TP-Link T1500-28TC TL-SL2428 T1500-28TCUN V1 Configuration Guide
TP-Link T1500-28TC TL-SL2428 Manual
View all TP-Link T1500-28TC TL-SL2428 manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link T1500-28TC TL-SL2428 manual content summary:
- TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 1
Configuration Guide T1500-28TC (TL-SL2428)/T1500-28PCT(TL-SL2428P) 1910012115 REV2.0.0 March 2017 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 2
. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 3
Industry Canada Statement CAN ICES-3 (A)/NMB-3(A) NCC Notice BSMI Notice - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 4
. Don't disassemble the product, or make repairs yourself. You run the risk of electric shock and voiding the limited warranty. If you ne ed service, please contact us. Avoid water and wet locations. Explanation of the symbols on the product label Symbol Explanation AC voltage. Indoor use only - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 5
CONTENTS About This Guide Intended Readers...1 Conventions...1 More Information...2 Accessing the Switch Overview ...4 Web 's IP Address and Default Gateway...18 Managing System System...20 Overview...20 Supported Features...20 System Info Configurations...22 Using the GUI...22 Viewing the System - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 6
Specifying the Device Description...29 Setting the System Time...30 Setting the Daylight Saving Time...33 Specifying the System IP...35 User Management Configurations...38 Using the GUI...38 Creating Admin Accounts...38 Creating Accounts of Other Types...39 Using the CLI...41 Creating Admin Accounts - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 7
Enabling the Telnet Function...68 Appendix: Default Parameters...69 Managing Physical Interfaces Physical Interface...73 Overview...73 Supported Features...73 Basic Parameters Configurations...74 Using the GUI...74 Using the CLI...75 Port Mirror Configuration...78 Using the GUI...78 Using the CLI... - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 8
Statistics in Detail...120 Using the CLI...122 Appendix: Default Parameters...123 Managing MAC Address Table MAC Address Table...125 Overview...125 Supported Features...125 Address Configurations...126 Using the GUI...126 Adding Static MAC Address Entries ...126 Modifying the Aging Time of Dynamic - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 9
Adding MAC Filtering Address Entries...129 Viewing Address Table Entries...129 Using the CLI...130 Adding Static MAC Address Entries ...130 Modifying the Aging Time of Dynamic Address Entries 131 Adding MAC Filtering Address Entries...132 Appendix: Default Parameters...134 Configuring 802.1Q VLAN - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 10
the GUI...193 Using the CLI...204 Appendix: Default Parameters...211 Configuring Layer 2 Multicast Layer 2 Multicast...216 Overview...216 Supported Layer 2 Multicast Protocols...217 IGMP Snooping Configurations...218 Using the GUI...218 Configuring IGMP Snooping Globally...218 Enabling IGMP Snooping - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 11
(Optional) Configuring Report Message Suppression 219 Configuring Router Port Time and Member Port Time 219 Configuring IGMP Snooping Last Listener Query 219 Verifying IGMP Snooping Status...220 Configuring the Port's Basic IGMP Snooping Features 221 Enabling IGMP Snooping on the Port...221 ( - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 12
Configuring Unknown Multicast...235 Configuring IGMP Snooping Parameters on the Port 236 Configuring Router Port Time and Member Port Time 236 Configuring Fast Leave...237 Configuring Max Group and Overflow Action on the Port 238 Configuring IGMP Snooping Last Listener Query 239 Configuring IGMP - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 13
...273 Using the CLI...280 Appendix: Default Parameters ...283 Default Parameters for IGMP Snooping...283 Configuring QoS QoS...285 Overview...285 Supported Features...285 DiffServ Configuration...286 Using the GUI...287 Configuring Priority Mode...287 Configuring Schedule Mode...289 Using CLI...290 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 14
the CLI...337 Appendix: Default Parameters...341 Configuring PoE PoE ...343 Overview...343 Supported Features...343 PoE Power Management Configurations...344 Using the GUI...344 Configuring the PoE Parameters Manually...344 Configuring the PoE Parameters Using the Profile 346 Using the CLI...348 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 15
Configuring Scheme...359 Using the GUI...359 Using the CLI...361 Appendix: Default Parameters...363 Configuring ACL ACL ...365 Overview...365 Supported Features...365 ACL Configurations...366 Using the GUI...366 Creating an ACL...366 Configuring ACL Rules...367 Configuring Policy...370 Configuring - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 16
Network Security...393 Overview...393 Supported Features...393 IP-MAC Binding Configurations...397 Using the GUI...397 Binding Entries Manually...397 Binding Entries Dynamically...398 Viewing the Binding Entries...400 Using the CLI...401 Binding Entries Manually...401 Viewing Binding Entries...403 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 17
Configuring 802.1X on Ports...429 Using the CLI...430 Configuring the RADIUS Server...430 Configuring 802.1X Globally...432 Configuring 802.1X on Ports...434 AAA Configuration...437 Using the GUI...438 Globally Enabling AAA...438 Adding Servers...438 Configuring Server Groups...440 Configuring the - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 18
Configuring SNMP & RMON SNMP Overview...483 SNMP Configurations...484 Using the GUI...485 Enabling SNMP...485 Creating an SNMP View...485 Creating an SNMP Group...486 Creating SNMP Users ...488 Creating SNMP Communities...489 Using the CLI...490 Enabling SNMP...490 Creating an SNMP View...492 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 19
Using the CLI...523 Appendix: Default Parameters...529 Configuring LLDP LLDP...534 Overview...534 Supported Features...534 LLDP Configurations...535 Using the GUI...535 Global Config...535 Port Config...537 Using the CLI...538 Global Config...538 Port Config...540 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 20
565 Network Topology...565 Using the GUI...566 Using the CLI...570 Appendix: Default Parameters...577 Configuring Maintenance Maintenance ...579 Overview...579 Supported Features...579 Monitoring the System...580 Using the GUI...580 Monitoring the CPU...580 Monitoring the Memory...581 Using the CLI - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 21
Configuration Example for Remote Log...596 Network Requirements...596 Configuration Scheme...596 Using the GUI ...596 Using the CLI ...597 Appendix: Default Parameters...598 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 22
of the switch may vary slightly depending on the model and software version you have. All screenshots, images, parameters and descriptions documented in this guide are used for demonstration only. The information in this document is subject to change without notice. Every effort has been made in the - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 23
More Information The latest software and documentations can be found at Download Center at http:// www.tp-link.com/support. The Installation Guide (IG) can be found where you find this guide or inside the package of the switch. Specifications can be found on the product page at http://www.tp - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 24
Part 1 Accessing the Switch CHAPTERS 1. Overview 2. Web Interface Access 3. Command Line Interface Access - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 25
, while web configuration is easier and more visual than the CLI configuration. You can choose the method according to their available applications and preference. Configuration Guide 4 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 26
1) Make sure that the route between the host PC and the switch is available. 2) Launch a web browser. The supported web browsers include, but are not limited to, the following types: IE 8.0, 9.0, 10.0, 11.0 Firefox 26 status and configure the switch on this interface. Configuration Guide 5 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 27
reboots, please user the Save Config function on the main interface to save the configurations in the start-up configuration file. Figure 2-4 Save Config Configuration Guide 6 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 28
IP address and default gateway of the switch according to your needs. Go to System > System Info > System IP to load the following page. Configuration Guide 7 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 29
the management host and the switch's new IP address id available. Subnet Mask Enter a new subnet mask. Default Gateway Enter your desired default gateway. Configuration Guide 8 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 30
requires the host PC connecting to the switch's console port directly, while Telnet and SSH connection support both local and remote access. The following table shows the typical applications used in the CLI access logged in to the switch and you can use the CLI now. Configuration Guide 9 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 31
to Start > All Programs > Accessories > Communications > Hyper Terminal to open the Hyper Terminal and configure the above settings to log in to the switch. Configuration Guide 10 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 32
Accessing the Switch Command Line Interface Access 3.2 Telnet Login The switch supports Login Local Mode for authentication by default. Login Local Mode: Username and password are required, Later you can set a password for users who want to access the Privileged EXEC Mode. Configuration Guide 11 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 33
you can manage your switch with CLI commands through Telnet connection. 3.3 SSH Login SSH login supports the following two modes: Password Authentication Mode and Key Authentication Mode. You can choose one the Port field; select SSH as the Connection type. Click Open. Configuration Guide 12 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 34
a public/private key pair. In the following figure, an SSH-2 RSA key pair is generated, and the length of each key is 1024 bits. Configuration Guide 13 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 35
public key to a TFTP server; click Save private key to save the private key to the host PC. Figure 3-11 Save the Generated Keys Configuration Guide 14 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 36
Type 5) Go to Connection > SSH > Auth. Click Browse to download the private key file to PuTTY. Click Open to start the connection and negotiation. Configuration Guide 15 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 37
CLI interface. Using the GUI: Go to System > Access Security > Telnet Config, disable the Telnet function and click Apply. Figure 3-16 Disable Telnet login Configuration Guide 16 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 38
copy running-config startup-config to save the configurations in the start-up configuration file. Switch(config)#end Switch#copy running-config startup-config Configuration Guide 17 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 39
no default gateway. Switch#configure Switch(config)#ip route 0.0.0.0 255.255.255.0 192.168.0.100 1 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 18 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 40
Part 2 Managing System CHAPTERS 1. System 2. System Info Configurations 3. User Management Configurations 4. System Tools Configurations 5. Access Security Configurations 6. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 41
It provides controls over the type of the access users and the access security. 1.2 Supported Features System Info The System Info is mainly used for the basic properties configuration. You protocol working in transport layer. It supports a security access via a web browser. Configuration Guide 20 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 42
Managing System System SSH Config function is based on the SSH protocol, a security protocol established on application and transport layers. The function with SSH is similar to a telnet connection, but SSH can provide information security and powerful authentication. Configuration Guide 21 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 43
the System Summary Choose the menu System > System Info > System Summary to load the following page. Figure 2-1 Viewing the System Summary Port Status Indication Configuration Guide 22 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 44
maximum transmission rate of the port. Status Displays the connection status of the port. Click a port to view the bandwidth utilization on this port. Configuration Guide 23 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 45
. Device Name Enter the name of the switch. Device Location Enter the location of the switch. System Contact 2) Click Apply. Enter the contact information. Configuration Guide 24 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 46
. In the Time Config section, follow these steps to configure the system time: 1) Choose one method to set the system time and specify the information. Manual Set the system time manually. Date: Specify the date of the system. Time: Specify the time of the system. Configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 47
Enable to enable the Daylight Saving Time function. 2) Choose one method to set the Daylight Saving Time of the switch and specify the information. Configuration Guide 26 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 48
least one port's PVID is set as the management VLAN ID. Choose the menu System > System Info > System IP to load the following page. Configuration Guide 27 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 49
address for the switch. Static IP: Select to specify the IP address, subnet mask and default gateway manually. DHCP: Select to let the switch obtain network parameters from the DHCP server. BOOTP: Select to let Version, Firmware Version, System Time, Run Time and so on. Configuration Guide 28 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 50
: Enter the system name. The length of the name ranges from 1 to 32 characters. By default, it is the model name of the switch. Configuration Guide 29 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 51
(config)#end Switch#copy running-config startup-config 2.2.3 Setting the System Time Follow these steps and choose one method to set the system time: Configuration Guide 30 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 52
configuration mode. Use the following command to set the system time manually: system-time manual time Configure the system time manually. time: Specify the date and time manually in the format of MM/DD/YYYY-HH:MM:SS. The time-zone, which ranges from UTC-12:00 to UTC+13:00. Configuration Guide 31 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 53
server. backup-ntp-server: Specify the IP address of the backup NTP server. fetching-rate: Specify the interval fetching time from the NTP server. Configuration Guide 32 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 54
2.2.4 Setting the Daylight Saving Time Follow these steps and choose one method to set the Daylight Saving Time: Step 1 configure Enter global configuration mode. Configuration Guide 33 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 55
in date mode: system-time dst date { smonth } { sday } { stime } { syear } { emonth } { eday } { etime } { eyear } [ offset ] Specify the Daylight Saving Time in Date mode. Configuration Guide 34 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 56
VLAN will be set as the management VLAN is configured correctly and at least one port's PVID is set as the management VLAN ID. Configuration Guide 35 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 57
Step 4 Use the following command to specify the network parameters manually. ip address { ip-addr } { ip-mask } [ gateway ] Specify the system lP of the switch manually. ip-addr: Enter the system IP for the switch. By Line protocol on Interface Vlan2, changed state to up. Configuration Guide 36 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 58
Managing System Switch(config)#interface vlan 2 Switch(config-if)#ip address 192.168.0.12 255.255.255.0 System Info Configurations Configuration Guide 37 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 59
and password. User Name Create a user name for users' login. It contains 16 characters at most, composed of digits, English letters and underscore only. Configuration Guide 38 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 60
of other types: 1) In the User Info section, select the access level from the drop-down list and specify the user name and password. Configuration Guide 39 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 61
to AAA Configuration in Configuring Network Security. The logged-in users can enter the Enable Password on this page to get the administrative privileges. Configuration Guide 40 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 62
to the configuration file MD5 encrypted. encrypted-password: Enter a MD5 encrypted password with fixed length, which you can copy from another switch's configuration file. Configuration Guide 41 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 63
to change the users' access level to Admin. Follow these steps to create an account of other type: Step 1 configure Enter global configuration mode. Configuration Guide 42 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 64
. After the encrypted password is configured, you should use the corresponding unencrypted password to reenter this mode. aaa enable Globally enable the AAA function. Configuration Guide 43 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 65
to AAA Configuration in Configuring Network Security . The logged-in users can enter the Enable Password on this page to get the administrative privileges. Configuration Guide 44 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 66
Switch(config)#show user account-list Index User-Name User-Type --------- 1 user1 Operator 2 admin Admin Switch(config)#end Switch#copy running-config startup-config Configuration Guide 45 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 67
: 1) In the Boot Table section, select one or more units and configure the relevant parameters. Select Select one or more units to be configured. Configuration Guide 46 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 68
restore the configuration. Please wait without any operation. • After the configuration is restored successfully, the device will reboot to make the configuration change effective. Configuration Guide 47 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 69
effect the backup image. Firmware Version Displays the current firmware version of the system. Hardware Version Displays the current hardware version of the system. Configuration Guide 48 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 70
to reset. By default, it is ALL Unit. Note: After the system is reset, configurations of the switch will be reset to the default. Configuration Guide 49 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 71
(config)#end Switch#copy running-config startup-config 4.2.2 Restoring the Configuration of the Switch Follow these steps to restore the configuration of the switch: Configuration Guide 50 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 72
TFTP server. ip-addr: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are supported. name: Specify the name of the configuration file to be saved. The following example shows how to backup to backup user config file...... Backup user config file OK. Configuration Guide 51 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 73
backup image. ip-addr: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are supported. name: Specify the name of the desired firmware file. Enter Y to continue then enter Y to reboot Step 1 Step 2 enable Enter privileged mode. reset Reset the switch. Configuration Guide 52 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 74
Managing System System Tools Configurations Note: After the system is reset, configurations of the switch will be reset to the default. Configuration Guide 53 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 75
are allowed to access the switch. Port-based: Only the users connecting to the ports you set here are allowed to access the switch. Configuration Guide 54 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 76
display. Port Select one or more ports to configure. Only the users connected to these ports are allowed to access the switch. 2) Click Apply. Configuration Guide 55 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 77
number of users whose access levels are Power User. User Number 4) Click Apply. Specify the maximum number of users whose access levels are User. Configuration Guide 56 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 78
. Table 5-1 Configuring the HTTPS Function 1) In the Global Config section, select Enable to enable HTTPS function and select the protocol the switch supports. Click Apply. HTTPS Select Enable to enable the HTTPS function. HTTPS function is based on the SSL or TLS protocol. It provides a secure - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 79
connection. TLS Version 1 Select Enable to make the switch support TLS Version 1 protocol. TLS is a transport protocol upgraded from SSL. It supports a different encryption algorithm from SSL, so TLS and SSL match each other, otherwise the HTTPS connection will not work. Configuration Guide 58 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 80
Enable to enable SSH version 2. Idle Timeout Specify the idle timeout time. The system will automatically release the connection when the time is up. Configuration Guide 59 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 81
the Encryption Algorithm section, select the encryption algorithm you want the switch to support and click Apply. 3) In Data Integrity Algorithm section, select the integrity algorithm you want configure the access control: Step 1 configure Enter global configuration mode. Configuration Guide 60 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 82
access control as IP-based. Set the IP address as 192.168.0.100,set the subnet mask as 255.255.255.0 and make the switch support snmp, telnet, http and https. Switch#configure Switch(config)#user access-control ip-based 192.168.0.100 255.255.255.0 snmp telnet http https Switch - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 83
number and the idle-timeout, etc. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 62 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 84
[ ssl3 ] [ tls1 ] } Configure to make the switch support the corresponding protocol. By default, the switch supports SSLv3 and TLSv1. ssl3: Enable the SSL version 3 protocol. s transport protocol upgraded from SSL. It supports different encryption algorithm from SSL, so TLS and SSL are not compatible - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 85
addr: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are supported. ip http secure-server download key ssl-key ip-address ip-addr Download the desired IPv4 and IPv6 addresses are supported. show ip http secure-server Verify the global configuration of HTTPS. Configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 86
Session Timeout: 15 HTTPS User Limitation: Enabled HTTPS Max Admin Users: 1 HTTPS Max Guest Users: 2 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 65 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 87
to make the switch support the corresponding protocol. By default, the switch supports SSHv1 and SSHv3. v1 the switch supports. HMAC-SHA1 | HMAC-MD5: Specify the data integrity algorithm you want the switch supports. ip ssh supported. show ip ssh Verify the global configuration of SSH. Configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 88
Server: Enabled Protocol V1: Enabled Protocol V2: Enabled Idle Timeout: 100 MAX Clients: 4 Encryption Algorithm: AES128-CBC: Enabled AES192-CBC: Disabled AES256-CBC: Disabled Configuration Guide 67 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 89
, it is enabled. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. Access Security Configurations Configuration Guide 68 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 90
Table 6-2 Default Settings of System Time Configuration Parameter Time Source System Time Default Setting Manual 2006-01-01 08:01:56 Sunday Table 6-3 Default Settings of Daylight Saving Time Image Backup Image Default Setting image1.bin image1.bin image2.bin Configuration Guide 69 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 91
-CBC AES192-CBC AES256-CBC Blowfish-CBC Cast128-CBC 3DES-CBC Default Setting Disabled Enabled Enabled 120 seconds 5 Enabled Enabled Enabled Enabled Enabled Enabled Configuration Guide 70 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 92
Managing System Parameter HMAC-SHA1 HMAC-MD5 Key Type: Default Setting Enabled Enabled SSH-2 RSA/DSA Table 6-10 Default Settings of Telnet Configuration Parameter Control Mode Default Setting Enabled Appendix: Default Parameters Configuration Guide 71 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 93
Part 3 Managing Physical Interfaces CHAPTERS 1. Physical Interface 2. Basic Parameters Configurations 3. Port Mirror Configuration 4. Port Security Configuration 5. Port Isolation Configurations 6. Loopback Detection Configuration 7. Configuration Examples - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 94
the switch. Logical interfaces are manually configured and do not physically exist, such interfaces. 1.2 Supported Features The switch supports the following features the copied packets to monitor network traffic and troubleshoot network problems. Port Security You can use this feature to Guide 73 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 95
identification. Status With this option enabled, the port forwards packets normally. Otherwise, the port discards all the received packets. By default, it is enabled. Configuration Guide 74 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 96
device. The default setting is Auto. This value is recommended if both ends of the line support auto-negotiation. Select the appropriate duplex mode for the port. There are three options: Half, Full range port-channel port-channelid-list } Enter interface configuration mode. Configuration Guide 75 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 97
this feature is disabled. jumbo-size size Change the MTU (Maximum Transmission Unit) size on the port to support jumbo frames. The default MTU size for frames received and sent on all ports is 1518 bytes. For port, and enabling the flow-control feature. Switch#configure Configuration Guide 76 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 98
#configure Switch(config)#jumbo-size 9216 Switch(config)#show jumbo-size Global jumbo size : 9216 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 77 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 99
The above page displays a mirror session, and no more session can be created. Click Edit to configure this mirror session on the following page. Configuration Guide 78 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 100
. Egress With this option enabled, the packets sent by the monitored port will be copied to the monitoring port. By default, it is disabled. Configuration Guide 79 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 101
#configure Switch(config)#monitor session 1 destination interface fastEthernet 1/0/10 Switch(config)#monitor session 1 source interface fastEthernet 1/0/1-3 both Switch(config)#show monitor session Monitor Session: 1 Configuration Guide 80 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 102
Managing Physical Interfaces Destination Port: Fa1/0/10 Source Ports(Ingress): Fa1/0/1-3 Source Ports(Egress): Fa1/0/1-3 Switch(config)#end Switch#copy running-config startup-config Port Mirror Configuration Configuration Guide 81 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 103
port will stop learning. The default value is 64. Learned Num Displays the number of MAC addresses that have been learned on the port. Configuration Guide 82 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 104
MAC addresses are out of the influence of the aging time and can only be deleted manually. The learned entries will be cleared after the switch is rebooted. Permanent: The learned MAC port | range gigabitEthernet port-list } Enter interface configuration mode. Configuration Guide 83 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 105
The learned MAC address is out of the influence of the aging time and can only be deleted manually. The learned entries will be saved even the switch is rebooted. status: Status of port security permanent drop Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 84 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 106
following page. Figure 5-1 Port Isolation List The above page displays the port isolation list. Click Edit to configure Port Isolation on the following page. Configuration Guide 85 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 107
-forward-list: The list of LAGs. Step 4 show port isolation interface { fastEthernet port | gigabitEthernet port } Verify the Port Isolation configuration of the specified port. Configuration Guide 86 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 108
(config-if)#show port isolation interface fastEthernet 1/0/5 Port LAG Forward-List ---- Fa1/0/5 N/A Fa1/0/1-3,Po4 Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 87 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 109
Detection Follow these steps to configure loopback detection: 1) In the Global Config section, enable loopback detection and configure the global parameters. Then click Apply. Configuration Guide 88 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 110
to normal status after the automatic recovery time. It is the default setting. Manual: You need to manually release the blocked port. Click the Recover button to release the selected port. to configure Loopback Detection: Step 1 configure Enter global configuration mode. Configuration Guide 89 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 111
is disabled. loopback-detection config [ process-mode { alert | port-based } ] [ recovery-mode { auto | manual } ] Set the process mode when a loopback is detected on the port. There are two modes: alert: The enable loopback detection globally (keeping the default parameters): Configuration Guide 90 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 112
fastEthernet 1/0/3 Port Enable Process Mode Recovery Mode Loopback Block LAG ---- -------- ----- ---- Fa1/0/3 enable alert auto N/A N/A N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 91 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 113
hosts and a network analyzer are directly connected to the switch. For network security and troubleshooting, the network manager needs to use the network analyzer to monitor the data packets from to load the following page. It displays the information of the mirror session. Configuration Guide 92 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 114
Ingress and Egress to allow the received and sent packets to be copied to the monitoring port. Then click Apply. Figure 7-4 Source Port Configuration Configuration Guide 93 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 115
the MAC address or IP address of Host A is changed. Figure 7-5 Network Topology Switch Fa1/0/1 Fa1/0/2 Fa1/0/4 Fa1/0/3 Host A Host B Host C VLAN 10 Server Configuration Guide 94 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 116
on the above page to load the following page. Select port 1/0/1 as the isolated port, and select port 1/0/4 as the forwarding port. Click Apply. Configuration Guide 95 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 117
Verify the Configuration Switch#show port isolation interface Port LAG Forward-List ---- Fa1/0/1 N/A Fa1/0/4 Fa1/0/2 N/A Fa1/0/1-52,Po1-14 Fa1/0/3 N/A Fa1/0/1-52,Po1-14 ...... Configuration Guide 96 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 118
loopback detection on ports 1/0/1-3 and configure SNMP to receive the notifications. For detailed instructions about SNMP, refer to Configuring SNMP & RMON. Here we introduce how to configure detection and web refresh globally. Keep the default parameters and click Apply. Configuration Guide 97 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 119
the detection interval and recovery time. Switch#configure Switch(config)#loopback-detection Switch(config)#loopback-detection interval 30 Switch(config)#loopback-detection recovery-time 3 Configuration Guide 98 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 120
Port Enable Process Mode Recovery Mode Loopback Block LAG ---- Fa1/0/1 enable port-based auto N/A N/A N/A Fa1/0/2 enable port-based auto N/A N/A N/A Fa1/0/3 enable port-based ... auto N/A N/A N/A Configuration Guide 99 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 121
0 Learned Mode Dynamic Status Disable Loopback Detection Loopback Detection Status Disable Detection Interval 30 seconds Automatic Recovery Time 3 detection times Web Refresh Status Disable Configuration Guide 100 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 122
Managing Physical Interfaces Parameter Web Refresh Interval Port Status Operation mode Recovery mode Default Setting 6 seconds Disable Alert Auto Appendix: Default Parameters Configuration Guide 101 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 123
Part 4 Configuring LAG CHAPTERS 1. LAG 2. LAG Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 124
and configure the backup ports to enhance the connection reliability. 1.2 Supported Features You can configure LAG in two ways: static LAG and LACP (Link Aggregation Control Protocol). Static LAG The member ports are manually added to the LAG. LACP The switch uses LACP to implement dynamic link - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 125
evenly. If an active link fails, the other active links share the traffic evenly. One LACP LAG supports more than eight member ports, but at most eight of them can be active. Using LACP protocol, the switches member port of an LAG cannot be enabled with these functions. Configuration Guide 104 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 126
"SRC IP" to allow Switch A to determine the forwarding port based on the source MAC addresses or source IP addresses of the received packets. Configuration Guide 105 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 127
Port section, select the member ports for the LAG. It is multi-optional. 3) Click Apply. Note: Clearing all member ports will delete the LAG. Configuration Guide 106 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 128
other static LAGs cannot be set as an Admin Key. The valid value of the Admin Key is determined by the maximum number of LAG supported by your switch. For example, if your switch supports up to 6 LAGs, the valid values are from 1 to 6. Configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 129
the destination IP addresses of the packets. src-dst-ip: The computation is based on the source and destination IP addresses of the packets. Configuration Guide 108 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 130
-list } Enter interface configuration mode. Step 3 channel-group num mode on Add the port to a static LAG. num: The group number of the LAG. Configuration Guide 109 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 131
(config-if-range)#end Switch#copy running-config startup-config Configuring LACP Follow these steps to configure LACP: Step 1 configure Enter global configuration mode. Configuration Guide 110 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 132
LACP configuration of the local switch. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 111 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 133
/0/3 SA Down 32768 0x6 0 0x3 0x45 Fa1/0/4 SA Down 32768 0x6 0 0x4 0x45 Switch(config-if-range)#end Switch#copy running-config startup-config Configuration Guide 112 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 134
enabled to transmit data. Demonstrated with T1500-28PCT, the following sections provide configuration procedure in two ways: using the GUI and using the CLI. Configuration Guide 113 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 135
LACP Config section, select ports 1/0/1-9, and respectively set the admin key, port priority, mode and status for each port. Click Apply. Figure 3-4 LACP Configuration Configuration Guide 114 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 136
-config Verify the Configuration Verify the system priority: Switch#show lacp sys-id 0, 000a.eb13.2397 Verify the LACP configuration: Switch#show lacp internal Configuration Guide 115 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 137
Fa1/0/6 SA Down 0 0x1 0 0x6 0x45 Fa1/0/7 SA Down 0 0x1 0 0x7 0x45 Fa1/0/8 SA Down 0 0x1 0 0x8 0x45 Fa1/0/9 SA Down 1 0x1 0 0x9 0x45 Configuration Guide 116 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 138
LAG Table Hash Algorithm LACP Config System Priority Admin Key Port Priority Mode Status Default Setting SRC MAC+DST MAC 32768 0 32768 Passive Disable Configuration Guide 117 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 139
Part 5 Monitoring Traffic CHAPTERS 1. Traffic Monitor 2. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 140
. 2) In the Traffic Summary section, click 1 to show the information of the physical ports, and click LAGS to show the information of the LAGs. Configuration Guide 119 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 141
Auto Refresh section, or click Refresh at the bottom of the page. Auto Refresh: With this option enabled, the switch refreshes the web timely. Configuration Guide 120 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 142
transmitted on the port. Error frames are not counted in. Collisions: Displays the number of collisions experienced by a half-duplex port during packet transmissions. Configuration Guide 121 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 143
of the received packets (including error packets) that are over 1023 bytes. Collisions: Displays the number of collisions experienced by a port during packet transmissions. Configuration Guide 122 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 144
Monitoring Traffic Appendix: Default Parameters 2 Appendix: Default Parameters Table 2-1 Traffic Statistics Monitoring Parameter Traffic Summary Auto Refresh Refresh Rate Traffic Statistics Auto Refresh Refresh Rate Default Setting Disable 10 seconds Disable 10 seconds Configuration Guide 123 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 145
Part 6 Managing MAC Address Table CHAPTERS 1. MAC Address Table 2. Address Configurations 33. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 146
02 1 ...... 1 Dynamic 2 Config static Aging no-Aging 1.2 Supported Features The address table of the switch contains dynamic addresses, static manually added to configure the switch to automatically drop the packets with specific source or destination MAC addresses. Configuration Guide - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 147
the GUI 2.1.1 Adding Static MAC Address Entries You can add static MAC address entries by manually specifying the desired MAC address or binding dynamic MAC address entries. Adding MAC Addresses Manually Choose the menu Switching > MAC Address > Static Address to load the following page. Figure - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 148
as a filter- ing address, and vice versa. • Multicast or broadcast addresses cannot be set as static addresses. • Ports in LAGs (Link Aggregation Group) are not supported for static address configuration. Configuration Guide 127 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 149
aging time is applicable to stable networks. We recommend that you keep the default value if you are unsure about settings in your case. Configuration Guide 128 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 150
set as filtering addresses . 2.1.4 Viewing Address Table Entries You can view entries in MAC address table to check your former operations and address information. Configuration Guide 129 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 151
address are received. port: Specify a port to which packets with the specific MAC address are forwarded. The port must belong to the specified VLAN. Configuration Guide 130 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 152
broadcast addresses cannot be set as static addresses. • Ports in LAGs (Link Aggregation Group) are not supported for static address configuration. The following example shows how to add a static MAC address entry with MAC Step 1 configure Enter global configuration mode. Configuration Guide 131 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 153
MAC address are dropped. Step 3 end Return to privileged EXEC mode. Step 4 copy running-config startup-config Save the settings in the configuration file. Configuration Guide 132 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 154
:1e:4b:04:01:5d 10 filter no-aging Total MAC Addresses for this criterion: 1 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 133 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 155
Entries Auto-learning Filtering Address Entries None Table 3-2 Default Settings of Dynamic Address Table Parameter Default Setting Auto Aging Enable Aging Time 300 seconds Configuration Guide 134 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 156
Part 7 Configuring 802.1Q VLAN CHAPTERS 1. Overview 2. 802.1Q VLAN Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 157
need not be located in the same place. It eases the management of devices in the same work group but located in different places. Configuration Guide 136 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 158
menu VLAN > 802.1Q VLAN > Port Config to load the following page. Figure 2-1 Configuring the Port Select a port and configure its PVID. Click Apply. Configuration Guide 137 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 159
to add to the created VLAN based on the network topology. Untagged port The selected ports will forward untagged packets in the target VLAN. Configuration Guide 138 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 160
to create VLAN 2 and name it as RD : Switch#configure Switch(config)#vlan 2 Switch(config-vlan)#name RD Switch(config-vlan)#show vlan id 2 Configuration Guide 139 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 161
-if)#show interface switchport fastEthernet 1/0/5 Port Fa1/0/5: PVID: 2 Member in LAG: N/A Link Type: General Member in VLAN: Vlan Name 1 System-VLAN Egress-rule Untagged Configuration Guide 140 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 162
)#switchport general allowed vlan 2 tagged Switch(config-if)#show interface switchport fastEthernet 1/0/5 Port Fa1/0/5: PVID: 2 Member in LAG: N/A Link Type: General Member in VLAN: Configuration Guide 141 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 163
Configuring 802.1Q VLAN Vlan Name Egress-rule ------- 1 System-VLAN Untagged 2 rd Tagged Switch(config-if)#end Switch#copy running-config startup-config 802.1Q VLAN Configuration Configuration Guide 142 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 164
department but not with computers in the other department. Terminal devices like computers usually do not support VLAN tags. Configure the switch ports connected to the computers as Untagged. Then add the ports to link as Tagged, and add the ports to both VLANs. Configuration Guide 143 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 165
VLAN 10 with the description of Department-A. Add port 1/0/2 as an untagged port and port 1/0/4 as a tagged port to VLAN 10. Then click Apply. Configuration Guide 144 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 166
and port 1/0/4 as a tagged port to VLAN 20. Then click Apply. Figure 3-3 Create VLAN 20 for Department B 3) Click Save Config to save the settings. Configuration Guide 145 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 167
)#end Switch_1#copy running-config startup-config Verify the Configurations Switch_1#show vlan VLAN Name Status Ports 1 Default VLAN active Fa1/0/1, Fa1/0/2, Fa1/0/3, Fa1/0/4, Configuration Guide 146 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 168
Configuring 802.1Q VLAN Configuration Example Fa1/0/5, Fa1/0/6, Fa1/0/7, Fa1/0/8, ... 10 Department-A active Fa1/0/2, Fa1/0/4 20 Department-B active Fa1/0/3, Fa1/0/4 Configuration Guide 147 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 169
Configuring 802.1Q VLAN Appendix: Default Parameters 4 Appendix: Default Parameters Default settings of 802.1Q VLAN are listed in the following table. Table 4-1 Default Settings of 802.1Q VLAN Parameter Default Setting VLAN ID 1 PVID 1 Egress rule Untagged Configuration Guide 148 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 170
Part 8 Configuring Spanning Tree CHAPTERS 1. Spanning Tree 2. STP/RSTP Configurations 3. MSTP Configurations 4. STP Security Configurations 5. Configuration Example for MSTP 6. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 171
load balancing among VLANs. 1.2 Basic Concepts 1.2.1 STP/RSTP Concepts Based on the networking topology, this section will introduce some basic concepts in STP/ RSTP. Configuration Guide 150 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 172
ID is composed of a 2-byte priority and a 6-byte MAC address. The priority is allowed to be configured manually on the switch, and the switch with the lowest priority value will be elected as the root bridge. If BPDUs from another switch, it will become an alternate port. Configuration Guide 151 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 173
RSTP/MSTP, the port status includes: Discarding, Learning and Forwarding. The Discarding status is the grouping of STP's Blocking, Listening and Disabled, and the Configuration Guide 152 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 174
the port. The smaller the value, the higher link speed the port has. The path cost can be manually configured on each port. If not, the path cost values are automatically calculated according to the link speed root path cost increases as the BPDU propagates further. Configuration Guide 153 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 175
are independent of each other. As is shown in Figure 1-4, there are three instances in a region, and each instance has its own root bridge. Configuration Guide 154 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 176
used to prevent loops caused by link congestions or link failures. It is recommended to enable this function on root ports and alternate ports. Configuration Guide 155 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 177
the switch from being attacked by BPDUs. »» TC Protect TC Protect function is used to prevent the switch from frequently removing MAC address entries. Configuration Guide 156 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 178
entries, which may decrease the performance and stability of the network. With TC protect function enabled, the port will drop the received TC-BPDUs. Configuration Guide 157 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 179
configure STP/RSTP parameters on ports: 1) In the Port Config section, configure STP/RSTP parameters on ports. UNIT Select the desired unit or LAGs. Configuration Guide 158 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 180
port, they can transit their states to forwarding directly. Three options are supported: Auto, Open(Force) and Close(Force). By default, it is Auto Open(Force): The port is manually identified as connected to a P2P link. Close(Force): The port is manually identified as not connected to Guide 159 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 181
to. 2.1.2 Configuring STP/RSTP Globally Choose the menu Spanning Tree > STP Config > STP Config to load the following page. Figure 2-2 Configuring STP/RSTP Globally Configuration Guide 160 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 182
tree function, choose the STP mode as STP/RSTP, and click Apply. Spanning-Tree Enable or disable spanning tree function globally on the switch. Configuration Guide 161 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 183
STP/RSTP Configurations The STP Summary section shows the summary information of spanning tree : Spanning Tree Displays the status of the spanning tree function. Configuration Guide 162 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 184
-list] [port-channel port-channel | range port-channel port-channel-list} Enter interface configuration mode. spanning-tree Enable spanning tree function for desired ports. Configuration Guide 163 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 185
fastEthernet 1/0/3 Switch(config-if)#spanning-tree Switch(config-if)#spanning-tree common-config port-priority 32 Switch(config-if)#show spanning-tree interface fastEthernet 1/0/3 Configuration Guide 164 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 186
STP/RSTP parameters of the switch. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 165 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 187
-tree Enable spanning tree function globally. show spanning-tree active (Optional) View the active information of STP/RSTP. end Return to privileged EXEC mode. Configuration Guide 166 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 188
) Rstp Desg Fwd Fa1/0/20 Enable 128 200000 200000 No Yes(auto) Rstp Desg Fwd Switch(config)#end Switch#copy running-config startup-config Configuration Guide 167 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 189
to configure parameters on ports in CIST: 1) In the Port Config section, configure the parameters on ports. UNIT Select the desired unit or LAGs. Configuration Guide 168 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 190
port, they can transit their states to forwarding directly. Three options are supported: Auto, Open(Force) and Close(Force). By default, it is Auto Open(Force): The port is manually identified as connected to a P2P link. Close(Force): The port is manually identified as not connected to Guide 169 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 191
the Region Name and Revision Level Choose the menu Spanning Tree > MSTP Instance > Region Config to load the following page. Figure 3-2 Configuring the Region Configuration Guide 170 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 192
be deleted from the corresponding instance. 2) In the Instance Config section, configure the priority of the switch in the desired instance, and click Apply. Configuration Guide 171 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 193
the instance. Click the Clear All to clear up all VLANs from the instance. The cleared VLAN will be automatically mapped to the CIST. Configuration Guide 172 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 194
desired instance. 2) In the Instance Port Config section, configure port parameters in the desired instance. UNIT Select the desired unit or LAGs for configuration. Configuration Guide 173 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 195
packets. Disconnected: The port is enabled with spanning tree function but not connected to any device. Displays the LAG which the port belongs to. Configuration Guide 174 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 196
hops that occur in a specific region before the BPDU is discarded. The valid values are from 1 to 40, and the default value is 20. Configuration Guide 175 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 197
. STP: Specify the spanning tree mode as STP. RSTP: Specify the spanning tree mode as RSTP. MSTP: Specify the spanning tree mode as MSTP. Configuration Guide 176 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 198
path cost from the switch to the root bridge in CIST. Regional Root Bridge Displays the bridge ID of the root bridge in IST. Configuration Guide 177 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 199
] [port-channel port-channel | range port-channel port-channel-list } Enter interface configuration mode. spanning-tree Enable spanning tree function for the desired port. Configuration Guide 178 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 200
in the configuration file. This example shows how to enable spanning tree function for port 1/0/3 and configure the port priority as 32 : Switch#configure Configuration Guide 179 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 201
the desired instance. Step 3 spanning-tree mst configuration Enter MST configuration mode, as to configure the VLAN-Instance mapping, region name and revision level. Configuration Guide 180 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 202
R1 Switch(config-mst)#revision 100 Switch(config-mst)#instance 5 vlan 2-6 Switch(config-mst)#show spanning-tree mst configuration Region-Name : R1 Revision : 100 Configuration Guide 181 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 203
to view, ranging from 1 to 8. port: Specify the port number. lagid: Specify the ID of the LAG. Step 5 end Return to privileged EXEC mode. Configuration Guide 182 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 204
priority. CIST priority the priority of a switch in CIST. The switch with the highest priority will be elected as the root bridge in CIST. Configuration Guide 183 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 205
, the Forward Delay as 12 seconds, the Hold Count as 8 and the Max Hop as 25: Switch#configure Switch(config)#spanning-tree priority 36864 Configuration Guide 184 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 206
and enable spanning tree function globally : Switch#configure Switch(config)#spanning-tree mode mstp Switch(config)#spanning-tree Switch(config)#show spanning-tree active Configuration Guide 185 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 207
Address : 00-0a-eb-13-12-ba Local bridge is the root bridge Designated Bridge Priority : 32768 Address : 00-0a-eb-13-12-ba Configuration Guide 186 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 208
Configuring Spanning Tree Local Bridge Priority : 32768 Address : 00-0a-eb-13-12-ba Interface Prio Cost Role Status Fa/0/16 128 200000 Altn Blk Fa/0/20 128 200000 Mstr Fwd Switch(config)#end Switch#copy running-config startup-config MSTP Configurations Configuration Guide 187 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 209
GUI 4.1.1 Configuring the STP Security Choose the menu Spanning Tree > STP Security > Port Protect to load the following page. Figure 4-1 Configuring the Port Protect Configuration Guide 188 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 210
Follow these steps to configure the Root protect feature, BPDU protect feature and BPDU filter feature for ports: Step 1 configure Enter global configuration mode. Configuration Guide 189 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 211
) View the protect inforamtion of ports. port: Specify the port number. lagid: Specify the ID of the LAG. end Return to privileged EXEC mode. Configuration Guide 190 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 212
BPDU-Guard Loop-Protect Root-Protect TC-Protect Fa1/0/3 Enable Enable Enable Enable Enable Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 191 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 213
instances to ensure traffic can be transmitted along the respective instance. Here we configure two instances to meet the requirement, as is shown below: Configuration Guide 192 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 214
load the following page. Enable spanning tree function on port 1/0/1 and port 1/0/2. Here we leave the values of the other parameters as default settings. Configuration Guide 193 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 215
3) Choose the menu Spanning Tree > MSTP Instance > Instance Config to load the following page. Map VLAN101-VLAN103 to instance 1; map VLAN104-VLAN106 to instance 2. Configuration Guide 194 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 216
Configuring Spanning Tree Figure 5-5 Configuring the VLAN-Instance Mapping Configuration Example for MSTP 4) Choose the menu Spanning Tree > MSTP Instance > Instance Port Config to load the following page. Set the path cost of port 1/0/1 in instance 1 as 400000. Configuration Guide 195 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 217
> STP Config to load the following page. Enable MSTP function globally, here we leave the values of the other global parameters as default settings. Configuration Guide 196 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 218
the menu Spanning Tree > MSTP Instance > Region Config to load the following page. Set the region name as 1 and the revision level as 100. Configuration Guide 197 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 219
> MSTP Instance > Instance Config to load the following page. Configure the priority of Switch B as 0 to set it as the root bridge in instance 1. Configuration Guide 198 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 220
the menu Spanning Tree > MSTP Instance > Instance Port Config to load the following page. Set the path cost of port 1/0/2 in instance 2 as 400000. Configuration Guide 199 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 221
> STP Config to load the following page. Enable MSTP function globally. Here we leave the values of the other global parameters as default settings. Configuration Guide 200 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 222
the menu Spanning Tree > MSTP Instance > Region Config to load the following page. Set the region name as 1 and the revision level as 100. Configuration Guide 201 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 223
> MSTP Instance > Instance Config to load the following page. Configure the priority of Switch C as 0 to set it as the root bridge in instance 2. Configuration Guide 202 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 224
leave the values of the other global parameters as default settings. Figure 5-18 Configuring the MSTP Globally 6) Click Save Config to save the settings. Configuration Guide 203 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 225
spanning tree function on port 1/0/1 and port 1/0/2, and specify the path cost of port 1/0/2 in instance 2 as 400000. Switch#configure Switch(config)#interface fastEthernet 1/0/2 Configuration Guide 204 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 226
instance 2; configure the priority of Switch C in instance 2 as 0 to set it as the root bridge in instance 2: Switch(config)#spanning-tree mst configuration Configuration Guide 205 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 227
: 0 Address : 00-0a-eb-13-12-ba Local Bridge Priority : 32768 Address : 00-0a-eb-13-23-97 Interface Prio Cost Role Status LAG --------- ---- Configuration Guide 206 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 228
spanning-tree mst instance 1 MST-Instance 1 Root Bridge Priority : 0 Address : 00-0a-eb-13-12-ba Local bridge is the root bridge Designated Bridge Configuration Guide 207 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 229
-0a-eb-13-12-ba Interface Prio Cost Role Status Fa1/0/1 128 200000 Altn Blk Fa1/0/2 128 200000 Root Fwd Configuration Example for MSTP Configuration Guide 208 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 230
-d8-9d-88-f7 Local bridge is the root bridge Designated Bridge Priority : 0 Address : 3c-46-d8-9d-88-f7 Configuration Example for MSTP Configuration Guide 209 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 231
Configuring Spanning Tree Local Bridge Priority : 0 Address : 3c-46-d8-9d-88-f7 Interface Prio Cost Role Status Fa1/0/1 128 200000 Desg Fwd Fa1/0/2 128 200000 Desg Fwd Configuration Example for MSTP Configuration Guide 210 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 232
-Path Cost Auto Edge Port Disable P2P Link Auto MCheck ------ Table 6-3 Default Settings of the MSTP Instance Parameter Default Setting Status Disable Priority 32768 Configuration Guide 211 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 233
Configuring Spanning Tree Parameter Port Priority Path Cost Default Setting 128 Auto Appendix: Default Parameters Configuration Guide 212 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 234
Configuring Spanning Tree Configuration Guide 213 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 235
Configuring Spanning Tree Configuration Guide 214 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 236
Part 9 Configuring Layer 2 Multicast CHAPTERS 1. Layer 2 Multicast 2. IGMP Snooping Configurations 3. Viewing Multicast Snooping Configurations 4. Configuration Examples 5. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 237
network resources and impacting information security. Multicast, however, solves all the problems caused by unicast and broadcast. With multicast, the source only need to Internet information provider can provide value-added services such as Online Live, IPTV, Distance Education Guide 216 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 238
Layer 2 switch Host A Receiver Host B Multicast packets Host C Receiver Host A Receiver 1.2 Supported Layer 2 Multicast Protocols Host B Host C Receiver Layer 2 Multicast protocol for IPv4: IGMP and users, to build and maintain Layer 2 multicast forwarding table. Configuration Guide 217 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 239
multicast data when its destination multicast address is not in the multicast forwarding table of the switch. Follow these steps to configure unknown multicast. Configuration Guide 218 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 240
-Address-Specific Queries (MASQs) are sent and no report message is received, the switch will delete the multicast address from the multicast forwarding table. Configuration Guide 219 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 241
be sent. The valid values are from 1 to 5. Verifying IGMP Snooping Status IGMP Snooping Status Table displays VLANs and ports with IGMP Snooping enabled. Configuration Guide 220 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 242
this multicast group. Follow these steps to configure fast leave. 1) Select the port to be configured and select Enable under the Fast Leave column. Configuration Guide 221 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 243
designate VLAN, and configure the aging time of the router ports and the member ports. VLAN ID Specify the VLAN to enable IGMP Snooping. Configuration Guide 222 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 244
send the data to all member ports of the VLAN. In this way, Multicast VLAN saves bandwidth and reduces network load of Layer 3 devices. Configuration Guide 223 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 245
Member Port Time. Multicast VLAN Select Enable to enable multicast VLAN function. VLAN ID Specify the 802.1Q VLAN to be the multicast VLAN. Configuration Guide 224 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 246
be the router ports in the multicast VLAN. 1) Configure the router ports in the designate VLAN. VLAN ID Specify the VLAN to be configured. Configuration Guide 225 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 247
by the querier. It cannot be a multicast address or a broadcast address. 2) Click Add. 3) You can edit the settings in the IGMP Snooping Querier Table. Configuration Guide 226 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 248
specific multicast groups. Searching Profile Enter the search condition in the Search Option field to search the profile in the IGMP Profile Info table. Configuration Guide 227 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 249
's filtering profile and the number of multicast groups a port can join. Choose the menu Multicast > IGMP Snooping > Profile Binding to load the following page. Configuration Guide 228 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 250
groups a port can join and overflow action. 1) Select a port to configure its Max Group and Overflow Action. Select Select the port to be configured. Configuration Guide 229 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 251
following page. Figure 2-9 View IGMP Statistics on the Port Configuring Auto Refresh Follow these steps to configure auto refresh. 1) Enable or disable Auto Refresh. Configuration Guide 230 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 252
Configuring Static Member Port Follow these steps to configure static member port. 1) Enter the Multicast IP and VLAN ID. Specify the Static Member Port. Configuration Guide 231 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 253
fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list | port-channel port-channel-id | range port-channe port-channel-list} Enter interface configuration mode. Configuration Guide 232 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 254
:300 Global Report Suppression :Disable Global Authentication Accounting:Disable Enable Port:Fa1/0/3 Enable VLAN: Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 233 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 255
Age Time :260 Global Router Age Time :300 Global Report Suppression :Enable Global Authentication Accounting:Disable Enable Port: Enable VLAN: Switch(config-if)#end Configuration Guide 234 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 256
Time :300 Global Report Suppression :Disable Global Authentication Accounting:Disable Enable Port: Enable VLAN: Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 235 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 257
Query Interval :1 Global Member Age Time :200 Global Router Age Time :200 Global Report Suppression :Disable Global Authentication Accounting:Disable Enable Port: Enable VLAN: Configuration Guide 236 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 258
igmp snooping interface fastEthernet 1/0/3 basic-config Port IGMP-Snooping Fast-Leave Fa1/0/3 enable enable Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 237 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 259
snooping max-groups action drop Switch(config-if)#show ip igmp snooping interface fastEthernet 1/0/3 max-groups Port Max-Groups Overflow-Action Fa1/0/3 500 Drop Configuration Guide 238 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 260
Last Query Times :5 Last Query Interval :5 Global Member Age Time :260 Global Router Age Time :300 Global Report Suppression :Disable Global Authentication Accounting:Disable Configuration Guide 239 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 261
400 Switch(config)#show ip igmp snooping vlan 2 Vlan Id: 2 Router Time:500 Member Time:400 Static Router Port:None Dynamic Router Port:None Configuration Guide 240 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 262
snooping Switch(config)#ip igmp snooping vlan-config 2 rport interface fastEthernet 1/0/2 Switch(config)#show ip igmp snooping vlan 2 Vlan Id: 2 Router Time:0 Member Time:0 Configuration Guide 241 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 263
(config)#show ip igmp snooping vlan 2 Vlan Id: 2 Router Time:0 Member Time:0 Static Router Port:None Dynamic Router Port:None Forbidden Router Port:Fa1/0/4-6 Configuration Guide 242 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 264
snooping groups static Multicast-ip VLAN-id Addr-type Switch-port 226.0.0.2 2 static Fa1/0/9-10 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 243 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 265
: 5 Router Time:500 Member Time:400 Replace Source IP:0.0.0.0 Static Router Port:None Dynamic Router Port:None Forbidden Router Port:None Switch(config)#end Configuration Guide 244 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 266
Replace Source IP:0.0.0.0 Static Router Port:Fa1/0/5 Dynamic Router Port:None Forbidden Router Port:None Switch(config)#end Switch#copy running-config startup-config Configuration Guide 245 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 267
Replace Source IP:0.0.0.0 Static Router Port:None Dynamic Router Port:None Forbidden Router Port:Fa1/0/6 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 246 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 268
IP:192.168.0.1 Static Router Port:None Dynamic Router Port:None Forbidden Router Port:None Switch(config)#end Switch#copy running-config startup-config Configuration Guide 247 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 269
)#end Switch#copy running-config startup-config Configuring Query Interval, Max Response Time and General Query Source IP Step 1 configure Enter global configuration mode. Configuration Guide 248 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 270
querier VLAN 4: Maximum Response Time: 20 Query Interval: 100 General Query Source IP: 192.168.0.1 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 249 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 271
1 Switch(config-igmp-profile)#deny Switch(config-igmp-profile)#range 226.0.0.5 226.0.0.10 Switch(config-igmp-profile)#show ip igmp profile IGMP Profile 1 deny Configuration Guide 250 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 272
)#interface fastEthernet 1/0/2 Switch(config-if)#ip igmp snooping Switch(config-if)#ip igmp filter 1 Switch(config-if)#show ip igmp profile IGMP Profile 1 deny Configuration Guide 251 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 273
Configuring Layer 2 Multicast range 226.0.0.5 226.0.0.10 Binding Port(s) Fa1/0/2 Switch(config)#end Switch#copy running-config startup-config IGMP Snooping Configurations Configuration Guide 252 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 274
, including router ports and member ports. 3.2 Using the CLI 3.2.1 Viewing IPv4 Multicast Snooping Configurations show ip igmp snooping Displays global settings of IGMP Snooping. Configuration Guide 253 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 275
profile [id] Displays settings in all profiles or in the specific profile. clear ip igmp snooping statistics Clear all statistics of all IGMP packets. Configuration Guide 254 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 276
Scheme Enable IGMP Snooping globally and on the port. Add the three member ports and the router port to a VLAN and configure their PVIDs. Configuration Guide 255 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 277
fields. Figure 4-2 Configure IGMP Snooping Globally 2) Choose the menu Multicast > IGMP Snooping > Snooping Config to load the following page. Enable IGMP Snooping on port 1/0/1-4. Configuration Guide 256 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 278
> VLAN Config to load the following page. Create VLAN 10 and add Untagged port 1/0/1-3 and Tagged port 1/0/4 to VLAN 10. Figure 4-4 Configure Link Type Configuration Guide 257 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 279
. Enable IGMP Snooping in VLAN 10. Keep 0 as the Router Port Time and Member Port Time, which means the global settings will be used. Configuration Guide 258 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 280
VLAN 10 and set the link type as tagged. Switch(config)#interface range fastEthernet 1/0/1-3 Switch(config-if-range)#switchport general allowed vlan 10 untagged Configuration Guide 259 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 281
igmp snooping IGMP Snooping :Enable Unknown Multicast :Pass Last Query Times :2 Last Query Interval :1 Global Member Age Time :260 Global Router Age Time :300 Configuration Guide 260 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 282
, VLAN 20 and VLAN 30 respectively. Port 1/0/4 is connected to the multicast network in the upper layer network. These 4 ports are all Untagged ports. Configuration Guide 261 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 283
to load the following page. Enable IGMP Snooping globally, and keep the default values in the Router Port Time and Member Port Time fields. Configuration Guide 262 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 284
Configuring Layer 2 Multicast Figure 4-8 Configure IGMP Snooping Globally Configuration Examples 2) Choose the menu Multicast > IGMP Snooping > Snooping Config to load the following page. Enable IGMP Snooping on port 1/0/1-4. Figure 4-9 Configure IGMP Snooping Globally Configuration Guide 263 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 285
> Port Config to load the following page. Configure the PVID of port 1/0/1 as 10, port 1/0/2 as 20, port 1/0/3 as 30 and port 1/0/4 as 40. Configuration Guide 264 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 286
Config to save the settings. 4.2.5 Using the CLI 1) Enable IGMP Snooping Globally. Switch#configure Switch(config)#ip igmp snooping 2) Enable IGMP Snooping on port 1/0/1-4. Configuration Guide 265 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 287
multi-vlan-config 40 7) Save the settings. Switch(config)#end Switch#copy running-config startup-config Verify the Configurations Switch(config)#show vlan brief Configuration Guide 266 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 288
Unknown Multicast and Fast Leave 4.3.1 Network Requirement A user experiences lag when he is changing channel on his IPTV. He wants solutions to this problem. As shown in the following network topology, port 1/0/4 on the switch is connected to the upper layer network, and port 1/0/2 is connected to - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 289
data, which increases the network load and results in network congestion. The solution to this problem is using Unknown Multicast and Fast Leave. To avoid Host B from receiving irrelevant multicast . Enable IGMP Snooping globally and configure Unknown Multicast as Discard. Configuration Guide 268 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 290
Configuring Layer 2 Multicast Figure 4-14 Configure IGMP Snooping Globally Configuration Examples 2) Choose the menu Multicast > IGMP Snooping > Port Config to load the following page. Enable IGMP Snooping on port 1/0/2 and port 1/0/4 and enable Fast Leave on port 1/0/2. Configuration Guide 269 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 291
Configuring Layer 2 Multicast Figure 4-15 Configure IGMP Snooping Globally Configuration Examples 3) Choose the menu Multicast > IGMP Snooping > VLAN Config to load the following page. Enable IGMP Snooping in VLAN 10. Figure 4-16 Enable IGMP Snooping in the VLAN Configuration Guide 270 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 292
igmp snooping IGMP Snooping :Enable Unknown Multicast :Discard Last Query Times :2 Last Query Interval :1 Global Member Age Time :260 Global Router Age Time :300 Configuration Guide 271 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 293
network topology, Host B is connected to port 1/0/1, Host C is connected to port 1/0/2 and Host D is connected to port 1/0/3. They are all in VLAN 10. Configuration Guide 272 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 294
to load the following page. Enable IGMP Snooping globally, and keep the default values in the Router Port Time and Member Port Time fields. Configuration Guide 273 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 295
Configuring Layer 2 Multicast Figure 4-18 Configure IGMP Snooping Globally Configuration Examples 2) Choose the menu Multicast > IGMP Snooping > Snooping Config to load the following page. Figure 4-19 Enable IGMP Snooping on the Port Configuration Guide 274 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 296
Configure Link Type 4) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Configure the PVID of port 1/0/1-4 as 10. Configuration Guide 275 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 297
. Enable IGMP Snooping in VLAN 10. Keep 0 as the Router Port Time and Member Port Time, which means the global settings will be used. Configuration Guide 276 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 298
Permit as the Mode and click Create. Figure 4-23 Create Profile 1 b. Choose the menu Multicast > IGMP Snooping > Profile Config to load the following page. Configuration Guide 277 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 299
receive a. Choose the menu Multicast > IGMP Snooping > Profile Config to load the following page. Create Profile 2, select Deny as the Mode and click Create. Configuration Guide 278 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 300
> Profile Binding to load the following page. Select port 1/0/1, enter 2 in the Profile ID field and click Apply to bind Profile 2 to this port. Configuration Guide 279 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 301
and set the link type as untagged. Add port 1/0/4 to VLAN 10 and set the link type as tagged. Switch(config)#interface range fastEthernet 1/0/1-3 Configuration Guide 280 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 302
.0.0.2 Switch(config-igmp-profile)#exit 10) Bind Profile 2 to Port 1/0/1. Switch(config)#interface fastEthernet 1/0/1 Switch(config-if)#ip igmp filter 2 Switch(config-if)#exit Configuration Guide 281 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 303
)#show ip igmp profile IGMP Profile 1 permit range 225.0.0.1 225.0.0.1 Binding Port(s) Fa1/0/2-3 IGMP Profile 2 deny range 225.0.0.2 225.0.0.2 Binding Port(s) Fa1/0/1 Configuration Examples Configuration Guide 282 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 304
Disabled 0, use global settings. 0, use global settings. None 0, use global settings. 0, use global settings. 0.0.0.0, indicating no replacement. Disabled 60 seconds 10 seconds 192.168.0.1 Configuration Guide 283 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 305
Part 10 Configuring QoS CHAPTERS 1. QoS 2. DiffServ Configuration 3. Bandwidth Control Configuration 4. Configuration Examples 5. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 306
QoS (Quality of Service) technology, you can classify and prioritize network traffic to provide DiffServ (Differentiated Services) to certain types of traffic. 1.2 Supported Features You can the packets will be automatically discarded to avoid network broadcast storm. Configuration Guide 285 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 307
priority mode appropriate to your network requirements. Three modes are supported on the switch, 802.1P Priority, DSCP Priority and Port DSCP priority determines the priority of packets based on the ToS (Type of Service) field in their IP header. RFC2474 re-defines the ToS field in the Guide 286 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 308
DiffServ Configuration 2.1 Using the GUI 2.1.1 Configuring Priority Mode The instructions of the three priority modes are described respectively in this section CoS-id to be mapped to. The switch supports 4 TC queues, from TC0 for the lowest priority to TC 3 for the highest priority. Configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 309
or the redefined DSCP value by the ACL Remark feature. Priority 3) Click Apply. Select a TC queue that the DSCP priority will be mapped to. Configuration Guide 288 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 310
to control the forwarding sequence of different TC queues when congestion occurs. Choose the menu QoS > DiffServ > Schedule Mode to load the following page. Configuration Guide 289 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 311
to the new TC queue, regardless of the mapping relations configured in this section. 2.2 Using CLI 2.2.1 Configuring Priority Mode The instructions of the three priority modes are described respectively in this section. Configuring 802.1 Priority Step 1 configure Enter global configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 312
(config)#show qos cos-map Tag |0 |1 |2 |3 |4 |5 |6 |7 TC |TC1 |TC0 |TC0 |TC1 |TC2 |TC2 |TC3 |TC3 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 291 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 313
Switch(config)#show qos cos-map Tag |0 |1 |2 |3 |4 |5 |6 |7 TC |TC1 |TC0 |TC0 |TC1 |TC2 |TC2 |TC3 |TC3 Switch(config)#qos queue dscp-map 10-14 0 Configuration Guide 292 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 314
: The list of LAGs. Step 5 end Return to privileged EXEC mode. Step 6 copy running-config startup-config Save the settings in the configuration file. Configuration Guide 293 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 315
Equ mode, all the queues occupy the bandwidth equally. The weight value ratio of all the queues is 1:1:1:1. It is the default schedule mode. Configuration Guide 294 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 316
wrr Switch(config)#show qos queue mode Schedule Mode : WRR |Weight : TC0=1 TC1=2 TC2=4 TC3=8 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 295 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 317
send packets. Ingress Rate (11000000Kbps) Configure the upper rate limit for receiving packets on the port. The valid values are from 1 to 1000000 Kbps. Configuration Guide 296 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 318
packets in the Broadcast field. The packet traffic exceeding the rate will be discarded. The switch supports the following three rate modes: kbps: Specify the upper rate limit in kilo-bits per second, the broadcast rate control, select Disable in the Broadcast field. Configuration Guide 297 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 319
Frames in the ULFrame field. The packet traffic exceeding the rate will be discarded. The switch supports the following two rate modes: kbps: Specify the upper rate limit in kilo-bits per second port | range gigabitEthernet port-list} Enter interface configuration mode. Configuration Guide 298 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 320
. Step 1 Step 2 configure Enter global configuration mode interface {fastEthernet port | range fastEthernet port-list | gigabitEthernet port | range gigabitEthernet port-list} Enter interface configuration mode. Configuration Guide 299 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 321
storm-control interface fastEthernet 1/0/5 Port BcRate Mcate UlRate LAG Fa1/0/5 kbps 10240 kbps 0 kbps 0 N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 300 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 322
priority. 2) Select SP schedule mode. Demonstrated with T1500-28PCT, this chapter provides configuration procedures in two ways: using the GUI and using the CLI. Configuration Guide 301 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 323
CLI 1) Set the priority for port 1/0/1 to TC1 and priority for port 1/0/2 to TC0. Switch#configure Switch(config)#interface fastEthernet 1/0/1 Switch(config-if)#qos 0 Configuration Guide 302 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 324
B is a layer 3 switch with ACL Redirect feature. RD department is connected to port 1/0/1 of Switch A. Marketing Department is connected to port 1/0/2 of Switch A, the Configuration Guide 303 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 325
in two ways: using the GUI and using the CLI. 4.2.3 Using the GUI Note: Before configuration, ensure network segments are reachable to each other. Configuration Guide 304 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 326
VLAN 20 with the description of Marketing. Add port 1/0/2 as an untagged port and port 1/0/4 as a tagged port to VLAN 20. Then click Apply. Configuration Guide 305 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 327
to load the following page. For port 1/0/1, set the Link Type as TRUNK, and for port 1/0/2, set the Link Type as ACCESS. Click Apply. Configuration Guide 306 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 328
Configuring QoS Figure 4-7 Configure the Port Configuration Examples 2) Choose VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10 and VLAN 20, and add port 1/0/1 to the two VLANs; create VLAN 30, and add port 1/0/2 to VLAN 30. Configuration Guide 307 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 329
Configuring QoS Figure 4-8 Configure VLAN 10 Configuration Examples Figure 4-9 Configure VLAN 20 Configuration Guide 308 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 330
> ACL Config > MAC ACL to load the following page. Select ACL 10, specify the Rule ID as 1 and the Operation as Permit. Click Apply. Configuration Guide 309 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 331
Create to load the following page. Select Policy RD, and ACL 10, click QoS Remark and set the Local Priority to TC 1. Click Apply. Configuration Guide 310 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 332
Create to load the following page. Select Policy Marketing, and ACL 10, click QoS Remark and set the Local Priority to TC 0. Click Apply. Configuration Guide 311 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 333
Configuring QoS Figure 4-16 Action Create Configuration Examples 6) Choose ACL > Policy Binding > VLAN Binding. Bind Policy RD and Policy Marketing to VLAN10 and VLAN 20 respectively. Figure 4-17 Bind Policy RD to VLAN 10 Figure 4-18 Bind Policy Marketing to VLAN 20 Configuration Guide 312 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 334
)#switchport general allowed vlan 20 untagged Switch_A(config-vlan)#exit Switch_A(config)#interface fastEthernet 1/0/3 Switch_A(config-if)#switchport general allowed vlan 10,20 tagged Configuration Guide 313 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 335
1 permit Switch_B(config-mac-acl)#exit 4) Create Policy RD and bind it to ACL 10, enable QoS Remark and set Local Priority to TC1. Configuration Guide 314 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 336
Switch A: Verify the VLAN members. Switch_B#show vlan VLAN Name Status Ports ------- 1 System-VLAN active Fa1/0/3, Fa1/0/4, Fa1/0/5, Fa1/0/6, Fa1/0/7, Fa1/0/8, Fa1/0/9, Fa1/0/10, Configuration Guide 315 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 337
Interface/VID Direction 1 RD 10 Ingress 2 Marketing 20 Ingress Type Vlan Vlan Verify the schedule mode. Switch_B#show qos queue mode Scheduler Mode | WRR Configuration Guide 316 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 338
32~47 48~63 TC-id TC 0 TC 1 TC 2 TC 3 Bandwidth Control Table 5-4 Bandwidth Control Parameter Rate Limit Storm Control Default Setting Disabled Disabled Configuration Guide 317 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 339
Part 11 Configuring Voice VLAN CHAPTERS 1. Overview 2. Voice VLAN Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 340
A voice VLAN can operate in two modes: manual mode and automatic mode. Manual mode: This mode is applicable when the switch port forwards voice traffic only. You manually add ports connecting IP phones to the voice VLAN Traffic on the Same Port Internet PC IP Phone Switch Configuration Guide 319 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 341
address of a packet complies with the OUI addresses in the switch, the switch identifies the packet as a voice packet and prioritizes it in transmission. Configuration Guide 320 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 342
Manual Suggested Link Type and PVID PVID cannot be the voice VLAN ID. Not supported. VLAN ID. Because the voice VLAN in automatic mode supports only tagged voice traffic, you need to make sure can also configure it to instruct the voice device to send tagged voice traffic. For details - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 343
an OUI address description for identification. The length is no more than 16 characters. 2) Click Create to add an OUI address to the table. Configuration Guide 322 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 344
IEEE 802.1p priority, and you can further configure its schedule mode if needed. For details about schedule mode, please refer to Configuring QoS. Configuration Guide 323 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 345
the Auto mode for the selected ports, make sure traffic from your voice device is tagged. Manual: You manually add the ports connecting voice devices to the voice VLAN. Member State Displays the current state of voice VLAN. 2) Set the security mode for selected ports. Configuration Guide 324 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 346
IEEE 802.1p priority, and you can further configure its schedule mode if needed. For details about schedule mode, please refer to Configuring QoS. Configuration Guide 325 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 347
the security mode is disabled. Step 10 switchport general allowed vlan vid { tagged | untagged } (For ports in manual voice VLAN mode) Add the specified ports to the voice VLAN. vid: Enter the voice VLAN ID to add switchport Verify the voice VLAN configuration of the ports. Configuration Guide 326 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 348
The following example shows how to set port 1/0/1 in manual voice VLAN mode. Configure the switch to forward voice config-if)#switchport voice vlan mode manual Switch(config-if)#switchport voice Port Auto-mode Security State LAG Fa1/0/1 Manual Enabled Active N/A Fa1/0/2 Auto Disabled Inactive - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 349
ports. To separate voice traffic from data traffic, configure LLDP-MED to instruct IP Phones to send traffic with the voice VLAN tag. Voice traffic the voice VLAN tag. Set ports that are connected to IP phones in manual voice VLAN mode. Meanwhile, configure the voice VLAN to work in security Guide 328 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 350
GUI Configurations for Switch A 1) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10. Configuration Guide 329 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 351
the menu QoS > Voice VLAN > Port Config to load the following page. Select port 1/0/1, choose auto mode and enable security mode. Select port 1/0/2 and choose manual mode. Click Apply. Configuration Guide 330 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 352
Configuring Voice VLAN Figure 3-4 Configuring Voice VLAN Mode on Port 1/0/1 Configuration Example Figure 3-5 Configuring Voice VLAN Mode on Port 1/0/2 Configuration Guide 331 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 353
as 4. Figure 3-8 Configuring LLDP-MED Globally 7) Choose the menu LLDP > LLDP-MED> Port Config to load the following page. Enable LLDP-MED on port 1/0/1. Configuration Guide 332 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 354
Configuring Voice VLAN Figure 3-9 Configuring LLDP-MED on Ports Configuration Example Configuration Guide 333 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 355
settings. Configurations for Switch B 1) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10. Configuration Guide 334 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 356
6. Figure 3-12 Configuring Voice VLAN Globally 3) Choose the menu QoS > Voice VLAN > Port Config to load the following page. Select ports 1/0/1-3, choose manual mode and enable security mode. Figure 3-13 Configuring Voice VLAN Mode on Ports 4) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 357
ports 1/0/1-3 as tagged ports to the VLAN. Figure 3-15 Creating a VLAN and Adding Ports to the VLAN 2) Click Save Config to save the settings. Configuration Guide 336 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 358
as a tagged port. Switch_A(config)#interface fastEthernet 1/0/2 Switch_A(config-if)#switchport voice vlan mode manual Switch_A(config-if)#switchport general allowed vlan 10 tagged Switch_A(config-if)#exit 5) Enable LLDP 1/0/1. Switch_A(config-if)#lldp med-tlv-select all Configuration Guide 337 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 359
(config)#voice vlan priority 6 Switch_B(config)#voice vlan 10 3) Configure ports 1/0/1-3 to manual voice VLAN mode and enable security mode. Switch_B(config)#interface range fastEthernet 1/0/1-3 Switch_B(config VLAN 10 and add ports 1/0/1-3 to the VLAN. Switch_C#configure Configuration Guide 338 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 360
on the ports: Switch_A#show voice vlan switchport Port Auto-mode Security State LAG Fa1/0/1 Auto Enabled Inactive N/A Fa1/0/2 Manual Disabled Active N/A Fa1/0/3 Auto Disabled Inactive N/A ...... Switch B Verify the global configuration of voice VLAN: Switch_B#show voice vlan Voice - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 361
N/A Fa1/0/2 Manual Enabled Active N/A Fa1/0/3 Manual Enabled Active N/A ...... Switch C Verify the voice VLAN configuration for VLAN 10: Switch_C#show vlan id 10 VLAN Name Status Ports ----- 10 VoiceVlan active Fa1/0/1, Fa1/0/2, Fa1/0/3 Configuration Example Configuration Guide 340 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 362
-00-00-00 ff-ff-ff-00-00-00 Description Siemens Phone Cisco Phone Avaya Phone Philips Phone Pingtel Phone PolyCom Phone 3Com Phone Configuration Guide 341 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 363
Part 12 Configuring PoE CHAPTERS 1. PoE 2. PoE Power Management Configurations 3. Time-Range Function Configurations 4. Example for PoE Configurations 5. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 364
standard PDs and non-standard PDs. Only standard PDs can be powered via TP-Link PoE switches. 1.2 Supported Features PoE Power Management PoE Power Management is used for users to manage the power the PoE switch supplied time range to save energy according to your actual use. Configuration Guide 343 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 365
Configure the PoE parameters manually Configure the PoE one via configuring the PoE parameters manually. You can also set a profile 2.1.1 Configuring the PoE Parameters Manually Choose the menu PoE > PoE . Figure 2-1 Configuring PoE Parameters Manually Follow these steps to configure the - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 366
port can supply is 15.4W. Class4: The maximum power that the port can supply is 30W. Manual: Enter a value manually. Time Range Select a time range, then the port will supply power only during the time range. For Power Status Displays the port's real-time power status. Configuration Guide 345 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 367
is 7W. Class3: The maximum power that the port can supply is 15.4W. Class4: The maximum power that the port can supply is 30W. Manual: Enter a value manually. Configuration Guide 346 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 368
Profile section for the desired port. If one profile is selected, you will not be able to modify PoE status, PoE priority or power limit manually. Power(w) Displays the port's real-time power supply. Current(mA) Displays the port's real-time current. Configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 369
time power status. 2.2 Using the CLI 2.2.1 Configuring the PoE Parameters Manually Follow these steps to configure the basic PoE parameters: Step 1 Step Class3 represents 15.4W and Class4 represents 30W, or you can enter a value manually. The value ranges from 1 to 300. It is in the unit of 0.1 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 370
)#show power inline configuration interface fastEthernet 1/0/5 Interface PoE-Status PoE-Prio Power-Limit(w) Time-Range PoE-Profile Fa1/0/5 Enable Middle Class3 No Limit None Configuration Guide 349 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 371
7W, Class3 represents 15.4W and Class4 represents 30W or you can enter a value manually. The value ranges from 1 to 300. It is in the unit of 0.1 watt able to modify PoE status, PoE priority or power limit manually. name: Specify the name of the PoE profile. If the name contains spaces, - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 372
-Prio Power-Limit(w) Time-Range PoE-Profile Fa1/0/6 Enable Middle Class2 No Limit profile1 Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 351 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 373
a name for the time-range and select to include or exclude the holiday in the time-range. Name Specify a name for the time-range. Configuration Guide 352 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 374
Time Specify the end time of the periodic mode. Day of the Week Select day of the week for the periodic mode. 3) Click Apply. Configuration Guide 353 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 375
mode of the time-range function. Displays the state of the time-range function. View or edit the configuration of the time-range function. Configuration Guide 354 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 376
week in periodic mode, ranging from 1 to 7. It is in the format of 1,3-4. By default, it is 1-7. exit Exit Power Time-range Configuration Mode. Configuration Guide 355 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 377
of absolute time: 1 1 - 09/08/2016-00:00 to 09/10/2016-24:00 number of periodic time: 1 1 - 01:00 to 23:00 on 5 Configuration Guide 356 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 378
Switch(config)#show power holiday Index Holiday Name Start-End 1 holiday1 08.16-08.20 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 357 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 379
/31/2099-24:00 by default) number of periodic time: 1 1 - 08:30 to 18:00 on 1,2,3,4,5 Switch#end Switch#copy running-config startup-config Configuration Guide 358 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 380
for the security of the company and cannot be power off all the time. AP1 and AP2 provide Internet service and only work in the daytime. Figure 4-1 Network Topology Switch A Fa1/0/1 Fa1/0/2 Fa1/0/4 Fa1/0/3 Camera1 a time range that is from 08:30 to 18:00. Click Apply. Configuration Guide 359 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 381
Configuring PoE Figure 4-2 Create a Time-Range Example for PoE Configurations 2) Choose the menu PoE > Time-Range > Holiday Config to load the following page. Specify a name for the holiday and set the starting date and ending date. Figure 4-3 Configure the Holiday Configuration Guide 360 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 382
time" to the port. Switch_A(config)#interface fastEthernet 1/0/3 Switch_A(config-if)#power inline supply enable Switch_A(config-if)#power inline time-range "office time" Configuration Guide 361 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 383
)#show power inline configuration interface fastEthernet 1/0/3 Interface PoE-Status PoE-Prio Power-Limit(w) Time-Range PoE-Profile Fa1/0/3 Enable Low Class4 office time None Configuration Guide 362 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 384
/01/2000-24:00 Table 5-4 Default Settings of Holiday Config Parameter Holiday Name Start Date End Date Default Setting None 01/01 01/01 Configuration Guide 363 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 385
Part 13 Configuring ACL CHAPTERS 1. ACL 2. ACL Configurations 3. Configuration Example for ACL 4. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 386
ACL rules. In this way, ACL ensures security and high service quality of networks. ACL helps to: Prevent various network attacks access to a network or to specific resources in your network. 1.2 Supported Features ACL Binding An ACL takes effect after it is directly bound Configuration Guide 365 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 387
addresses for matching operations. Extended-IP ACL: Extended-IP ACL uses source and destination IP addresses, IP protocols and so on for matching operations. Configuration Guide 366 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 388
-down list, enter a Rule ID, and specify the operation for the matched packets. ACL ID Select an MAC ACL from the drop-down list. Configuration Guide 367 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 389
. Operation Select an operation to be performed when a packet matches the rule. Permit: To forward the matched packets. Deny: To discard the matched packets. Configuration Guide 368 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 390
/Mask Specify the source IP address with a mask. A value of 1 in the mask indicates that the corresponding bit in the address will be matched. Configuration Guide 369 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 391
. 2) Apply an ACL to the Policy. Creating a Policy Choose th menu ACL > Policy Config > Policy Create to load the following page. Figure 2-6 Creating a Policy Configuration Guide 370 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 392
Binding You can bind the ACL to a port or a VLAN. The received packets will then be matched and processed according to the ACL rules. Configuration Guide 371 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 393
the ACL to a VLAN Follow these steps to bind the ACL to a VLAN: Select the ACL and enter the VLAN ID, and click Apply. Configuration Guide 372 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 394
Policy to a Port: Select the Policy and the port to be bound, and click Apply. Policy Name Select a Policy from the drop-down list. Configuration Guide 373 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 395
the ACL Binding You can view both port binding and VLAN binding entries in the table. You can also delete existing entries if needed. Configuration Guide 374 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 396
delete existing entries if needed. Choose the menu ACL > Policy Binding > Binding Table to load the following page. Figure 2-13 Verifying the Policy Binding Configuration Guide 375 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 397
number of the ACL. Step 5 end Return to privileged EXEC mode. Step 6 copy running-config startup-config Save the settings in the configuration file. Configuration Guide 376 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 398
is entered. Step 4 show access-list [access-list-num] (Optional) View the current ACL configuration. access-list-num: The ID number of the ACL. Configuration Guide 377 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 399
-list create access-list-num Create an Extend-IP ACL access-list-num:Enter an ACL ID. The ID ranges from 1500 to 2499. Configuration Guide 378 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 400
1700 Rule 7 deny sip 192.168.2.100 smask 255.255.255.255 protocol 6 d-port 23 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 379 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 401
-action)#exit Switch(config)#show access-list policy RD Policy name : RD access-list 600 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 380 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 402
bind acl 1 Switch(config-if)#exit Switch(config)#interface vlan 4 Switch(config-if)#access-list bind acl 2 Switch(config-if)#show access-list bind Configuration Guide 381 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 403
shows how to bind Policy 1 to port 2 and Policy 2 to VLAN 2: Switch#configure Switch(config)#interface fastEthernet 1/0/2 Switch(config-if)#access-list bind policy 1 Configuration Guide 382 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 404
Direction Type 1 1 Fa1/0/2 Ingress Port 2 2 2 Ingress Vlan Index ACL ID Interface/VID Direction Type Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 383 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 405
Configuration Example for ACL 3.1 Network Requirements A company's server group can provide different types of services. It is required that: The Marketing department can only access the server group. This rule allows the Marketing department to access the server group. Configuration Guide 384 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 406
3) Configure a deny rule to match packets with source IP address 10.10.70.0. This rule blocks other network services. The switch matches the packets with the rules in order, starting with Rule 1. If a packet matches a 10.10.70.0/24 and destination IP address 10.10.80.0/24. Configuration Guide 385 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 407
to load the the following page. Configure rule 2 and rule 3 to permit packets with source IP 10.10.70.0 and destination port TCP 80 (http service port) and UDP 443 (HTTPS service port). Figure 3-4 Configuring Rule 2 Figure 3-5 Configuring Rule 3 Configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 408
. Configure Rule 4 and Rule 5 to permit packets with source IP 10.10.70.0 and with destination port TCP 53 or UDP 53 (DNS service port). Figure 3-6 Configuring Rule 4 Figure 3-7 Configuring Rule 5 5) Choose the menu ACL > Policy Config > Policy Create to load the following page. Configure Rule 6 to - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 409
Policy 8) Choose the menu ACL > Policy Binding > Port Binding to load the the following page. Bind Policy Market to port 1/0/1 to make it effective. Configuration Guide 388 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 410
Rule 3 to permit packets with source IP 10.10.70.0, and destination port TCP 80 (http service port) or TCP 443 (HTTPS service port). Switch(config)#access-list extended 1600 rule 2 permit sip 10.10.70.0 smask 255.255.255 10.10.70.0 smask 255.255.255.0 protocol 17 d-port 53 Configuration Guide 389 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 411
.0 Switch(config)#show access-list bind Index Policy Name Interface/VID Direction Type ----- 1 Market Fa1/0/1 Ingress Port Index Acl Id Interface/VID Direction Type Configuration Guide 390 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 412
For Standard-IP ACL: Parameter Operation For Extend-IP ACL: Parameter Operation IP Protocol Default Setting Permit Default Setting Permit Default Setting Permit All Configuration Guide 391 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 413
Part 14 Configuring Network Security CHAPTERS 1. Network Security 2. IP-MAC Binding Configurations 3. DHCP Snooping Configuration 4. ARP Inspection Configurations 5. DoS Defend Configuration 6. 802.1X Configuration 7. AAA Configuration 8. Configuration Examples 9. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 414
binding entries can be manually configured, or learned by ARP scanning or DHCP snooping. DHCP Snooping DHCP Snooping supports the basic DHCP security servers on the network, security problems and network interference will happen. DHCP Snooping resolves this problem. As the following figure Guide 393 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 415
DHCP server. Administrators can check the location of the DHCP client via option 82. The DHCP server supporting option 82 can also set the distribution policy of IP addresses and the other parameters, providing a exceeds the defined value so as to avoid ARP flooding attack. Configuration Guide 394 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 416
network bandwidth maliciously by sending numerous service requests to the hosts. It results in an abnormal service or breakdown of the network. With access the LAN. Authenticator An authenticator is usually a network device that supports 802.1X protocol. As the above figure shows, the switch is an - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 417
this server to authenticate the users trying to access the switch or get administrative privileges. Figure 1-3 Network Topology of AAA Users Switches RADIUS Server Configuration Guide 396 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 418
IP-MAC binding in two ways: Manual Binding Dynamical Binding (including ARP Table. 2.1 Using the GUI 2.1.1 Binding Entries Manually You can manually bind the IP address, MAC address, VLAN Binding > Manual Binding to load the following page. Figure 2-1 Manual Binding In the Manual Binding Option - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 419
switch can get the IP address, MAC address, VLAN ID and the connected port number of the host. You can bind these entries conveniently. Configuration Guide 398 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 420
be applied to any feature. ARP Detection: This entry will be applied to the ARP Detection feature. Source Displays the source of the entry. Configuration Guide 399 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 421
different entry types, from high to low, is Manually, ARP Scanning and DHCP Snooping. DHCP Snooping the connected port number of the host. For instructions on how to configure DHCP Snooping, refer to DHCP entries from all sources. Manual: Displays the manually bound entries. Scanning: Displays - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 422
highest priority will be valid. The priority of different entry types, from high to low, is Manually, ARP Scanning and DHCP Snooping. 2.2 Using the CLI Binding entries via ARP scanning is not supported by the CLI; Binding entries via DHCP Snooping is introduced in DHCP Snooping Configurations. The - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 423
gigabitEthernet port } { none | arp-detection } [ forced-source {arp-scanning | dhcp-snooping} ] Manually bind the host name, IP address, MAC address, VLAN ID and port number of the host, and 10 Fa1/0/5 ARP-D Switch(config)#end Switch#copy running-config startup-config Configuration Guide 402 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 424
entries learned different sources, only the entry with the highest priority will be valid. The priority of different entry types, from high to low, is Manually, ARP Scanning and DHCP Snooping. Configuration Guide 403 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 425
DHCP Snooping. 2) Enable DHCP Snooping on a VLAN or range of VLANs. VLAN ID Specify the VLAN ID in the format shown on the page. Configuration Guide 404 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 426
packet if the two fields are different. This prevents the IP address resource on the DHCP server from being exhausted by forged MAC addresses. Configuration Guide 405 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 427
can check the location of the DHCP client via option 82. The DHCP server supporting Option 82 can also set the distribution policy of IP addresses and other parameters, providing or more ports and configure the parameters. Option 82 Support Enable the Option 82 feature. Configuration Guide 406 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 428
with each other. Enter the customized circuit ID, which contains up to 64 characters. Select Enable to manually define the remote ID field, which is a sub-option of Option 82. The remote ID configurations of show ip dhcp snooping Verify global configuration of DHCP Snooping. Configuration Guide 407 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 429
packet if the two fields are different. This prevents the IP address resource on the DHCP server from being exhausted by forged MAC addresses. Configuration Guide 408 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 430
1/0/1 Interface Trusted MAC-Verify Limit-Rate Dec-rate LAG Fa1/0/1 Enable Enable 10 20 N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 409 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 431
. Administrators can check the location of the DHCP client via option 82. The DHCP server supporting Option 82 can also set the distribution policy of IP addresses and other parameters, providing more -channel port-channel-id } Verify the Option 82 configuration of the port. Configuration Guide 410 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 432
82 Status Operation Strategy Circuit ID Remote ID LAG Fa1/0/7 Enable Replace VLAN20 Host1 N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 411 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 433
ARP Detection function will be inactive. The specific ports, such as up-link ports and routing ports are suggested to be set as trusted. Configuration Guide 412 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 434
pps (packet/second), and the default value is 15. Current Speed (pps) Displays the current speed of receiving the ARP packets on the port. Configuration Guide 413 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 435
number of the illegal ARP packets received on each port, which facilitates you to locate the network malfunction and take the related protection measures. Configuration Guide 414 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 436
Port Indicates whether the port is an ARP trusted port or not. Illegal ARP Packet Displays the number of the received illegal ARP packets. Configuration Guide 415 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 437
inspection Switch(config)#interface fastEthernet 1/0/1 Switch(config-if)#ip arp inspection trust Switch(config-if)#show ip arp inspection ARP detection global status: Enabled Configuration Guide 416 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 438
the configuration file. The following example shows how to enable ARP Defend and configure the ARP inspection limit-rate as 20 pps on port 1/0/2: Configuration Guide 417 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 439
View the ARP statistics on each port, including whether the port is trusted port and the number of received ARP packets on the port. Configuration Guide 418 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 440
packet of this type is illegal. Xmascan The attacker sends the illegal packet with its TCP index, FIN, URG and PSH field set to 1. Configuration Guide 419 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 441
which will cause the host with a blue screen. The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's Step 2 ip dos-prevent Globally enable the DoS defend feature. Configuration Guide 420 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 442
Operation System bugs, it will cause blue screen. smurf: The Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's show ip dos-prevent Verify the Dos Defend configuration. Configuration Guide 421 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 443
(config)#show ip dos-prevent Type Status --------- ------ Land Attack Enabled Scan SYNFIN Disabled Xmascan Disabled ...... Switch(config)#end Switch#copy running-config startup-config Configuration Guide 422 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 444
Config to load the following page. Figure 6-1 Enable AAA Function In the Global Config section, enable AAA function on the switch and click Apply. Configuration Guide 423 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 445
authentication and accounting. If multiple radius servers are available, you are suggested to add them to different server groups respectively for authentication and accounting. Configuration Guide 424 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 446
to be added to the group from the Server IP drop-down list . Then click Add to add this server to the server group. Configuration Guide 425 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 447
. 2) In the Accounting Dot1x Method List section, select an existing RADIUS server group for accounting from the Pri1 drop-down list and click Apply. Configuration Guide 426 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 448
-Link 802.1X Client and the switch. Please disable Handshake feature if you are using other client softwares instead of TPLink 802.1X Client. Configuration Guide 427 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 449
default time is 3 seconds. If the switch does not receive any reply from the client within the specified time, it will resend the request. Configuration Guide 428 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 450
clients can access the LAN without authentication. Authorized Displays whether the port is authorized or not. LAG Displays the LAG the port belongs to. Configuration Guide 429 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 451
form. aaa group radius group-name Create a radius server group. radius: Specify the group type as radius. group-name: Specify a name for the group. Configuration Guide 430 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 452
address of the RADIUS server is 192.168.0.100; the shared key is 123456; the authentication port is 1812; the accounting port is 1813. Configuration Guide 431 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 453
Follow these steps to configure 802.1X globally: Step 1 Step 2 configure Enter global configuration mode. dot1x system-auth-control Enable 802.1X authentication globally. Configuration Guide 432 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 454
. It ranges from 1 to 9 and the default is 3. show dot1x global (Optional) Verify global configurations of 802.1X. end Return to privileged EXEC mode. Configuration Guide 433 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 455
port-list} Enter interface configuration mode. port: Enter the ID of the port to be configured. dot1x Enable 802.1X authentication for the port. Configuration Guide 434 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 456
-if)#dot1x Switch(config-if)#dot1x port-method port-based Switch(config-if)#dot1x port-control auto Switch(config-if)#show dot1x interface fastEthernet 1/0/2 Configuration Guide 435 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 457
Port State GuestVLAN PortControl PortMethod Authorized LAG ---- ----- --------- -------- -------- Fa1/0/2 enabled disabled auto port-based unauthorized N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 436 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 458
types to access the switch, and Enable method list for guests to get administrative privileges. AAA Application List The switch supports the following access applications: Console, Telnet, SSH and HTTP. You can select the configured authentication method lists for each application. Configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 459
server: 1) In the Server Config section, configure the following parameters. Server IP Enter the IP address of the server running the RADIUS secure protocol. Configuration Guide 438 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 460
to encrypt passwords and exchange responses. Server Port Specify the TCP port used on the TACACS+ server for AAA. The default setting is 49. Configuration Guide 439 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 461
to be added to the group from the Server IP drop-down list . Then click Add to add this server to the server group. Configuration Guide 440 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 462
List A method list describes the authentication methods and their sequence to authenticate the users. The switch supports Login Method List for users of all types to gain access to the switch, and Enable Method the default methods or follow these steps to add a new method: Configuration Guide 441 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 463
the switch. Enable List 2) Click Apply. Select a previously configured Enable method list. This method list will authenticate the users trying to get administrative privileges. Configuration Guide 442 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 464
value of "enable 15" as the Enable password in the configuration file. All the users trying to get administrative privileges share this Enable password. Configuration Guide 443 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 465
act as backup servers in case the first one breaks down. Adding RADIUS Server Follow these steps to add RADIUS server on the switch: Configuration Guide 444 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 466
Switch(config)#show radius-server Server Ip Auth Port Acct Port Timeout Retransmit Shared key 192.168.0.10 1812 1813 8 3 123456 Switch(config)#end Configuration Guide 445 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 467
-port 49 timeout 8 key 123456 Switch(config)#show tacacs-server Server Ip Port Timeout Shared key 192.168.0.20 49 8 123456 Switch(config)#end Configuration Guide 446 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 468
)#server 192.168.0.10 Switch(aaa-group)#server 192.168.0.20 Switch(aaa-group)#show aaa group RADIUS1 192.168.0.10 192.168.0.20 Configuration Guide 447 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 469
A method list describes the authentication methods and their sequence to authenticate the users. The switch supports Login Method List for users of all types to gain access to the switch, and Enable login Login1 radius local Switch(config)#show aaa authentication login Configuration Guide 448 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 470
. Step 3 login authentication { method-list } Apply the Login method list for the application Console. method-list: Specify the name of the Login method list. Configuration Guide 449 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 471
apply the Login and Enable method lists for the application Telnet: Step 1 configure Enter global configuration mode. Step 2 line telnet Enter line configuration mode. Configuration Guide 450 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 472
-line)#end Switch#copy running-config startup-config SSH Follow these steps to apply the Login and Enable method lists for the application SSH: Configuration Guide 451 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 473
Enable List Console default default Telnet default default Ssh Login1 Enable1 Http default default Switch(config-line)#end Switch#copy running-config startup-config Configuration Guide 452 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 474
List Enable List Console default default Telnet default default Ssh default default Http Login1 Enable1 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 453 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 475
than one login account can be created on the server. Besides, both the user name and password can be customized. For Enable password configuration: Configuration Guide 454 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 476
share this Enable password. Tips: The logged-in guests can get administrative privileges by using the command enable-admin and providing the Enable password. Configuration Guide 455 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 477
port and other ports as untrusted ports. So that the illegal DHCP server on any other port cannot assign IP addresses for the clients. Configuration Guide 456 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 478
binding entries for User 1 and User 2 will be automatically learned via DHCP Snooping, and you need to manually bind the entry for User 3. 3) Enable ARP Detection on Switch A to prevent ARP cheating attacks. port and ports 1/0/1-port1/0/3 as untrusted ports, and click Apply. Configuration Guide 457 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 479
3) Choose the menu Network Security > IP-MAC Binding > Manual Binding to load the following page. Enter the host name, IP as the protect type, and select port 1/0/3 on the panel. Click Bind. Figure 8-4 Manual Binding 4) Choose the menu Network Security > IP-MAC Binding > Binding Table to load - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 480
8-6 ARP Detect 6) Choose the menu Network Security > ARP Inspection > ARP Defend to load the following page. Enable ARP Defend for port 1/0/1-3 and click Apply. Configuration Guide 459 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 481
Switch_A(config)#interface fastEthernet 1/0/4 Switch_A(config-if)#ip dhcp snooping trust Switch_A(config-if)#exit 3) Manually bind the entry for User 3. Switch_A(config)#ip source binding User3 192.168.0.33 88:a9:d4 (config-if)#ip arp inspection trust Switch_A(config-if)#exit Configuration Guide 460 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 482
:d4:54:fd:c3 1 Port ACL Col. ---- --- -- Fa1/0/1 ARP-D Fa1/0/2 ARP-D Fa1/0/3 ARP-D Verify the configuration of ARP Detection: Switch_A#show ip arp inspection Configuration Guide 461 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 483
on ports connected to the authentication server and the Internet, which ensures unrestricted connections between the switch and the authentication server or the Internet. Configuration Guide 462 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 484
. Figure 8-9 Enable AAA Function 2) Choose the menu Network Security > AAA > RADIUS Config to load the following page. Configure the parameters of the RADIUS server. Configuration Guide 463 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 485
the Authentication Dot1x Method List section, select radius1 as the radius server group for authentication, and click Apply. Figure 8-13 Configure Authentication RADIUS Server Configuration Guide 464 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 486
.1X authentication, set the Control Mode as auto and set the Control Type as MAC Based; For port 1/0/2 and port 1/0/3, disable 802.1X authentication. Configuration Guide 465 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 487
feature and configure relevant parameters. Switch_A#configure Switch_A(config)#dot1x system-auth-control Switch_A(config)#dot1x auth-method eap Switch_A(config)#dot1x quiet-period Configuration Guide 466 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 488
: 3 Supplicant Timeout: 3 sec. Verify the configurations of 802.1X authentication on the port: Switch_A#show dot1x interface Port State GuestVLAN PortControl PortMethod Authorized LAG Configuration Guide 467 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 489
Server 1 breaks down and doesn't respond to the authentication request, RADIUS Server 2 will work, so as to ensure the stability of the authentication system. Configuration Guide 468 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 490
Key as 123456, the Auth Port as 1812, and keep the other parameters as default. Click Add to add RADIUS Server 1 on the switch. Configuration Guide 469 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 491
Add New Server Group section, specify the group name as RADIUS1 and the server type as RADIUS. Click Add to create the server group. Configuration Guide 470 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 492
Login, and select the Pri1 as RADIUS1. Click Add to set the method list for the Login authentication. Figure 8-22 Configure Login Method List Configuration Guide 471 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 493
to the server group. Switch(config)#aaa group radius RADIUS1 Switch(aaa-group)#server 192.168.0.10 Switch(aaa-group)#server 192.168.0.20 Configuration Guide 472 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 494
of the method lists: Switch#show aaa authentication Authentication Login Methodlist: Methodlist pri1 pri2 pri3 pri4 default local -- -- -- Method-Login RADIUS1 -- -- -- Authentication Enable Methodlist: Configuration Guide 473 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 495
global AAA global status: Enable Module Login List Enable List Console default default Telnet Method-Login Method-Enable Ssh default default Http default default Configuration Guide 474 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 496
tables. Table 9-1 IP-MAC Binding Parameter Defualt Setting Protect Type For Manual Binding: None For ARP Scanning: None For DHCP Snooping: All Disable Decline Protect Disable Option 82 Config Option 82 Support Disable Operation Strategy Keep Circuit ID Customization Disable Circuit - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 497
Guest VLAN Accounting Quiet Feature Quiet Feature Quiet Period Retry Times Default Setting Disable EAP Enable Disable Disable Disable 10 seconds 3 Appendix: Default Parameters Configuration Guide 476 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 498
Port Retransmit Timeout TACACS+ Config Server IP Timeout Shared Key Defualt Setting Disable None None 1812 1813 2 5 seconds None 5 seconds None Appendix: Default Parameters Configuration Guide 477 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 499
telnet Login List: default Enable List: default Login List: default ssh Enable List: default Login List: default http Enable List: default Appendix: Default Parameters Configuration Guide 478 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 500
Configuring Network Security Configuration Guide 479 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 501
Configuring Network Security Configuration Guide 480 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 502
Configuring Network Security Configuration Guide 481 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 503
Part 15 Configuring SNMP & RMON CHAPTERS 1. SNMP Overview 2. SNMP Configurations 3. Notification Configurations 4. RMON Overview 5. RMON Configurations 6. Configuration Example 7. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 504
troubleshoot according to notifications sent by those devices in a timely manner. The device supports three SNMP versions: SNMPv1, SNMPv2c and SNMPv3.Table 1-1 lists features supported good security (such as VPNs), but with busy services in which the traffic congestion may occur. You can Guide 483 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 505
2 SNMP Configurations To complete the SNMP configuration, choose an SNMP version according to network requirements and supportability of the NMS software, and then follow these steps: Choose SNMPv3 1) Enable SNMP. 2) Read/Write View is the same for the user and the group. Configuration Guide 484 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 506
) manages MIB (Management Information Base) variables based on the SNMP view. Choose the menu SNMP > SNMP Config > SNMP View to load the following page. Configuration Guide 485 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 507
: The NMS cannot view or manage the function indicated by the object. 2.1.3 Creating an SNMP Group Create an SNMP group and configure related parameters. Configuration Guide 486 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 508
mode and a privacy mode are applied to check and encrypt packets. 2) Set the read, write and notify view of the SNMP Group. Click Create. Configuration Guide 487 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 509
the group that the user belongs to. Users with the same Group Name, Security Model and Security Level will be in the same group. Configuration Guide 488 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 510
encryption. 3) Click Create. 2.1.5 Creating SNMP Communities If you want to use SNMPv1 or SNMPv2c as the security model, you can create SNMP communities directly. Configuration Guide 489 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 511
accessed by the community. The default is viewDefault. 2.2 Using the CLI 2.2.1 Enabling SNMP Step 1 Step 2 configure Enter global configuration mode. snmp-server Enabling SNMP. Configuration Guide 490 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 512
version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs Configuration Guide 491 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 513
the view cannot be managed by the NMS. Step 3 show snmp-server view Displays the view table. Step 4 end Return to Privileged EXEC Mode. Configuration Guide 492 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 514
views. Meanwhile, set the authentication and privacy modes to secure the communication between the NMS and managed devices. Step 1 configure Enter global configuration mode. Configuration Guide 493 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 515
-Mode Sec-Lev Read-View Write-View Notify-View 1 nms-monitor v3 authPriv View View Switch(config)#end Switch#copy running-config startup-config Configuration Guide 494 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 516
user on the switch. Name the user as admin, and set the user as a remote user, SNMPv3 as the security mode, authPriv as the Configuration Guide 495 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 517
set an SNMP community. Name the community as the nms-monitor, and allow the NMS to view and modify parameters of View: Switch#configure Configuration Guide 496 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 518
(config)#show snmp-server community Index Name Type MIB-View 1 nms-monitor read-write View Switch(config)#end Switch#copy running-config startup-config Configuration Guide 497 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 519
162. For communication security, we recommend that you change the port number under the condition that communications on other UDP ports are not affected. Configuration Guide 498 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 520
. Set the length of time that the switch waits for a response from the NMS after sending an inform message; the default is 100 seconds. Configuration Guide 499 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 521
a response from the NMS within the timeout interval. show snmp-server host Displays the information of the host. end Return to privileged EXEC mode. Configuration Guide 500 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 522
traps snmp [ linkup | linkdown | warmstart | coldstart | auth-failure ] Configure parameters of basic traps supported on the switch. linkup: When a port status changes from linkdown to linkup, the switch sends a request fails in authentication. The trap is enabled by default. Configuration Guide 501 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 523
traps snmp linkup Switch(config)#end Switch#copy running-config startup-config (Optional) Enabling the SNMP Extend Trap Step 1 configure Enter global configuration mode. Configuration Guide 502 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 524
| loopback-detection | stormcontrol | spanning-tree | memory | power } Configure parameters of extended traps supported on the switch. bandwidth-control: The trap is used to monitor whether the bandwidth has reached the snmp-server traps bandwidth-control Switch(config)#end Configuration Guide 503 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 525
: Switch#configure Switch(config)#interface fastEthernet 1/0/1 Switch(config-if)#snmp-server traps link-status Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 504 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 526
MIB because of the limited device resources. Generally, the NMS can only get information of the following four groups: statistics, history, event and alarm. Configuration Guide 505 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 527
SNMP Notification before RMON configurations. 5.1 Using the GUI 5.1.1 Configuring Statistics Choose the menu SNMP > RMON > Statistics to load the following page. Figure 5-1 Statistics Config Configuration Guide 506 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 528
1/0/1 format to be monitored. To change the port, please enable the entry first. 2) Set the sample interval and the maximum buckets of history entries. Configuration Guide 507 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 529
. The name should be what you have set in SNMP previously. By default, it is public. 2) Set the description and type of the event. Configuration Guide 508 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 530
to be monitored, and associate the entry with a statistics entry. Index Displays the index of alarm entries. There are 12 alarm entries all together. Configuration Guide 509 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 531
default is 100. Falling Event Specify the index of the event that will be triggered when the sampled value is below the preset threshold. Configuration Guide 510 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 532
. index: Enter the index of statistics entries that you want to view. The ranges are from 1 to 65535. end Return to privileged EXEC mode. Configuration Guide 511 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 533
the number of records exceeds the limit, the earliest record will be overwritten. The values are from 10 to 130; the default is 50. Configuration Guide 512 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 534
Owner State 1 Fa1/0/1 100 50 monitor Enable Switch(config)#end Switch#copy running-config startup-config 5.2.3 Configuring Event Step 1 configure Enter global configuration mode. Configuration Guide 513 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 535
)#show rmon event Index User Description Type Owner State ----- 1 admin rising-notify Notify monitor Enable Switch(config)#end Switch#copy running-config startup-config Configuration Guide 514 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 536
characters. The default name is monitor. interval: Set the sampling interval. The value ranges from 10 to 3600 seconds; the default is 1800 seconds. Configuration Guide 515 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 537
Type: Absolute RHold-REvent: 3000-1 FHold-FEvent: 2000-2 Alarm startup: All Interval: 10 Owner: monitor Switch(config)#end Switch#copy running-config startup-config Configuration Guide 516 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 538
rising threshold and falling threshold, and bind the rising event to the notify event entry, and the falling event to the log event entry. Configuration Guide 517 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 539
SNMP 1) Choose SNMP > SNMP Config > Global Config to load the following page. Enable SNMP, and set the Remote Engine ID as 123456789a. Click Apply. Configuration Guide 518 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 540
with the name of nms-monitor, choose SNMPv3 and enable authentication and privacy, and add View to Read View and Notify View. Click Create. Configuration Guide 519 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 541
of the SNMP User. Choose the type as Inform, and set the retry times as 3, with the timeout period as 100 seconds. Click Create. Configuration Guide 520 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 542
entries and bind them to ports 1/0/1 and 1/0/2 respectively. Set the owner of the entries as monitor and the status as valid. Figure 6-7 Configuring Entry 1 Configuration Guide 521 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 543
enable. For entry 2, set the SNMP user name as admin, type as Log, description as "falling log", owner as monitor, and status as enable. Configuration Guide 522 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 544
settings. 6.5 Using the CLI Configuring Rate Limit on ports Configure the rate limit on required ports. For detailed configuration, please refer to Configuring QoS. Configuration Guide 523 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 545
as 100 seconds, max buckets as 50, and the owner as monitor. Switch(config)#rmon history 1 interface fastEthernet 1/0/1 interval 100 owner monitor buckets 50 Configuration Guide 524 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 546
name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 SNMP packets output Configuration Guide 525 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 547
Sec-Lev Read-View Write-View Notify-View 1 nms-monitor v3 authPriv View View Verify SNMP user configurations: Switch(config)#show snmp-server user Configuration Guide 526 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 548
configurations: Switch(config)#show rmon event Index User Description Type -------- 1 admin rising-notify Notify 2 admin falling-log Log Owner ---------monitor monitor State ---------Enable Enable Configuration Guide 527 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 549
: 2-Enabled Statistics index: 2 Alarm variable: BPkt Sample Type: Absolute RHold-REvent: 3000-1 FHold-FEvent: 2000-2 Alarm startup: All Interval: 10 Owner: monitor Configuration Example Configuration Guide 528 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 550
Security Model Security Level Read View Write View Notify View Default Setting None v1 noAuthNoPriv viewDefault None None MIB Object ID 1 1.3.6.1.6.3.15 1.3.6.1.6.3.16 1.3.6.1.6.3.18 Configuration Guide 529 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 551
None 162 None IPv4 v1 noAuthNoPriv Trap None in trap mode; 3 times in Inform mode. None in trap mode; 100 seconds in Inform mode. Configuration Guide 530 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 552
Falling Threshold Falling Event Alarm Type Interval Owner Default Setting RecBytes None Absolute 100 None 100 None All 1800 seconds monitor Appendix: Default Parameters Configuration Guide 531 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 553
Configuring SNMP & RMON Parameter Status Default Setting Disable Appendix: Default Parameters Configuration Guide 532 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 554
Part 16 Configuring LLDP CHAPTERS 1. LLDP 2. LLDP Configurations 3. LLDP-MED Configurations 4. Viewing LLDP Settings 5. Viewing LLDP-MED Settings 6. Configuration Example 7. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 555
know about the network topology, examine the network connectivity and troubleshoot the network faults. LLDP-MED (Media Endpoint Discovery) is for auto-configuration to minimize the configuration effort. 1.2 Supported Features The switch supports LLDP and LLDP-MED. LLDP allows the local Guide 534 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 556
feature for the interface. 2.1 Using the GUI 2.1.1 Global Config Choose the LLDP > Basic Config > Global Config to load the following page. Figure 2-1 Global Config Configuration Guide 535 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 557
quickly discovered by its neighbors. After the specified number of LLDP packets are sent, the Transmit Interval will be restored to the specified value. Configuration Guide 536 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 558
to inform the NMS when the local information changes. 2) Select the TLVs (Type/Length/Value) included in the LLDP packets according to your needs. Configuration Guide 537 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 559
station. SC: Used to advertise the supported functions and whether or not these functions are result of auto-negotiation during link initiation or of manual set override action. FS: Used to advertise the the port's PoE (Power over Ethernet) support capabilities. 2.2 Using the CLI 2.2.1 Global - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 560
(config)#lldp timer tx-interval 30 tx-delay 2 reinit-delay 3 notify-interval 5 fastcount 3 Switch(config)#show lldp LLDP Status: Enabled Tx Interval: 30 seconds Configuration Guide 539 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 561
LLDP configuration of the corresponding port. end Return to Privileged EXEC Mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 540 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 562
-Name Yes Link-Aggregation Yes MAC-Physic Yes Max-Frame-Size Yes Power Yes Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 541 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 563
feature, you also need configure the Voice VLAN feature. Refer to Configuring Voice VLAN for detailed instructions. 3.1 Using the GUI 3.1.1 Global Config Choose the LLDP > LLDP-MED> Global Config to load and Endpoint Device. The switch is a Network Connectivity device. Configuration Guide 542 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 564
outgoing LLDP packets. If Location Identification is selected, you need configure the Emergency Number or select Civic Address to configure the details. Click Apply. Configuration Guide 543 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 565
TLV, Model Name TLV and Asset ID TLV. Configure the emergency number to call CAMA or PSAP. The number should contain 10-25 characters. Configuration Guide 544 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 566
count as 4: Switch#configure Switch(config)#lldp Switch(config)#lldp med-fast-count 4 Switch(config)#show lldp LLDP Status: Enabled Tx Interval: 30 seconds Configuration Guide 545 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 567
address in the IETF defined address format. show lldp interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port } Display LLDP configuration of the corresponding port. Configuration Guide 546 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 568
Yes Port-VLAN-ID Yes Protocol-VLAN-ID Yes VLAN-Name Yes Link-Aggregation Yes MAC-Physic Yes Max-Frame-Size Yes Power Yes Configuration Guide 547 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 569
Configuring LLDP LLDP-MED Status: Enabled TLV Status --- ------ Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes Switch(config)#end Switch#copy running-config startup-config LLDP-MED Configurations Configuration Guide 548 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 570
4.1.1 Viewing LLDP Device Info Viewing the Local Info Choose the menu LLDP > Device Info > Local Info to load the following page. Figure 4-1 Local Info Configuration Guide 549 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 571
system name of the local device. System Description Displays the system description of the local device. System Capabilities Supported Displays the supported capabilities of the local system. System Capabilities Enabled Displays the primary functions of the local device. Management Address - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 572
the port ID of the neighbor device which is connected to the local port. Information Click to view the details of the neighbor device. Configuration Guide 551 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 573
latest number of neighbors that have aged out on the local device. 3) In the Neighbors Statistics section, view the statistics of the corresponding port. Configuration Guide 552 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 574
. Viewing LLDP Statistics show lldp traffic interface { fastEthernet port | gigabitEthernet port | tengigabitEthernet port } View the statistics of the corresponding port on the local device. Configuration Guide 553 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 575
Rate according to your needs. Click Apply. 2) In the LLDP-MED Local Info section, select the desired port and view the LLDP-MED settings. Configuration Guide 554 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 576
Displays the local device type defined by LLDP-MED.LLDP-MED. Application Type Displays the supported applications of the local device. Unknown Policy Flag Displays the unknown location settings included in Priority and Available Power Value will be displayed on this page. Configuration Guide 555 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 577
-information interface { fastEthernet port | gigabitEthernet port | ten-gigabitEthernet port } View the LLDP details of a specific port or all the ports on the local device. Configuration Guide 556 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 578
connected to the port. Viewing LLDP Statistics show lldp traffic interface { fastEthernet port | gigabitEthernet port | tengigabitEthernet port } View the statistics of the corresponding port. Configuration Guide 557 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 579
the company network to know about the link situation and network topology so that he can troubleshoot the potential network faults in advance. 6.1.2 Network Topology Exampled with the following situation: Port Fa1 parameters. Here we take the default settings as an example. Configuration Guide 558 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 580
configure all the TLVs included in the outgoing LLDP packets. Figure 6-3 LLDP Port Config 6.1.5 Using CLI 1) Enable LLDP globally and configure the corresponding parameters. Configuration Guide 559 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 581
Fast-packet Count: 3 LLDP-MED Fast Start Repeat Count: 4 View LLDP settings on each port Switch_A#show lldp interface fastEthernet 1/0/1 LLDP interface config: fastEthernet 1/0/1: Configuration Guide 560 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 582
-information interface fastEthernet 1/0/1 LLDP local Information: fastEthernet 1/0/1: Chassis type: MAC address Chassis ID: 00:0A:EB:13:23:97 Port ID type: Interface name Configuration Guide 561 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 583
supported: 0 Port and protocol VLAN supported: Yes Port and protocol supported: Yes Auto-negotiation enabled: Yes OperMau: speed(100)/duplex(Full) Link aggregation supported : Yes Link aggregation enabled: No Aggregation port ID: 0 Power port class: PSE PSE power supported - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 584
: TP-Link Model Name: T1500-28PCT 1.0 Asset ID: unknown View the Neighbor Info Switch_A#show lldp neighbor-information interface fastEthernet 1/0/1 LLDP Neighbor Information: fastEthernet 1/0/1: Configuration Guide 563 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 585
Smart Switch System capabilities supported: Bridge Router System capabilities protocol VLAN ID(PPVID): 0 Port and protocol VLAN supported: Yes Port and protocol VLAN enabled: No VLAN supported: Yes Auto-negotiation enabled: Yes OperMau: speed(100)/duplex(Full) Link aggregation supported - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 586
Configuring LLDP Configuration Example PSE power supported: No PSE power enabled: No PSE pairs control the same as the VLAN ID of the Voice VLAN. Refer to Configuring Voice VLAN for detailed instructions. 6.2.3 Network Topology Exampled with the configuration of one IP phone: One end of the IP - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 587
. Figure 6-6 Configuring Voice VLAN Globally Choose the menu QoS > Voice VLAN > Port Config, set the Voice VLAN mode on Fa1/0/1 and Fa1/0/2 as Auto and Manual respectively. Configuration Guide 566 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 588
Configuring LLDP Figure 6-7 Configuring Voice VLAN Mode on Port 1/0/1 Configuration Example Figure 6-8 Configuring Voice VLAN Mode on Port 1/0/2 Configuration Guide 567 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 589
6-11 LLDP-MED Global Config 5) Choose th menu LLDP > LLDP-MED > Policy Config to load the following page. Select port 1/0/1 and enable LLDP-MED. Configuration Guide 568 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 590
packets. Figure 6-13 LLDP-MED Port Config-Detail In the Location Identification Parameters section, configure the detailed address of the IP phone. Click Apply. Configuration Guide 569 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 591
. Switch_A(config)#interface fastEthernet 1/0/1 Switch_A(config-if)#switchport voice vlan mode auto Switch_A(config-if)#exit 3) Configure the Voice VLAN mode on port Fa1/0/2 as Manual and add port Fa1/0/2 to Voice VLAN. Configuration - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 592
(config)#interface fastEthernet 1/0/2 Switch_A(config-if)#switchport voice vlan mode manual Switch_A(config-if)#switchport general allowed vlan 10 tagged Switch_A(config-if port: Switch_A#show lldp interface fastEthernet 1/0/1 LLDP interface config: fastEthernet 1/0/1: Configuration Guide 571 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 593
-information interface fastEthernet 1/0/1 LLDP local Information: fastEthernet 1/0/1: Chassis type: MAC address Chassis ID: 00:0A:EB:13:23:97 Port ID type: Interface name Configuration Guide 572 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 594
supported: 0 Port and protocol VLAN supported: Yes Port and protocol supported: Yes Auto-negotiation enabled: Yes OperMau: speed(100)/duplex(Full) Link aggregation supported : Yes Link aggregation enabled: Yes Aggregation port ID: 1 Power port class: PSE PSE power supported - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 595
Number: Reserved Manufacturer Name: TP-Link Model Name: T1500-28PCT 1.0 Asset ID: unknown View the neighbor information: Switch_A#show lldp neighbor-information interface fastEthernet 1/0/1 Configuration Guide 574 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 596
VLAN enabled: Protocol identity: Auto-negotiation supported: Yes Auto-negotiation enabled: Yes OperMau: speed(100)/duplex(Full) Link aggregation supported: Link aggregation enabled: Aggregation port ID: Power port class: PSE power supported: PSE power enabled: Configuration Guide 575 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 597
No No 4095 5 46 Voice Signaling No No 4095 4 32 PD Device Unknown Unknown 7.0w 4 tnp31.3-2-0-11.bin term31.default FCH1537A2JV Cisco Systems, Inc. Configuration Guide 576 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 598
Disable All Default LLDP-MED Settings Table 7-3 Default LLDP-MED Settings Parameter Fast Start Count LLDP-MED Status Included TLVs Default Setting 4 Disable All Configuration Guide 577 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 599
Part 17 Configuring Maintenance CHAPTERS 1. Maintenance 2. Monitoring the System 3. System Log Configurations 4. Diagnosing the Device 5. Diagnosing the Network 6. Configuration Example for Remote Log 7. Appendix: Default Parameters - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 600
module assembles various system tools for network troubleshooting. 1.2 Supported Features The maintenance module includes system monitor, test the cable connection status, cable length and error length for troubleshooting. Network Diagnose The network diagnose function includes Ping test and Tracert - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 601
the switch fails to respond to management requests. In similar situations, you can monitor the system to verify a CPU or memory utilization problem. 2.1 Using the GUI 2.1.1 Monitoring the CPU Choose the menu Maintenance > System Monitor > CPU Monitor to load the following page. Figure 2-1 Monitoring - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 602
the following page. Figure 2-2 Monitoing the Memory Click Monitor to enable the switch to monitor and display its memory utilization rate every four seconds. Configuration Guide 581 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 603
the last 5 seconds, 1minute and 5minutes. The following example shows how to monitor the memory: Switch#show memory-utilization Unit | Current Memory Utilization 1 | 74% Configuration Guide 582 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 604
or password is entered. Error protocol packets are detected. The shutdown command is applied to a port. The display command is used. General operational information. Configuration Guide 583 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 605
the switch to send system logs to a host. To display the logs, the host should run a log server that complies with the syslog standard. Configuration Guide 584 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 606
Click Backup Log to save the system log as a file on your computer. If the switch system breaks down, you can check the file for troubleshooting. Configuration Guide 585 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 607
same or smaller. 3.2 Using the CLI 3.2.1 Configuring the Local Log Follow these steps to configure the local log: Step 1 configure Enter global configuration mode. Configuration Guide 586 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 608
: Switch#configure Switch(config)#logging buffer Switch(config)#logging buffer level 5 Switch(config)#logging file flash Switch(config)#logging file flash frequency periodic 10 Configuration Guide 587 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 609
operation status of other devices through the log host. idx: Enter the index of the log host. The switch supports 4 log hosts at most. host-ip: Specify the IP address for the log host. level: Enter the running-config startup-config Save the settings in the configuration file. Configuration Guide 588 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 610
)# show logging loghost Index Host-IP Severity Status 1 0.0.0.0 6 disable 2 192.168.0.148 5 enable 3 0.0.0.0 6 disable 4 0.0.0.0 6 disable Switch(config)#end Switch#copy running-config startup-config Configuration Guide 589 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 611
the port for cable testing. The interval between two cable tests for one port must be more than 3 seconds. Pair Displays the Pair number. Configuration Guide 590 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 612
status is short, close or crosstalk, here displays the length from the port to the trouble spot. The value makes sense only when the cable is longer than 30m. 4.2 Using the --- Pair-B Normal 2 (+/- 10m) --- Pair-C Normal 0 (+/- 10m) --- Pair-D Normal 2 (+/- 10m) --- Configuration Guide 591 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 613
destination device for Ping test, set Ping times, data size and interval according to your needs, and then click Ping to start the test. Configuration Guide 592 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 614
to start the test. Destination IP Enter the IP address of the destination device. Both IPv4 and IPv6 are supported. Max Hop Specify the maximum number of the route hops the test data can pass through. 2) In the connectivity between the switch and one node of the network. Configuration Guide 593 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 615
the destination node for ping test. If the parameter ip/ipv6 is not selected, both IPv4 and IPv6 addresses are supported, such as 192.168.0.100 or fe80::1234. -n count: Specify the amount of times to send test data routers along the path from the source to the destination: Configuration Guide 594 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 616
of the destination device. If the parameter ip/ipv6 is not selected, both IPv4 and IPv6 addresses are supported, such as 192.168.0.100 or fe80::1234. maxHops: Specify the maximum number of the route hops ms 1 ms 2 ms 192.168.1.1 2 2 ms 2 ms 2 ms 192.168.0.100 Trace complete. Configuration Guide 595 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 617
Network Requirements The company network manager needs to monitor network of department A for troubleshooting. Figure 6-1 Network Topology Department A Switch IP: 1.1.0.2/16 PC IP: 1.1.0.1/16 address, and the severity as level_5; click Apply. Figure 6-2 Remote Log Host Configuration Guide 596 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 618
-config startup-config Verify the Configurations Switch# show logging loghost Index Host-IP Severity Status 1 1.1.0.1 5 enable 2 0.0.0.0 6 disable 3 0.0.0.0 6 disable 4 0.0.0.0 6 disable Configuration Example for Remote Log Configuration Guide 597 - TP-Link T1500-28TC TL-SL2428 | T1500-28TCUN V1 Configuration Guide - Page 619
4 Data Size 64 bytes Interval 1000 milliseconds Table 7-4 Default Settings of Tracert Config Parameter Default Setting Destination IP 192.168.0.100 Max Hop 4 hops Configuration Guide 598
Configuration Guide
T1500-28TC (TL-SL2428)/T1500-28PCT(TL-SL2428P)
1910012115
REV2.0.0
March 2017