TP-Link TL-SG3424P TL-SG3424P V1 User Guide
TP-Link TL-SG3424P Manual
 |
View all TP-Link TL-SG3424P manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link TL-SG3424P manual content summary:
- TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 1
TL-SG3424P JetStream L2 Managed PoE Switch Rev: 1.0.0 1910010614 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 2
TP-LINK TECHNOLOGIES CO., LTD. Other brands and product names are trademarks or registered trademarks of their respective holders. No part of the specifications if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 3
Tools ...19 4.3.1 Config Restore 19 4.3.2 Config Backup 19 4.3.3 Firmware Upgrade 20 4.3.4 System Reboot 21 4.3.5 System Reset 21 4.4 Access Security ...21 4.4.1 Access Control 21 4.4.2 SSL Config...23 4.4.3 SSH Config ...24 Chapter 5 Switching...30 5.1 Port ...30 5.1.1 Port Config ...30 IV - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 4
Traffic Summary 41 5.3.2 Traffic Statistics 42 5.4 MAC Address...43 5.4.1 Address Table 44 5.4.2 Static Address 46 5.4.3 Dynamic Address 47 5.4.4 Filtering Address 49 Chapter 6 VLAN...51 6.1 802.1Q VLAN...52 6.1.1 VLAN Config ...54 6.1.2 Port Config ...56 6.2 MAC VLAN ...58 6.3 Protocol VLAN - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 5
9.2.1 Rate Limit...117 9.2.2 Storm Control 118 9.3 Voice VLAN ...120 9.3.1 Global Config 122 9.3.2 Port Config ...122 9.3.3 OUI Config ...124 Chapter 10 PoE ...126 10.1 PoE Config ...126 10.1.1 PoE Config...127 10.1.2 Profile Config 128 10.2 PoE Time-Range ...129 10.2.1 Time-Range Summary 129 10 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 6
.4 Policy Binding ...142 11.4.1 Binding Table 142 11.4.2 Port Binding 143 11.4.3 VLAN Binding 143 11.5 Application Example for ACL 144 Chapter 12 Network Security ...147 12.1 IP-MAC Binding ...147 12.1.1 Binding Table 147 12.1.2 Manual Binding 148 12.1.3 ARP Scanning 150 12.1.4 DHCP Snooping - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 7
Device Info...197 14.2.1 Local Info ...197 14.2.2 Neighbor Info 198 14.3 Device Statistics...199 14.4 LLDP-MED ...200 14.4.1 Global Config 201 14.4.2 Port Config ...201 14.4.3 Local Info ...203 14.4.4 Neighbor Info 204 Chapter 15 Cluster...206 15.1 NDP ...207 15.1.1 Neighbor Info 207 15.1.2 NDP - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 8
.2.3 Remote Log 225 16.2.4 Backup Log ...226 16.3 Device Diagnose...227 16.3.1 Cable Test ...227 16.3.2 Loopback ...228 16.4 Network Diagnose ...228 16.4.1 Ping...228 16.4.2 Tracert...229 Appendix A: Specifications ...231 Appendix B: Configuring the PCs 232 Appendix C: Load Software Using FTP 235 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 9
items should be found in your box: ¾ One JetStream L2 Managed PoE Switch ¾ One power cord ¾ One console cable ¾ Two mounting brackets and other fittings ¾ Installation Guide ¾ Resource CD for TL-SG3424P switch, including: • This User Guide • Other Helpful Information Note: Make sure that the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 10
Chapter 1 About this Guide This User Guide contains information for setup and management of TL-SG3424P JetStream L2 Managed PoE Switch. Please read this guide carefully before operation. 1.1 Intended Readers This Guide is intended for network managers familiar with IT concepts and network - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 11
the basic features for the port. z LAG: Configure Link Aggregation Group. LAG is to combine a number of ports together to make a single high-bandwidth data path. z Traffic Monitor: Monitor the traffic of each port z MAC Address: Configure the address table of the switch. This module is used to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 12
: Bind the policy to a port/VLAN to take its effect on a specific port/VLAN. This module is used to configure the multiple protection measures for the network security. Here mainly introduces: z IP-MAC Binding: Bind the IP address, MAC address, VLAN ID and the connected Port number of the Host - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 13
connected to the switch, test if the port of the switch and the connected device are available. z Network Diagnose: Test if the destination is reachable and the account of router hops from the switch to the destination. Lists the hardware specifications of the Switch. Introduces how to configure - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 14
Thanks for choosing the TL-SG3424P JetStream L2 Managed PoE Switch! 2.1 Overview of the Switch Designed for workgroups and departments, TL-SG3424P from TP-LINK provides wire-speed performance and abundant layer 2 management features. It provides a variety of service features and multiple powerful - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 15
configuring the Switch. ¾ LEDs TL-SG3424P has a LED mode switch button which is for switching the LED status indication. When the Speed LED is on, the port LED is indicating the data transmission rate. When the PoE LED is on, the port LED is indicating the power supply status. By default the Speed - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 16
the PoE LED is on, the port LED is indicating the power supply status. LED Status Indication On The Switch is powered on. Power Off The Switch is powered off or power supply is abnormal. Flashing Power supply is abnormal. System Flashing On/Off The Switch works properly. The Switch works - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 17
Figure 2-2 Rear Panel ¾ Grounding Terminal: TL-SG3424P already comes with Lightning Protection Mechanism. You can also ground the Switch through the PE (Protecting Earth) cable of AC cord or with Ground Cable. For detail information, please refer to Installation Guide. ¾ AC Power Socket: Connect the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 18
the Switch. The IP address is 192.168.0.x ("x" is any number from 2 to 254), Subnet Mask is 255.255.255.0. For the detailed instructions as to how to do this, please refer to Appendix B. 2) After a moment, a login window will appear, as shown in Figure 3-2. Enter admin for the User Name and Password - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 19
Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Saving Config. You are suggested to click Saving Config before cutting off the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 20
Description, System Time and System IP pages. 4.1.1 System Summary On this page you can view the port connection status and the system information. The port status diagram shows the working status of 24 10/100/1000Mbps RJ45 ports and 4 SFP ports of the switch. The ports labeled as numbers are 10 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 21
the speed of 100Mbps. When the cursor moves on the port, the detailed information of the port will be displayed. ¾ Port Info Figure 4-2 Port Information Port: Type: Rate: Status: Displays the port number of the switch. Displays the type of the port. Displays the maximum transmission rate of the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 22
sending packets on this port. 4.1.2 Device Description On this page you can configure the description of the switch, including device name, switch is running. On this page you can configure the system time and the settings here will be used for other time-based functions like ACL. You can manually - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 23
Synchronize with PC'S Clock: When this option is selected, you can set the date and time manually. When this option is selected, you can configure the time zone and the IP Address for the NTP Server. The switch will get GMT automatically if it has connected to a NTP Server. z Time Zone: Select your - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 24
in its default network. 4.1.4 System IP Each device in the network possesses a unique IP Address. You can log on to the Web management page to operate the switch using this IP Address. The switch supports three modes to obtain an IP address: Static IP, DHCP and BOOTP. The IP address obtained using - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 25
is selected, the switch will get network parameters dynamically from the Internet, so IP address, subnet mask and default gateway can not be configured. 5. By default, the default IP address is 192.168.0.1. 4.2 User Manage User Manage functions to configure the user name and password for users to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 26
can view the settings without the right to edit and modify. Select Enable/Disable the user configuration. Password: Type a password for users' login. Confirm Password: Retype the password. ¾ User Table Select: Select the desired entry to delete the corresponding user information. It is multi - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 27
System Tools The System Tools function, allowing you to manage the configuration file of the switch, can be implemented on Config Restore, Config Backup, Firmware Upgrade, System Reboot and System Reset pages. 4.3.1 Config Restore On this page you can upload a backup configuration file to restore - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 28
. Please wait without any operation. 4.3.3 Firmware Upgrade The switch system can be upgraded via the Web management page. To upgrade the system is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware. Choose the menu System→System Tools - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 29
On this page you can reset the switch to the default. All the settings will be cleared after the switch is reset. Choose the menu System→System Tools→System Reset to load the following page. Figure 4-13 System Reset Note: After the system is reset, the switch will be reset to the default and all the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 30
Config Control Mode: IP Address&Mask Select the control mode for users to log on to the Web management page. z IP-based: Select this option to limit the IP-range of the users for login. z MAC-based: Select this option to limit the MAC Address of the users for login. z Port-based: Select this - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 31
through ecommerce and online banking. SSL mainly provides the following services: 1. Authenticate the users and the servers based on the the first time you use HTTPS connection to log into the switch with the default certificate, you will be prompted that "The security certificate presented - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 32
switch. ¾ Certificate Download Certificate File: Select the desired certificate to download to the switch. will not work. 2. The SSL certificate and key downloaded will not take effect until the switch is rebooted. method is not safe, because the password and data transmitted with plain-text can - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 33
each other after successful authentication. This switch supports SSH server and you can log on to the switch via SSH connection using SSH client supported protocol. Idle Timeout: Specify the idle timeout time. The system will automatically release the connection when the time is up. The default - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 34
the interface of PuTTY. Enter the IP address of the switch into Host Name field; keep the default value 22 in the Port field; select SSH as the Connection type. 2. Click the Open button in the above figure to log on to the switch. Enter the login user name and password, and then you can continue to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 35
Application Example 2 for SSH: ¾ Network Requirements 1. Log on to the switch via password authentication using SSH and the SSH function is enabled on the switch. 2. PuTTY client software is recommended. ¾ Configuration Procedure 1. Select the key type and key length, and generate SSH key. Note: 1. - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 36
3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Note: 1. The key type should accord with the type of the key file. 2. The SSH key downloading can not be interrupted. 4. Download the private key file to SSH client software. 28 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 37
key are downloaded, please log on to the interface of PuTTY and enter the IP address for login. After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully downloaded. Return to CONTENTS 29 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 38
basic functions of the switch, including four submenus: Port, LAG, Traffic Monitor and MAC Address. 5.1 Port The Port function, allowing you to configure the basic features for the port, is implemented on the Port Config, Port Mirror,Port Security and Port Isolation pages. 5.1.1 Port Config On this - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 39
from one/multiple ports (mirrored port) to a specific port (mirroring port). Usually, the mirroring port is connected to a data diagnose device, which is used to analyze the mirrored packets for monitoring and troubleshooting the network. Choose the menu Switching→Port→Port Mirror to load the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 40
mode, the value can be "Ingress", "Egress", "Both" or "None". Displays the mirrored ports. Click Edit to configure the mirror group. Click Edit to display the following figure. Figure 5-3 Mirroring Port The following entries are displayed on this screen. ¾ Mirror Group Number: Select the mirror - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 41
the network information illegally. The attacker uses tools to generate the cheating MAC address and quickly occupy the MAC Address Table. When the MAC Address Table is full, the switch will broadcast the packets to all the ports. At this moment, the attacker can obtain the network information via - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 42
cleared after the switch is rebooted. • Permanent: When Permanent mode is selected, the learned MAC address will be out of the influence of the aging time and can only be deleted manually. The learned entries will be saved even the switch is rebooted. Select Enable/Disable the Port Security feature - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 43
traffic flow to improve the network security by forbidding the port to forward packets to the ports that are not on its forward portlist. Choose the menu "Switching→Port→Port Isolation" to load the following page. Figure 5-5 Port Isolation Config The following entries are displayed on this screen - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 44
the same. z The ports, which are enabled for the Port Security, Port Mirror, MAC Address Filtering, Static MAC Address Binding and 802.1X port is 2000Mbps counting the up-linked speed of 1000Mbps and the down-linked speed of 1000Mbps. 2. The traffic load of the LAG will be balanced among the ports - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 45
Select the applied scope of Aggregate Arithmetic, which results in choosing a port to transfer the packets. • SRC MAC + DST MAC: When this MAC addresses of the packets. • SRC IP + DST IP: When this option is selected, the Aggregate Arithmetic will apply to the source and destination IP addresses of - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 46
5.2.2 Static LAG On this page, you can manually configure the LAG. The LACP feature is disabled for the member ports of the manually added Static LAG. Choose the menu Switching→LAG→Static LAG to load the following page. Figure 5-8 Manually Config The following entries are displayed on this screen - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 47
Control Protocol) is defined in IEEE802.3ad and enables the dynamic link aggregation and disaggregation by exchanging LACP packets with its partner. The switch can dynamically group similarly configured ports into a single logical link, which will highly extend the bandwidth and flexibly balance the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 48
Specify the system priority for the switch. The system priority and MAC address constitute the system identification (ID link aggregation a link belongs to, and the system with lower priority adds the proper links to the link aggregation according to the selection of its partner. ¾ LACP Config Port - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 49
pages. 5.3.1 Traffic Summary Traffic Summary screen displays the traffic information of each port, which facilitates you to monitor the traffic and analyze the network abnormity. Choose the menu Switching→Traffic Monitor→Traffic Summary to load the following page. Figure 5-10 Traffic Summary - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 50
5.3.2 Traffic Statistics Traffic Statistics screen displays the detailed traffic information of each port, which facilitates you to monitor the traffic and locate faults promptly. Choose the menu Switching→Traffic Monitor→Traffic Statistics to load the following page. Figure 5-11 Traffic Statistics - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 51
: Displays the number of good unicast packets received or transmitted on the port. The error frames are not counted in. Alignment Errors: Displays the number collisions experienced by a port during packet transmissions. 5.4 MAC Address The main function of the switch is forwarding the packets - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 52
destination MAC address of the packets. Address Table contains the port-based MAC address information, which is the base for the switch to forward packets quickly. The entries in the Address Table can be updated by auto-learning or configured manually. Most the entries are generated and updated by - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 53
Table The following entries are displayed on this screen: ¾ Search Option MAC Address: Enter the MAC address of your desired entry. VLAN ID: Enter the VLAN ID of your desired entry. Port: Select the corresponding port number of your desired entry. Type: Select the type of your desired entry - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 54
removed manually, independent of the aging time. In the stable networks, the static MAC address entries can facilitate the switch to reduce broadcast packets and remarkably enhance the efficiency of packets forwarding without learning the address. The static MAC address learned by the port with Port - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 55
Displays the Aging Status of the MAC address. Note: 1. If the corresponding port number of the MAC address is not correct, or the connected port (or the device) has been changed, the switch can not be forward the packets correctly. Please reset the static address entry appropriately. 2. If the MAC - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 56
a Search Option from the pull-down list and click the Search button to find your desired entry in the Dynamic Address Table. • MAC: Enter the MAC address of your desired entry. • VLAN ID: Enter the VLAN ID number of your desired entry. • Port: Enter the Port number of your desired entry. ¾ Dynamic - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 57
This decreases the forwarding performance of the switch. It is recommended to keep the default value. 5.4.4 Filtering Address The filtering address is to forbid the undesired packets to be forwarded. The filtering address can be added or removed manually, independent of the aging time. The filtering - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 58
. Aging Status: Displays the Aging Status of the MAC address. Note: 1. The MAC address in the Filtering Address Table can not be added to the Static Address Table or bound to a port dynamically. 2. This MAC address filtering function is not available if the 802.1X feature is enabled. Return - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 59
, causing potential serious security problems. A Virtual Local Area switches are used. (3) Network configuration workload for the host is reduced. VLAN can be used to group specific can belong to different physical network segments. This switch supports three ways, namely, 802.1Q VLAN, MAC VLAN and - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 60
a packet belongs. When the switch receives an un-VLAN-tagged packet, it will encapsulate a VLAN tag with the default VLAN ID of the inbound port for the packet, and the packet will be assigned to the default VLAN of the inbound port for transmission. In this User Guide, the tagged packet refers to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 61
rule is UNTAG. The PVID can be set as the VID number of any VLAN the port belongs to. ¾ PVID PVID (Port Vlan ID) is the default VID of the port. When the switch receives an un-VLAN-tagged packet, it will add a VLAN tag to the packet according to the PVID of its received - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 62
the following page. Figure 6-3 VLAN Table To ensure the normal communication of the factory switch, the default VLAN of all ports is set to VLAN1. The Web Management Page of switch can only be accessed through the ports in VLAN1. VLAN1 can not be modified or deleted. The following entries are - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 63
Select: Port: Link Type: Click the Select button to quick-select the corresponding entry based on the port number you entered. Select the desired port to be a member of VLAN or leave it blank. It's multi-optional. Displays the port number. Displays the Link Type of the port. It can be reset on Port - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 64
the Egress Rule for the VLAN port member. The default egress rule is UNTAG. • TAG: All packets forwarded by the port are tagged. The packets contain VLAN information. • UNTAG: Packets forwarded by the port Displays the LAG to which the port belongs. 6.1.2 Port Config Before creating the 802.1Q - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 65
Link Type from the pull-down list for the port. • ACCESS: The ACCESS port can be added in a single VLAN, and the egress rule of the port is UNTAG. The PVID is same as the current VLAN ID. If the current VLAN is deleted, the PVID will be set to 1 by default. • TRUNK: The TRUNK port - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 66
tagged packet belongs, the packet will be forwarded normally. Otherwise, the packet will be discarded. 3. If the MAC address of a Host is classified into 802.1Q VLAN, please set its connected port of switch to be a member of this 802.1Q VLAN so as to ensure the packets forwarded normally. On this - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 67
on network protocol, can bind ToS provided in the network to VLAN to realize the specific service. Through protocol VLAN, the switch can analyze the received un-VLAN-tagged packets on the port and match the packets with the user-defined protocol template according to different encapsulation formats - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 68
MAC address field, followed by DATA field without other fields. Currently only IPX protocol supports 802.3 raw encapsulation format. The last two bytes of the Length field in 802.3 raw encapsulation is 0xFFFF. z 802.2LLC (Logic Link Control) encapsulation The Length field, DSAP (Destination Service - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 69
has been preset in the switch, you can create protocol VLAN according to the corresponding protocol template. Encapsulation Protocol IP(0x0800) Ethernet II Supported IPX(0x8137) AppleTalk(0x809B) Supported Supported 802.3 raw Not supported Supported Not supported 802.2 LLC 802.2 SNAP Not - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 70
, the packet is assigned automatically to the corresponding VLAN for transmission. 2. When receiving tagged packet, the switch will process it based on the 802.1Q VLAN. If the received port is the member of the VLAN to which the tagged packet belongs, the packet will be forwarded normally. Otherwise - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 71
802.1Q VLANs the ingress port belongs to. ¾ Protocol Group Member Select your desired port for Protocol VLAN Group. 6.3.3 Protocol Template The Protocol Template should be created before configuring the Protocol VLAN. By default, the switch has defined the IP Template, ARP Template, RARP Template - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 72
field for the protocol template. Note: The Protocol Template bound to VLAN can not be deleted. Configuration Procedure: Step Operation 1 Set the link type for port. Description Required. On the VLAN→802.1Q VLAN→Port Config page, set the link type for the port based on its connected device. 64 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 73
and the description for the VLAN. Meanwhile, specify its member ports. Required. On the VLAN→Protocol VLAN→Protocol Template page, 6.4 Application Example for 802.1Q VLAN ¾ Network Requirements z Switch A is connecting to PC A and Server B; z Switch B is connecting to PC B and Server A; z PC - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 74
its VLANID as 20, owning Port 3 and Port 4. z Configure Switch B Step 1 2 3 Operation Description Configure the Required. On VLAN→802.1Q VLAN→Port Config page, configure Link Type of the the link type of Port 7, Port 6 and Port 8 as ACCESS, TRUNK and ports ACCESS respectively. Create VLAN10 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 75
the MAC VLAN 20 address as 00-19-56-82-3B-70. z Configure Switch B Step Operation Description 1 Configure the Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the link type of Port 21 and Port 22 as GENERAL and TRUNK respectively. ports 2 Create VLAN10 Required. On - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 76
VLAN 20 address as 00-19-56-82-3B-70. z Configure Switch C Step Operation Description 1 Configure the Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the link type of Port 2 and Port 3 as GENERAL, and configure the link type ports of Port 4 and Port 5 as ACCESS - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 77
Port 12 as Untag. z Configure Switch B Step Operation Description 1 Configure the Required. On VLAN→802.1Q VLAN→Port Config page, configure the Link Type of the link type of Port 4 and Port 5 as ACCESS, and configure the link type of ports Port with Protocol as IP and tick Port 3. 6 Create - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 78
only the static registration information configured locally, but also the dynamic registration information, which is received from other switches. In this switch, only the port with TRUNK link type can be set as the GVRP application entity to maintain the VLAN registration information. GVRP has the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 79
permits the packets of its static VLAN to pass. • Forbidden: In this mode, a port cannot register/deregister VLANs. It only propagates VLAN 1 information. That is, the port in Forbidden mode only permits the packets of the default VLAN (namely VLAN 1) to pass. Choose the menu VLAN→GVRP to load the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 80
>= 10* Leave Timer, Leave Timer >= 2*Join Timer Configuration Procedure: Step Operation Description 1 Set the link type for port. Required. On the VLAN→802.1Q VLAN→Port Config page, set the link type of the port to be TRUNK. 2 Enable GVRP function. Required. On the VLAN→GVRP page, enable GVRP - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 81
network segment or switch. Port Priority: The port priority can be set to a value in the range of 0~255. The lower value priority has the higher priority. The port with the higher priority has more chance to be chosen as the root port. Path Cost: Indicates the parameter for choosing the link path by - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 82
It is used to test the links. Max. Age: Max. Age ranges from 6 to 40 seconds. It specifies the maximum time the switch can wait without receiving a BPDU before attempting to reconfigure. Forward Delay: Forward Delay ranges from 4 to 30 seconds. It specifies the time for the port to transit its state - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 83
2 If the priority of the BPDU is higher than that of the BPDU of the port itself, the switch replaces the BPDU of the port with the received one and compares it with those of other ports on the switch to obtain the one with the highest priority. z Selecting the root bridge Table 7-1 Comparing - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 84
old root port of the switch stops forwarding data and the designated port of the upstream switch begins to forward data. z The condition for the designated port to transit its port state rapidly: The designated port is an edge port or connecting to a point-to-point link. If the designated port is an - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 85
configuration information on the switches. ¾ Port States In an MSTP, ports can be in the following four states: z Forwarding: In this status the port can receive/forward data, receive/send BPDU packets as well as learn MAC address. z Learning: In this status the port can receive/send BPDU packets - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 86
Tree module is mainly for spanning tree configuration of the switch, including four submenus: STP Config, Port Config, MSTP Instance and STP Security. 7.1 STP Config The STP Config function, for global configuration of spanning trees on the switch, can be implemented on STP Config and STP Summary - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 87
in a specific region before the BPDU is discarded. The default value is 20 link problems. A too large max age parameter result in the switches unable to find the link problems in time, which in turn handicaps spanning trees being regenerated in time and makes the network less adaptive. The default - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 88
hello time may be increased with occupying too much network resources. The default value is recommended. 7.1.2 STP Summary On this page you can view STP Summary 7.2 Port Config On this page you can configure the parameters of the ports for CIST Choose the menu Spanning Tree→Port Config to load the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 89
: IntPath: Edge Port: P2P Link: MCheck: STP Version: Port Role: Click the Select button to quick-select the corresponding port based on the port number you entered. Select the desired port for STP configuration. It is multi-optional. Displays the port number of the switch. Select Enable /Disable - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 90
Port: Indicates the port that is the backup port of a designated port. z Disabled: Indicates the port that is not participating in the STP. Displays the working status of the port. z Forwarding: In this status the port can receive/forward data, receive/send BPDU packets as well as learn MAC address - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 91
Figure 7-7 Region Config The following entries are displayed on this screen: ¾ Region Config Region Name: Revision: Create a name for MST region identification using up to 32 characters. Enter the revision from 0 to 65535 for MST region identification. 7.3.2 Instance Config Instance - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 92
switch. Select Enable/Disable the instance. Enter the priority of the switch in the instance. It is an important criterion on determining if the switch will be chosen as the root bridge in the specific to GVRP function page. 7.3.3 Instance Port Config A port can play different roles in different spanning - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 93
its priority and path cost. It is multi-optional. Displays the port number of the switch. Enter the priority of the port in the instance. It is an important criterion on determining if the port connected to this port will be chosen as the root port. Path Cost is used to choose the path and calculate - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 94
to enable corresponding protection feature for the qualified ports. ¾ Loop Protect In a stable network, a switch maintains the states of ports by receiving and processing BPDU packets from the upstream switch. However, when link congestions or link failures occurred to the network, a down stream - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 95
packets (as if it is disconnected from the link). The port resumes the normal state if it does not receive any configuration BPDU packets with higher priorities for a period of two times of forward delay. ¾ TC Protect A switch removes MAC address entries upon receiving TC-BPDU packets. If a user - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 96
Protect is to prevent the decrease of the performance and stability of the switch brought by continuously removing MAC address entries upon receiving TC-BPDUs in the STP network. BPDU Protect is to prevent the edge port from being attacked by maliciously created BPDUs BPDU Filter is to prevent BPDUs - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 97
Protect is enabled for the port on Port Protect page, the TC default value is 5. 7.5 Application Example for STP Function ¾ Network Requirements z Switch A, B, C, D and E all support MSTP function. z A is the central switch. z B and C are switches in the convergence layer. D, E and F are switches - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 98
MSTP version. On Spanning Tree→STP Config→Port Config page, enable MSTP function for the port. 3 Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. 4 Configure VLAN-to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 99
MSTP version. On Spanning Tree→STP Config→Port Config page, enable MSTP function for the port. 3 Configure the region name and On Spanning Tree→MSTP Instance→Region Config the revision of MST region page, configure the region as TP-LINK and keep the default revision setting. 4 Configure VLAN-to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 100
106), the blue paths in the following figure are connected links; the gray paths are the blocked links. ¾ Suggestion for Configuration z Enable TC Protect function for all the ports of switches. z Enable Root Protect function for all the ports of root bridges. z Enable Loop Protect function for the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 101
and broadcast deliver a low efficiency. Multicast solves this problem. It can deliver a high efficiency to send data in the point to multi-point service, which can save large bandwidth and reduce the network 4. Real time is highly demanded and certain packets drop is allowed. ¾ Multicast Address 93 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 102
that the destination address should be a group port list, so the switch will duplicate this multicast data and deliver each port one copy. The general format of the multicast address table is described as Figure 8-3 below. VLAN ID Multicast IP Port Figure 8-3 Multicast Address Table 94 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 103
, it will be added to the router port list with its router port time specified; if the receiving port is already a router port, its router port time will be directly reset. When receiving IGMP group-specific-query message, the switch will send the group-specific query message to the members of the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 104
any more, so the switch will remove the port from the corresponding multicast address table when its member port time times out. The switch will forward IGMP group-specific-query message to check if other members in the multicast group of the port need this multicast and reset the member port - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 105
IGMP Snooping Status Description: Member: Displays IGMP Snooping status. Displays the member of the corresponding status. 8.1.2 Port Config On this page you can configure the IGMP feature for ports of the switch. Choose the menu Multicast→IGMP Snooping→Port Config to load the following page. 97 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 106
. If Fast Leave is enabled for a port, the Switch will immediately remove this port from the multicast group upon receiving IGMP leave messages. Displays the LAG number which the port belongs to. Note: 1. Fast Leave on the port is effective only when the host supports IGMPv2 or IGMPv3. 2. When both - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 107
from the router port, it will consider this port is not a router port any more. Member Port Time: Specify the aging time of the member port. Within this time, if the switch doesn't receive IGMP report message from the member port, it will consider this port is not a member port any more. Leave - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 108
multicast information and deliver each VLAN owning a receiver one copy. This mode wastes a lot of bandwidth. The problem above can be solved by configuring a multicast VLAN. By adding switch ports to the multicast VLAN and enabling IGMP Snooping, you can make users in different VLANs share the same - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 109
VLAN ID of the multicast VLAN. Router Port Time: Specify the aging time of the router port. Within this time, if the switch doesn't receive IGMP query message from the router port, it will consider this port is not a router port any more. Member Port Time: Specify the aging time of the member - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 110
the link type of the router ports as TRUNK or configure the egress rule as tagged GENERAL. 3 Configure parameters for Optional. Enable and configure a multicast VLAN on the multicast VLAN Multicast→IGMP Snooping→Multicast VLAN page. It is recommended to keep the default time parameters - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 111
Snooping→Snooping Config page. 8.2 Multicast IP In a network, receivers can join different multicast groups appropriate to their needs. The switch forwards multicast streams based on multicast address table. The Multicast IP can be implemented on Multicast IP Table, Static Multicast IP page. 103 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 112
IP Displays multicast IP address. VLAN ID: Displays the VLAN ID of the multicast group. Forward Port Displays the forward port of the multicast group. Type: Displays the type of the multicast IP. Note: If the configuration on VLAN Config page and multicast VLAN page is changed, the switch - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 113
Table The following entries are displayed on this screen: ¾ Create Static Multicast Multicast IP: VLAN ID: Forward Port: Enter static multicast IP address. Enter the VLAN ID of the multicast IP. Enter the forward port of the multicast group. ¾ Search Option Search Option: Select the rules for - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 114
will firstly check the multicast filter rules configured for the receiving port. If the port can be added to the multicast group, it will be added to the multicast address table; if the port can not be added to the multicast group, the switch will drop the IGMP report message. In that way, the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 115
you can configure the multicast filter rules for port. Take the configuration on this page and the configuration on IP-Range page together to function to implement multicast filter function on the switch. Choose the menu Multicast→Multicast Filter→Port Filter to load the following page. Figure 8-11 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 116
→Multicast Filter→IP-Range page. 2 Configure multicast filter Optional. Configure multicast filter rules for ports on rules for ports Multicast→Multicast Filter→Port Filter page. 8.4 Packet Statistics On this page you can view the multicast data traffic on each port of the switch, which - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 117
Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Port: Displays the port number of the switch. Query Packet: Displays the number of query packets the port received. Report Packet (V1): Displays the number of IGMPv1 report packets - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 118
congested, the problem that many packets compete for resources must be solved, usually in the way of queue scheduling. The switch supports four schedule modes: SP, WRR, SP+WRR and Equ. ¾ Priority Mode This switch implements three priority modes based on port, on 802.1P and on DSCP. By default, the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 119
switch processes untagged packets based on the default priority mode. 3. DSCP Priority Figure 9-3 IP datagram As shown in the figure above, the ToS (Type of Service) in an IP non-IP datagram are mapped based on port priority mode. ¾ Schedule Mode When the network is congested, the problem that many - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 120
each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the default weight value ratio of TC0, TC1, TC2 and TC3 is 1:2:4:8. Figure 9-5 WRR-Mode 3. SP+WRR-Mode: Strict-Priority + Weight Round Robin Mode. In this mode, this switch - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 121
the packets according to specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms. The port priorities are labeled as CoS0, CoS1... CoS7. The DiffServ function can be - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 122
Description 1 Select the port priority Required. On QoS→DiffServ→Port Priority page, configure the port priority. 2 Configure the this page you can select a schedule mode for the switch. When the network is congested, the problem that many packets complete for resources must be solved, usually - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 123
priority mode. The untagged packets are mapped based on port priority mode. Choose the menu QoS→DiffServ→802.1P IP datagram with 802.1Q tag are mapped to different priority levels based on 802.1P priority mode if 8021.1P Priority mode is enabled; the untagged non-IP datagram are mapped based on port - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 124
DSCP Priority Config DSCP Priority: Select Enable or Disable DSCP Priority. ¾ Priority Level DSCP: Indicates the priority determined by the DS region of IP datagram. It ranges from 0 to 63. Priority: Indicates the 802.1P priority the packets with tag are mapped to. The priorities are labeled - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 125
flow on each port to ensure network in working order, can Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Select: Select the desired port for Rate configuration. It is multi-optional. Port: Displays the port number of the Switch - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 126
bandwidth for sending packets on the port. You can select a rate from the dropdown list or select "Manual" to set Egress rate, the ports, you are suggested to disable the flow control on each port to ensure the switch works normally. 9.2.2 Storm Control Storm Control function allows the switch - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 127
: Click the Select button to quick-select the corresponding port based on the port number you entered. Select: Select the desired port for Storm Control configuration. It is multi-optional. Port: Displays the port number of the Switch. Broadcast Rate (bps): Select the bandwidth for receiving - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 128
from voice VLAN. Manual Mode: You need to manually add the port of IP phone to voice VLAN, and then the switch will assign ACL rules and configure the priority of the packets through learning the source MAC address of packets and matching OUI address. In practice, the port voice VLAN mode is - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 129
voice VLAN and the egress rule of the access port in the voice VLAN should be UNTAG. Manual Mode TAG voice ACCESS: Not supported. stream TRUNK:Supported. The default VLAN of the port should be voice VLAN. GENERAL:Supported. The default VLAN of the port can noe be voice VLAN and the egress rule - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 130
: Enter the VLAN ID of the voice VLAN. Aging Time: Specifies the living time of the member port in auto mode after the OUI address is aging out. Priority: Select the priority of the port when sending voice data. 9.3.2 Port Config Before the voice VLAN function is enabled, the parameters of the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 131
the voice VLAN. z Auto: In this mode, the switch automatically adds a port to the voice VLAN or removes a port from the voice VLAN by checking whether the port receives voice data or not z Manual: In this mode, you can manually add a port to the voice VLAN or remove a port from the voice VLAN. 123 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 132
in the current voice VLAN. Displays the LAG number which the port belongs to. 9.3.3 OUI Config The switch supports OUI create and add the MAC address of the special voice device to the OUI table of the switch. The switch determines whether a received packet is a voice packet by checking its OUI - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 133
the link type of the link type of ports of the voice device. port 2 Create VLAN Required. On VLAN→802.1Q VLAN→Port Config page,, click the Create button to create a VLAN. 3 Add OUI Optional. On QoS→Voice VLAN→OUI Config page, you can check address whether the switch is supporting the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 134
applied to wireless LAN access points, IP Phones, IP cameras, network hubs, embedded computers etc. TL-SG3424P L2 Managed PoE Switch is a Power Sourcing Equipment (PSE). All the Auto-Negotiation RJ45 ports on the switch support Power over Ethernet (PoE) function, which can automatically detect and - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 135
power limit, the PD linked to the port with lower priority will be disconnected. System Power Consumption: System Remain: Power Displays the PoE switch's real time system power consumption. Displays the PoE switch's real time remaining system power. ¾ Port Config Port Select: Click the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 136
Profile: Power (W): Current (mA): Voltage (V) PD Class: Power Status: Select to disable/enable the PoE feature for the corresponding port. If set enable, the corresponding port can supply power to the linked PD (Powered Device). Cooperates with the Power Disconnected Method to decide the way to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 137
Profile Name: PoE Status: PoE Priority: Power Limit: ¾ PoE Profile Select: Profile Name: PoE Status: PoE Priority: Power Limit: Enter the name of the profile. Select to the enable/disable PoE feature for the corresponding port. If set enable, the port may supply power to the linked PD (Power Device - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 138
time-range. 10.2.2 PoE Time-Range Create On this page you can create time-ranges. Choose the menu PoE→PoE Time-Range→PoE Time-Range Create to load name of the time-range for time identification. Select Exclude Holiday, and the port based on this time-range may not supply power when the system time - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 139
different secured access control policy from the week mode. On this page you can define holidays according to your work arrangement. Choose the menu PoE→PoE Time-Range→PoE Holiday Create to load the following page. Figure 10-5 Holiday Configuration The following entries are displayed on this screen - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 140
End Date: Displays the end date of the holiday. Return to CONTENTS 132 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 141
time-ranges. The ACL module is mainly for ACL configuration of the switch, including four submenus: Time-Range, ACL Config, Policy Config and data packets can be filtered by differentiating the time-ranges. On this switch absolute time, week time and holiday can be configured. Configure an absolute - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 142
11.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figure 11-2 Time-Range Create Note: To successfully configure time-ranges, please firstly specify time-slices and then time-ranges. The following entries - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 143
week mode. On this page you can define holidays according to your work arrangement. Choose the menu ACL→Time-Range→Holiday Config to load are matched in match order. Once a rule is matched, the switch processes the matched packets taking the operation specified in the rule without considering - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 144
The ACL Config function can be implemented on ACL Summary, ACL Create, MAC ACL, Standard-IP ACL and Extend-IP ACL pages. 11.2.1 ACL Summary On this page, you can view the current ACLs configured in the switch. Choose the menu ACL→ACL Config→ACL Summary to load the following page. Figure 11-4 ACL - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 145
the rule ID. Select the operation for the switch to process packets which match the rules. z Permit: Forward packets. z Deny: Discard Packets. Enter the source MAC address contained in the rule. Enter the destination MAC address contained in the rule. Enter MAC address mask. If it is set to 1, it - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 146
the rule ID. Select the operation for the switch to process packets which match the rules. z Permit: Forward packets. z Deny: Discard Packets. Enter the source IP address contained in the rule. Enter the destination IP address contained in the rule. Enter IP address mask. If it is set to 1, it must - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 147
IP: Mask: IP Protocol: TCP Flag: S-Port: D-Port: DSCP: IP ToS: IP Pre: Select the desired Extend-IP ACL for configuration. Enter the rule ID. Select the operation for the switch to process packets which match the rules. z Permit: Forward packets. z Deny: Discard Packets. Enter the source IP address - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 148
: Enter the index of the policy. ACL ID: Displays the ID of the ACL contained in the policy. S-Mirror: Displays the source mirror port of the policy. S-Condition: Displays the source condition added to the policy. Redirect: Displays the redirect added to the policy. QoS Remark: Displays - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 149
Choose the menu ACL→Policy Config→Policy Create to load the following page. Figure 11-10 Create Policy The following entries are displayed on this screen: ¾ Create Policy Policy Name: Enter the name of the policy. 11.3.3 Action Create On this page you can add ACLs and create corresponding - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 150
ACL. 11.4 Policy Binding Policy Binding function can have the policy take its effect on a specific port/VLAN. The policy will take effect only when it is bound to a port/VLAN. In the same way, the port/VLAN will receive the data packets and process them based on the policy only when the policy - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 151
-Bind Table Index: Displays the index of the binding policy. Policy Name: Displays the name of the binding policy. Port: Displays the number of the port bound to the corresponding policy. Direction: Displays the binding direction. 11.4.3 VLAN Binding On this page you can bind a policy to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 152
Policy Binding configuration pages, port/VLAN bind the policy to the port/VLAN to make the policy effective on the corresponding port/VLAN. 11.5 Application MAC address of the manager is 00-46-A5-5D-12-C3. 2. The staff of the R&D department can not access to the Internet during the working time - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 153
Config→Policy Create page, create a policy named manager. On ACL→Policy Config→Action Create page, add ACL 11 to Policy manager. On ACL→Policy Binding→Port Binding page, select Policy manager to bind to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 154
Binding page, select Policy limit1 to bind to port 3. 4 Configure for On ACL→ACL Config→ACL Create page, create ACL 101. requirement 3 On ACL→ACL Config→Standard-IP ACL page, select ACL 101, and 4 create Rule 1, configure operation as Deny, configure S-IP as 172.31.70.1 and mask as 255.255 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 155
the Hosts matching the bound entries to access the network. The following three IP-MAC Binding methods are supported by the switch. (1) Manually: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the related information of the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 156
the conflicting entries with the same Source priority, only the last added or edited one will take effect. 12.1.2 Manual Binding You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the related information of the Hosts in the LAN - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 157
entries are displayed on this screen: ¾ Manual Binding Option Host Name: Enter the Host Name. IP Address: Enter the IP Address of the Host. MAC Address: Enter the MAC Address of the Host. VLAN ID: Enter the VLAN ID. Port: Select the number of port connected to the Host. Protect Type - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 158
in the LAN or VLAN. Upon receiving the ARP reply packet, the switch can get the IP address, MAC address, VLAN and the connected port number of the Host by analyzing the packet and bind them conveniently. Choose the menu Network Security→IP-MAC Binding→ARP Scanning to load the following page. 150 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 159
Scanning The following entries are displayed on this screen: ¾ Scanning Option Start IP Address: Specify the Start IP Address. End IP Address: Specify the End IP Address. VLAN ID: Enter the VLAN ID. If blank, the switch will send the untagged packets for scanning. Scan: Click the Scan button - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 160
for DHCP-snooping implementation For different DHCP Clients, DHCP Server provides three IP address assigning methods: (1) Manually assign the IP address: Allows the administrator to bind the static IP address to the specific Client (e.g.: WWW Server) via the DHCP Server. (2) Automatically assign the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 161
address to the Client dynamically. For the details of the DHCP Option, please refer to RFC 2132. Option 82 records the location of the DHCP Client. Upon receiving the DHCP-REQUEST packet, the switch The Server supported Option 82 also can set the distribution policy of IP addresses and the other - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 162
-option should be defined. This Switch supports two sub-options: Circuit ID problem will happen. The common cases incurring the illegal DHCP servers are the following two: (1) It's common that the illegal DHCP server is manually configured by the user by mistake. (2) Hacker exhausted the IP addresses - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 163
Choose the menu Network Security→IP-MAC Binding→Binding Table to load the following page. Figure 12-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. The following entries are - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 164
of DHCP messages that can be forwarded by the switch per second. The excessive massages will be discarded. Select the value to specify the minimum transmission rate of the Decline packets to trigger the Decline protection for the specific port. Select the value to specify the Decline Flow Control - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 165
packets, which results in a breakdown of the normal communication. ¾ Cheating Gateway The attacker sends the wrong IP address-to-MAC address mapping entries of Hosts to the Gateway, which causes that the Gateway can not communicate with the legal terminal Hosts normally. The ARP Attack implemented - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 166
for packets, which results in a breakdown of the normal communication. ¾ Cheating Terminal Hosts The attacker sends the false IP address-to-MAC address mapping entries of terminal Host/Server to another terminal Host, which causes that the two terminal Hosts in the same network segment can not - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 167
update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this false destination MAC address for packets, which results in a breakdown of the normal communication. ¾ Man-In-The-Middle Attack The attacker continuously sends the false ARP - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 168
three Hosts in LAN connected with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33. 1. First, the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 169
enables the switch to detect the ARP packets based on the bound entries in the IP-MAC Binding Table Port. The specific ports, such as up-linked port, routing port and LAG port, should be set as Trusted Port. To ensure the normal communication of the switch, please configure the ARP Trusted Port - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 170
: Step Operation Description 1 Bind the IP address, MAC Required. On the IP-MAC Binding page, bind the IP address, VLAN ID and the address, MAC address, VLAN ID and the connected Port connected Port number of number of the Host together via Manual Binding, ARP the Host together. Scanning - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 171
Status: Displays the status of the ARP attack. LAG: Displays the LAG to which the port belongs to. Operation: Click the Recover button to restore the port to the normal status. The ARP Defend for this port will be re-enabled. Note: 1. It's not recommended to enable the ARP Defend feature for - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 172
: Displays the port number. Trusted Port: Indicates the port is an ARP Trusted Port or not. Illegal ARP Packet: Displays the number of the received illegal ARP packets. 12.3 DoS Defend DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 173
of the network. The switch can defend a few types of DoS attack listed in the following table. DoS Attack Type Description Land Attack The attacker sends a specific fake SYN packet to the destination Host. Since both the source IP address and the destination IP address of the SYN packet are - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 174
the physic environment of the network and block the unnecessary network services. 3. Enhance the network security via the protection devices, such access control mechanism for LAN ports to solve mainly authentication and security problems. 802.1X is a port-based network access control protocol. - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 175
-supported network device, such as this TP-LINK switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system. (3) Authentication Server System: The authentication server system is an entity that provides authentication service - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 176
can also launch an 802.1X client program to initiate an 802.1X authentication through the sending of an EAPOL-Start packet to the switch, This TP-LINK switch can authenticate supplicant systems in EAP relay mode or EAP terminating mode. The following illustration of these two modes will take the 802 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 177
and the RADIUS server. This switch supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the following figure. Figure 12-19 PAP Authentication Procedure In PAP mode, the switch encrypts the password and sends the user name, the randomly-generated key, and the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 178
switch quiets for the specified period before it processes another authentication request re-initiated by the supplicant system. ¾ Guest VLAN Guest VLAN function enables the supplicants that do not pass the authentication to access the specific network resource. By default, all the ports connected - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 179
from the pull-down list. • EAP-MD5: IEEE 802.1X authentication system uses extensible authentication protocol (EAP) to exchange information between the switch and the client. The EAP protocol packets with authentication data can be encapsulated in the advanced protocol (such as RADIUS) packets to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 180
response from supplicant before resending a request to the supplicant. Specify the maximum time for the switch to wait for the response from authentication server before resending a request to the authentication server. 12.4.2 Port Config On this page, you can configure the 802.1X features for the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 181
. Displays the LAG to which the port belongs to. 12.4.3 Radius Server RADIUS (Remote Authentication Dial-In User Service) server provides the authentication service for the switch via the stored client information, such as the user name, password, etc, with the purpose to control the authentication - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 182
. Enable/Disable the accounting feature. Enter the IP address of the accounting server. Enter the IP address of the alternate accounting server. Set the UDP port of accounting server(s). The default port is 1813. Set the shared password for the switch and the accounting servers to exchange messages - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 183
Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the . Figure 13-1 Relationship among SNMP Network Elements ¾ SNMP Versions This switch supports SNMP v3, and is compatible with SNMP 1 and SNMP v2c. The - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 184
discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password. SNMP v2c: SNMP v2c also adopts community name authentication. It is compatible with SNMP v1 while User The User is configured in a SNMP Group can manage the switch via the client program on 176 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 185
the SNMP Agent, functioning as the password. SNMP module is used to configure the SNMP function of the switch, including three submenus: SNMP Config, Enable/Disable the SNMP function. ¾ Local Engine Local Engine ID: Specify the switch's Engine ID for the remote clients. The Engine ID is a unique - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 186
ID characters must be even. 13.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to manage MIB - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 187
13.1.3 SNMP Group On this page, you can configure SNMP Group to control the network access by providing the users in various groups with different management rights via the Read View, Write View and Notify View. Choose the menu SNMP→SNMP Config→SNMP Group to load the following page. Figure 13-5 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 188
in the entry and click the Modify button to apply. Note: Every Group should contain a Read View. The default Read View is viewDefault. 13.1.4 SNMP User The User in a SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 189
Level for the SNMP v3 User. Auth Mode: Auth Password: Select the Authentication Mode for the SNMP v3 User. • None: No authentication method is used. • MD5: The port authentication is performed via HMAC-MD5 algorithm. • SHA: The port authentication is performed via SHA (Secure Hash Algorithm). This - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 190
SNMP v2c adopt community name authentication. The community name can limit access to the SNMP agent from SNMP network management station, functioning as a password. If SNMP v1 or SNMP v2c is employed, you can directly configure the SNMP Community on this page without configuring SNMP Group and User - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 191
Community, and then click the Modify button to apply. Note: The default MIB View of SNMP Community is viewDefault. Configuration Procedure: z If SNMPv3 User in the Group and configure the auth/privacy mode and auth/privacy password for the User. z If SNMPv1 or SNMPv2c is employed, please take - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 192
page, create SNMP View of the management agent. The default View Name is viewDefault and the default OID is 1. 3 Create SNMP Required alternatively. Community sent to inform the management station and ask for the reply. The switch will resend the inform request if it doesn't get the response - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 193
IP Address: Enter the IP Address of the management Host. UDP Port: Enter the number of the UDP port used to send notifications. The UDP port functions with the IP address for the notification sending. The default amount of times the switch resends an inform request. The switch will resend the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 194
station. Displays the IP Address of the management host. Displays the UDP port used to send managed agent. ¾ RMON Group This switch supports the following four RMON Groups defined on alarm variables on the specific ports. Alarm Group is configured to monitor the specific alarm variables. When the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 195
for configuration. Index: Displays the index number of the entry. Port: Specify the port from which the history samples were taken. Interval: Specify the interval to take samplings from the port. Owner: Enter the name of the device or user that defined - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 196
Figure 13-10 Event Config The following entries are displayed on this screen: ¾ Event Table Select: Select the desired entry for configuration. Index: Displays the index number of the entry. User: Enter the name of the User or the community to which the event belongs. Description: Give a - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 197
entry for configuration. Index: Displays the index number of the entry. Variable: Select the alarm variables from the pull-down list. Port: Select the port on which the Alarm entry acts. Sample Type: Rising Threshold: Specify the sampling method for the selected variable and comparing the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 198
Interval: Owner: Status: Enter the alarm interval time in seconds. Enter the name of the device or user that defined the entry. Select Enable/Disable the corresponding alarm entry. Note: When alarm variables exceed the Threshold on the same direction continuously for several times, an alarm event - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 199
as Voice over IP phones and network switches. The LLDP-MED TLVs advertise information such as network policy, power via MDI, inventory management, and device location details. The LLDP and LLDP-MED information can be used by SNMP applications to simplify troubleshooting, enhance network management - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 200
be 1 second, several LLDPDUs will be sent out, and then the transmit interval comes back to the regular interval. 3) LLDPDU receipt mechanism When a port is working in TxRx or Rx mode, the device will check the validity of the received LLDPDUs and the attached TLVs, save this neighbor information to - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 201
8 Management Identifies the management IP address, the Optional Address corresponding interface number and OID (Object Identifier). The management IP address is specified by the user. 127 Organizationally Allows different organizations, such as IEEE Optional Specific 802.1, IEEE 802.3, IETF - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 202
TP-LINK Switch, the following LLDP optional TLVs are supported. Port Description TLV The Port Description TLV allows network management to advertise the IEEE 802 LAN station's port Address TLV The Management Address TLV identifies an address during link initiation or of manual set override - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 203
Basic Config LLDP is configured on the Global Config and Port Config pages. 14.1.1 Global Config On this page you TTL (Time To Live) value used in an LLDPDU. TTL = Hold Multiplier * Transmit Interval. The default value is 4. Enter a value from 1 to 8192 in seconds to specify the time for the local - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 204
(the number of LLDPDUs equals this parameter). The default value is 3. 14.1.2 Port Config On this page you can configure all ports' LLDP parameters. Choose the menu LLDP→Basic Config→Port Config to load the following page. Figure 14-2 LLDP Port Config The following entries are displayed on this - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 205
local device and its neighbors on the Local Info and Neighbor Info pages respectively. 14.2.1 Local Info On this page you can see all ports' configuration and system information. Choose the menu LLDP→Device Info→Local Info to load the following page. Figure 14-3 LLDP Local Information The following - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 206
the system name of the neighbor device. Displays the Chassis ID of the neighbor device. Displays the system description of the neighbor device. Displays the port number of the neighbor linking to local port. Click Information to display the detailed information of the neighbor device. 198 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 207
14.3 Device Statistics You can view the LLDP statistics of the local device through this feature. Choose the menu LLDP→Device Statistics→Statistic Info to load the following page. Figure 14-5 LLDP Statistic Information The following entries are displayed on this screen: ¾ Auto Refresh Auto - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 208
LLDP-MED optional TLVs are supported in TL-SG3424P. Network Policy TLV The Network Policy TLV allows both Network Connectivity Devices and Endpoints to advertise VLAN configuration and associated Layer 2 and Layer 3 attributes that apply for a set of specific applications on that port. 200 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 209
Parameters isn't set, a default value is used in Firmware Revision TLV, Software Revision TLV, Serial Number TLV, Manufacturer Name TLV, Model Name TLV and Asset ID TLV. If support support for all Inventory Management TLVs shall be implemented. LLDP-MED is configured on the Global Config and Port - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 210
following entries are displayed on this screen: ¾ LLDP-MED Port Config Port Select: LLDP-MED Status: Included TLVs: Details: Select the desired port to configure. Configure the port's LLDP-MED status: z Enable: Enable the port's LLDP-MED status, and the port's Admin Status will be changed to Tx&Rx - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 211
Parameters Configure the Location Identification TLV's content in outgoing LLDPDU of the port. Emergency Number: Civic Address: Emergency number is Emergency Call Service ELIN identifier, which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. The Civic - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 212
/Disable the auto refresh function. Refresh Rate: Specify the auto refresh rate. ¾ Local Info Enter the desired port number and click Select to display the information of the corresponding port. 14.4.4 Neighbor Info On this page you can get the LLDP-MED information of the neighbors. Choose the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 213
auto refresh function. Refresh Rate: Specify the auto refresh rate. ¾ Neighbor Info Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Local Port: Device Type: Application Type: Local Data Format: Power Type: Information: Displays - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 214
devices need to be assigned different network addresses and every management device needs to be problem. It is mainly used to central manage the scattered devices in the network. A network administrator can manage and maintain the switches in the cluster via a management switch. The management switch - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 215
devices to support cluster establishing. An NDP-enabled device sends NDP packets regularly to neighbor devices as well as receives NDP packets from neighbor devices. An NDP packet carries the NDP information (including the device name, MAC address, firmware version and so on). A switch keeps and - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 216
Native Port: Displays the port number of the switch. Remote Port: Displays the port number of the neighbor switch which is connected to the corresponding port. Device Name: Displays the name of the neighbor switch. Device MAC: Displays MAC address of the neighbor switch. Firmware Version - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 217
(enabled or disabled) for the switch. Aging Time: Displays the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Displays the interval to send NDP packets. ¾ Port Status Port: Displays the port number of the switch. NDP: Displays the NDP status (enabled - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 218
: Enter the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Enter the interval to send NDP packets. ¾ Port Config Select: Select the desired port to configure its NDP status. Port: Displays the port number of the switch. NDP: Displays NDP status of the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 219
connection information of each device in a specific network range. The commander switch can collects the specified topology in the network regularly and you can also enable topology collection manually on the commander switch. After the commander switch sends out NTDP request packets, lots of - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 220
to view the complete information of this device and its neighbors. Collect Topology: Click the Collect Topology button to collect NTDP information of the switch so as to collect the latest network topology. Click the Detail button to view the complete information of this device and its neighbors - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 221
NTDP request packets for the first time. NTDP Port Delay: Displays the time between the port forwarding NTDP request packets and its adjacent port forwarding NTDP request packets over. ¾ Port Status Port: Displays the port number of the switch. NTDP: Displays NTDP status (enabled or disabled - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 222
Global Config NTDP: Select Enable/Disable NTDP for the switch globally. NTDP Interval Time: Enter the interval to collect topology information. The default is 1 minute. NTDP Hops: Enter the hop count the switch topology collects. The default is 3 hops. NTDP Hop Delay: Enter the time between - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 223
for the port. 15.3 Cluster A commander switch can recognize and add the candidate switch to a cluster automatically based on NDP and NTDP. You can manually add the candidate switch to a cluster. If the candidate switch is successfully added to the cluster, it will get a private IP address assigned - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 224
: Displays the name of the current cluster the switch belongs to. Commander MAC: Displays the MAC address of the commander switch. z For an individual switch, the following page is displayed: Figure 15-11 Cluster Summary for Individual Switch The following entries are displayed on this screen - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 225
¾ Role Change Individual: Select this option to change the role of the switch to be individual switch. z For a member switch, the following page is displayed. Figure 15-13 Cluster Configuration for Member Switch The following entries are displayed on this screen: ¾ Current Role Role: Displays - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 226
(Here take TP-LINK TL-SG32424P as an example). The administrator manages all the switches in the cluster via the commander switch. z Port 1 of the commander switch is connecting to the external network, port 2 is connecting to member switch 1 and port 3 is connecting to member switch 2. z IP pool - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 227
Cluster→NTDP→NTDP Config page, enable switch and for port 1, port 2 and NTDP function. port 3 3 Create a cluster and configure On Cluster→Cluster→Cluster Config page, configure the related parameters the role as Commander and enter the related information. IP pool: 175.128.0.1 Mask: 255.255 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 228
Cluster→Cluster→Member Config page, select the member switch and click the Manage button to log on to its Web management page. Or On Cluster→Cluster→Cluster Topology page, double-click the switch icon to view its detailed information; click the switch icon and click the Manage button to log on - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 229
Log: View the configuration parameters of the switch and find out the errors via the Logs. (3) Cable Test: Test the connection status of the cable to locate and diagnose the trouble spot of the network. (4) Loopback: Test whether the ports of the switch and its peer device are available. (5) Network - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 230
Figure 16-1 CPU Monitor Click the Monitor button to enable the switch to monitor and display its CPU utilization rate every four seconds. 16.1.2 Memory Monitor Choose the menu Maintenance→System Monitor→Memory Monitor to load the following page. 222 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 231
to monitor and display its Memory utilization rate every four seconds. 16.2 Log The Log system of switch can record, classify and manage the system information effectively, providing powerful support for network administrator to monitor network operation and diagnose malfunction. The Logs of - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 232
the Log Table, Local Log, Remote Log and Backup Log pages. 16.2.1 Log Table The switch supports logs output to two directions, namely, log buffer and log file. The information in log buffer will be lost after the switch is rebooted or powered off whereas the information in log file will be kept - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 233
Log Local Log is the log information saved in switch. By default, all system logs are saved in log buffer and output. Status: Enable/Disable the channel. 16.2.3 Remote Log Remote log feature enables the switch to send system logs to the Log Server. Log Server is to centralize the system logs - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 234
following entries are displayed on this screen: ¾ Log Host Index: Host IP: UDP Port: Severity: Status: Displays the index of the log host. The switch supports 4 log hosts. Configure the IP for the log host. Displays the UDP port used for receiving/sending log information. Here we use the standard - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 235
to the switch, which facilitates you to locate and diagnose the trouble spot of the network. Choose the menu Maintenance→Device Diagnose→Cable Test to load the following page. Figure 16-7 Cable Test The following entries are displayed on this screen: ¾ Cable Test Port: Select the port for cable - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 236
connected to the port of the switch is available ¾ Loopback Port Loopback Port: Select the desired port for loopback test. Test: Click the Test button to start the loopback test for the port. 16.4 Network Diagnose This switch provides Ping test and Tracert test functions for network diagnose - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 237
The following entries are displayed on this screen: ¾ Ping Config Destination IP: Enter the IP address of the destination node for Ping test. Ping Times: Enter the amount of times to send test data during Ping testing. The default value is recommended. Data Size: Enter the size of the sending - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 238
Figure 16-10 Tracert The following entries are displayed on this screen: ¾ Tracert Config Destination IP: Enter the IP address of the destination device. Max Hop: Specify the maximum number of the route hops the test data can pass through. Return to CONTENTS 230 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 239
Appendix A: Specifications Standards Transmission Rate Transmission Medium LED IEEE802.3 10Base-T Ethernet , Port Status LED, Speed, PoE, PoE Max Transmission Method Store and Forward Packets Forwarding Rate 10BASE-T:14881pps/port 100BASE-TX:148810pps/port 1000Base-T:1488095pps/port Operating - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 240
B: Configuring the PCs In this section, we'll introduce how to install and configure the TCP/IP correctly in Windows 2000. First make sure your Ethernet Adapter is working, refer to the adapter's manual if necessary. 1) On the Windows taskbar, click the Start button, and then click Control Panel - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 241
Figure B-2 5) The following TCP/IP Properties window will display and the IP Address tab is open on this window by default. 233 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 242
6) Select Use the following IP address. And the following items will be available. If the switch's IP address is 192.168.0.1, specify IP address as 192.168.0.x (x is from 2 to 254), and the Subnet mask as 255.255.255.0. Now: Click OK to save your settings. Return to CONTENTS 234 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 243
used in the IP network for files transfer. 1. Hardware Installation Figure C-1 1) Connect FTP server to port 1 of the switch. 2) Connect the Console port of the PC to the switch. 3) Save the firmware of the switch in the shared file of FTP server. Please write down the user name, password and the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 244
Figure C-2 Open Hyper Terminal 2) The Connection Description Window will prompt shown as the following figure. Enter a name into the Name field and click OK. Figure C-3 Connection Description 3) Select the port to connect in the figure below and click OK. 236 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 245
figure. Configure Bits per second as 38400, Data bits as 8, Parity as None, Stop bits as 1, Flow control as None, and then click OK. Figure C-5 Port Settings 3. Download Firmware via bootUtil menu To download firmware to the switch via FTP function, you need to enter into the bootUtil menu of the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 246
] command will display. Are you want to upgrade the firmware[Y/N] : y [TP-LINK] : 7) Please enter start command to start the switch shown as the following figure. Enter the user name and password (the default user name and password are both admin) to login to the CLI command window and you can - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 247
[TP-LINK] : start Start User Access Login User : Return to CONTENTS 239 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 248
.1X protocol standard for 802.1X authentication. When the switch TL-SG3424P works as the authenticator system, please take the following instructions to install the TpSupplicant provided on the attached CD for the supplicant Client. 1. Installation Guide 1) Insert the provided CD into your CD-ROM - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 249
To continue, choose the destination location for the installation files and click Next on the following screen. Figure D-4 Choose Destination Location By default, the installation files are saved on the Program Files folder of system disk. Click the Change button to modify the destination location - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 250
Figure D-5 Install the Program 6) The InstallShield Wizard is installing TpSupplicant-V2.0 shown as the following screen. Please wait. Figure D-6 Setup Status 7) On the following screen, click Finish to complete the installation. 242 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 251
version on your computer, the 802.1X Client Software TpSupplicant can not work. It's recommended to go to http://www.winpcap.org to download the click the Start button, point to All ProgramsÆTP-LINK ÆTpSupplicant-V2.0, and then click Uninstall TP-LINK 802.1X, shown as the following figure. Figure - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 252
Figure D-9 Preparing Setup 3) On the continued screen, click Yes to remove the application from your PC. Figure D-10 Uninstall the Complete 3. Configuration 1) After completing installation, double click the icon Software. The following screen will appear. to run the TP-LINK 802.1X Client 244 - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 253
, the Client will send the EAPOL Start packets to the switch via multicast and send the 802.1X authentication packets via unicast. Obtain an IP address automatically: Select this option if the Client automatically obtains the IP address from DHCP server. After passing the authentication, the Client - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 254
period. 3) To continue, click Connect button after entering the Name and Password on Figure D-12. Then the following screen will appear to prompt that the Radius server is being searched. Figure D-14 Authentication Dialog 4) When passing the - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 255
again. Q2: Is this TP-LINK 802.1X Client Software compliable with the switches of the other manufacturers? A2: No. This TP-LINK 802.1X Client Software is customized for TP-LINK switches. Q3: Is it safe to set the password being automatically saved? A3: Yes. The password saved in the configuration - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 256
IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file. Class of Service (CoS) CoS is supported ports along the Spanning Tree so that VLANs defined in each switch can work , are specific to the operation of the GARP Application - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 257
address in the subnetwork. IP Multicast Filtering It is a feature to allow or deny the Client to add the specified multicast group. Multicast Switching A process whereby the switch filters incoming multicast frames for services forwhich no attached host has registered, or forwards them to all ports - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 258
Port Mirroring A method whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows data on the target port to be studied unobstructively. Port Trunk Defines a network link traffic conditions, including specific error types. Rapid - TP-Link TL-SG3424P | TL-SG3424P V1 User Guide - Page 259
User Datagram Protocol (UDP) UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets - connection-less datagrams that may be discarded before reaching their
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
 |
 |
TL-SG3424P
JetStream L2 Managed PoE Switch
Rev: 1.0.0
1910010614