTTPS function, select the protocol version that the switch supports, and specify the port number for HTTPS. Click Apply. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 535
is based on the SSL or TLS protocol. It provides a secure connection between the client and the switch. Protocol Version Select the protocol version allow secure HTTP connections. TLS is a transport protocol upgraded from SSL. It can support a more secure connection than SSL. TLS and SSL are not - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 536
key. Certificate File Select the desired certificate to download to the switch. The certificate must be BASE64 encoded. The SSL certificate and key will not work. Key File Select the desired Key to download to the switch. The key must be BASE64 encoded. The SSL certificate and key downloaded must - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 537
layer and transport layer. It can provide a secure, remote connection to a device. It is more secure than Telnet protocol as it provides strong encryption. User Guide 514 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 538
switch to support and click Apply. 3) In Data Integrity Algorithm section, enable the integrity algorithm you want the switch to support the desired public key to download to the switch. The key length of the downloaded file ranges IP protocol. It allows users to log on to the switch remotely. Port - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 539
ip-addr: Specify the IP address of the user. ip-mask: Specify the subnet mask of the user. [ snmp ] [ telnet ] [ ssh ] [ http ] [ https ] [ ping ] [ all ]: Select the interfaces where to apply the Access Control rule. If an interface is unselected, all users can access the switch via it. By default - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 540
HTTPS Switch(config)#end Switch#copy running-config startup-config 2.2.2 Configuring the HTTP Function Follow these steps to configure the HTTP function: Step 1 Step 2 Step 3 configure Enter global configuration mode. ip http server Enable the HTTP function. By default, it is enabled. ip http - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 541
config)#show ip http configuration HTTP Status: Enabled HTTP Port: 80 HTTP Session Timeout: 9 HTTP User Limitation: Enabled HTTP Max Users as Admin: 6 HTTP Max Users as Operator: 2 HTTP Max Users as Power User: 2 HTTP Max Users as User: 2 Switch(config)#end User Guide 518 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 542
Configurations Switch#copy running-config startup-config 2.2.3 Configuring the HTTPS Function Follow these steps to configure the HTTPS function: Step 1 Step 2 Step 3 configure Enter global configuration mode. ip http secure-server Enable the HTTPS function. By default, it is enabled. ip http - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 543
The default value is 10. Step 6 ip http ip-addr: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are supported. Step 8 ip http secure-server download key ssl-key ip-address ip-addr Download the desired key to the switch including SSL 3.0, TLS 1.0, TLS 1.1 and TLS1.2. - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 544
168.0.100. Switch#configure Switch(config)#ip http secure-server Switch(config)#ip http secure-protocol all Switch(config)#ip http secure-ciphersuite 3des-ede-cbc-sha Switch(config)#ip http secure-session timeout 15 Switch(config)#ip http secure-max-users 2 2 2 2 Switch(config)#ip http secure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 545
ip ssh server Enable the SSH function. By default, it is disabled. ip ssh version { v1 | v2 } Configure to make the switch support the corresponding protocol. By default, the switch supports . The default value is 120 seconds. ip ssh max 1 to 5. The default value is 5. ip ssh algorithm { AES128-CBC - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 546
ip-address 192.168.0.100 Start to download SSH key file... Download SSH key file OK. Switch(config)#show ip ssh Global Config: SSH Server: Enabled Protocol V1: Enabled Protocol V2: Enabled Idle Timeout: 100 MAX Clients: 4 Port: 22 Encryption Algorithm: AES128-CBC: Enabled User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 547
(config)#end Switch#copy running-config startup-config 2.2.5 Configuring the Telnet Function Follow these steps enable the Telnet function: Step 1 Step 2 Step 3 Step 4 Step 4 configure Enter global configuration mode. telnet enable Enable the telnet function. By default, it is enabled. telnet - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 548
Enabled All 443 Enabled Enabled Enabled Enabled Enabled ECDHE_WITH_AES_256_GCM_ SHA384 Enabled Session Timeout Number Control 10 minutes Disabled Table 3-4 Default Settings of SSH Configuration Parameter SSH Protocol V1 Protocol V2 Default Setting Disabled Enabled Enabled User Guide 525 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 549
Security Parameter Idle Timeout Maximum Connections Port AES128-CBC AES192-CBC AES256-CBC Blowfish-CBC Cast128-CBC 3DES-CBC HMAC-SHA1 HMAC-MD5 Key Type: Default Setting 120 seconds 5 22 Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled SSH-2 RSA/DSA Table 3-5 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 550
Part 16 Configuring AAA CHAPTERS 1. Overview 2. AAA Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 551
TP-Link switches, this feature is mainly used to authenticate the users trying to log in to the switch authentication can be processed locally on the switch or centrally on the RADIUS/TACACS+ server switches on the RADIUS server and use this server to authenticate the users trying to access the switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 552
locally on the switch or centrally on as follows: ■■ AAA Default Setting By default, the AAA feature form a method list. The switch uses the first method in the method list method fails to respond, the switch selects the next method. This secure server or the local switch denies the user's access, - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 553
switch supports Server IP Enter the IP address switch. The RADIUS server and the switch use the key string to encrypt passwords and exchange responses. Authentication Port Specify the UDP destination port on the RADIUS server for authentication requests. The default setting is 1812. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 554
a TACACS+ server: 1) Configure the following parameters. Server IP Enter the IP address of the server running the TACACS+ secure protocol. Timeout Specify the time interval that the switch waits for the server to reply before resending. The default setting is 5 seconds. Shared Key Enter the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 555
RADIUS and TACACS+. Server IP 2) Click Create. Select the IP address of the server which will be added to the server group. 2.1.3 Configuring the Method List A method list describes the authentication methods and their sequence to authenticate the users. The switch supports Login Method List for - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 556
the following page. Figure 2-5 Method List There are two default methods respectively for the Login authentication and the Enable authentication. You can edit the default methods or follow these steps to add a new method: to be added. Method List Name Specify a name for the method. User Guide 533 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 557
local: Use the local database in the switch for authentication. none: No authentication is used. Displays the configurable applications on the switch: telnet, ssh and http. Select to log in to the switch. Select a previously configured switch or centrally on the RADIUS/TACACS+ server(s). User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 558
Configuring AAA AAA Configuration ■■ On the Switch The local username and password for login can be configured in Adding Servers You can add one or more RADIUS/TACACS+ servers on the switch for authentication. If multiple servers are added, the server with the highest priority authenticates the users - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 559
switch: Step 1 configure Enter global configuration mode. Step 2 radius-server host ip host ip-address: Enter the IP address switch waits for the server to reply before resending. The valid values are from 1 to 9 seconds and the default 3 and the default setting is switch switch. Set the IP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 560
ip-address: Enter the IP address of the server running the TACACS+ protocol. port port-id: Specify the TCP destination port on the TACACS+ server for authentication requests. The default setting is 49. timeout time: Specify the time interval that the switch switch. the switch. Set the IP address of - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 561
settings in the configuration file. The following example shows how to create a RADIUS server group named RADIUS1 and add the existing two RADIUS servers whose IP address is 192.168.0.10 and 192.168.0.20 to the group. Switch#configure User Guide 538 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 562
switch supports Login Method List for users of all types to gain access to the switch, previous method does not respond, and so on. The default methods include radius, tacacs, local and none. None means Specify the authentication methods in order. The default methods include radius, tacacs, local and - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 563
pri3 pri4 default local -- -- -- Enable1 radius local -- -- Switch(config)#end Switch#copy running-config startup-config 2.2.4 Configuring the AAA Application List You can configure authentication method lists on the following access applications: Telnet, SSH and HTTP. User Guide 540 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 564
authentication Login1 Switch(config-line)#enable authentication Enable1 Switch(config-line)#show aaa global Module Login List Enable List Telnet Login1 Enable1 Ssh default default Http default default Switch(config-line)#end Switch#copy running-config startup-config User Guide 541 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 565
authentication Login1 Switch(config-line)#enable authentication Enable1 Switch(config-line)#show aaa global Module Login List Enable List Telnet default default Ssh Login1 Enable1 Http default default Switch(config-line)#end Switch#copy running-config startup-config User Guide 542 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 566
HTTP: Switch#configure Switch(config)#ip http login authentication Login1 Switch(config)#ip http enable authentication Enable1 Switch(config)#show aaa global Module Login List Enable List Telnet default default Ssh default default Http Login1 Enable1 Switch(config)#end Switch#copy - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 567
indicates that an MD5 encrypted password with fixed length will follow. By default, the encryption type is 0. password is a string with 31 characters at password with fixed length, which you can copy from another switch's configuration file. end Return to privileged EXEC mode. copy User Guide 544 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 568
privileges share this Enable password. Tips: The logged-in guests can get administrative privileges by using the command enableadmin and providing the Enable password. User Guide 545 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 569
requirement, the senior administrator can create the login account and the Enable password on the two RADIUS servers, and configure the AAA feature on the switch. The IP addresses of the two RADIUS servers are 192.168.0.10/24 and 192.168.0.20/24; the authentication port number is 1812; the shared - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 570
Server 1 2) On the same page, click to load the following page. Configure the Server IP as 192.168.0.20, the Shared Key as 123456, the Auth Port as 1812, and keep the other parameters as default. Click Create to add RADIUS Server 2 on the switch Figure 3-3 Add RADIUS Server 2 User Guide 547 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 571
the Method List Name as MethodEnable and select the Pri1 as RADIUS1. Click Create to set the method list for the Enable password authentication. User Guide 548 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 572
host 192.168.0.20 auth-port 1812 key 123456 2) Create a new server group named RADIUS1 and add the two RADIUS servers to the server group. Switch(config)#aaa group radius RADIUS1 Switch(aaa-group)#server 192.168.0.10 Switch(aaa-group)#server 192.168.0.20 Switch(aaa-group)#exit User Guide 549 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 573
method lists. Switch(config)#aaa authentication login Method-Login RADIUS1 Switch(config)#aaa of the RADIUS servers: Switch#show radius-server Server Ip Auth Port Acct Port Timeout Switch#show aaa authentication Authentication Login Methodlist: Methodlist pri1 pri2 pri3 pri4 default - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 574
-Enable RADIUS1 -- -- -- ... Configuration Example Verify the status of the AAA feature and the configuration of the AAA application list: Switch#show aaa global Module Login List Enable List Telnet Method-Login Method-Enable SSH default default Http default default User Guide 551 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 575
Port 1813 Retransmit 2 Timeout 5 seconds NAS Identifier The MAC address of the switch. TACACS+ Config Server IP None Timeout 5 seconds Shared Key None Port 49 Server Group: There are two default server groups: radius and tacacs. Method List Authentication Login Method List List - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 576
Configuring AAA Parameter AAA Application List telnet ssh http Default Setting Login List: default Enable List: default Login List: default Enable List: default Login List: default Enable List: default Appendix: Default Parameters User Guide 553 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 577
Part 17 Configuring 802.1x CHAPTERS 1. Overview 2. 802.1x Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 578
TP-Link 802.1x authentication client software on the client hosts, enabling them to request 802.1x authentication to access the LAN. ■■ Authenticator An authenticator is usually a network device that supports 802.1x protocol. As the above figure shows, the switch is authenticated. User Guide 555 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 579
the menu SECURITY > AAA > RADIUS Config and click following page. Figure 2-1 Adding RADIUS Server to load the Follow these steps to add a RADIUS server: User Guide 556 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 580
IP Enter the IP address of the server running the RADIUS secure protocol. Shared Key Enter the shared key between the RADIUS server and the switch. The RADIUS server and the switch characters. The default value is the MAC address of the switch. Generally, the NAS indicates the switch itself. ■■ - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 581
will pop up. Specify a name for the server group, select the server type as RADIUS and select the IP address of the RADIUS server. Click Save. Figure 2-4 Adding Server Group ■■ Configuring the Dot1x List Choose the for authentication from the Pri1 drop-down list and click Apply. User Guide 558 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 582
switch and the client. The transmission of EAP (Extensible Authentication Protocol) packets is terminated at the switch packets to exchange information between the switch and the client. The EAP connection status between the TP-Link 802.1x Client and the switch. Please disable Handshake feature - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 583
VLAN does not exist on the switch, the switch will create the related VLAN automatically, add the authenticated port to the VLAN and change the PVID based on the assigned VLAN. If the assigned VLAN exists on the switch, the switch : Status Enable 802.1x authentication on the port. User Guide 560 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 584
the client. It ranges from 1 to 60 seconds and the default time is 30 seconds. If the switch does not receive any reply from the client within the specified time, it will resend the request. Displays whether the port is authorized or not. Displays the LAG the port belongs to. User Guide 561 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 585
values are: Request, Response, Success, Fail, Timeout, Initialize and Idle. Status Displays whether the port is authorized or not. VID Displays the VLAN ID assigned by the authenticator to the supplicant device when the related port is authorized. If the related port is unauthorized and there - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 586
server host ip-address ip-address: Enter the IP default default value is the MAC address of the switch. Generally, the NAS indicates the switch default, the encryption type is 0. string is the shared key for the switch switch ip-address Add the existing servers to the server group. ip-address: Specify IP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 587
method: Specify the RADIUS group for 802.1x authentication. aaa accounting dot1x default { method } Select the RADIUS group for 802.1x accounting. method: named radius1, and apply this server group to the 802.1x authentication. The IP address of the RADIUS server is 192.168.0.100; the shared key is - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 588
-port 1813 key 123456 Switch(config)#aaa group radius radius1 Switch(aaa-group)#server 192.168.0.100 Switch(aaa-group)#exit Switch(config)#aaa authentication dot1x default radius1 Switch(config)#aaa accounting dot1x default radius1 Switch(config)#show radius-server Server Ip Auth Port Acct - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 589
connection status between the TP-Link 802.1x Client and the switch. Please disable Handshake feature if you are using other client softwares instead of TP-Link 802.1x Client. dot1x vlan-assignment (Optional) Enable PAP as the authentication method and keep other parameters as default: User Guide 566 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 590
Disabled 802.1X VLAN Assignment State: Disabled Switch(config)#end Switch#copy running-config feature for the port. With MAB feature enabled, the switch automatically sends the authentication server a RADIUS access request , most printers, IP phones and fax machines do not have 802.1x capability. - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 591
time Configure the supplicant timeout period. time: Specify the maximum time for which the switch waits for response from the client. It ranges from 1 to 60 seconds and the default time is 30 seconds. If the switch does not receive any reply from the client within the specified time, it will resend - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 592
parameters as default: Switch#configure Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#dot1x Switch(config-if)#dot1x port-method port-based Switch(config-if)#show gigabitEthernet port] Displays the authenticator state. configure Enter global configuration mode. User Guide 569 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 593
the client that will be reauthenticated. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. User Guide 570 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 594
ports connected to clients. ■■ Keep 802.1x authentication disabled on ports connected to the authentication server and the internet, which ensures unrestricted connections between the switch and the authentication server or the internet. 3.3 Network Topology As shown in the following figure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 595
Internet Configuration Example Switch A Authenticator Fa1/0/3 Fa1/0/2 Fa1/0/1 RADIUS Server 192.168.0.10/24 Auth Port:1812 Client Client Client Demonstrated with T1500-28PCT acting as the the parameters of the RADIUS server and click Create. Figure 3-2 Adding RADIUS Server User Guide 572 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 596
the group name as RADIUS1, select the server type as RADIUS and server IP as 192.168.0.10. Click Create. Figure 3-3 Creating Server Group 3) and configure the Authentication Method as EAP. Keep the default authentication settings. Click Apply. Figure 3-5 Configuring Global Settings Guide 573 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 597
group)#server 192.168.0.10 Switch_A(aaa-group)#exit Switch_A(config)#aaa authentication dot1x default RADIUS1 2) Globally enable 802.1x authentication and set the authentication protocol. Switch_A(config fastEthernet 1/0/2 Switch_A(config-if)#no dot1x Switch_A(config-if)#exit User Guide 574 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 598
: EAP Handshake State: Enabled 802.1X Accounting State: Disabled 802.1X VLAN Assignment State: Disabled Configuration Example Verify the configurations of 802.1x authentication 30 unauthorized N/A 3 10 30 unauthorized N/A PortMethod ---------mac-based mac-based mac-based User Guide 575 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 599
of RADIUS : Switch_A#show aaa global Module Login List Enable List Telnet default default Ssh default default Http default default Switch_A#show aaa authentication dot1x Methodlist pri1 pri2 pri3 default RADIUS1 -- -- Switch_A#show aaa group RADIUS1 192.168.0.10 pri4 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 600
Port Control Auto Guest VLAN 0 Maximum Request 3 Quiet Period 10 seconds Supplicant Timeout 30 seconds Port Method MAC Based Dot1X List Authentication Dot1x Method List List Name: default Pri1: radius Accounting Dot1x Method List List Name: default Pri1: radius User Guide 577 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 601
Part 18 Configuring Port Security CHAPTERS 1. Overview 2. Port Security Configuration 3. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 602
MAC addresses that can be learned on each port, thus preventing the MAC address table from being exhausted by the attack packets. In addtion, the switch can send a notification if the number of learned MAC addresses on the port exceeds the limit. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 603
MAC address number reaches the limit, the port will stop learning. It ranges from 0 to 64. The default value is 64. Current Learned MAC Displays the current number of MAC addresses that have been learned on the a notification will be generated and sent to the management host. User Guide 580 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 604
the default setting. Delete on Reboot: The learned MAC addresses are out of the influence of the aging time and can only be deleted manually. The learned entries will be cleared after the switch is port | range ten-gigabitEthernet port-list } Enter interface configuration mode. User Guide 581 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 605
aging time and can only be deleted manually. The learned entries will be saved even the switch is rebooted. status: Status of port security feature. By default, it is disabled. drop: When permanent and the status as drop: Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 User Guide 582 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 606
-table max-mac-count interface gigabitEthernet 1/0/1 Port Max-learn Current-learn Exceed Max Limit Mode Status ---- --------- ----------- ---------- ------ -------- Gi1/0/1 30 0 disable permanent drop Switch(config-if)#end Switch#copy running-config startup-config User Guide 583 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 607
settings of Port Security are listed in the following table. Table 3-1 Default Parameters of Port Security Parameter Default Setting Max Learned Number of 64 MAC Current Learned Number 0 Exceed Max Learned Trap Disabled Learn Address Mode Delete on Timeout Status Disabled User Guide 584 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 608
Part 19 Configuring ACL CHAPTERS 1. Overview 2. ACL Configuration 3. Configuration Example for ACL 4. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 609
Overview ACL (Access Control List) filters traffic as it passes through a switch, and permits or denies packets crossing specified interfaces or VLANs. It accurately identifies and processes the packets based on the ACL rules and no matching rule is found, the packets will be dropped. User Guide 586 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 610
the GUI 2.1.1 Configuring Time Range Some ACL-based services or features may need to be limited to take and destination MAC address for matching operations. IP ACL: IP ACL uses source and destination IP address, IP protocols and so on for matching operations. . 3) Click Create. User Guide 587 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 611
Configuring ACL ACL Configuration Note: The supported ACL type and ID range varies on different switch models. Please refer to the configure rules for this ACL. The following sections introduce how to configure MAC ACL, IP ACL, Combined ACL and IPv6 ACL. Configuring MAC ACL Rule Click Edit ACL for - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 612
. D-MAC/Mask Enter the destination MAC address with a mask. A value of 1 in the mask indicates that the corresponding bit in the address will be matched. VLAN ID Enter the ID number of the VLAN to which the ACL will apply. User Guide 589 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 613
User Priority to be matched. Time Range Select a time range during which the rule will take effect. The default value is No Limit, which means the rule is always in effect. The Time Range referenced here can be the matched packets will be forwarded only on the destination port. User Guide 590 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 614
, configure the related parameters, and the remarked values will take effect in the QoS processing on the switch. Figure 2-8 Configuring QoS Remark DSCP Local Priority 802.1p Priority 6) Click Apply. Specify the DSCP 1p priority of the packets will be changed to the specified one. User Guide 591 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 615
Configuring ACL Configuring IP ACL Rule Click Edit ACL for an IP ACL entry to load the following page. Figure 2-9 Configuring the IP ACL Rule ACL Configuration In ACL Rules Table section, click and the following page will appear. User Guide 592 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 616
Configuration Follow these steps to configure the IP ACL rule: 1) In the IP ACL Rule section, configure the following Permit: To forward the matched packets. Deny: To discard the matched packets. S-IP/Mask Enter the source IP address with a mask. A value of 1 in the mask indicates that the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 617
bit in the address will be matched. IP Protocol Select a protocol type from the drop-down list. The default is No Limit, which indicates that packets flag. RST: Reset flag. SYN: Synchronize flag. FIN: Finish flag. S-Port / D-Port If TCP/UDP is selected as the IP protocol, specify the Guide 594 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 618
Configuring Rate Limit Rate Burst Size Specify the transmission rate for the matched packets. Specify the maximum number of bytes allowed in one second. User Guide 595 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 619
configure the related parameters, and the remarked values will take effect in the QoS processing on the switch. Figure 2-14 Configuring QoS Remark DSCP Local Priority 802.1p Priority 6) Click Apply. Specify the ACL Rules Table section, click and the following page will appear. User Guide 596 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 620
ID in the same ACL. If you select Auto Assign, the rule ID will be assigned automatically and the interval between rule IDs is 5. User Guide 597 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 621
VLAN ID EtherType S-IP/Mask D-IP/Mask IP Protocol TCP Flag S-Port / D-Port DSCP IP ToS IP IP Reset flag. SYN: Synchronize flag. FIN: Finish flag. If TCP/UDP is selected as the IP default is No Limit. Specify an IP ToS value to be matched between 0 and 15. The default is No Limit. Specify an IP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 622
Priority to be matched. Time Range Select a time range during which the rule will take effect. The default value is No Limit, which means the rule is always in effect. The Time Range referenced here can matched packets. With this option enabled, configure the related parameters. User Guide 599 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 623
, configure the related parameters, and the remarked values will take effect in the QoS processing on the switch. Figure 2-20 Configuring QoS Remark DSCP Local Priority 802.1p Priority 6) Click Apply. Specify the DSCP 1p priority of the packets will be changed to the specified one. User Guide 600 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 624
IPv6 ACL Rule ACL Configuration In ACL Rules Table section, click Figure 2-22 Configuring the IPv6 ACL Rule and the following page will appear. User Guide 601 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 625
Specify an IPv6 class value to be matched. The switch will check the class field of the IPv6 header. Flow Label Specify a Flow selected as the IP protocol, specify the source and destination port numbers. Time Range Select a time range during which the rule will take effect. The default value is - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 626
matched packets. With this option enabled, configure the related parameters. Figure 2-25 Configuring Rate Limit Rate Specify the transmission rate for the matched packets. User Guide 603 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 627
processing on the switch. Figure 2-26 switch matches a received packet with the rules in order. When a packet matches a rule, the switch stops the match process and performs the action defined in the rule. Click Edit ACL for an entry you have created and you can view the rule table. We take IP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 628
bound to a port or VLAN. Note: •• Different types of ACLs cannot be bound to the same port or VLAN. •• Multiple ACLs of the same type can be bound to the same port or VLAN. The switch matches the received packets using drop-down list. 2) Specify the port to be bound. 3) Click Create. User Guide 605 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 629
VLAN Choose the menu SECURITY > ACL > ACL Binding > VLAN Binding to load the following page. Figure 2-29 Binding the ACL to a VLAN Follow these steps to bind the ACL to a VLAN VLAN to be bound. 3) Click Create. 2.2 Using the CLI 2.2.1 Configuring Time Range Some ACL-based services destination IP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 630
-type with 4 hexadecimal numbers. dot1p-priority: The user priority ranges from 0 to 7. The default is No Limit. vlan-id: The VLAN ID ranges from 1 to 4094. time-range-name: The name of the time-range. The default is No Limit. exit Return to global configuration mode. show access-list [ acl-id-or - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 631
config)#end Switch#copy running-config startup-config ■■ IP ACL Step 1 configure Enter global configuration mode. Step 2 access-list create acl-id [name acl-name] Create an IP ACL. acl-id:Enter an ACL ID. The ID ranges from 500 to 999. acl-name: Enter a name to identify the ACL. User Guide 608 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 632
permit means to forward. By default, it is set to permit. IP ToS value to be matched between 0 and 15. pre-value: Specify an IP example, 01*010*). The default is *, which indicates that Reset Flag), SYN (Synchronize Flag) and FIN (Finish Flag). time-range-name: The name of the time-range. The default - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 633
the configuration file. The following example shows how to create IP ACL 600, and configure Rule 1 to permit packets with source IP address 192.168.1.100: Switch#configure Switch(config)#access-list create 600 Switch(config)#access-list ip 600 rule 1 permit logging disable sip 192.168.1.100 sipmask - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 634
VLAN ID ranges from 1 to 4094. ether-type: Specify the Ethernet-type with 4 hexadecimal numbers. priority: The user priority ranges from 0 to 7. The default is No Limit. sip-address: Enter the source IP address. sip-address-mask: Enter the mask of the source IP address. It is required if source IP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 635
default is No Limit. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to create Combined ACL 1100 and configure Rule 1 to deny packets with source IP address 192.168.3.100 in VLAN 2: Switch#configure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 636
ip-address sip-mask sourceip-mask ] [dip destination-ip-address dip-mask destination-ip means to forward. By default, it is set to . source-ip-address: Enter the source IP address. Enter -ip-mask: Enter the source IP rule. destination-ip-address: Enter -ip-mask: Enter the source IP default is No - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 637
2020: Switch#configure Switch(config)#access-list create 1600 Switch(config)# ffff:ffff:ffff:ffff Switch(config)#show access-list ff ff:ffff:ffff Switch(config)#end Switch#copy running-config startup 10: Switch#configure Switch(config)#access-list resequence 100 start 1 step 10 Switch(config)#show - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 638
21 permit logging disable dmac aa:cc:ee:ff:dd:33 dmask ff:ff:ff:ff:ff:ff Switch(config)#end Switch#copy running-config startup-config 2.2.3 Configuring Policy Policy allows you to further process the matched packets through or name of the ACL. rule-id: Enter the ID of the ACL rule. User Guide 615 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 639
packets whose rate is beyond the specified rate. The default is None. qos-remark [dscp dscp] [ priority Switch#configure Switch(config)#access-list action 10 rule 1 Switch(config-action)#redirect interface gigabitEthernet 1/0/4 Switch(config-action)#exit Switch(config)#show access-list 10 User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 640
VLAN. Note: •• Different types of ACLs cannot be bound to the same port or VLAN. •• Multiple ACLs of the same type can be bound to the same port or VLAN. The switch the ACL that you want to add a rule for. vlan-list: Specify the ID or the ID list of the VLAN(s) that you want to bind the ACL to. The - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 641
----- ---------- ------- 1 ACL_1 Gi1/0/3 Ingress 1 ACL_1 4 Ingress Switch(config)#end Switch#copy running-config startup-config Type ---Port VLAN 2.2.5 Viewing ACL Counting You can use the following command to -name: Specify the ID or name of the ACL to be viewed. User Guide 618 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 642
services. Computers in the Marketing department are connected to the switch via port 1/0/1, and the internal server group is connected to the switch set up packet filtering by creating an IP ACL and configuring rules for it. ■■ ACL Configuration Create an IP ACL and configure the following rules for - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 643
rule, the switch stops the matching process and initiates the action defined in the rule. If no rules are matched, the packet will be dropped. ■■ Binding Configuration Bind the IP ACL to port 1/0/1 so that the ACL rules will apply to the Marketing department only. Demonstrated with T1500-28PCT, the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 644
the source IP address 10.10.70.0/24 and destination IP address 10.10.80.0/24. Figure 3-5 Configuring Rule 1 5) In the same way, configure rule 2 and rule 3 to permit packets with source IP 10.10.70.0 and destination port TCP 80 (http service port) and TCP 443 (https service port). User Guide 621 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 645
Configuring ACL Figure 3-6 Configuring Rule 2 Configuration Example for ACL User Guide 622 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 646
Configuring ACL Figure 3-7 Configuring Rule 3 Configuration Example for ACL User Guide 623 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 647
Configuring ACL Configuration Example for ACL 6) In the same way, configure rule 4 and rule 5 to permit packets with source IP 10.10.70.0 and with destination port TCP 53 or UDP 53 (DNS service port). Figure 3-8 Configuring Rule 4 User Guide 624 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 648
Configuring ACL Figure 3-9 Configuring Rule 5 Configuration Example for ACL 7) In the same way, configure rule 6 to deny packets with source IP 10.10.70.0. Figure 3-10 Configuring Rule 6 User Guide 625 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 649
IP 10.10.70.0/24 and destination IP 10.10.80.0/24. Switch(config)#access-list ip IP 10.10.70.0/24, and destination port TCP 80 (http service port) or TCP 443 (https service port). Switch(config)#access-list ip IP 10.10.70.0/24, and destination port TCP53 or UDP 53. Switch(config)#access-list ip 500 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 650
IP 10.10.70.0/24. Switch(config)#access-list ip Switch(config)#access-list bind 500 interface fastEthernet 1/0/1 Switch(config)#end Switch#copy running-config startup-config Verify the Configurations Verify the IP ACL 500: Switch Switch#show access-list bind ACL ID ACL - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 651
Operation IP Protocol DSCP IP ToS IP Pre Time-Range Default Setting Permit All No Limit No Limit No Limit No Limit Table 4-3 Combined ACL Parameter Operation Time-Range Default Setting Permit No Limit Table 4-4 IPv6 ACL Parameter Operation Time-Range Default Setting Permit No Limit User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 652
Configuring ACL Table 4-5 Policy Parameter Mirroring Redirect Rate Limit QoS Remark Default Setting Disabled Disabled Disabled Disabled Appendix: Default Parameters User Guide 629 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 653
Part 20 Configuring IPv4 IMPB CHAPTERS 1. IPv4 IMPB 2. IP-MAC Binding Configuration 3. ARP Detection Configuration 4. IPv4 Source Guard Configuration 5. Configuration Examples 6. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 654
switch can prevent the ARP cheating attacks with the ARP Detection feature and filter the packets that don't match the binding entries with the IP Source Guard feature. 1.2 Supported Features IP-MAC Binding This feature is used to add binding entries. The binding entries can be manually configured - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 655
the GUI 2.1.1 Binding Entries Manually You can manually bind the IP address, MAC address, VLAN ID and the Port number together IP-MAC Binding > Manual Binding and click to load the following page. Figure 2-1 Manual Binding Follow these steps to manually create an IP-MAC Binding entry: User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 656
switch sends the ARP request packets of the specified IP field to the hosts. Upon receiving the ARP reply packet, the switch can get the IP address, MAC address, VLAN incorrect IP-MAC Binding entries. If your network is being attacked, it's recommended to bind the entries manually. User Guide 633 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 657
section, select one or more entries and configure the relevant parameters. Then click Bind. Host Name Enter a host name for identification. IP Address Displays the IP address. MAC Address Displays the MAC address. VLAN ID Displays the VLAN ID. Port Displays the port number. User Guide 634 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 658
IMPB IP- will be applied to the ARP Detection feature. IP Source Guard: This entry will be applied to the IP Source Guard feature. Both This entry will be Snooping enabled, the switch can monitor the IP address obtaining process of the host, and record the IP address, MAC address, VLAN ID and the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 659
Follow these steps to configure IP-MAC Binding via DHCP Snooping: 1) In the Global Config section, globally enable DHCP Snooping. Click Apply. 2) In the VLAN Config section, enable DHCP Snooping on a VLAN or range of VLANs. Click Apply. VLAN ID Displays the VLAN ID. Status Enable or disable - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 660
Binding: Displays the manually bound entries. ARP Scanning: Displays the binding entries learned from ARP Scanning. DHCP Snooping: Displays the binding entries learned from DHCP Snooping. IP Enter an IP address and click Search to search the specific entry. Additionally, you select one or more - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 661
Binding entries via ARP scanning is not supported by the CLI. The following sections introduce how to bind entries manually and via DHCP Snooping and view the binding entries. 2.2.1 Binding Entries Manually You can manually bind the IP address, MAC address, VLAN ID and the Port number together on - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 662
:d4:35:76:a4:d8 vlan 10 interface gigabitEthernet 1/0/5 arp-detection Switch(config)#show ip source binding U Host IP-Addr MAC-Addr VID Port ACL SOURCE - ---- ------- -------- --- ---- --- ------ 1 host1 192.168.0.55 74:d4:35:76:a4:d8 10 Gi1/0/5 ARP-D Manual Notice: 1.Here, 'ARP-D' for - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 663
can learn via DHCP snooping as 100: Switch#configure Switch(config)#ip dhcp snooping Switch(config)#ip dhcp snooping vlan 5 Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#ip dhcp snooping max-entries 100 Switch(config-if)#show ip dhcp snooping Global Status: Enable User Guide 640 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 664
Configuring IPv4 IMPB IP-MAC Binding Configuration VLAN ID: 5 Switch(config-if)#show ip dhcp snooping interface gigabitEthernet 1/0/1 Interface max-entries LAG Gi1/0/1 100 N/A Switch(config-if)#end Switch#copy running-config startup-config 2.2.3 Viewing Binding Entries On privileged - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 665
statistics. 3.1 Using the GUI 3.1.1 Adding IP-MAC Binding Entries In ARP Detection, the switch detects the ARP packets based on the binding entries in the IP-MAC Binding Table. So before configuring ARP Detection enable ARP Detection and configure the related parameters. Click Apply. User Guide 642 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 666
feature on the VLAN. With this feature enabled, the switch generates a log when an illegal ARP packet is discarded. 3.1.3 Configuring ARP Detection on Ports Choose the menu SECURITY > IPv4 IMPB > ARP Detection >Port Config to load the following page. Figure 3-2 ARP Detection on Port User Guide 643 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 667
a trusted port, the ARP packets are forwarded directly without checked. The specific ports, such as up-link ports and routing ports are suggested to be set as trusted. Specify the maximum number of the ARP ARP Statistics to load the following page. Figure 3-3 View ARP Statistics User Guide 644 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 668
ARP packets in each VLAN. VLAN ID Displays the VLAN ID. Forwarded Displays the number of forwarded ARP packets in this VLAN. Dropped Displays the number of dropped ARP packets in this VLAN. 3.2 Using the CLI 3.2.1 Adding IP-MAC Binding Entries In ARP Detection, the switch detects the ARP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 669
(config)#show ip arp inspection vlan VID Enable status Log Status ---------- 1 Disable Disable 2 Enable Disable Switch(config)#end Switch#copy running-config startup-config 3.2.3 Configuring ARP Detection on Ports Follow these steps to configure ARP Detection on ports: User Guide 646 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 670
valid values are from 1 to 15 seconds, and the default value is 1 second. show ip arp inspection interface View the configurations and status of the ports. show ip arp inspection vlan View the configurations and status of the VLANs. ip arp inspection recover (Optional) For ports on which the speed - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 671
Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#ip arp inspection recover Switch(config-if)#end Switch# ip arp inspection statistics View the ARP statistics on each port, including the number of forwarded ARP packets and the number of dropped ARP packets. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 672
Configuration To complete IPv4 Source Guard configuration, follow these steps: 1) Add IP-MAC Binding entries. 2) Configure IPv4 Source Guard. 4.1 Using the GUI 4.1.1 Adding IP-MAC Binding Entries In IPv4 Source Guard, the switch filters the packets that do not match the rules of IPv4MAC Binding - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 673
the LAG that the port is in. 4.2 Using the CLI 4.2.1 Adding IP-MAC Binding Entries In IPv4 Source Guard, the switch filters the packets that do not match the rules of IPv4MAC Binding Table port | range ten-gigabitEthernet port-list } Enter interface configuration mode. User Guide 650 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 674
config)#interface gigabitEthernet 1/0/1 Switch(config-if)#ip verify source sip+mac Switch(config-if)#show ip verify source interface gigabitEthernet 1/0/1 Port Security-Type LAG ---- ---- Gi1/0/1 SIP+MAC N/A Switch(config-if)#end Switch#copy running-config startup-config User Guide 651 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 675
1/0/1 and port 1/0/2. Both of them are in the default VLAN 1. The router has been configured with security feature to prevent switch is as follows: 1) Configure IP-MAC Binding. The binding entries for User 1 and User 2 should be manually bound. 2) Configure ARP Detection globally. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 676
T1500-28PCT, the following sections provide configuration procedure in two ways: using the GUI and using the CLI. 5.1.3 Using the GUI 1) Choose the menu SECURITY > IPv4 IMBP > IP-MAC Binding > Manual for User 2. Enter the host name, IP address, MAC address and VLAN ID of User 2, select the protect - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 677
Source MAC, Validate Destination MAC and Validate IP, and click Apply. Select VLAN 1, change Status as Enabled and click default, all ports are enabled with ARP Detection and ARP flooding defend. Configure port 1/0/3 as trusted port and keep other defend parameters as default. Click Apply. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 678
to save the settings. 5.1.4 Using the CLI 1) Manually bind the entries for User 1 and User 2. Switch_A#configure Switch_A(config)#ip source binding User1 192.168.0.31 74:d3:45:32:b6:8d vlan 1 interface fastEthernet 1/0/1 arp-detection Switch_A(config)#ip source binding User1 192.168.0.32 88:a9:d4 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 679
ARP-D Manual Notice: 1.Here, 'ARP-D' for 'ARP-Detection',and'IP-V-S' for 'IP-Verify-Source'. Verify the global configuration of ARP Detection: Switch_A#show ip arp Enable Verify IP: Enable Verify the ARP Detection configuration on VLAN: Switch_A#show ip arp inspection vlan VID Enable status - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 680
. The overview of configuration on the switch is as follows: 1) Bind the MAC address, IP address, connected port number and VLAN ID of the legal host with IP-MAC Binding. 2) Enable IP Source Guard on ports 1/0/1-3. Demonstrated with T1500-28PCT, the following sections provide configuration procedure - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 681
IMPB > IP-MAC Binding > Manual Binding and click to load the following page. Enter the host name, IP address, MAC address and VLAN ID of switch generate logs when receiving illegal packets, and click Apply. Select ports 1/0/1-3, configure the Security Type as SIP+MAC, and click Apply. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 682
Examples 3) Click to save the settings. 5.2.4 Using the CLI 1) Manually bind the IP address, MAC address, VLAN ID and connected port number of the legal host, and apply this entry to the IP Source Guard feature. Switch#configure Switch(config)#ip source binding legal-host 192.168.0.100 74:d3:45 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 683
------ 1 User1 192.168.0.100 74:d3:45:32:b5:6d 1 Fa1/0/1 IP-V-S Manual Notice: 1.Here, 'ARP-D' for 'ARP-Detection',and'IP-V-S' for 'IP-Verify-Source'. Verify the configuration of IP Source Guard: Switch#show ip verify source IP Source Guard log: Enabled Port Security-Type LAG Fa1/0/1 SIP+MAC - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 684
Snooping Parameter Default Setting Global Config DHCP Snooping Disabled VLAN Config Status Disabled Port Config Maximum Entry 512 Default settings of Destination MAC Validate IP VLAN Config Status Log Status Port Config Trust Status Limit Rate Default Setting Disabled Disabled Disabled - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 685
Parameters Parameter Burst Interval ARP Statistics Auto Refresh Refresh Interval Default Setting 1 second Disabled 5 seconds Default settings of IPv4 Source Guard are listed in the following table: Table 6-3 ARP Detection Parameter Global Config IPv4 Source Guard Log: Port Config Security - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 686
Part 21 Configuring IPv6 IMPB CHAPTERS 1. IPv6 IMPB 2. IPv6-MAC Binding Configuration 3. ND Detection Configuration 4. IPv6 Source Guard Configuration 5. Configuration Examples 6. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 687
Configuring IPv6 IMPB 1 IPv6 IMPB IPv6 IMPB 1.1 Overview IPv6 IMPB (IP-MAC-Port Binding) is used to bind the IPv6 address, MAC address, VLAN ID and the connected port number of the specified host. Basing on the binding table, the switch can prevent ND attacks with the ND Detection feature and - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 688
Configuring IPv6 IMPB Figure 1-1 Network Topology of ND Detection IPv6 IMPB User A Untrusted Port Trusted Port Untrusted Port Switch Gateway Internet Attacker IPv6 Source Guard IPv6 Source Guard is used to filter the IPv6 packets based on the IPv6-MAC Binding table. Only the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 689
2.1 Using the GUI 2.1.1 Binding Entries Manually You can manually bind the IPv6 address, MAC address, VLAN ID and the Port number together on Manual Binding and click to load the following page. Figure 2-1 Manual Binding Follow these steps to manually create an IPv6-MAC Binding entry: User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 690
Apply. 2.1.2 Binding Entries via ND Snooping With ND Snooping, the switch monitors the ND packets, and records the IPv6 addresses, MAC addresses, VLAN IDs and the connected port numbers of the IPv6 hosts. You network is being attacked, it's recommended to bind the entries manually. User Guide 667 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 691
more VLANs and enable ND Snooping. Click Apply. VLAN ID Displays the VLAN ID. Status Enable or disable ND Snooping on the VLAN. 3) In the Port Config section, configure the maximum number of entries a port can learn via ND snooping. Click Apply. Port Displays the port number. User Guide 668 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 692
to view or edit the entries. 2.1.3 Binding Entries via DHCPv6 Snooping With DHCPv6 Snooping enabled, the switch can monitor the IP address obtaining process of the host, and record the IPv6 address, MAC address, VLAN ID and the connected port number of the host. Choose the menu SECURITY > IPv6 IMPB - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 693
. 2) In the VLAN Config section, enable DHCPv6 Snooping on a VLAN or range of VLANs. Click Apply. VLAN ID Displays the VLAN ID. Status Enable or disable DHCPv6 Snooping on the VLAN. 3) In the Port Binding Table You can specify the search criteria to search your desired entries. User Guide 670 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 694
Manual Binding: Displays the manually bound IP Address Displays the IPv6 address. MAC Address Displays the MAC address. VLAN ID Displays the VLAN This entry will be applied to the IP Source Guard feature. Both: This entry Manually You can manually bind the IPv6 address, MAC address, VLAN ID - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 695
xx. vlan-id: Enter the VLAN ID Switch(config)#show ipv6 source binding U Host IP-Addr MAC-Addr VID Port ACL Source -------- --- ---- --- ------ 1 host1 2001:0:9d38:90d5::34 aa:bb:cc:dd:ee:ff 10 Gi1/0/5 ND-D Manual Switch(config)#end Switch#copy running-config startup-config User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 696
. The valid values are from 0 to 1024, and the default is 1024. show ipv6 nd snooping Verify the global configuration of VLAN 1. Switch#configure Switch(config)#ipv6 nd snooping Switch(config)#ipv6 nd snooping vlan 1 Switch(config)#show ipv6 nd snooping Global Status: Enable VLAN ID: 1 User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 697
Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#ipv6 nd snooping max-entries 1000 Switch snooping vlan vlan-range Enable DHCPv6 Snooping on the specified VLAN. vlan-range: Enter the vlan range ip dhcp snooping Verify global configuration of DHCPv6 Snooping. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 698
Switch#configure Switch(config)#ipv6 dhcp snooping Switch(config)#ipv6 dhcp snooping vlan 5 Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#ipv6 dhcp snooping max-entries 100 Switch the host name, IP address, MAC address, VLAN ID, port number and protect type. User Guide 675 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 699
Using the GUI 3.1.1 Adding IPv6-MAC Binding Entries The ND Detection feature allows the switch to detect the ND packets based on the binding entries in the IPv6-MAC Binding ND Detection globally. 2) In the VLAN Config section, enable ND Detection on the selected VLANs. Click Apply. User Guide 676 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 700
VLAN ID Status Log Status Displays the VLAN ID. Enable or disable ND Detection on the VLAN. Enable or disable Log feature on the VLAN. With this feature enabled, the switch directly without checked. The specific ports, such as up-link ports and routing ports are suggested to be set as Guide 677 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 701
ND packets in this VLAN. Dropped Displays the number of dropped ND packets in this VLAN. 3.2 Using the CLI 3.2.1 Adding IPv6-MAC Binding Entries The ND Detection feature allows the switch to detect the ND mode. Step 2 ipv6 nd detection Globally enable the ND Detection feature. User Guide 678 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 702
nd detection vlan VID Enable status Log Status 1 Enable Disable Switch(config)#end Switch#copy running-config startup-config 3.2.3 Configuring ND Detection on Ports Follow these steps to configure ND Detection on ports: Step 1 configure Enter global configuration mode. User Guide 679 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 703
the ND packets will not be checked. The specific ports, such as up-linked ports and routing ports are suggested to be set as trusted ports. show trusted port: Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#ipv6 nd detection trust Switch(config-if)# . User Guide 680 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 704
complete IPv6 Source Guard configuration, follow these steps: 1) Add IP-MAC Binding entries. 2) Configure IPv6 Source Guard. 4.1 Using 4.1.1 Adding IPv6-MAC Binding Entries The ND Detection feature allows the switch to detect the ND packets based on the binding entries in the ports. User Guide 681 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 705
. The following options are provided: Disable: The IP Source Guard feature is disabled on the port. MAC Binding Entries The ND Detection feature allows the switch to detect the ND packets based on the binding sipv6+mac: Only the packet with its source IP address, source MAC address and port number - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 706
Verify the IP Source Guard Switch(config-if)#ipv6 verify source sipv6+mac Switch(config-if)#show ipv6 verify source interface gigabitEthernet 1/0/1 Port Security-Type LAG ---- ---- Gi1/0/1 SIPv6+MAC N/A Switch(config-if)#end Switch#copy running-config startup-config User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 707
default VLAN 1. The router has been configured with security feature to prevent attacks from the WAN. Now the network administrator wants to configure Switch A to prevent ND attacks from the LAN. Figure 5-1 Network Topology Internet Switch switch is as follows: 1) Configure IPv6-MAC Binding. - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 708
T1500-28PCT, the following sections provide configuration procedure in two ways: using the GUI and using the CLI. 5.1.3 Using the GUI 1) Choose the menu SECURITY > IPv6 IMBP > IPv6-MAC Binding > Manual , IPv6 address, MAC address and VLAN ID of User 2, select the protect type as ND Detection, and - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 709
to load the following page. Enable ND Detection and click Apply. Select VLAN 1, change Status as Enabled and click Apply. Figure 5-4 Enable ND Detection IMBP > ND Detection > Port Config to load the following page. By default, all ports are enabled with ND Detection. Since port 1/0/3 is connected - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 710
CLI 1) Manually bind the entries for User 1 and User 2. Switch_A#configure Switch_A(config)#ipv6 source binding User1 2001::5 74:d3:45:32:b6:8d vlan 1 interface fastEthernet 1/0/1 nd-detection Switch_A(config)#ip source binding -MAC Binding entries: Switch_A#show ipv6 source binding User Guide 687 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 711
/0/1 ND-D Manual 1 User2 2001::6 88:a9:d4:54:fd:c3 1 Fa1/0/2 ND-D Manual Notice: 1.Here, 'ND-D' for 'ND-Detection',and'IP-V-S' for 'IP-Verify-Source'. shown below, the legal IPv6 host connects to the switch via port 1/0/1 and belongs to the default VLAN 1. It is required that only the legal host - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 712
. The overview of configuration on the switch is as follows: 1) Bind the MAC address, IPv6 address, connected port number and VLAN ID of the legal host with IPv6-MAC Binding. 2) Enable IPv6 Source Guard on ports 1/0/1-3. Demonstrated with T1500-28PCT, the following sections provide configuration - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 713
Figure 5-7 Manual Binding Configuration Examples 2) Choose the menu SECURITY > IPv6 IMPB > IPv6 Source Guard to load the following page. Select ports 1/0/1-3, configure the Security Type as SIPv6+MAC, and click Apply. Figure 5-8 IPv6 Source Guard 3) Click to save the settings. User Guide 690 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 714
--- ------ 1 legal-host 2001::5 74:d3:45:32:b6:8d 1 Fa1/0/1 IP-V-S Manual Notice: 1.Here, 'ND-D' for 'ND-Detection',and'IP-V-S' for 'IP-Verify-Source'. Verify the configuration of IPv6 Source Guard: Switch#show ipv6 verify source Port Security-Type LAG Gi1/0/1 SIPv6+MAC N/A Gi1/0/2 SIPv6 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 715
of DHCP Snooping are listed in the following table: Table 6-1 DHCPv6 Snooping Parameter Default Setting Global Config DHCPv6 Snooping Disabled VLAN Config Status Disabled Port Config Maximum Entry 512 Default settings of ND Detection are listed in the following table: Table 6-2 ND - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 716
Configuring IPv6 IMPB Appendix: Default Parameters Default settings of IPv6 Source Guard are listed in the following table: Table 6-3 ND Detection Parameter Port Config Security Type Default Setting Disabled User Guide 693 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 717
Part 22 Configuring DHCP Filter CHAPTERS 1. DHCP Filter 2. DHCPv4 Filter Configuration 3. DHCPv6 Filter Configuration 4. Configuration Examples 5. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 718
network interference will happen. DHCP Filter resolves this problem. With DHCP Filter configured, the switch can check whether the received DHCP packets are legal and discard the illegal ones. In this way, DHCP Filter ensures that users get IP addresses only from the legal DHCP server and enhances - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 719
Configuring DHCP Filter DHCPv4 Filter DHCPv4 Filter is used for DHCPv4 servers and IPv4 clients. DHCPv6 Filter DHCPv6 Filter is used for DHCPv6 servers and IPv6 clients. DHCP Filter User Guide 696 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 720
Filter: 1) In the Global Config section, enable DHCPv4 globally. 2) In the Port Config section, select one or more ports and configure the related parameters. User Guide 697 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 721
the packet if the two fields are different. This prevents the IP address resource on the DHCPv4 server from being exhausted by forged MAC is in. 3) Click Apply. Note: The member port of an LAG (Link Aggregation Group) follows the configuration of the LAG and not its own. The Server User Guide 698 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 722
: Server IP Address Specify the IP address of Step 2 ip dhcp filter ip dhcp filter Enable DHCPv4 Filter on the port. Step 5 ip dhcp IP address resource on the DHCP server from being exhausted by forged MAC addresses. Step 6 ip default value is 0, which indicates disabling limit rate. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 723
)#ip dhcp filter Switch(config-if)#ip dhcp filter mac-verify Switch(config-if)#ip dhcp filter limit rate 10 Switch(config-if)#ip dhcp filter decline rate 20 Switch(config-if)##show ip dhcp filter Global Status: Enable Switch(config-if)#show ip dhcp filter interface gigabitEthernet 1/0/1 User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 724
MAC address restricted: Switch#configure Switch(config)#ip dhcp filter server permit-entry server-ip 192.168.0.100 client-mac all interface gigabitEthernet 1/0/1 Switch(config)#show ip dhcp filter server permit-entry Server IP Client MAC Interface 192.168.0.100 all Gi1/0/1 User Guide 701 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 725
Configuring DHCP Filter Switch(config)#end Switch#copy running-config startup-config DHCPv4 Filter Configuration User Guide 702 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 726
section, enable DHCPv6 globally. 2) In the Port Config section, select one or more ports and configure the related parameters. Port Displays the port number. User Guide 703 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 727
LAG that the port is in. Note: The member port of an LAG (Link Aggregation Group) follows the configuration of the LAG and not its own. The server: 1) Configure the following parameters: Server IPv6 Address Specify the IP address of the legal DHCPv6 server. Server Port 2) Click Create. - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 728
rate value. The following options are provided: 0, 5,10,15,20,25 and 30 (packets/second). The default value is 0, which indicates disabling limit rate. Step 6 ipv6 dhcp filter decline rate value Enable the running-config startup-config Save the settings in the configuration file. User Guide 705 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 729
Filter Configuration Note: The member port of an LAG (Link Aggregation Group) follows the configuration of the LAG and not Switch(config-if)#show ip dhcp filter interface gigabitEthernet 1/0/1 Interface state Limit-Rate Dec-rate LAG Gi1/0/1 Enable 10 20 N/A Switch(config-if)#end Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 730
Switch#configure Switch(config)#ipv6 dhcp filter server permit-entry server-ip 2001::54 interface gigabitEthernet 1/0/1 Switch(config)#show ipv6 dhcp filter server permit-entry Server IP Interface 2001::54 Gi1/0/1 Switch(config)#end Switch#copy running-config startup-config User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 731
below, all the DHCPv4 clients get IP addresses from the legal DHCPv4 server, and IP addresses to the clients. Figure 4-1 Network Topology Legal DHCPv4 Server 192.168.0.200 Switch the legal DHCPv4 server. Demonstrated with T1500-28PCT, the following sections provide configuration procedure in two - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 732
click Apply. Figure 4-2 Basic Config 2) Choose the menu SECURITY > DHCP Filter > DHCPv4 Filter > Legal DHCPv4 Servers and click to load the following page. Specify the IP address and connected port number of the legal DHCPv4 server. Click Create. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 733
ip dhcp filter Switch_A(config)#interface range fastEthernet 1/0/1-24 Switch_A(config-if-range)#ip dhcp filter Switch_A(config)#interface range gigabitEthernet 1/0/25-28 Switch_A(config-if-range)#ip DHCPv4 server: Switch_A(config)#ip dhcp filter server permit-entry server-ip 192.168.0.200 client- - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 734
configuration on ports: Switch_A#show ip dhcp filter interface Interface state configuration: Switch_A#show ip dhcp filter server permit-entry Server IP Client MAC Interface Network Requirements As shown below, all the DHCPv6 clients get IP addresses from the legal DHCPv6 server, and any other - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 735
Topology Configuration Examples Legal DHCPv6 Server 2001::54 Switch A Fa1/0/1 Illegal DHCPv6 Server DHCPv6 Client . 2) Create an entry for the legal DHCPv6 server. Demonstrated with T1500-28PCT, the following sections provide configuration procedure in two ways: using the . User Guide 712 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 736
Examples 2) Choose the menu SECURITY > DHCP Filter > DHCPv6 Filter > Legal DHCPv6 Servers and click to load the following page. Specify the IP address and connected port number of the legal DHCPv6 server. Click Create. Figure 4-3 Create Entry for Legal DHCPv6 Server 3) Click to save the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 737
the legal DHCPv6 server: Switch_A(config)#ipv6 dhcp filter server permit-entry server-ip 2001::54 interface fastEthernet 1/0/1 Switch_A(config)#end Switch_A#copy running-config startup-config N/A Fa1/0/4 Enable Disable Disable N/A ... Verify the legal DHCPv6 server configuration: User Guide 714 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 738
Configuring DHCP Filter Switch_A#show ipv6 dhcp filter server permit-entry Server IP Interface 2001::54 Fa1/0/1 Configuration Examples User Guide 715 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 739
are listed in the following table: Table 5-1 DHCPv4 Filter Parameter Default Setting Global Config DHCPv4 Filter Disabled Port Config Status Disabled MAC Verify DHCPv6 Filter Port Config Status Rate Limit Decline Protect Default Setting Disabled Disabled Disabled Disabled User Guide 716 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 740
Part 23 Configuring DoS Defend CHAPTERS 1. Overview 2. DoS Defend Configuration 3. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 741
numerous service requests to the hosts. It results in an abnormal service or breakdown of the network. With DoS Defend feature, the switch can analyze the specific fields of the IP packets, threshold value and may incur a breakdown of the network, the switch will discard the packets. User Guide 718 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 742
SYN (synchronous) packet to the destination host. Because both of the source IP address and the destination IP address of the SYN packet are set to be the IP address of the host, the host will be trapped in an endless packet with its TCP index, FIN, URG and PSH field set to 1. User Guide 719 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 743
a fake IP address to send . Since the IP address is fake service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network will, by default - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 744
is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network will, by default, respond to this by sending - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 745
DoS Defend type named land: Switch#configure Switch(config)#ip dos-prevent Switch(config)#ip dos-prevent type land Switch(config)#show ip dos-prevent DoS Prevention State: Attack Disabled Ping Of Death Disabled Switch(config)#end Switch#copy running-config startup-config User Guide 722 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 746
Configuring DoS Defend Appendix: Default Parameters 3 Appendix: Default Parameters Default settings of Network Security are listed in the following tables. Table 3-1 DoS Defend Parameter DoS Defend Default Setting Disabled User Guide 723 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 747
Part 24 Monitoring the System CHAPTERS 1. Overview 2. Monitoring the CPU 3. Monitoring the Memory - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 748
CPU utilization should be always under 80%, and excessive use may result in switch malfunctions. For example, the switch fails to respond to management requests (ICMP ping, SNMP timeouts, slow Telnet or SSH sessions). You can monitor the system to verify a CPU utilization problem. User Guide 725 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 749
Monitor to load the following page. Figure 2-1 Monitoring the CPU Click Monitor to enable the switch to monitor and display its CPU utilization rate every five seconds. 2.2 Using the CLI On cpu-utilization View the memory utilization of the switch in the last 5 seconds, 1minute and 5minutes. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 750
Monitoring the System The following example shows how to monitor the CPU: Switch#show cpu-utilization Unit | CPU Utilization No. | Five-Seconds One-Minute Five-Minutes 1 | 13% 13% 13% Monitoring the CPU User Guide 727 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 751
the following page. Figure 3-1 Monitoing the Memory Click Monitor to enable the switch to monitor and display its memory utilization rate every five seconds. 3.2 memory utilization of the switch. The following example shows how to monitor the memory: Switch#show memory-utilization User Guide 728 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 752
Monitoring the System Unit | Current Memory Utilization 1 | 74% Monitoring the Memory User Guide 729 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 753
Part 25 Monitoring Traffic CHAPTERS 1. Traffic Monitor 2. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 754
the switch to refresh the traffic summary. 2) In the Traffic Summary section, click UNIT1 to show the information of the physical ports, and click LAGS to show the information of the LAGs. Packets Rx: Displays the number of packets received on the port. Error packets are not counted. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 755
port. Error octets are counted . To view a port's traffic statistics in detail, click Statistics on the right side of the entry. Figure 1-2 Traffic Statistics User Guide 732 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 756
received on the port. Error packets are not counted. Bytes: Displays the number of bytes received on the port. Error packets are not counted. User Guide 733 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 757
bytes transmitted on the port. Error packets are not counted. Collisions: Displays the number of collisions experienced by a half-duplex port during packet transmissions. User Guide 734 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 758
on the port. Error packets are not counted. Rx Bytes: Displays the number of bytes received on the port. Error packets are not counted. User Guide 735 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 759
Monitoring Traffic Appendix: Default Parameters 2 Appendix: Default Parameters Table 2-1 Traffic Statistics Monitoring Parameter Traffic Summary Auto Refresh Refresh Rate Default Setting Disabled 10 seconds User Guide 736 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 760
Part 26 Mirroring Traffic CHAPTERS 1. Mirroring 2. Configuration Examples 3. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 761
Mirroring Traffic Mirroring 1 Mirroring You can analyze network traffic and troubleshoot network problems using Mirroring. Mirroring allows the switch to send a copy of the traffic that passes through specified sources Edit to configure this mirroring session on the following page. User Guide 738 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 762
Select the desired ports as the source interfaces. The switch will send a copy of traffic passing through the destination port. CPU When selected, the switch will send a copy of traffic CPU) will be copied to the destination port. By default, it is disabled. Egress With this option enabled, - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 763
settings in the configuration file. The following example shows how to copy the received and transmitted packets on port 1/0/1,2,3 and the CPU to port 1/0/10. Switch#configure Switch(config)#monitor session 1 destination interface gigabitEthernet 1/0/10 User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 764
Switch(config)#show monitor session Monitor Session: 1 Destination Port: Gi1/0/10 Source Ports(Ingress): Gi1/0/1-3 Source Ports(Egress): Gi1/0/1-3 Source CPU(Ingress): cpu1 Source CPU(Egress): cpu1 Switch(config-if)#end Switch#copy running-config startup-config User Guide 741 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 765
are directly connected to the switch. For network security and troubleshooting, the network manager needs to switch to copy the packets from the hosts. 2) Specify port 1/0/1 as the destination port so that the network analyzer can receive mirrored packets from the hosts. Demonstrated with T1500-28PCT - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 766
4) Click to save the settings. 2.4 Using the CLI Switch#configure Switch(config)#monitor session 1 destination interface fastEthernet 1/0/1 Switch(config)#monitor session 1 source interface fastEthernet 1/0/2-5 both Switch(config)#end Switch#copy running-config startup-config User Guide 743 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 767
Mirroring Traffic Verify the Configuration Switch#show monitor session 1 Monitor Session: 1 Destination Port: Fa1/0/1 Source Ports(Ingress): Fa1/0/2-5 Source Ports(Egress): Fa1/0/2-5 Configuration Examples User Guide 744 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 768
Mirroring Traffic Appendix: Default Parameters 3 Appendix: Default Parameters Default settings of Switching are listed in th following tables. Table 3-1 Configurations for Ports Parameter Default Setting Ingress Disabled Egress Disabled User Guide 745 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 769
Part 27 Configuring DLDP CHAPTERS 1. Overview 2. DLDP Configuration 3. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 770
twisted-pair Ethernet cables to detect whether a unidirectional link exists. A unidirectional link occurs whenever traffic sent by a local device is device. Unidirectional links can cause a variety of problems, such as spanning-tree topology loops. Once detecting a unidirectional link, DLDP can - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 771
Configuration Guidelines ■■ A DLDP-capable port cannot detect a unidirectional link if it is connected to a DLDP- incapable port of another switch. ■■ To detect unidirectional links, make sure DLDP is enabled on both sides of the links. 2.1 Using the GUI Choose the menu MAINTENANCE > DLDP to - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 772
and then users can manually shut down the unidirectional link ports. With this option enabled, the switch will automatically refresh the DLDP information. Specify the time interval at which the switch will refresh the DLDP information. Valid values are from 1 to 100 seconds, and the default value is - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 773
manual } Configure the DLDP shutdown mode when a unidirectional link is detected. auto: The switch automatically shuts down ports when a unidirectional link is detected. It is the default setting. manual: The switch displays an alert when a unidirectional link auto. Switch#configure User Guide 750 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 774
)#dldp Switch(config-if)#show dldp interface Port DLDP State Protocol State Link State Neighbor State ---- ---------- Gi1/0/1 Enable Inactive Link-Down N/A Gi1/0/2 Disable Initial Link-Down N/A ... Switch(config-if)#end Switch#copy running-config startup-config User Guide 751 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 775
of DLDP are listed in the following table. Table 3-1 Default Settings of DLDP Parameter Default Setting Global Config DLDP State Disabled Advertisement Interval 5 seconds Shut Mode Auto Auto Refresh Disabled Refresh Interval 3 seconds Port Config DLDP Disabled User Guide 752 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 776
Part 28 Configuring SNMP & RMON CHAPTERS 1. SNMP 2. SNMP Configurations 3. Notification Configurations 4. RMON 5. RMON Configurations 6. Configuration Example 7. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 777
IP networks. It facilitates device management using NMS (Network Management System) applications. With SNMP, network managers can view or modify the information of network devices, and timely troubleshoot as the switch, router, host or printer. By configuring SNMP on the switch, you define Guide 754 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 778
The MIB file can be found on the provided CD or in the download center of our official website: https://www.tp-link.com/download-center.html. Also, TP-Link switches support the following public MIBs: ■■ LLDP.mib ■■ LLDP-Ext-Dot1.mib ■■ LLDP-Ext-MED.mib ■■ RFC1213.mib ■■ RFC1493-Bridge.mib ■■ RFC1757 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 779
qBridge.mib ■■ RFC2863-pBridge.mib ■■ RFC2925-Disman-Ping.mib ■■ RFC2925-Disman-Traceroute.mib For detail information about the supported public MIBs, see Supported Public MIBs for TPLink Switches. SNMP Entity An SNMP entity is a device running the SNMP protocol. Both the SNMP manager and SNMP agent - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 780
Supported Based on Community Name Supported Supported authentication and privacy modes are as follows: Authentication: MD5/SHA Privacy: DES Supported Inform Not supported Supported Supported helps to ensure that the notifications from the switch are received by the NMS host even when Guide 757 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 781
SNMP Configurations To complete the SNMP configuration, choose an SNMP version according to network requirements and supportability of the NMS application, and then follow these steps: ■■ Choose SNMPv1 or SNMPv2c 1) local and remote engine ID. SNMP Enable or disable SNMP globally. User Guide 758 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 782
hexadecimal digits. A valid engine ID must contain an even number of characters. By default, the switch generates the engine ID using TP-Link's enterprise number (80002e5703) and its own MAC address. The local engine ID is view type and a MIB object ID that is related to the view. User Guide 759 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 783
view. Community Name Configure the community name. This community name is used like a password and the NMS can access the specified MIB objects of the switch using the same community name. User Guide 760 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 784
packets, but no privacy algorithm is applied to encrypt them. AuthPriv: An authentication algorithm and a privacy algorithm are applied to check and encrypt packets. User Guide 761 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 785
location of the user. Local User: The user resides on the local engine, which is the SNMP agent of the switch. Remote User: The user resides on the NMS. Before configuring a remote user, you need to set the remote Displays the security model. SNMPv3 uses v3, the most secure model. User Guide 762 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 786
Password Set the password for authentication. Privacy Mode With AuthPriv selected, configure the privacy mode and password for encryption. The switch uses the DES (Data Encryption Standard) algorithm for encryption. Privacy Password Set the password for encryption. 3) Click Create. 2.2 Using - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 787
By default, the switch generates the engine ID using TP-Link's device that receives inform messages from switch. Note: In SNMPv3, changing engine ID changes, the switch will automatically delete all Switch#configure Switch(config)#snmp-server Switch(config)#snmp-server engineID remote 123456789a Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 788
ID: 80002e5703000aeb13a23d Remote engine ID: 123456789a Switch(config)#end Switch#copy running-config startup-config 2.2.2 Creating an SNMP View Specify the OID (Object Identifier) of the view to determine objects to be managed. Step 1 configure Enter Global Configuration Mode. User Guide 765 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 789
manage all function. Name the view as View: Switch#configure Switch(config)#snmp-server view View 1 include Switch(config)#show snmp-server view No. View Name viewDefault exclude 1.3.6.1.6.3.18 5 View include 1 Switch(config)#end Switch#copy running-config startup-config 2.2.3 Creating SNMP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 790
by the community. The name contains 1 to 61 characters. The default view is viewDefault. show snmp-server community Displays community entries. end modify parameters of View: Switch#configure Switch(config)#snmp-server community nms-monitor read-write View Switch(config)#show snmp-server Guide 767 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 791
Switch(config)#snmp-server group nms1 smode v3 slev authPriv read View notify View Switch(config)#show snmp-server group No. Name Sec-Mode Sec-Lev Read-View Write-View Notify-View 1 nms1 v3 authPriv View View Switch(config)#end Switch#copy running-config startup-config User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 792
that the user resides on the local SNMP engine (the switch), while remote indicates that the user resides on the NMS higher security than MD5 mode. By default, the Authentication Mode is none. confirm as DES. The switch will use the DES algorithm to encrypt the packets. By default, the Privacy Mode - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 793
cmode SHA cpwd 1234 emode DES epwd 5678 Switch(config)#show snmp-server user No. U-Name U-Type G-Name S-Mode S-Lev A-Mode P-Mode --- ------ ------ ------ ------ ----- 1 admin remote nms1 v3 authPriv SHA DES Switch(config)#end Switch#copy running-config startup-config User Guide 770 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 794
Notification enabled, the switch can send notifications Guidelines To guarantee the communication between the switch and the NMS, ensure the switch and the NMS can reach one another an NMS host: 1) Choose the IP mode according to the network environment, and specify the IP address of the NMS host and - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 795
IP supported type is Trap. For SNMPv2c and SNMPv3, you can configure the type as Trap or Inform. Trap: The switch switch. Thus the switch cannot tell whether a message is received or not, and the messages that are not received will not be resent. Inform: The switch switch. If the switch The switch will - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 796
supported traps: 1) Select the traps to be enabled according to your needs. With a trap enabled, the switch that a port status changes from linkup to linkdown. Link Status Trap can be triggered when it is enabled By default, the trap is enabled both globally and on all ports, which means that link - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 797
reset, firmware upgrade, and configuration import. VLAN Create/Delete Triggered when certain VLANs are created or deleted successfully. IP Change Monitors the changes of interfaces' IP RemTablesChange: Indicates that the switch senses an LLDP topology change supports LLDP, such as an IP Guide 774 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 798
IP-MAC Binding IP Duplicate DHCP Filter ACL Counter 2) Click Apply. Only for products that support PoE. The trap includes the following sub-traps: Over-max-pwr-budget: Triggered when the total power required by the connected PDs exceeds the maximum power the PoE switch Mode. User Guide 775 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 799
of the NMS host and packet handling mechanism. ip: Specify the IP address of the NMS host in IPv4 or IPv6. Make sure the NMS host and the switch can reach each other. udp-port: Specify a UDP port on the NMS host to receive notifications. The default is port 162. For communication security, we - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 800
Table 3-1 Parameters for the NMS Hosts Parameter Value IP Address UDP Port User Name Security Model Security Level Switch(config)#end Switch#copy running-config startup-config 3.2.2 Enabling SNMP Traps The switch supports many types of SNMP traps, like SNMP standard traps, ACL traps, and VLAN - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 801
By default, all link-status in Interface Configuration Mode of the port. To disable them, run the corresponding no command. By default For a switch running SNMP reboot the switch. auth- switch to send linkup traps: Switch#configure Switch(config)#snmp-server traps snmp linkup Switch(config)#end Switch - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 802
} Enable the corresponding SNMP extended traps. By default, all SNMP extended traps are disabled. rate- backup, reset, firmware upgrade, and configuration import. lldp remtableschange: Indicates that the switch senses a media endpoint that supports LLDP, such as an IP Phone. An LLDP Remtableschange - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 803
traps vlan Switch(config)#end Switch#copy running-config startup-config ■■ Enabling the SNMP Security Traps Globally Step 1 configure Enter Global Configuration Mode. Step 2 snmp-server traps security { dhcp-filter | ip-mac-binding } Enable the corresponding security traps. By default, all - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 804
traps ip { change | duplicate } Enable the IP traps. By default, all IP traps are disabled. change: Monitors the changes of interfaces' IP addresses. The trap can be triggered when the IP address of any interface is changed. duplicate: Triggered when the switch detects an IP conflict. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 805
switch to enable IP-Change trap: Switch#configure Switch(config)#snmp-server traps ip change Switch(config)#end Switch#copy running-config startup-config ■■ Enabling the SNMP PoE Traps Globally Note: Only T1500-28PCT. TL-SG2210MP and TL-SG2210P support all PoE traps. By default, all PoE traps are - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 806
the configuration file. The following example shows how to configure the switch to enable link-status trap: Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#snmp-server traps link-status Switch(config-if)#end Switch#copy running-config startup-config User Guide 783 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 807
host that runs the management software to manage Agents of network devices. The Agent is usually a switch or router that collects traffic statistics (such as the total number of packets on a network segment an event at a specified value (rising threshold or falling threshold). User Guide 784 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 808
of the entry. Port Specify an Ethernet port to be monitored in the entry. You can click Choose to choose a port from the list or manually enter the port number, for example, 1/0/1 in the input box. Owner Enter the owner name of the entry with1 to 16 characters. User - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 809
or Under Creation. By default, it is Valid. The switch start to collect Ethernet statistics Index Displays the index of History entries. The switch supports up to 12 History entries. Port Specify a own timer. For the monitored port, the switch samples packet information and generates a record in - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 810
the entry with 1 to 16 characters. By default, it is monitor. Status Enable or disable the entry. By default, it is disabled. Enable: The entry is User for the entry. Index Displays the index of Event entries. The switch supports up to 12 Event entries. User Choose an SNMP user name or Guide 787 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 811
the log, and the NMS should initiate requests to get notifications. Notify: The switch sends notifications to the NMS. Log & Notify: The switch records the event in the log and sends notifications to the NMS. 3) to load the following page. Figure 5-4 Configuring the Alarm Entry User Guide 788 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 812
entry. Index Displays the index of Alarm entries. The switch supports up to 12 Alarm entries. Variable Set the alarm variable to be monitored. The switch will monitor the specified variable in sample intervals and act . The Event entry specified here should be enabled first. User Guide 789 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 813
disable the entry. Enable: The entry is enabled. Disable: The entry is disabled. 5.2 Using the CLI 5.2.1 Configuring Statistics Step 1 configure Enter Global Configuration Mode. User Guide 790 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 814
By default, it is valid. The switch Switch(config)#rmon statistics 2 interface gigabitEthernet 1/0/2 owner monitor status valid Switch(config)#show rmon statistics Index Port Owner State ----- ---- ----- ----- 1 Gi1/0/1 monitor valid 2 Gi1/0/2 monitor valid Switch(config)#end User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 815
Configurations Switch#copy the default is 1800 seconds. owner-name: Enter the owner name of the entry with 1 to 16 characters. The default name The values are from 10 to 130; the default is 50. show rmon history [ index ] History entry on the switch to monitor port 1/0/1. Set the sample interval as - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 816
the switch will take the specified action to deal with the event. By default, the type is none. None indicates the switch takes no action, log indicates the switch records the event only, notify indicates the switch sends startup-config Save the settings in the configuration file. User Guide 793 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 817
Choose an alarm variable to monitor. The switch will monitor the specified variable in sample intervals and act in the set way when the alarm is triggered. The default variable is revbyte. revbyte means total number of | 1024-1518 means total number of packets of the specified size. User Guide 794 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 818
of the specified variable. The default is absolute. In the absolute mode, the switch compares the sampling value against the preset threshold; in the delta mode, the switch obtains the difference between the as 10 seconds, and the owner of the entry as monitor: Switch#configure User Guide 795 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 819
bpkt s-type absolute risingthreshold 3000 rising-event-index 1 falling-threshold 2000 falling-event-index 2 a-type all interval 10 owner monitor Switch(config)#show rmon alarm Index-State: 1-Enabled Statistics index: 1 Alarm variable: BPkt Sample Type: Absolute RHold-REvent: 3000-1 FHold - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 820
storm traffic of ports 1/0/1 and 1/0/2 on Switch A, and send notifications to the NMS on Switch A, and regularly collect and save data for follow-up checks. Specifically, Switch A host with IP address 192.168.1.222 is connected to the core switch, Switch B. Switch A is connected to Switch B via - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 821
1/0/1 and 1/0/2. Enable SNMP and configure the corresponding parameters. Enable Trap notifications on the ports. Switch A can then send notifications to the NMS when the rate of storm traffic exceeds the preset , and set MIB Object ID as 1 (which means all functions). Click Create. User Guide 798 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 822
Level in accordance with that of the group nms-monitor. Choose SHA authentication algorithm and DES privacy algorithm, and set corresponding passwords. Click Create. User Guide 799 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 823
> Notification > Notification Config and click to load the following page. Choose the IP Mode as IPv4, and specify the IP address of the NMS host and the port of the host for transmitting notifications. Trap Config to load the following page. Enable Storm Control trap and click Apply. User Guide 800 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 824
1/0/1 and 1/0/2, respectively. Set the Interval as 100 seconds, Maximum Buckets as 50, the owner of the entries as monitor, and the status as enabled. User Guide 801 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 825
name as monitor. For entry 2, set the associated statistics entry ID as 2 (bound to port 1/0/2). Other configurations are the same as those of entry 1. User Guide 802 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 826
Control on ports Configure the Storm Control on the required ports of Switch A. For detailed configuration, refer to Configuring QoS. ■■ Configuring SNMP SHA cpwd 1234 emode DES epwd 1234 5) To configure Notification, specify the IP address of the NMS host and UDP port. Set the User, Security Model - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 827
-index 1 alarm-variable revpkt s-type absolute rising-threshold 3000 rising-event-index 1 falling-threshold 2000 falling-event-index 2 a-type all interval 10 owner monitor User Guide 804 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 828
0 General errors 0 Response PDUs 0 Trap PDUs Verify SNMP engine ID: Switch_A(config)#show snmp-server engineID Local engine ID: 80002e5703000aeb13a23d Remote engine ID: 123456789a User Guide 805 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 829
----- 1 admin remote nms-monitor v3 authPriv SHA DES Verify SNMP host configurations: Switch_A(config)#show snmp-server host No. Des-IP UDP Name SecMode SecLev Type Retry Timeout 1 172.168.1.222 162 admin v3 authPriv inform 3 100 Verify RMON statistics configurations: Switch_A - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 830
Index-State: 1-Enabled Statistics index: 1 Alarm variable: RevPkt Sample Type: Absolute RHold-REvent: 3000-1 FHold-FEvent: 2000-2 Alarm startup: All Interval: 10 Owner: monitor User Guide 807 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 831
Index-State: 2-Enabled Statistics index: 2 Alarm variable: RevPkt Sample Type: Absolute RHold-REvent: 3000-1 FHold-FEvent: 2000-2 Alarm startup: All Interval: 10 Owner: monitor Configuration Example User Guide 808 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 832
Default Global Config Settings Parameter SNMP Default Setting Disabled Local Engine ID Automatically Remote Engine ID None Table 7-2 Default 7-4 Default SNMP v3 Settings Parameter SNMP Group Group Entry Group Name Security Model Security Level Read View Write View Notify View Default Setting - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 833
Notification Config Notification Entry IP Mode IP Address UDP Port User Security Model Security Level Type Retry Timeout Trap Config Enabled SNMP Traps Default Setting No entries IPv4 None 162 None v1 noAuthNoPriv Trap None None SNMP Authentication, Coldstart, Warmstart, Link Status User Guide 810 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 834
Default Statistics Config Settings Parameter Default Setting Statistics Entry ID Port Owner IP Mode No entries None None None Valid Table 7-7 Default Settings for History Entries Parameter Default Falling Threshold Falling Event Alarm Type Default Setting RecBytes 0, means no Statistics - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 835
Parameter Interval Owner Status Default Setting 1800 seconds monitor Disabled Appendix: Default Parameters User Guide 812 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 836
Part 29 Diagnosing the Device & Network CHAPTERS 1. Diagnosing the Device 2. Diagnosing the Network 3. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 837
1 Diagnosing the Device The device diagnostics feature provides cable testing, which allows you to troubleshoot based on the connection status, cable length and fault location. 1.1 Using the GUI Choose Check the test results in the Result section. Pair Displays the Pair number. User Guide 814 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 838
, close or crosstalk, here displays the length from the port to the trouble spot. 1.2 Using the CLI On privileged EXEC mode or any other configuration When taking the careful cable test, the switch will only test the cable for the port which is in the link-down status. port: Enter the port number - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 839
. You can test connectivity to remote hosts, or to the gateways from the switch to the destination. With Network Diagnostics, you can: ■■ Troubleshoot with Ping testing. ■■ Troubleshoot with Tracert testing. 2.1 Using the GUI 2.1.1 Troubleshooting with Ping Testing You can use the Ping tool to test - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 840
packets are sent. It is recommended to keep the default value of 1000 milliseconds. 2) In the Ping Result section, check the test results. 2.1.2 Troubleshooting with Tracert Testing You can use the Tracert tool to find the path from the switch to the destination, and test connectivity between the - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 841
to send ICMP request packets. The values are from 100 to 1000 milliseconds; the default is 1000 milliseconds. The following example shows how to test the connectivity between the switch and the destination device with the IP address 192.168.0.10. Specify the ping times as 3, the data size as 1000 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 842
are supported, such as 192.168.0.100 or fe80::1234. maxHops: Specify the maximum number of the route hops the test data can pass though. The range is 1 to 30 hops; the default is 4 hops. The following example shows how to test the connectivity between the switch and the network device with the IP - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 843
3-1 Default Settings of Ping Config Parameter Default Setting Destination IP 192.168.0.1 Ping Times 4 Data Size 64 bytes Interval 1000 milliseconds Table 3-2 Default Settings of Tracert Config Parameter Default Setting Destination IP 192.168.0.100 Maximum Hops 4 hops User Guide 820 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 844
Part 30 Configuring System Logs CHAPTERS 1. Overview 2. System Logs Configurations 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 845
Configuring System Logs Overview 1 Overview The switch generates messages in response to events, faults, or errors occurred, as well as changes in configuration or other occurrences the severity level of the log messages to control the type of log messages saved in each destination. User Guide 822 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 846
levels 0 to 4 mean the functionality of the switch is affected. Please take actions according to the is unusable and you have to reboot the switch. Actions must be taken immediately. Cause analysis Software malfunctions affect the functionality of the switch. The memory utilization reaches the limit. - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 847
default. Information in the log buffer is displayed on the MAINTENANCE > Logs > Logs Table page. It will be lost when the switch lost after the switch is restarted disable the channel. By default, the log information is switch's system logs. These hosts are called Log Servers. The switch will forward - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 848
to enable the server, and then set the server IP address and severity. Server IP UDP Port Severity Status 2) Click Apply. Specify an IP address of the log server. Displays the UDP file on your computer. If the switch system breaks down, you can check the file for troubleshooting. User Guide 825 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 849
level to display the log information whose severity level value is the same or smaller. Content Displays the detailed information of the log event. User Guide 826 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 850
than this will be saved. The default level is 6, indicating that the log information of levels 0 to 6 will be saved in the log buffer. logging file flash Configure the switch to save system messages in log file running-config startup-config Save the settings in the configuration file. User Guide 827 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 851
The switch will forward the log message to the servers once a log message is generated. To display the logs, the servers should run a log server software that complies with the syslog standard. Follow these steps to set the remote log: Step 1 configure Enter global configuration mode. User Guide - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 852
Log Server. You can remotely monitor the settings and operation status of the switch through the log server. idx: Enter the index of the log server. The switch supports 4 log servers at most. host-ip: Enter the IP address of the log server. level: Specify the severity level of the log messages - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 853
as a log server to receive the switch's system logs. Make sure the switch and the PC are reachable to each other; configure a log server that complies with the syslog standard on the PC and set the PC as the log server. Demonstrated with T1500-28PCT, this chapter provides configuration procedures in - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 854
1.1.0.1 5 Switch(config)#end Switch#copy running-config startup-config Verify the Configurations Switch# show logging loghost Index Host-IP Severity Status 1 1.1.0.1 5 enable 2 0.0.0.0 6 disable 3 0.0.0.0 6 disable 4 0.0.0.0 6 disable Configuration Example User Guide 831 - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 855
listed in the following tables. Table 4-1 Default Settings of Local Logs Parameter Default Setting Status of Log Buffer Enabled Severity of of Log File 24 hours Table 4-2 Default Settings of Remote Logs Parameter Default Setting Server IP 0.0.0.0 UDP Port 514 Severity Level_6 Status - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 856
Switch Model Number: T1500G-8T (TL-SG2008) / T1500-28PCT (TL-SL2428P) / TL-SG2210MP/ TL-SG2210P Component Name Model Power Adapter T535131-2-DT (For TL-SG2210P) T120100-2B1 (For T1500G-8T) Responsible party: TP-Link USA Corporation, d/b/a TP-Link accordance with the instruction manual, may cause - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 857
energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this could void the user's authority to operate the equipment. We, TP-Link USA Corporation, has determined that the equipment shown as above has been - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 858
/35/EU, 2009/125/EC, 2011/65/EU and (EU)2015/863. The original EU declaration of conformity may be found at https://www.tp-link.com/en/ce Industry Canada Statement CAN ICES-3 (A)/NMB-3(A) This device contains licence-exempt transmitter(s)/receiver(s) that comply with Innovation, Science and Economic - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 859
鉛 鎘 Pb Cd 汞 六價鉻 Hg CrVI PBB PBDE PCB ○ ○ ○ ○ ○ ○ 外殼 ○ ○ ○ ○ ○ ○ - ○ ○ ○ ○ ○ - ○ ○ ○ ○ ○ 備考1. "超出0.1 wt 0.01 wt 2 3 Korea Warning Statements Safety Information ■■ Keep the device away from water, fire, humidity or hot - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 860
Explanation of the symbols on the product label Symbol Explanation AC voltage DC voltage Indoor use only. Polarity of output terminals Energy efficiency marking (Level VI) RECYCLING This product bears the selective sorting symbol for Waste electrical and electronic equipment (WEEE). This means - TP-Link T1500-28PCT | T1500-28PCTTL-SL2428PUN V3 User Guide - Page 861
COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-Link Technologies Co., Ltd. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications may be reproduced
User Guide
Jetstream Smart Switches
T1500G-8T (TL-SG2008)/T1500-28PCT (TL-SL2428P)
TL-SG2210MP/TL-SG2210P
1910012765
REV3.3.0
March 2020