TP-Link T2500G-10TSTL-SG3210 T2500G-10TSUN V1 User Guide
TP-Link T2500G-10TSTL-SG3210 Manual
 |
View all TP-Link T2500G-10TSTL-SG3210 manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link T2500G-10TSTL-SG3210 manual content summary:
- TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 1
User Guide Jetstream Gigabit L2 Managed Switch T2500G-10TS (TL-SG3210) REV1.0.0 1910011848 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 2
. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 3
't disassemble the product, or make repairs yourself. You run the risk of electric shock and voiding the limited warranty. If you need service, please contact us. Avoid water and wet locations. Explanation of the symbols on the product label Symbol Explanation AC voltage RECYCLING This - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 4
CONTENTS Package Contents ...1 Chapter 1 About This Guide...2 1.1 Intended Readers ...2 1.2 Conventions ...2 1.3 Overview of This Guide 3 Chapter 2 Introduction...7 2.1 Overview of the Switch 7 2.2 Appearance Description 7 2.2.1 Front Panel...7 2.2.2 Rear Panel ...8 Chapter 3 Login to the Switch - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 5
4.4.2 HTTP Config...31 4.4.3 HTTPS Config 32 4.4.4 SSH Config...36 4.4.5 Telnet Config ...42 Chapter 5 Switching...43 5.1 Port...43 5.1.1 Port Config...43 5.1.2 Port Mirror...44 5.1.3 Port Security ...46 5.1.4 Port Isolation...48 5.1.5 Loopback Detection 49 5.2 LAG...50 5.2.1 LAG Table...51 5.2.2 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 6
6.3.3 Protocol Template 78 6.4 Application Example for 802.1Q VLAN 79 6.5 Application Example for MAC VLAN 80 6.6 Application Example for Protocol VLAN 82 6.7 VLAN VPN ...84 6.7.1 VPN Config...85 6.7.2 VLAN Mapping 86 6.8 GVRP ...87 Chapter 7 Spanning Tree ...91 7.1 STP Config ...96 7.1.1 STP - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 7
9.2 MLD Snooping ...141 9.2.1 Global Config 143 9.2.2 VLAN Config 144 9.2.3 Filter Config ...145 9.2.4 Port Config...146 9.2.5 Static Multicast 147 9.2.6 Querier Config 148 9.2.7 Packet Statistics 149 9.3 Multicast Table ...151 9.3.1 IPv4 Multicast Table 151 9.3.2 IPv6 Multicast Table 152 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 8
VLAN Binding 181 11.5 Application Example for ACL 182 Chapter 12 Network Security ...185 12.1 IP-MAC Binding...185 12.1.1 Binding Table 185 12.1.2 Manual Binding 187 12.1.3 ARP Scanning 188 12.1.4 DHCP Snooping 190 12.2 ARP Inspection ...195 12.2.1 ARP Detect...199 12.2.2 ARP Defend...200 12 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 9
12.5.9 Default Settings 220 12.6 PPPoE ...221 Chapter 13 SNMP...224 13.1 SNMP Config ...226 13.1.1 Global Config 226 13.1.2 SNMP View...227 13.1.3 SNMP Group 228 13.1.4 SNMP User ...230 13.1.5 SNMP Community 231 13.2 Notification ...234 13.2.1 Notification Config 234 13.3 RMON ...236 13.3.1 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 10
15.2.2 Local Log ...261 15.2.3 Remote Log ...262 15.2.4 Backup Log ...262 15.3 Device Diagnostics...263 15.4 Network Diagnostics 264 15.4.1 Ping ...264 15.4.2 Tracert...265 15.5 DLDP ...266 Chapter 16 System Maintenance via FTP 270 Appendix A: Glossary ...273 IX - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 11
switch One power cord One console cable Two mounting brackets and other fittings Installation Guide Resource CD for T2500G-10TS switch, including: • This User Guide • The CLI Reference Guide • SNMP Mibs • 802.1X Client Software • Other Helpful Information Note: Make sure that the package - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 12
you have, and on your location, language, and Internet service provider. All screenshots, images, parameters and descriptions documented in this guide are used for demonstration only. The information in this document and utility can be found at Download Center at http://www.tp-link.com/support. 2 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 13
contact information can be found at the Contact Technical Support page at http://www.tp-link.com/support. 1.3 Overview of This Guide Chapter Introduction Chapter 1 About This Guide Introduces the guide structure and conventions. Chapter 2 Introduction Introduces the features, application - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 14
with VLAN tags of private networks to be encapsulated with VLAN tags of public networks at the network access terminal of the Internet Service Provider. GVRP: GVRP allows the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagate the local - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 15
function to provide different quality of service for various network applications and requirements LAN ports to solve mainly authentication and security problems. AAA: Configure the AAA function the PPPoE Circuit-ID Insertion function to support the authentication, authorization, and accounting - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 16
This module is used to configure LLDP function to provide information for SNMP applications to simplify troubleshooting. Here mainly introduces: Basic Config: Configure the LLDP parameters of the device. the switch via FTP function. Lists the glossary used in this manual. Return to CONTENTS 6 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 17
, T2500G-10TS from TP-LINK provides wire-speed performance and full set of layer 2 management features. It provides a variety of service features and multiple powerful functions with high security. The EIA-standardized framework and smart configuration capacity can provide flexible solutions for - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 18
the SFP module. T2500G-10TS features 2 individual SFP ports and supports 1000M SFP module connection only. 2.2.2 Rear Panel The rear panel of AC cord or with Ground Cable. For detail information, please refer to Installation Guide. AC Power Socket: Connect the female connector of the power cord - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 19
Chapter 3 Login to the Switch 3.1 Login 1. To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP address of your PC should - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 20
Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Save Config. You are suggested to click Save Config before cutting off the power or - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 21
Chapter 4 System The System module is mainly for system configuration of the switch, including four submenus: System Info, User Management, System Tools and Access Security. 4.1 System Info The System Info, mainly for basic properties configuration, can be implemented on System Summary, Device - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 22
Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. Indicates the SFP port is not connected to a device. Indicates the SFP port is at the speed of 1000Mbps. When the cursor moves on the port, the detailed information of the port will be displayed. Port Info Figure 4-2 Port - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 23
. On this page you can configure the system time and the settings here will be used for other time-based functions like ACL. You can manually set the system time, get UTC automatically if it has connected to an NTP server or synchronize with PC's clock as the system time. Choose - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 24
and time of the switch. Current Time Source: Displays the current time source of the switch. Time Config Manual: When this option is selected, you can set the date and time manually. Get Time from NTP Server: Synchronize with PC'S Clock: When this option is selected, you can configure the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 25
Figure 4-6 Daylight Saving Time The following entries are displayed on this screen: DST Config DST Status: Predefined Mode: Recurring Mode: Date Mode: Enable or Disable DST. Select a predefined DST configuration: USA: Second Sunday in March, 02:00 - First Sunday in November, 02:00. Australia - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 26
Web management page to operate the switch using this IP Address. The switch supports three modes to obtain an IP address: Static IP, DHCP and BOOTP is selected, you should enter IP Address, Subnet Mask and Default Gateway manually. DHCP: When this option is selected, the switch will obtain network - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 27
Protocol version 4). Compared with IPv4, IPv6 increases the IP address size from 32 bits to 128 bits; this solves the IPv4 address exhaustion problem. IPv6 features IPv6 has the following features: 1. Adequate address space: The source and destination IPv6 addresses are both 128 bits (16 bytes - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 28
5. Automatic address configuration: To simplify the host configuration, IPv6 supports stateful and stateless address configuration. Stateful address configuration means that a host acquires an IPv6 address and related information from a server (for example, DHCP server). Stateless - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 29
An IPv6 address prefix is represented in "IPv6 address/prefix length" format, where "IPv6 address" is an IPv6 address in any of the above-mentioned formats and "prefix length" is a decimal number indicating how many leftmost bits from the preceding IPv6 address are used as the address prefix. 2. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 30
IPv6 unicast address can be classified into several types, including global unicast address, link-local address, and site-local address. The two most common types are introduced below: Global unicast address A Global unicast address is an IPv6 unicast address that is globally unique and is - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 31
can use link-local addresses to communicate; the nodes do not need globally unique addresses to communicate. The figure below shows the structure of a link-local address. Figure 4-9 Link-local Address Format IPv6 devices must not forward packets that have link-local source or destination addresses - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 32
solicitation message with an unspecified source address and a tentative link-local address in the body of the message. If another node is already using that address, the node returns a neighbor advertisement message that contains the tentative link-local address. If another node is simultaneously - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 33
A value of 137 in the type field of the ICMP packet header identifies an IPv6 neighbor redirect message. Devices send neighbor redirect messages to inform hosts of better first-hop nodes on the path to a destination. A device will send an IPv6 ICMP redirect message when the following conditions are - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 34
DHCPv6 Server: When this option is enabled, the system will try to obtain the global address from the DHCPv6 Server. Add a global address manually Address Format: Global Address: You can select the global address format according to your requirements. EUI-64: Indicates that you only need to - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 35
that the corresponding address is duplicate. It is illegal to access the switch using this address. Tips: After adding a global IPv6 address to your switch manually here, you can configure your PC's global IPv6 address in the same subnet with the switch and login to the switch via its global IPv6 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 36
you can only view some of the settings of different functions without the right to edit or modify. The Web management pages contained in this guide are subject to the admin's login without any explanation. Choose the menu System→User Management→User Config to load the following page. Figure 4-12 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 37
User Table Select: User ID, Name and Access Level: Operation: Select the desired entry to delete the corresponding user information. It is multi-optional The current user information can't be deleted. Displays the current user ID, user name and access level. Click the Edit button of the desired - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 38
4.3.2 Config Restore On this page you can upload a backup configuration file to restore your switch to this previous configuration. Choose the menu System→System Tools→Config Restore to load the following page. Figure 4-14 Config Restore The following entries are displayed on this screen: Config - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 39
The following entries are displayed on this screen: Config Backup Backup Config: Click the Backup Config button to save the current configuration as a file to your computer. You are suggested to take this measure before upgrading. Note: It will take a few minutes to back up the configuration. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 40
Choose the menu System→System Tools→System Reboot to load the following page. Figure 4-17 System Reboot Note: To avoid damage, please don't turn off the device while rebooting. 4.3.6 System Reset On this page you can reset the switch to the default. All the settings will be cleared after the switch - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 41
Choose the menu System→Access Security→Access Control to load the following page. Figure 4-19 Access Control The following entries are displayed on this screen: Access Control Config Control Mode: Access Interface: IP Address & Mask: MAC Address: Port: Select the control mode for users to log - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 42
the data transmission between the Web browser and servers. It is mainly applied through ecommerce and online banking. SSL mainly provides the following services: 1. Authenticate the users and the servers based on the certificates to ensure the data are transmitted to the correct users and servers - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 43
by a trusted certificate authority" or "Certificate Errors". Please add this certificate to trusted certificates or continue to this website. The switch also supports HTTPS connection for IPv6. After configuring an IPv6 address (for example, 3001::1) for the switch, you can log on to the switch - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 44
Choose the menu System→Access Security→HTTPS Config to load the following page. Figure 4-21 HTTPS Config The following entries are displayed on this screen: Global Config HTTPS: Select Enable/Disable the HTTPS function on the switch. SSL Version 3: Enable or Disable Secure Sockets Layer - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 45
CipherSuite Config RSA_WITH_RC4_128_MD5: Key exchange with RC4 128-bit encryption and MD5 for message digest. By default, it's enabled. RSA_WITH_RC4_128_SHA: Key exchange with RC4 128-bit encryption and SHA for message digest. By default, it's enabled. RSA_WITH_DES_CBC_SHA: Key exchange with - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 46
the client sends authentication request to the server for login, and then the two can communicate with each other after successful authentication. This switch supports SSH server and you can log on to the switch via SSH connection using SSH client software. SSH key can be downloaded into the switch - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 47
SSH: Select Enable/Disable SSH function. Protocol V1: Select Enable/Disable SSH V1 to be the supported protocol. Protocol V2: Select Enable/Disable SSH V2 to be the supported protocol. Idle Timeout: Specify the idle timeout time. The system will automatically release the connection when - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 48
Key Download Key Type: Key File: Download: Select the type of SSH Key to download. The switch supports two types: SSH-2 RSA/DSA and SSH-1 RSA. Please ensure the key length of the downloaded file is in the range of 512 to 3072 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 49
2. Click the Open button in the above figure to log on to the switch. Enter the login user name and password, and then you can continue to configure the switch. Application Example 2 for SSH: Network Requirements 1. Log on to the switch via key authentication using SSH and the SSH function is - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 50
2. During the key generation, randomly moving the mouse quickly can accelerate the key generation. 2. After the key is successfully generated, please save the public key and private key to the computer. 3. On the Web management page of the switch, download the public key file saved in the computer - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 51
4. After the public key and private key are downloaded, please log on to the interface of PuTTY and enter the IP address for login. 5. Click Browse to download the private key file to SSH client software and click Open. 41 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 52
After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded. 4.4.5 Telnet Config On this page you can Enable/Disable Telnet function globally on the switch. Choose the menu - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 53
Chapter 5 Switching Switching module is used to configure the basic functions of the switch, including four submenus: Port, DDM, LAG, Traffic Monitor and MAC Address. 5.1 Port The Port function, allowing you to configure the basic features for the port, is implemented on the Port Config, Port Mirror - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 54
port). Usually, the mirroring port is connected to a data diagnose device, which is used to analyze the mirrored packets for monitoring and troubleshooting the network. Choose the menu Switching→Port→Port Mirror to load the following page. Figure 5-2 Port Mirror Config The following entries are - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 55
Mirroring: Mode: Mirrored Port: Operation: Displays the mirroring port number. Displays the mirror mode. The value will be "Ingress" or "Egress". Displays the mirrored ports. You can configure the mirror group by clicking Edit. Click Edit to display the following figure. Figure 5-3 Port Mirror - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 56
Ingress: Egress: LAG: Select Enable/Disable the Ingress feature. When the Ingress is enabled, the incoming packets received by the mirrored port will be copied to the mirroring port. Select Enable/Disable the Egress feature. When the Egress is enabled, the outgoing packets sent by the mirrored port - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 57
. • Static: When Static mode is selected, the learned MAC address will be out of the influence of the aging time and can only be deleted manually. The learned entries will be cleared after the switch is rebooted. • Permanent: When Permanent mode is selected, the learned MAC address will be out of - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 58
Note: 1. The Port Security function is disabled for the LAG port member. Only the port is removed from the LAG, will the Port Security function be available for the port. 2. The Port Security function is disabled when the 802.1X function is enabled. 5.1.4 Port Isolation Port Isolation provides a - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 59
5.1.5 Loopback Detection With loopback detection feature enabled, the switch can detect loops using loopback detection packets. When a loop is detected, the switch will display an alert or further block the corresponding port according to the port configuration. Choose the menu Switching→Port→ - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 60
the port status whether a loopback is detected. Displays the port status about block or unblock. Displays the LAG number the port belongs to. Manually remove the block status of selected ports. Note: 1. Recovery Mode is not selectable when Alert is chosen in Operation Mode. 2. Loopback Detection - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 61
It's not suggested to add the ports with ARP Inspection and DoS Defend enabled to the LAG. If the LAG is needed, you are suggested to configure the LAG function here before configuring the other functions for the member ports. Tips: 1. Calculate the bandwidth for a LAG: If a LAG consists of the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 62
detailed information of your selected LAG. Figure 5-8 Detail Information 5.2.2 Static LAG On this page, you can manually configure the LAG. The LACP feature is disabled for the member ports of the manually added Static LAG. Choose the menu Switching→LAG→Static LAG to load the following page. Figure - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 63
The following entries are displayed on this screen: LAG Config Group Number: Select a Group Number for the LAG. Description: Give a description to the LAG for identification. LAG Table Member Port: Select the port as the LAG member. Clearing all the ports of the LAG will delete this LAG. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 64
Choose the menu Switching→LAG→LACP Config to load the following page. Figure 5-10 LACP Config The following entries are displayed on this screen: Global Config System Priority: Specify the system priority for the switch. The system priority and MAC address constitute the system identification ( - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 65
Status: LAG: Enable/Disable the LACP feature for your selected port. Displays the LAG number which the port belongs to. 5.3 Traffic Monitor The Traffic Monitor function, monitoring the traffic of each port, is implemented on the Traffic Summary and Traffic Statistics pages. 5.3.1 Traffic Summary - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 66
Packets Tx: Octets Rx: Octets Tx: Statistics: Displays the number of packets transmitted on the port. Displays the number of octets received on the port. The error octets are counted in. Displays the number of octets transmitted on the port. Click the Statistics button to view the detailed traffic - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 67
, which is the base for the switch to forward packets quickly. The entries in the Address Table can be updated by auto-learning or configured manually. Most the entries are generated and updated by auto-learning. In the stable networks, the static MAC address entries can facilitate the switch to - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 68
(if the configuration is saved) MAC address and the port Static Manually No Yes Address configuring Table The bound MAC address cannot be learned can be learned by the other ports in the same VLAN. Filtering Manually No Yes - Address configuring Table Table 5-1 Types and features of - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 69
Aging status of the MAC address. 5.4.2 Static Address The static address table maintains the static address entries which can be added or removed manually, independent of the aging time. In the stable networks, the static MAC address entries can facilitate the switch to reduce broadcast packets and - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 70
Choose the menu Switching→MAC Address→Static Address to load the following page. Figure 5-14 Static Address The following entries are displayed on this screen: Create Static Address MAC Address: Enter the static MAC Address to be bound. VLAN ID: Enter the corresponding VLAN ID of the MAC - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 71
Port: Type: Aging Status: Displays the corresponding Port number of the MAC address. Here you can modify the port number to which the MAC address is bound. The new port should be in the same VLAN. Displays the Type of the MAC address. Displays the Aging Status of the MAC address. Note: 1. If the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 72
Figure 5-15 Dynamic Address The following entries are displayed on this screen: Aging Config Auto Aging: Allows you to Enable/Disable the Auto Aging feature. Aging Time: Enter the Aging Time for the dynamic address. Search Option Search Option: Select a Search Option from the pull-down - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 73
value. 5.4.4 Filtering Address The filtering address is to forbid the undesired packets to be forwarded. The filtering address can be added or removed manually, independent of the aging time. The filtering MAC address allows the switch to filter the packets which includes this MAC address as the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 74
and maintain Layer 2 protocol configurations of each customer. The supported Layer 2 protocols are STP (Spanning Tree Protocol), GVRP encapsulates these packets with a special MAC address and sends them across the service-provider network through the NNI port. The devices in the ISP network do - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 75
Figure 5-1 A Typical L2PT Topology 5.5.1 L2PT Config Choose the menu Switching→L2PT→L2PT Config to load the following page. Figure 5-2 L2PT Config Configuration Procedure: 1) Enable the Layer 2 Protocol Tunneling globally under Global Config. 2) Configure the tunneling and protocol type on the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 76
it is connecting to the user's local network. • NNI: Specify the port's type as NNI if it is connecting to the ISP network. Select the supported Layer 2 protocol type. Packets of the specified protocol will be encapsulated with their destination MAC address before they are sent to the ISP network - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 77
the serious collision, the flooding broadcasts cannot be prevented, which will occupy plenty of bandwidth resources, causing potential serious security problems. A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. The - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 78
segment. This switch supports three ways, namely, 802.1Q VLAN, MAC VLAN and Protocol VLAN, the packet will be assigned to the default VLAN of the inbound port for transmission. In this User Guide, the tagged packet refers to the packet with VLAN tag whereas the untagged packet refers to the packet - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 79
1. ACCESS: The ACCESS port can be added in a single VLAN, and the egress rule of the port is UNTAG. The PVID is same as the current VLAN ID. If the ACCESS port is added to another VLAN, it will be removed from the current VLAN automatically. 2. TRUNK: The TRUNK port can be added in multiple VLANs, - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 80
Port Type Receiving Packets Untagged Packets Tagged Packets Forwarding Packets Access Trunk General If the VID of packet is the same as the PVID of the port, the packet will be received. The packet will be forwarded If the VID of packet is not after removing its VLAN tag. When untagged - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 81
Select: Select the desired entry to delete the corresponding VLAN. It is multi-optional. VLAN ID: Displays the ID number of VLAN. Name: Displays the user-defined name of VLAN. Members: Displays the port members in the VLAN. Operation: Allows you to view or modify the information for each - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 82
VLAN Members Port Select: Select: Port: Link Type: Egress Rule: LAG: Click the Select button to quick-select the corresponding entry based on the port number you entered. Select the desired port to be a member of VLAN or leave it blank. It's multi-optional. Displays the port number. Displays the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 83
Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. Link Type: PVID: Select the Link Type from the pull-down list for the port. • ACCESS: The ACCESS port can be added in a single VLAN, and the egress rule of the port is UNTAG. The PVID is - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 84
Configuration Procedure: Step Operation Description 1 Set the link type for Required. On the VLAN→802.1Q VLAN→Port Config page, set port. the link type for the port basing on its connected device. 2 Create VLAN. Required. On the VLAN→802.1Q VLAN→VLAN Config page, click the Create button to - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 85
Choose the menu VLAN→MAC VLAN to load the following page. Figure 6-7 Create and View MAC VLAN The following entries are displayed on this screen: VLAN Table MAC Address: Enter the MAC address. Description: Give a description to the MAC address for identification. VLAN ID: Enter the ID - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 86
role always effective. By creating Protocol VLANs, the network administrator can manage the network clients basing on their actual applications and services effectively. This switch can classify VLANs basing on the common protocol types listed in the following table. Please create the Protocol - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 87
Choose the menu VLAN→Protocol VLAN→Protocol Group Table to load the following page. Figure 6-8 Create Protocol VLAN The following entries are displayed on this screen: Protocol Group Table Select: Select the desired entry. It is multi-optional. Protocol Name: Displays the protocol of the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 88
Protocol Template Table Select your desired port for Protocol VLAN Group. 6.3.3 Protocol Template The Protocol Template should be created before configuring the Protocol VLAN. By default, the switch has defined the IP Template, ARP Template, RARP Template, etc. You can add more Protocol Template - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 89
Note: The Protocol Template bound to VLAN cannot be deleted. Configuration Procedure: Step Operation 1 Set the link type for port. 2 Create VLAN. 3 Create Protocol Template. 4 Create Protocol VLAN. 5 Modify/View VLAN. 6 Delete VLAN. Description Required. On the VLAN→802.1Q VLAN→Port Config page, - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 90
Network Diagram Configuration Procedure Configure switch A Step 1 2 3 Operation Description Configure the Required. On VLAN→802.1Q VLAN→Port Config page, configure Link Type of the the link type of Port 2, Port 3 and Port 4 as ACCESS, TRUNK and ports ACCESS respectively Create VLAN10 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 91
Notebook A and Notebook B, special for meeting room, are of two different departments; The two departments are in VLAN10 and VLAN20 respectively. The two notebooks can just access the server of their own departments, that is, Server A and Server B, in the two meeting rooms; The MAC address of - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 92
Step Operation 6 Port Enable Description Required. On the VLAN→MAC VLAN→Port Enable page, select and enable Port 11 and Port 12 for MAC VLAN feature. Configure switch B Step Operation Description 1 Configure the Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 93
IP host, in VLAN10, is served by IP server while AppleTalk host is served by AppleTalk server; Switch B is connected to IP server and AppleTalk server. Network Diagram Configuration Procedure Configure switch A Step Operation Description 1 Configure the Required. On VLAN→802.1Q VLAN→ - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 94
of public networks at the network access terminal of the Internet Service Provider. And these packets will be transmitted with double-tag across work normally without changing the current configurations. In addition, the switch supports the feature to adjust the TPID Values of VLAN VPN Packets. TPID - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 95
forwards or receives a packet, you must not configure the following protocol type values listed in the following table as the TPID value. Protocol type ARP IP MPLS IPX IS-IS LACP 802.1X Value 0x0806 0x0800 0x8847/0x8848 0x8137 0x8000 0x8809 0x888E Table 6-3 Values of Ethernet frame protocol type - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 96
of the Customer VLAN. C VLAN refers to the VLAN to which the packet received by switch belongs. Enter the ID number of the Service Provider VLAN. Enter the Service Provider Priority. Give a description to the VLAN Mapping entry or leave it blank. Select: Port: Select the desired entry to edit or - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 97
Customer VLAN. C VLAN refers to the VLAN to which the packet received by switch belongs. Displays the ID number of the Service Provider VLAN. Displays the Service Provider Priority. Displays a description to the VLAN Mapping entry. Click the Edit button to modify the settings of the entry and click - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 98
• Join Timer: To transmit the Join messages reliably to other entities, a GARP entity sends each Join message two times. The Join timer is used to define the interval between the two sending operations of each Join message. • Leave Timer: When a GARP entity expects to deregister a piece of attribute - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 99
Choose the menu VLAN→GVRP→GVRP Config to load the following page. Figure 6-13 GVRP Config Note: If the GVRP feature is enabled for a member port of LAG, please ensure all the member ports of this LAG are set to be in the same status and registration mode. The following entries are displayed on - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 100
LeaveAll Timer: Join Timer: Leave Timer: LAG: Once the LeaveAll Timer is set, the port with GVRP enabled can send a LeaveAll message after the timer times out, so that other GARP ports can re-register all the attribute information. After that, the LeaveAll timer will start to begin a new cycle. The - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 101
devices. To implement spanning tree function, the switches in the network transfer BPDUs between each other to exchange information and all the switches supporting STP receive and process the received BPDUs. BPDUs carry the information that is needed for switches to figure out the spanning tree - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 102
Bridge: Switch A is the root bridge in the whole network; switch B is the designated bridge of switch C. Port: Port 3 is the root port of switch B and port 5 is the root port of switch C; port 1 is the designated port of switch A and port 4 is the designated port of switch B; port 6 is the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 103
STP Generation In the beginning In the beginning, each switch regards itself as the root, and generates a configuration BPDU for each port on it as a root, with the root path cost being 0, the ID of the designated bridge being that of the switch, and the designated port being itself. Comparing - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 104
Tips: In an STP with stable topology, only the root port and designated port can forward data, and the other ports are blocked. The blocked ports only can receive BPDUs. RSTP (Rapid Spanning Tree Protocol), evolved from the 802.1D STP standard, enable Ethernet ports to transit their states rapidly. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 105
Figure 7-2 Basic MSTP diagram MSTP MSTP divides a network into several MST regions. The CST is generated between these MST regions, and multiple spanning trees can be generated in each MST region. Each spanning trees is called an instance. As well as STP, MSTP uses BPDUs to generate spanning tree. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 106
The following diagram shows the different port roles. Figure 7-3 Port roles The Spanning Tree module is mainly for spanning tree configuration of the switch, including four submenus: STP Config, Port Config, MSTP Instance and STP Security. 7.1 STP Config The STP Config function, for global - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 107
The following entries are displayed on this screen: Global Config STP: Enable/Disable STP function globally on the switch. Version: Select the desired STP version on the switch. STP: Spanning Tree Protocol. RSTP: Rapid Spanning Tree Protocol. MSTP: Multiple Spanning Tree Protocol. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 108
in the switches regenerating spanning trees frequently and cause network congestions to be falsely regarded as link problems. A too large max age parameter result in the switches unable to find the link problems in time, which in turn handicaps spanning trees being regenerated in time and makes the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 109
Choose the menu Spanning Tree→Port Config to load the following page. Figure 7-6 Port Config The following entries are displayed on this screen: Port Config Port Select: Select: Port: Status: Priority: ExtPath Cost: IntPath Cost: Edge Port: P2P Link: MCheck: STP Version: Click the Select - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 110
Port Role: Port Status: LAG: Displays the role of the port played in the STP Instance. Root Port: Indicates the port that has the lowest path cost from this bridge to the Root Bridge and forwards packets to the root. Designated Port: Indicates the port that forwards packets to a downstream - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 111
7.3.1 Region Config On this page you can configure the name and revision of the MST region Choose the menu Spanning Tree→MSTP Instance→Region Config to load the following page. Figure 7-7 Region Config The following entries are displayed on this screen: Region Config Region Name: Revision: - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 112
Choose the menu Spanning Tree→MSTP Instance→Instance Config to load the following page. Figure 7-8 Instance Config The following entries are displayed on this screen: Instance Table Instance ID Select: Click the Select button to quick-select the corresponding Instance ID based on the ID number - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 113
VLAN-Instance Mapping VLAN ID: Instance ID: Enter the desired VLAN ID. After modification here, the new VLAN ID will be added to the corresponding instance ID and the previous VLAN ID won't be replaced. Enter the corresponding instance ID. Note: In a network with both GVRP and MSTP enabled, - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 114
Select: Port: Priority: Path Cost: Port Role: Port Status: LAG: Select the desired port to specify its priority and path cost. It is multi-optional. Displays the port number of the switch. Enter the priority of the port in the instance. It is an important criterion on determining if the port - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 115
7.4.1 Port Protect On this page you can configure loop protect feature, root protect feature, TC protect feature, BPDU protect feature and BPDU filter feature for ports. You are suggested to enable corresponding protection feature for the qualified ports. Loop Protect In a stable network, a switch - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 116
network topology jitter. Normally these ports do not receive BPDUs, but if a user maliciously attack the switch by sending BPDUs, network topology jitter occurs. To prevent this attack, MSTP provides BPDU protect function. With this function enabled on the switch, the switch shuts down the edge - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 117
to 10 to specify the TC Protect Cycle. The default value is 5. 7.5 Application Example for STP Function Network Requirements Switch A, B, C, D and E all support MSTP function. A is the central switch. B and C are switches in the convergence layer. D, E and F are switches in the access layer - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 118
On VLAN→802.1Q VLAN page, configure the link type of the related ports as Trunk, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function On Spanning Tree→STP Config→STP Config page, enable STP function and select - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 119
On VLAN→802.1Q VLAN page, configure the link type of the related ports as Trunk, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function On Spanning Tree→STP Config→STP Config page, enable STP function and select - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 120
On VLAN→802.1Q VLAN page, configure the link type of the related ports as Trunk, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function On Spanning Tree→STP Config→STP Config page, enable STP function and select - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 121
Suggestion for Configuration Enable TC Protect function for all the ports of switches. Enable Root Protect function for all the ports of root bridges. Enable Loop Protect function for the non-edge ports. Enable BPDU Protect function or BPDU Filter function for the edge ports which are - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 122
is always designed to supply hosts with the configuration parameters in three policies. 1) Manual Assignment: For the specific DHCP clients (e.g., web server), the configuration parameters are manually specified by the administrator and are assigned to these clients via a DHCP server. 2) Automatic - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 123
the DHCP server with a fixed period of time (e.g., 2 hours), allowing the DHCP server to reclaim (and then reallocate) IP addresses that are not renewed. The Process of DHCP DHCP uses UDP as its transport protocol. DHCP messages from a client to a server are sent to the 'DHCP server' port (67), - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 124
when its lease time expires. If the client wants to use the IP address continually, it should unicast a DHCP-REQUEST message to the server to extend its lease. After obtaining parameters via DHCP, a host should be able to exchange packets with any other host in the networks. The Format of DHCP - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 125
DNS option is option 6, and it assigns the IP address of domain name server to the client which allows the client can use the web service in the internet. 4) option 12:Host Name option. The option12 is used to specify the name of the client, which may be requested by the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 126
option, please refer to RFC 2132. 8.1 DHCP Relay The switch supports DHCP relay function, and in this section, DHCP relay function on this server are unable to obtain their IP addresses dynamically. DHCP relay agent solves the problem. With the help of a relay agent, a DHCP client can request an - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 127
Figure 8-5 DHCP Relay Application To allow all clients in different VLANs request IP address from one server successfully, the DHCP Relay function can transmit the DHCP packets between clients and server in different VLANs. When receiving DHCP-DISCOVER and DHCP-REQUEST packets, the switch will - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 128
82 is defined, at least one sub-option should be defined. This Switch supports two sub-options, Circuit ID and Remote ID. Since there is no universal MAC address information of the client. You can define the sub-options manually. Figure8-7 Option 82 Note: The option 82 parameters configured on the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 129
Enable or disable the DHCP Relay function. Option 82 configuration Configure the Option 82 which cannot be assigned by the switch. Option 82 Support: Existed Option 82 Field: Customization: Circuit ID: Enable or disable the Option 82 feature. Select the operation for the existed Option 82 field - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 130
of the DHCP server. Displays the name of the DHCP server. Configuration Procedure: Step Operation 1 Enable DHCP Relay. 2 Configure Option 82 support. 3 Configure DHCP Server. Description Required. On the DHCP→DHCP Relay→DHCP Relay page, enable the DHCP Relay function. Optional. On the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 131
users requiring this information is not certain, unicast and broadcast deliver a low efficiency. Multicast solves this problem. It can deliver a high efficiency to send data in the point to multi-point service, which can save large bandwidth and reduce the network load. In multicast, the packets are - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 132
3. Each user can join and leave the multicast group at any time; 4. Real time is highly demanded and certain packets drop is allowed. IPv4 Multicast Address 1. IPv4 Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 133
0XFF at the start of the address identifies the address as being a multicast address. Flags have 4 bits. The high-order flag is reserved, and must be initialized to 0. T=0 indicates a permanently-assigned multicast address assigned by the Internet Assgined Numbers Authority (IANA). T=1 indicates a - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 134
The solicited-node multicast address is a multicast group that corresponds to an IPv6 unicast or anycast address. It is usually used for obtaining the Layer 2 link-layer addresses of neighboring nodes within the local-link or applied in IPv6 Duplicate Address Detection. A node is required to join - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 135
IGMP Snooping In the network, the hosts apply to the near router for joining (leaving) a multicast group by sending IGMP (Internet Group Management Protocol) messages. When the up-stream device forwards down the multicast data, the switch is responsible for sending them to the hosts. IGMP Snooping - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 136
When receiving IGMP general query message, the switch will forward them to all other ports in the VLAN owning the receiving port. The receiving port will be processed: if the receiving port is not a router port yet, it will be added to the router port list with its router port time specified; if the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 137
The IGMP Snooping function can be implemented on the following pages: Snooping Config, VLAN Config, Port Config, IP-Range, Multicast VLAN, Static Multicast IP and Packet Statistics. 9.1.1 Snooping Config To configure the IGMP Snooping on the switch, please firstly configure IGMP global configuration - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 138
9.1.2 VLAN Config Multicast groups established by IGMP Snooping are based on VLANs. On this page you can configure different IGMP parameters for different VLANs. Choose the menu Multicast→IGMP Snooping→VLAN Config to load the following page. Figure 9-6 VLAN Config The following entries are - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 139
Select: VLAN ID: Router Port Time: Member Port Time: Leave Time: Router Port: Select the desired VLAN ID for configuration. It is multi-optional. Displays the VLAN ID. Displays the router port time of the VLAN. Displays the member port time of the VLAN. Displays the leave time of the VLAN. Displays - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 140
Choose the menu Multicast →IGMP Snooping →Port Config to load the following page. Figure 9-7 Port Config The following entries are displayed on this screen: Port Config Port Select: Select: Port: IGMP Snooping: Fast Leave: Filter: Click the Select button to quick-select the corresponding port - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 141
Note: 1. Fast Leave on the port is effective only when the host supports IGMPv2 or IGMPv3. 2. When both Fast Leave feature and Unknown Multicast Discard feature are enabled, the leaving of a user connected to a port owning multi-user - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 142
the multicast router will duplicate this multicast information and deliver each VLAN owning a receiver one copy. This mode wastes a lot of bandwidth. The problem above can be solved by configuring a multicast VLAN. By adding switch ports to the multicast VLAN and enabling IGMP Snooping, you can make - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 143
Leave Time: Router Ports: Specify the interval between the switch receiving a leave message from a host, and the switch removing the host from the multicast groups. Enter the static router port which is mainly used in the network with stable topology. Note: 1. The router port should be in the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 144
Router: Its WAN port is connected to the multicast source; its LAN port is connected to the switch. The multicast packets are transmitted in VLAN3. Switch: Port 3 is connected to the router and the packets are transmitted in VLAN3; port 4 is connected to user A and the packets are transmitted in - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 145
Step Operation Description 4 Enable Multicast Enable Multicast VLAN, configure the VLAN ID of a multicast VLAN VLAN as 3 and keep the other parameters as default on Multicast→IGMP Snooping→Multicast VLAN page. 5 Check VLAN Multicast 3-5 and Multicast VLAN 3 will be displayed in the IGMP - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 146
network that runs IGMP, a Layer 3 multicast device works as an IGMP querier to send IGMP queries and manage the multicast table. But IGMP is not supported by the devices in Layer 2 network. IGMP Snooping Querier can act as an IGMP Router in Layer 2 network. It can help to create and maintain - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 147
Choose the menu Multicast→IGMP Snooping→IGMP Snooping Querier to load the following page. Figure 9-11 Packet Statistics The following entries are displayed on this screen: IGMP Snooping Querier Config VLAN ID: Enter the ID of the VLAN that enables IGMP Snooping Querier. Query Interval: Enter - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 148
Last Member Query Times: Enter the times of sending specific query frames by IGMP Snooping Querier. At receiving a leave frame, a specific query frame will be sent by IGMP Snooping Querier. If a report frame is received before sending specific frames number reaches "Last Member Query Times", the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 149
Choose the menu Multicast→IGMP Snooping→Packet Statistics to load the following page. Figure 9-12 Packet Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable auto refresh feature. Refresh Period: Enter the time from 3 to 300 in seconds to - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 150
Leave Packet: Error Packet: Displays the number of leave packets the port received. Displays the number of error packets the port received. 9.1.9 IGMP Authentication IGMP Authentication (Internet Group membership Authentication Protocol) is a multicast authentication protocol used to authenticate - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 151
IGMP Authentication: LAG: Select Enable/Disable IGMP Authentication for the desired port. Displays the LAG number which the port belongs to. Note: The IGMP Authentication feature will take effect only when AAA function is enabled and the RADIUS server is configured. For how to enable AAA function - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 152
Member Port Aging Time: Within this time, if the switch does not receive MLD reports from the member port, it will delete this port from the MLD multicast group. The default value is 260 seconds. General Query Interval: The interval between the multicast router sends out general queries. Last - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 153
9.2.1 Global Config To configure the MLD Snooping on the switch, please firstly configure MLD global configuration and related parameters on this page. Chose the menu Multicast→MLD Snooping→Global Config to load the following page. Figure 9-14 Global Config The following entries are displayed on - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 154
Last Listener Query Interval: Last Listener Query Count: Multicast VLAN: Multicast VLAN ID: Enter the Last Listener Query interval time. When the multicast group has no more member ports, it will send the Specific Query Message with this interval time to check whether there is another listener. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 155
Member Port Aging Time: Immediate Leave: Static Router Ports: VLAN Table Select: VLAN ID: Router Port Aging Time: Member Port Aging Time: Immediate Leave: Static Router Ports: Dynamic Ports: Router Enter the member port aging time for this VLAN. It will override the global configured - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 156
Choose the menu Multicast→MLD Snooping→Filter Config to load the following page. Figure 9-16 Filter Config The following entries are displayed on this screen: Filter Config Filter ID: Start Multicast IP: End Multicast IP: Enter the Filter ID which identifies the filter. Enter the start of the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 157
Choose the menu Multicast→MLD Snooping→Port Config to load the following page. Figure 9-17 Port Config The following entries are displayed on this screen: Port Config Select: Port: Filter: Filter Mode: Filter IDs: Max Groups: LAG: Select the port you want to configure. Displays the port number. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 158
that runs MLD, a Layer 3 multicast device works as an MLD querier to send out MLD queries and manage the multicast table. But MLD is not supported by the devices in Layer 2 network. MLD Snooping Querier can act as an MLD Router in Layer 2 network. It can help to create and maintain - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 159
Choose the menu Multicast→MLD Snooping→Querier Config to load the following page. Figure 9-19 Querier Config The following entries are displayed on this screen: Querier Config VLAN ID: Maximum Response Time: Query Interval: Query Source IP: Enter the VLAN ID which you want to start Querier. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 160
Choose the menu Multicast→MLD Snooping→Packet Statistics to load the following page. Figure 9-20 Packet Statistics The following entries are displayed on this screen: Auto Fresh Auto Fresh: Fresh Period: MLD Packet Statistics Enable/Disable auto fresh feature. Enter the time from 3 to 300 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 161
9.3 Multicast Table In a network, receivers can join different multicast groups appropriate to their needs. The switch forwards multicast streams based on IPv4/IPv6 multicast address table. The Multicast Table function is implemented on the IPv4 Multicast Table and IPv6 Multicast Table pages. 9.3.1 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 162
Forward Port: Type: Displays the forward port of the multicast group. Displays the type of the multicast IP. 9.3.2 IPv6 Multicast Table This page displays the IPv6 multicast groups already on the switch. Choose the menu Multicast→Multicast Table→IPv6 Multicast Table to load the following page. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 163
the bandwidth resource distribution so as to provide a network service experience of a better quality. QoS This switch the network is congested, the problem that many packets compete for resources must be solved, usually in the way of queue scheduling. The switch supports four schedule modes: SP, - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 164
Figure 10-3 IP datagram As shown in the figure above, the ToS (Type of Service) in an IP header contains 8 bits. The first three bits indicate IP precedence priority mode. Schedule Mode When the network is congested, the problem that many packets compete for resources must be solved, usually in the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 165
, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 166
specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms. The port priorities are labeled as CoS0, CoS1... CoS7. The DiffServ function can be implemented on Port Priority - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 167
Note: To complete QoS function configuration, you have to go to the Schedule Mode page to select a schedule mode after the configuration is finished on this page. Configuration Procedure: Step Operation Description 1 Select the port priority Required. On QoS→DiffServ→Port Priority page, - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 168
Figure 10-7 DSCP Priority The following entries are displayed on this screen: DSCP Priority Config DSCP Priority: Enable/Disable DSCP Priority. Priority Level DSCP: Indicates the priority determined by the DSCP region of IP datagram. It ranges from 0 to 63. Priority Level: Indicates the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 169
Step Operation Description 2 Configure the mapping relation between the CoS and the TC Required. On QoS→DiffServ→802.1P Priority page, configure the mapping relation between the CoS and the TC. 3 Select a schedule mode Required. On QoS→DiffServ→Schedule Mode page, select a schedule mode. 10 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 170
select a schedule mode. 10.1.4 Schedule Mode On this page you can select a schedule mode for the switch. When the network is congested, the problem that many packets compete for resources must be solved, usually in the way of queue scheduling. The switch will control the forwarding sequence of the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 171
SP+WRR-Mode: Equ-Mode: Strict-Priority + Weight Round Robin Mode. In this mode, this switch provides two scheduling groups, SP group and WRR group. Queues in SP group and WRR group are scheduled strictly based on strict-priority mode while the queues inside WRR group follow the WRR mode. In SP+WRR - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 172
entered as the real Ingress rate. Configure the bandwidth for sending packets on the port. You can select a rate from the dropdown list or select "Manual" to set Egress rate, the system will automatically select integral multiple of 64Kbps that closest to the rate you entered as the real Egress rate - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 173
Choose the menu QoS→Bandwidth Control→Storm Control to load the following page. Figure 10-11 Storm Control The following entries are displayed on this screen: Storm Control Config Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 174
00 3com phone Table 10-1 OUI addresses on the switch Port Voice VLAN Mode A voice VLAN can operate in two modes: automatic mode and manual mode. Automatic Mode: In this mode, the switch automatically adds a port which receives voice packets to voice VLAN and determines the priority of the packets - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 175
table shows the detailed information. Port Voice VLAN Mode Automatic Mode Manual Mode Voice Stream Type TAG voice stream UNTAG voice stream TAG voice port in the voice VLAN should be TAG. ACCESS: Supported. TRUNK: Not supported. GENERAL: Supported. The default VLAN of the port should be voice VLAN - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 176
Security Mode Enable Disable Packet Type Processing Mode UNTAG packet When the source MAC address of the packet is the OUI address that can be identified, the packet can be Packet with voice transmitted in the voice VLAN. Otherwise, the packet will VLAN TAG be discarded. Packet with other - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 177
Aging Time: Priority: Specifies the living time of the member port in auto mode after the OUI address is aging out. Select the priority of the port when sending voice data. 10.3.2 Port Config Before the voice VLAN function is enabled, the parameters of the ports in the voice VLAN should be - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 178
VLAN by checking whether the port receives voice data or not. Manual: In this mode, you can manually add a port to the voice VLAN or remove a port from LAG number which the port belongs to. 10.3.3 OUI Config The switch supports OUI creation and adds the MAC address of the special voice device to - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 179
, click the Create button to create a VLAN. 3 Add OUI address Optional. On QoS→Voice VLAN→OUI Config page, you can check whether the switch is supporting the OUI template or not. If not, please add the OUI address. 4 Configure the parameters Required. On QoS→Voice VLAN→Port Config page, of the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 180
Chapter 11 ACL ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 181
Operation: Click the Edit button to modify the time-range. Click the Detail button to display the complete information of this time-range. 11.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figure 11-2 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 182
End Time: Time-Slice Table Index: Start Time: End Time: Delete: Set the end time of the time-slice. Displays the index of the time-slice. Displays the start time of the time-slice. Displays the end time of the time-slice. Click the Delete button to delete the corresponding time-slice. 11.1.3 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 183
11.2 ACL Config An ACL may contain a number of rules, and each rule specifies a different package range. Packets are matched in match order. Once a rule is matched, the switch processes the matched packets taking the operation specified in the rule without considering the other rules, which can - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 184
Figure 11-5 ACL Create The following entries are displayed on this screen: Create ACL ACL ID: Enter ACL ID of the ACL you want to create. Rule Order: User Config order is set to be match order in this ACL. 11.2.3 MAC ACL MAC ACLs analyze and process packets based on a series of match - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 185
Rule ID: Operation: S-MAC: D-MAC: MASK: VLAN ID: EtherType: User Priority: Time-Range: Enter the rule ID. Select the operation for the switch to process packets which match the rules. Permit: Forward packets. Deny: Discard Packets. Enter the source MAC address contained in the rule. Enter the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 186
Operation: Fragment: S-IP: D-IP: Mask: Time-Range: Select the operation for the switch to process packets which match the rules. Permit: Forward packets. Deny: Discard Packets. Select if the rule will take effect on the fragment. When the fragment is selected, this rule will process all the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 187
Rule ID: Operation: S-IP: D-IP: Mask: IP Protocol: TCP Flag: S-Port: D-Port: DSCP: IP ToS: IP Pre: Time-Range: Enter the rule ID. Select the operation for the switch to process packets which match the rules. Permit: Forward packets. Deny: Discard Packets. Enter the source IP address contained - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 188
Figure 11-9 Policy Summary The following entries are displayed on this screen: Search Options Select Policy: Select name of the desired policy for view. If you want to delete the desired policy, please click the Delete button. Action Table Select: Select the desired entry to delete the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 189
11.3.3 Action Create On this page you can add ACLs and create corresponding actions for the policy. Choose the menu ACL→Policy Config→Action Create to load the following page. Figure 11-11 Action Create The following entries are displayed on this screen: Create Action Select Policy: Select the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 190
QoS Remark: Select QoS Remark to forward the data packets based on the QoS settings. DSCP: Specify the DSCP region for the data packets those match the corresponding ACL. Local Priority: Specify the local priority for the data packets those match the corresponding ACL. 11.4 Policy Binding - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 191
11.4.2 Port Binding On this page you can bind a policy to a port. Choose the menu ACL→Policy Binding→Port Binding to load the following page. Figure 11-13 Bind the policy to the port The following entries are displayed on this screen: Port-Bind Config Policy Name: Select the name of the policy - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 192
The following entries are displayed on this screen: VLAN-Bind Config Policy Name: Select the name of the policy you want to bind. VLAN ID: Enter the ID of the VLAN you want to bind. VLAN-Bind Table Index: Displays the index of the binding policy. Policy Name: Displays the name of the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 193
Network Diagram Configuration Procedure Step Operation Description 1 Configure On ACL→Time-Range page, create a time-range named work_time. Time-range Select Week mode and configure the week time from Monday to Friday. Add a time-slice 08:00-18:00. 2 Configure for On ACL→ACL Config→ACL - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 194
Step Operation Description 3 Configure for On ACL→ACL Config→ACL Create page, create ACL 100. requirement 2 and 4 On ACL→ACL Config→Standard-IP ACL page, select ACL 100, create Rule 2, configure operation as Permit, configure S-IP as 10.10.70.0 and mask as 255.255.255.0, configure D-IP as 10. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 195
access and only allow the Hosts matching the bound entries to access the network. The following three IP-MAC Binding methods are supported by the switch. 1. Manually: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 196
and click the Search button to view your desired entry in the Binding Table. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed. • Snooping: Only the entries formed via - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 197
take effect. 2. Among the conflicting entries with the same Source priority, only the last added or edited one will take effect. 12.1.2 Manual Binding You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the related information of - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 198
Manual Binding Table Select: Host Name: IP Address: MAC Address: VLAN ID: Select the desired entry to be deleted. It is multi-optional. Displays the Host - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 199
2. Since the ARP request packet is broadcasted, all hosts in the LAN can receive it. However, only the Host B recognizes and responds to the request. Host B sends back an ARP reply packet to Host A, with its MAC address carried in the packet. 3. Upon receiving the ARP reply packet, Host A adds the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 200
basing on the BOOTP, functions to solve the above mentioned problems. DHCP Working Principle DHCP works via the "Client/Server different DHCP Clients, DHCP Server provides three IP address assigning methods: 1. Manually assign the IP address: Allows the administrator to bind the static IP - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 201
the DHCP Client via Option 82 so as to locate the DHCP Client for fulfilling the security control and account management of Client. The Server supported Option 82 also can set the distribution policy of IP addresses and the other parameters according to the Option 82, providing more flexible address - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 202
are several DHCP servers in the network, network confusion and security problem will happen. The common cases incurring the illegal DHCP servers are the following two: It's common that the illegal DHCP server is manually configured by the user by mistake. Hacker exhausted the IP addresses of - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 203
Choose the menu Network Security→IP-MAC Binding→DHCP Snooping to load the following page. Figure 12-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. 193 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 204
will be limited to be this value if the transmission rate of the Decline packets exceeds the Decline Threshold. Option 82 Config Option 82 Support: Enable/Disable the Option 82 feature. Existed Option 82 field: Select the operation for the existed Option 82 field of the DHCP request packets - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 205
MAC Verify: Flow Control: Decline Protect: LAG: Enable/Disable the MAC Verify feature. There are two fields of the DHCP packet containing the MAC address of the Host. The MAC Verify feature is to compare the two fields and discard the packet if the two fields are different. Enable/Disable the Flow - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 206
As the above figure shown, the attacker sends the fake ARP packets with a forged Gateway address to the normal Host, and then the Host will automatically update the ARP table after receiving the ARP packets. When the Host tries to communicate with Gateway, the Host will encapsulate this false - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 207
Figure 12-11 ARP Attack - Cheating Terminal Hosts As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 208
Figure 12-12 Man-In-The-Middle Attack Suppose there are three Hosts in LAN connected with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP address is 192.168.0.103; - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 209
The IP-MAC Binding function allows the switch to bind the IP address, MAC address, VLAN ID and the connected Port number of the Host together when the Host connects to the switch. Basing on the predefined IP-MAC Binding entries, the ARP Inspection functions to detect the ARP packets and filter the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 210
address, VLAN ID and the address, MAC address, VLAN ID and the connected connected Port number of Port number of the Host together via Manual Binding, the Host together. ARP Scanning or DHCP Snooping. 2 Enable the protection for Required. On the Network Security→IP-MAC the bound entry. Binding - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 211
The following entries are displayed on this screen: ARP Defend Port Select: Select: Port: Defend: Speed: Current Speed: Status: LAG: Operation: Click the Select button to quick-select the corresponding port based on the port number you entered. Select your desired port for configuration. It is - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 212
) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host, which incurs an abnormal service or even breakdown of the network. With DoS Defend function enabled, the switch can analyze the specific fields of the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 213
DoS Attack Type Description Smurf Attack By pretending to be a Host, the attacker broadcasts request packets for ICMP response in the LAN. When receiving the request packet, all the Hosts in the LAN will respond and send the reply packets to the actual Host, which will causes this Host to be - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 214
issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to solve mainly authentication and security problems. 802.1X is a port-based network access control protocol. It authenticates and controls devices requesting for access in terms of the ports of - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 215
support the 802.1X authentication protocol. 2. Authenticator System: The authenticator system is usually an 802.1X-supported is in trouble, the alternate authentication server can substitute it to provide normal authentication service. instructions (accept or reject) received from the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 216
them successfully reach the authentication server. This mode normally requires the RADIUS server to support the two fields of EAP: the EAP-message field and the Message-authenticator field. This switch supports EAP-MD5 authentication way for the EAP relay mode. The following figure describes the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 217
are accomplished through RADIUS protocol. In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the following figure. Figure 12-19 PAP Authentication Procedure In PAP - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 218
server for further authentication. Whereas the randomly-generated key in EAP-MD5 relay mode is generated by the authentication server, and the switch is responsible to encapsulate the authentication packet and forward it to the RADIUS server. 802.1X Timer In 802.1 x authentication, the following - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 219
Choose the menu Network Security→802.1X→Global Config to load the following page. Figure 12-20 Global Config The following entries are displayed on this screen: Global Config 802.1X: Auth Method: Guest VLAN: Guest VLAN ID: Enable/Disable the 802.1X function. Select the Authentication Method - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 220
Accounting: Authentication Config Quiet: Quiet Period: Retry Times: Supplicant Timeout: Enable/Disable the 802.1X accounting feature. Enable/Disable the Quiet timer. Specify a value for Quiet Period. Once the supplicant failed to the 802.1X Authentication, then the switch will not respond to the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 221
. For the client computers, you are required to software. install the TP-LINK 802.1X Client provided on the CD. Please refer to the software guide in the same directory with the software for more information. 2 Configure the 802.1X Required. By default, the global 802.1X function is globally - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 222
: Console, Telnet, SSH and HTTP. Authentication Method List A method list describes the authentication methods and their sequence to authenticate a user. The switch supports Login List for users to gain access to the switch, and Enable List for normal users to gain administrative privileges. The - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 223
set by the admin users using the command lines. For more details please refer to the command enable admin password in the Command Line Interface Guide on the resource CD. 213 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 224
12.5.3 RADIUS Server Config This page is used to configure the authentication servers running the RADIUS security protocols. Choose the menu Network Security→AAA→RADIUS Conifg to load the following page. Figure 12-3 RADIUS Server Config Configuration Procedure: Configure the RADIUS server's IP - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 225
12.5.4 TACACS+ Server Config This page is used to configure the authentication servers running the TACACS+ security protocols. Choose the menu Network Security→AAA→TACACS+ Conifg to load the following page. Figure 12-4 TACACS+ Server Config Configuration Procedure: Configure the TACACS+ server's - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 226
Choose the menu Network Security→AAA→Server Group to load the following page. Figure 12-5 Create New Server Group Figure 12-6 Add Server to Server Group Configuration Procedure: 1) Configure the Server Group name and Server Type to create a server group. (Figure 12-5) 2) Click edit in the Server - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 227
Note: 1. The two built-in server groups radius and tacacs cannot be deleted or edited. 2. Up to 16 servers can be added to one server group. 12.5.6 Authentication Method List Config Before you configure AAA authentication on a certain application, you should define an authentication method list - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 228
Configuration Procedure: 1) Enter the method list name. 2) Specify the authentication type as Login or Enable. 3) Configure the authencation method with priorities. The options are local, none, radius, tacacs or user-defined server groups. View and delete the configured method priority list in the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 229
Choose the menu Network Security→AAA→Global Config to load the following page. Figure 12-8 Application Authentication Settings Configuration Procedure: 1) Select the application module. 2) Configure the authentication method list from the Login List drop-down menu. This option defines the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 230
Choose the menu Network Security→AAA→Dot1x List to load the following page. Configuration Procedure: 1) Configure the 802.1X function both globally and on the supplicant-connected port. Please refer to 13.6 802.1X for more details. 2) Go to Network Security→AAA→Global Conifg to enable AAA - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 231
Feature Default Settings Authentication enable method list The list is empty, which means users can promote to administrator privilege without password. Access application authentication The application console/telnet/ssh/http use the default Login List and default Enable list. 802.1X - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 232
5. Upon receiving the PADO packets with the Circuit-ID tag, the switch will remove the tag and send the packets to the client. The switch will forward the PADO packets without the Circuit-ID tag directly. 6. The client sends PADR (PPPoE Active Discovery Request) packets according to the process. 7. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 233
Port Config Port Select: Select: Port: Circuit-ID: Circuit-ID Type: UDF Value: Remote-ID: Remote-ID Value: Click the Select button to quick-select the corresponding port based on the port number you entered. Select the desired port for configuration. It is multi-optional. Displays the port number - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 234
Chapter 13 SNMP SNMP Overview SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the network devices. It is used for automatically managing the various network devices no matter the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 235
SNMP Versions This switch supports SNMP v3, and is compatible with SNMP v1 and SNMP v2c. The SNMP versions adopted by SNMP Management Station and SNMP Agent should be the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 236
SNMP Management Station by configuring its view type (included/excluded). The OID of managed object can be found on the SNMP client program running on the SNMP Management Station. 2. Create SNMP Group After creating the SNMP View, it's required to create an SNMP Group. The Group Name, Security Model - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 237
The following entries are displayed on this screen: Global Config SNMP: Enable/Disable the SNMP function. Local Engine Local Engine ID: Specify the switch's Engine ID for the remote clients. The Engine ID is a unique alphanumeric string used to identify the SNMP engine on the switch. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 238
View Config View Name: MIB Object ID: View Type: View Table Select: View Name: View Type: MIB Object ID: Give a name to the View for identification. Each View can include several entries with the same name. Enter the Object Identifier (OID) for the entry of View. Select the type for the view - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 239
Security Model: Security Level: Read View: Write View: Notify View: Group Table Select: Group Name: Security Model: Security Level: Read View: Write View: Notify View: Operation: These three items of the Users in one group should be the same. Select the Security Model for the SNMP Group. • v1: - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 240
the Modify button to apply. Note: Every Group should contain a Read View. The default Read View is viewDefault. 13.1.4 SNMP User The User in an SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access right. You can - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 241
Auth Mode: Auth Password: Privacy Mode: Privacy Password: User Table Select: User Name: User Type: Group Name: Security Model: Security Level: Auth Mode: Privacy Mode: Operation: Select the Authentication Mode for the SNMP v3 User. • None: No authentication method is used. • MD5: The port - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 242
Figure 13-7 SNMP Community The following entries are displayed on this screen: Community Config Community Name: Enter the Community Name here. Access: MIB View: Defines the access rights of the community. • read-only: Management right of the Community is restricted to read-only, and changes - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 243
Step Operation 1 Enable SNMP function globally. 2 Create SNMP View. 3 Create SNMP Group. 4 Create SNMP User. Description Required. On the SNMP→SNMP Config→Global Config page, enable SNMP function globally. Required. On the SNMP→SNMP Config→SNMP View page, create SNMP View of the management - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 244
13.2 Notification With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views (e.g., the managed device is rebooted), which allows the management station to monitor and process the events in time. The - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 245
Security Level: Type: Retry: Timeout: Notification Table Select: IP Mode: IP Address: UDP Port: User: Security Model: Security Level: Type: Timeout: Retry: Operation: Select the Security Level for the SNMP v3 User. • noAuthNoPriv: No authentication and no privacy security level are used. • - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 246
to manage the large-scale network since it reduces the communication traffic between management station and managed agent. RMON Group This switch supports the following four RMON Groups defined on the RMON standard (RFC1757): History Group, Event Group, Statistic Group and Alarm Group. RMON Group - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 247
13.3.1 History Control On this page, you can configure the History Group for RMON. Choose the menu SNMP→RMON→History Control to load the following page. Figure 13-9 History Control The following entries are displayed on this screen: History Control Table Select: Select the desired entry for - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 248
13.3.2 Event Config On this page, you can configure the RMON events. Choose the menu SNMP→RMON→Event Config to load the following page. Figure 13-10 Event Config The following entries are displayed on this screen: Event Table Select: Select the desired entry for configuration. Index: Displays - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 249
13.3.3 Alarm Config On this page, you can configure Statistic Group and Alarm Group for RMON. Choose the menu SNMP→RMON→Alarm Config to load the following page. Figure 13-11 Alarm Config The following entries are displayed on this screen: Alarm Table Select: Select the desired entry for - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 250
Alarm Type: Interval: Owner: Status: Specify the type of the alarm. • All: The alarm event will be triggered either the sampled value exceeds the Rising Threshold or is under the Falling Threshold. • Rising: When the sampled value exceeds the Rising Threshold, an alarm event is triggered. • Falling - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 251
learn about each other. The LLDP information can be used by SNMP applications to simplify troubleshooting, enhance network management, and maintain an accurate network topology. LLDPDU Format Each port to both transmit and receive LLDPDUs. Four LLDP admin statuses are supported by each port. 241 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 252
Tx&Rx: the port can both transmit and receive LLDPDUs. Rx_Only: the port can receive LLDPDUs only. Tx_Only: the port can transmit LLDPDUs only. Disable: the port cannot transmit or receive LLDPDUs. 2) LLDPDU transmission mechanism If the ports are working in TxRx or Tx mode, they will - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 253
The following table shows the details about the currently defined TLVs. TLV Type TLV Name Description Usage in LLDPDU 0 End of LLDPDU Mark the end of the TLV sequence in LLDPDUs. Mandatory Any information following an End Of LLDPDU TLV shall be ignored. 1 Chassis ID Identifies the Chassis - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 254
In TP-LINK switch, the following LLDP optional TLVs are supported. TLV Description Port Description TLV The Port Description TLV allows these settings are the result of auto-negotiation during link initiation or of manual set override action. Max Frame Size TLV The Maximum Frame Size TLV - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 255
TLV Description Power Via MDI TLV The Power Via MDI TLV allows network management to advertise and discover the MDI power support capabilities of the sending IEEE 802.3 LAN station. The LLDP module is mainly for LLDP function configuration of the switch, including three submenus: Basic Config, - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 256
Transmit Delay: Reinit Delay: Notification Interval: Fast Start Count: Enter a value from 1 to 8192 in seconds to specify the time for the local device to transmit LLDPDU to its neighbors after changes occur so as to prevent LLDPDU being sent frequently. The default value is 2 seconds. This - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 257
Admin Status: Notification Mode: Included TLVs: Details: Select the port's LLDP operating mode: Tx&Rx: Send and receive LLDP frames. Rx_Only: Only receive LLDP frames. Tx_Only: Only send LLDP frames. Disable: Neither send nor receive LLDP frames. Enable/Disable the ports' SNMP notification. - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 258
The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Specify the auto refresh rate. Local Info Enter the desired port number and click Select to display the information of the corresponding port. 14.2.2 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 259
Neighbor Port: Information: Displays the he port number of the neighbor linking to local port. Click Information to display the detailed information of the neighbor device. 14.3 Device Statistics You can view the LLDP statistics of local device through this feature. Choose the menu LLDP→Device - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 260
LLDP-MED Device at the network edge, providing some aspects of IP communications service, based on IEEE 802 LAN technology. Endpoint Devices may be a member II): The class of Endpoint Device that supports media stream capabilities. Communication Device Endpoint (Class III): The class of - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 261
, Software Revision TLV, Serial Number TLV, Manufacturer Name TLV, Model Name TLV and Asset ID TLV. If support for any of the TLVs in the Inventory Management set is implemented, then support for all Inventory Management TLVs shall be implemented. LLDP-MED is configured on the Global Config, Port - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 262
The following entries are displayed on this screen: LLDP-MED Parameters Config Fast Start Count: Device Class: When LLDP-MED fast start mechanism is activated, multiple LLDP-MED frames will be transmitted (the number of frames equals this parameter). The default value is 4. LLDP-MED devices are - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 263
Parameters Configure the Location Identification TLV's content in outgoing LLDPDU of the port. Emergency Number: Civic Address: Emergency number is Emergency Call Service ELIN identifier, which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. The Civic address is - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 264
network element believed to be closest to the client (1: Switch) or the location of the client (2: LLDP-MED Endpoint). Option (2) should be used, but may not be known. Options (0) and (1) should not be used unless it is known that the DHCP client is in close physical proximity to the server or - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 265
Device Type: Application Type: Unknown Policy Flag: VLAN tagged: Media Policy VLAN ID: Media Policy Layer 2 Priority: Media Policy DSCP: Specify the auto refresh rate. Application Type indicates the primary function of the applications defined for the network policy. Displays whether the local - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 266
Application Type: Local Data Format: Power Type: Information: Displays the application type of the neighbor. Application Type indicates the primary function of the applications defined for the network policy. Displays the location identification of the neighbor. Displays the power type of the - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 267
, provides the convenient method to locate and solve the network problem. 1. System Monitor: Monitor the utilization status of the memory Test: Test the connection status of the cable to locate and diagnose the trouble spot of the network. 4. Network Diagnostics: Test whether the destination device - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 268
Figure 15-1 CPU Monitor Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds. 15.1.2 Memory Monitor Choose the menu Maintenance→System Monitor→Memory Monitor to load the following page. 258 - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 269
every four seconds. 15.2 Log The Log system of switch can record, classify and manage the system information effectively, providing powerful support for network administrator to monitor network operation and diagnose malfunction. The Logs of switch are classified into the following eight levels - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 270
15-1 Log Level The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages. 15.2.1 Log Table The switch supports logs output to two directions, namely, log buffer and log file. The information in log buffer will be lost after the switch is rebooted or - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 271
Module: Severity: Content: Displays the module which the log information belongs to. You can select a module from the drop-down list to display the corresponding log information. Displays the severity level of the log information. You can select a severity level to display the log information whose - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 272
page. Figure 15-5 Log Host The following entries are displayed on this screen: Log Host Index: Displays the index of the log host. The switch supports 4 log hosts. Host IP: Configure the IP for the log host. UDP Port: Displays the UDP port used for receiving/sending log information. Here we - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 273
. Cable Test functions to test the connection status of the cable connected to the switch, which facilitates you to locate and diagnose the trouble spot of the network. Choose the menu Maintenance→Device Diagnostics→Cable Test to load the following page. Figure 15-7 Cable Test The following - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 274
Error: If the connection status is close, open or impedance, here displays the error length of the cable. Note: 1. The interval between two cable tests for one port must be more than 3 seconds. 2. The result is more reasonable when the cable pair is in the open status. 3. The test result is just - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 275
IP address of the destination node for Ping test. Both IPv4 and IPv6 are supported. Ping Times: Enter the amount of times to send test data during Ping test data. When malfunctions occur to the network, you can locate trouble spot of the network with this tracert test. Choose the menu Maintenance - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 276
device through the link layer, but the peer device cannot receive packets from the local device. Unidirectional links can cause a variety of problems, such as spanning-tree topology loops. Once detecting a unidirectional link, DLDP can shut down the related port automatically or inform users. DLDP - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 277
be tagged as unidirectional and the DLDP state will transit from Probe to Disable. This port will be shut down automatically or manually (depending on the Shut Mode configured). The typical bidirectional link detection process is ○2 →○4 →○5 , and the typical unidirectional link detection process is - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 278
, DLDP generates logs and traps and shuts down the corresponding port on detecting unidirectional links, and the DLDP link state transits to Disable. • Manual: In this mode, DLDP only generates logs and traps if it detects unidirectional links, and the operation to shut down the unidirectional link - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 279
specified port in the Port Config table. 3 Configure Shut Mode. Optional. On the Maintenance→DLDP→DLDP page, configure the Shut Mode as Auto or Manual under the Global Config tab. 4 Reset DLDP state. Optional. On the Maintenance→DLDP→DLDP page, select the specified ports or select all the ports - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 280
Chapter 16 System Maintenance via FTP The firmware can be downloaded to the switch via FTP function. FTP (File Transfer Protocol), a protocol in the application layer, is mainly used to transfer files between the remote server and the local PCs. It is a common protocol used in the IP network for - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 281
Figure 16-2 Open Hyper Terminal 3. Download Firmware via bootUtil menu To download firmware to the switch via FTP function, you need to enter into the bootUtil menu of the switch and take the following steps. 1) Connect the console port of the PC to the console port of the switch and open hyper - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 282
3) After entering into bootUtil menu, please firstly configure the IP parameters of the switch. The format is: ifconfig ip xxx.xxx.xxx.xxx mask 255.255.255.0 gateway xxx.xxx.xxx.xxx. For example: Configure the IP address as 10.10.70.22, mask as 255.255.255.0 and gateway as10.10.70.1. The detailed - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 283
TFTP server that contains the devices system files, and the name of the boot file. Class of Service (CoS) CoS is supported by prioritizing packets based on the required level of service, and then placing them in the appropriate output queue. Data is transmitted from the queues using weighted round - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 284
virtual LANs, and defines a standard way for VLANs to communicate across switched networks. IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 285
whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows data on the target several lower-speed physical links. Remote Authentication Dial-in User Service (RADIUS) RADIUS is a logon authentication protocol that uses software - TP-Link T2500G-10TSTL-SG3210 | T2500G-10TSUN V1 User Guide - Page 286
(UDP) UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets - connection-less datagrams that may be discarded before reaching their targets. UDP is useful
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
 |
 |
User Guide
Jetstream Gigabit L2 Managed Switch
T2500G-10TS (TL-SG3210)
REV1.0.0
1910011848