TP-Link T1700G-28TQ T1700G-28TQ V1 User Guide
TP-Link T1700G-28TQ Manual
 |
View all TP-Link T1700G-28TQ manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link T1700G-28TQ manual content summary:
- TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 1
T1700G-28TQ JetStream 24-Port Gigabit Stackable Smart Switch with 4 10GE SFP+ Slots REV1.0.0 1910011379 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 2
TP-LINK TECHNOLOGIES CO., LTD. Copyright © 2015 TP-LINK TECHNOLOGIES CO., LTD. All rights reserved. http://www.tp-link.com FCC STATEMENT This equipment has been tested if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 3
source. Don't disassemble the product, or make repairs yourself. You run the risk of electric shock and voiding the limited warranty. If you need service, please contact us. Avoid water and wet locations. This product can be used in the following countries: AT BG BY CA CZ DE DK - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 4
LTD. We declare under our own responsibility for the following equipment: Product Description: JetStream 24-Port Gigabit Stackable Smart Switch with 4 10GE SFP+ Slots Model No.: T1700G-28TQ Trademark: TP-LINK The above products satisfy all the technical regulations applicable to the product within - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 5
Guide 2 Chapter 2 Introduction ...6 2.1 Overview of the Switch 6 2.2 Appearance Description 6 2.2.1 Front Panel ...6 2.2.2 Rear Panel ...7 Chapter 3 Login to the Switch 28 4.3.3 Config Backup 28 4.3.4 Firmware Upgrade 29 4.3.5 System Reboot 29 4.3.6 System Reset ...30 4.4 Access Security...30 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 6
Chapter 5 Stack ...44 5.1 Stack Management ...51 5.1.1 Stack Info...51 5.1.2 Stack Config ...52 5.2 Application Example for Stack 54 Chapter 6 Switching ...55 6.1 Port ...55 6.1.1 Port Config ...55 6.1.2 Port Mirror...56 6.1.3 Port Security ...58 6.1.4 Port Isolation ...60 6.1.5 Loopback Detection - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 7
7.5.2 Protocol Group 89 7.5.3 Protocol Template 90 7.6 Application Example for Protocol VLAN 92 Chapter 8 Spanning Tree...94 8.1 STP Config ...99 8.1.1 STP Config ...99 8.1.2 STP Summary 101 8.2 Port Config ...102 8.3 MSTP Instance ...103 8.3.1 Region Config 104 8.3.2 Instance Config 104 8.3.3 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 8
-Range Create 176 12.1.3 Holiday Config 177 12.2 ACL Config ...177 12.2.1 ACL Summary 177 12.2.2 ACL Create...178 12.2.3 MAC ACL...178 12.2.4 Standard-IP ACL 179 12.2.5 Extend-IP ACL 180 12.3 Policy Config ...181 12.3.1 Policy Summary 181 12.3.2 Policy Create 181 VII - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 9
Port Binding ...187 12.5.3 VLAN Binding 188 12.6 Application Example for ACL 188 Chapter 13 Network Security...191 13.1 IP-MAC Binding...191 13.1.1 Binding Table 191 13.1.2 Manual Binding 192 13.1.3 ARP Scanning 194 13.2 DHCP Snooping ...196 13.2.1 Global Config 199 13.2.2 Port Config ...200 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 10
.2 Log...237 15.2.1 Log Table ...238 15.2.2 Local Log ...239 15.2.3 Remote Log ...240 15.2.4 Backup Log ...240 15.3 Device Diagnostics...241 15.3.1 Cable Test...241 15.4 Network Diagnostics 242 15.4.1 Ping ...243 15.4.2 Tracert ...243 Appendix A: Specifications ...245 Appendix B: Glossary...246 IX - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 11
following items should be found in your box: One JetStream Gigabit Stackable Smart Switch One power cord Two mounting brackets and other fittings Installation Guide Resource CD for T1700G-28TQ, including: • This User Guide • CLI Reference Guide • SNMP Mibs • 802.1X Client Software and its - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 12
the following conventions are used: The switch or the device mentioned in this Guide stands for T1700G-28TQ JetStream 24-Port Gigabit Stackable Smart Switch with 4 10GE SFP+ Slots without any explanation. Tips: The T1700G-28TQ switchs are sharing this User Guide. For simplicity, we will take for - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 13
access level. • System Tools: Manage the firmware and configuration files of the switch. • Access Security: Provide different security measures basic functions of the switch. Here mainly introduces: • Port: Configure the basic features for the port. • LAG: Configure Link Aggregation Group. LAG is - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 14
View the information of IPv4 and IPv6 multicast groups already on the switch. The module is used to configure several IPv4 unicast routing protocols. is used to configure QoS function to provide different quality of service for various network applications and requirements. Here mainly introduces: • - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 15
IP-MAC Binding: Bind the IP and security problems. Chapter Test if the destination is reachable and the account of router hops from the switch to the destination. Appendix A Specifications Lists the hardware specifications of the switch. Appendix B Glossary Lists the glossary used in this manual - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 16
policies. TP-LINK JetStream 24-Port Gigabit Stackable Smart Switch with 4 10GE SFP+ Slots integrates multiple functions with excellent performance, and is friendly to manage, which can fully meet the need of the users demanding higher networking performance. T1700G-28TQ also supports stacking of - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 17
the switch. Reset: Press this button for 5 seconds or above to reset the software setting back to factory default settings. Link/Act LED. SFP+ Ports: Port 25-28, designed to install the 1Gbps SFP transceiver, 10Gbps SFP+ transceiver or SFP+ cable. 2.2.2 Rear Panel The rear panel of T1700G-28TQ - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 18
Power Socket: Connect the female connector of the power cord here, and the male connector to the AC power outlet. Please make sure the voltage of the power supply meets the requirement of the input voltage. Return to CONTENTS 8 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 19
1) To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP address of your PC should be set in the same subnet addresses - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 20
screen. Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Save Config. You are suggested to click Save Config before cutting off the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 21
4 System The System module is mainly for system configuration of the switch, including four submenus: System Info, User Management, System Tools and /100/1000Mbps RJ45 ports and 4 SFP+ ports of the switch. Choose the menu System→System Info→System Summary to load the following page. Figure 4-1 System - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 22
, the detailed information of the port will be displayed. Port Info Port: Type: Speed: Status: Figure 4-2 Port Information Displays the port number of the switch. Displays the type of the port. Displays the maximum transmission rate of the port. Displays the connection status of the port. 12 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 23
Click a port to display the bandwidth utilization on this port. The actual rate divided by theoretical maximum rate is the bandwidth utilization. The following figure displays the bandwidth utilization monitored every four seconds. Monitoring the bandwidth utilization on each port facilitates you to - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 24
contact information. 4.1.3 System Time System Time is the time displayed while the switch is running. On this page you can configure the system time and the settings here will be used for other time-based functions. You can manually set the system time, get time from an NTP server or synchronize - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 25
the date and time manually. When this option is selected, you can configure the time zone and the IP Address for the NTP Server. The switch will get UTC time will be restored to the default when the switch is restarted and you need to reconfigure the system time of the switch. 2. When Get Time from - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 26
mode cannot be configured. 2. When the DST is enabled, the default daylight saving time is of European in predefined mode. 4.1.5 System IPv6 IPv6 ( with IPv4, IPv6 increases the IP address size from 32 bits to 128 bits; this solves the IPv4 address exhaustion problem. IPv6 features IPv6 has - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 27
the flexibility greatly to provide scalability for IP while improving the handling efficiency. The Options host configuration, IPv6 supports stateful and stateless link-local address on basis of its own link-layer address and the default prefix (FE80::/64) to communicate with other hosts on the link - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 28
Type Format Prefix (binary) IPv6 Prefix ID Unassigned address 00...0 (128 bits) ::/128 Loopback address 00...1 (128 bits) ::1/128 Link-local address Unicast address Site-local address 1111111010 1111111011 Global unicast address (currently assigned) Reserved type (to be assigned in future - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 29
by the IANA (The Internet Assigned Numbers Authority), the ISP (Internet Service Provider) or the organizations. Interface ID: An interface ID is used to identify interfaces on a link. The interface ID must be unique to the link. There are several ways to form interface IDs. The IPv6 addresses - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 30
used in the neighbor discovery protocol and the stateless autoconfiguration process. Nodes on a local link can use link-local addresses to communicate. The figure below shows the structure of a link-local address. Figure 4-8 Link-local Address Format IPv6 devices must not forward packets that have - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 31
address of an interface of node A and the destination address is the solicited-node multicast address of node B. The NS message contains the link-layer address of node A. After receiving the NS message, node B judges whether the destination address of the packet corresponds to the solicited-node - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 32
: One or more onlink IPv6 prefixes that nodes on the local link can use to automatically configure their IPv6 addresses. Lifetime information for for the next scheduled RA message. Hosts discover and select default devices by listening to Router Advertisements (RAs). Stateless address - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 33
and port channel. Link-local Address Config Config Mode: Select the link-local address configuration mode. Manual: When this option is selected, you should assign a link-local address manually. Auto: When this option is selected, the switch will generate a link-local address automatically - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 34
link-local address may be newly configured. Repeat: Indicates that the link-local address is duplicate. It is illegal to access the switch using the IPv6 address (including link from the DHCPv6 Server. Add a global address manually Address Format: Global Address: You can select the global - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 35
switch using this address. Tips: After adding a global IPv6 address to your switch manually here, you can configure your PC's global IPv6 address in the same subnet with the switch and login to the switch the switch from of the switch. Choose switch provides two access levels: Guest - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 36
. Access level of the current user information cannot be modified. 4.3 System Tools The System Tools function, allowing you to manage the configuration file of the switch, can be implemented on Boot Config, Config Restore, Config Backup, Firmware Upgrade, System Reboot and System Reset pages. 26 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 37
it fails, it will try to start up with the backup image. If this fails too, you will enter into the bootutil menu of the switch. Choose the menu System → System Tools → Boot Config to load the following page. Figure 4-12 Boot Config The following entries are displayed on this screen - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 38
configuration file is restored successfully, the device will reboot to make the configuration change effective. 3. Wrong uploaded configuration file may cause the switch unmanaged. 4.3.3 Config Backup On this page you can download the current configuration and save it as a file to your computer for - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 39
. Please wait without any operation. 4.3.4 Firmware Upgrade The switch system can be upgraded via the Web management page. To upgrade the system is to get more functions and better performance. Go to http://www.tp-link.com to download the updated firmware. Choose the menu System→System Tools - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 40
On this page you can reset the switch to the default. All the settings will be cleared after the switch is reset. Choose the menu System→System Tools→System Reset to load the following page. Figure 4-17 System Reset Note: After the system is reset, the switch will be reset to the default and all the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 41
log on to the Web management page. Disable: Select to disable Access Control function. IP-based: Select this option to limit the IP-range of the users for login. MAC-based: Select this option to limit the MAC Address users connecting to the ports selected are allowed to manage the switch. 31 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 42
4-19 SSL Config The following entries are displayed on this screen: Global Config HTTP: Select Enable/Disable the HTTP function on the switch. Session Config Session Timeout: If you do nothing with the Web management page within the timeout time, the system will log out automatically - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 43
following services: default certificate, you will be prompted that "The security certificate presented by this website was not issued by a trusted certificate authority" or "Certificate Errors". Please add this certificate to trusted certificates or continue to this website. The switch also supports - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 44
following entries are displayed on this screen: Global Config HTTPS: Select Enable/Disable the HTTPS function on the switch. SSL Version 3: Enable or Disable Secure Sockets Layer Version 3.0. By default, it's enabled. TLS Version 1: Enable or Disable Transport Layer Security Version 1.0. By - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 45
and DES-EDE3-CBC for message encryption and SHA for message digest. By default, it's enabled. Session Config Session Timeout: If you do nothing Certificate File: Select the desired certificate to download to the switch. The certificate must be BASE64 encoded. Key Download Key File: Select - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 46
the switch. Choose the menu System→Access Security→SSH Config to load the following page. Figure 4-21 SSH Config The following entries are displayed on this screen: Global Config SSH: Select Enable/Disable SSH function. Protocol V1: Select Enable/Disable SSH V1 to be the supported protocol - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 47
the type of SSH Key to download. The switch supports two types: SSH-2 RSA/DSA and SSH-1 switch. 2. PuTTY client software is recommended. Configuration Procedure 1. Open the software to log on to the interface of PuTTY. Enter the IP address of the switch into Host Name field; keep the default - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 48
the Open button in the above figure to log on to the switch. Enter the login user name and password, and then you can continue to configure the switch. Application Example 2 for SSH: Network Requirements 1. Log on to the switch via key authentication using SSH and the SSH function is enabled on - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 49
Configuration Procedure 1. Select the key type and key length, and generate SSH key. Note: 1. The key length is in the range of 512 to 3072 bits. 2. During the key generation, randomly moving the mouse quickly can accelerate the key generation. 39 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 50
successfully generated, please save the public key and private key to the computer. 3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Note: 1. The key type should accord with the type of the key file. 2. The SSH key downloading cannot be - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 51
4. After the public key and private key are downloaded, please log on to the interface of PuTTY and enter the IP address for login. 5. Click Browse to download the private key file to SSH client software and click Open. 41 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 52
indicates that the key has been successfully downloaded. 4.4.5 Telnet Config On this page you can Enable/Disable Telnet function globally on the switch. Choose the menu System→Access Security→Telnet Config to load the following page. Figure 4-22 Access Control The following entries are displayed - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 53
after a reboot. Configure the SDM template that will become active after the next reboot. Displays the template name. Displays the number of TCAM entries for IP ACL Rules, which include Lay3 ACL Rules and Lay4 ACL Rules. Displays the number of TCAM entries for Lay2 ACL Rules. Displays the number of - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 54
and maintenance of the stack, while the other stack members process services and keep a copy configuration file in accordance with the master for affecting its normal operation. 2) Distributed LACP (Link Aggregation Control Protocol) supports link aggregation across devices. Since the whole stack - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 55
failure occurs, which further ensures the normal operation of load distribution and backup across devices and links as Figure 5-2 shows. Figure 5-2 Load Distribution and Backup across Devices 3. Network scalability. Each member device in the stack system is able to process protocol packets - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 56
stack member. Each stack member processes services packets and plays a role which is two or more stacks because of stack link failures, as shown in the following problems on the network since the partitioned stacks keep operating with the previous IP address by default, which results in same IP - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 57
link failure can cause stack split. While in a ring connected stack, the system is able to operate normally with a new daisy chained topology. Note: Establish a stack of ring or daisy chain topology with six T1700G-28TQ switches merge or split occurs, or the stack or the current master is reset. 47 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 58
from 1 to 15. The higher the value is, the more likely the member will be elected as the master. By default, the member priority of the switch is 5. We recommend you manually assign the highest priority value to the switch that you prefer to be the stack master before stack establishment. 2. The - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 59
the number of the slot the interface card is in. For T1700G-28TQ, the front panel ports belong to slot 0. (3) Physical Port Number: The physical port number on the switch which can be obtained through the front panel of the switch. For instance: Port number 2/0/3 indicates the physical port3 on the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 60
member number as the replaced switch. When you add a switch to the switch stack, the stack will allocate a unit ID to the new switch as rules described in Unit Number, and then the new switch will apply either the provisioned configuration or the default configuration. Table 5-1 lists the events - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 61
: Displays the current topology type of the stack. Displays the current MAC address of the stack which usually is the MAC address of the master switch. The stack uses it to communicate with other devices. Stack Member Info Unit ID: New Unit ID: Role: Displays the unit number of the member - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 62
is, the more likely the member will be elected as the master. Displays the current firmware version of the member switch. Displays the device type of the switch. Displays the state of the switch. UNIT: Stack Port: Stack Port Group: Status: Neighbor: Displays the stack ports' information of the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 63
stack member. Specify the device type of the provisioned stack member. Stack Member Config Unit ID: New Unit ID: Role: MAC Address Displays the switch member's current unit number. Configure the new unit number of stack member. The new unit number will go into effect after this stack member - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 64
elected as the new stack master when the current stack master or the switch stack resets. Displays the state of the stack member. UNIT: Stack Port: Stack stack of ring topology with four T1700G-28TQ switches. Network Diagram Configuration Procedure Configure switch A, B, C and D before - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 65
port, please set the parameters appropriate to your needs. Choose the menu Switching→Port→Port Config to load the following page. Figure 6-1 Port Config The physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select: Select the desired port for configuration. - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 66
which is used to manage the switch. 2. By default, the SFP+ ports support 10Gbps connection. You can manually configure it as 1000M for a used to analyze the mirrored packets for monitoring and troubleshooting the network. Choose the menu Switching→Port→Port Mirror to load the following page. Figure - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 67
from the port panel as the mirroring port. Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port as a mirrored port. It is multi-optional. Displays the port number. 57 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 68
the MAC Address Table. When the MAC Address Table is full, the switch will broadcast the packets to all the ports. At this moment, the drop and even breakdown of the system. Port Security is to protect the switch from the malicious MAC Address Attack by limiting the maximum number of MAC addresses - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 69
is selected, the learned MAC address will be out of the influence of the aging time and can only be deleted manually. The learned entries will be cleared after the switch is rebooted. Permanent: When Permanent mode is selected, the learned MAC address will be out of the influence of the 59 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 70
aging time and can only be deleted manually. The learned entries will be saved even the switch is rebooted. Select Enable/Disable the associated with this unit member. Click LAGS to display the information of the link aggregation groups. Port: LAG : Forward Portlist: Displays the port number. - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 71
forward portlist. Figure 6-6 Port Isolation Config 6.1.5 Loopback Detection With loopback detection feature enabled, the switch can detect loops using loopback detection packets. When a loop is detected, the switch will display an alert or further block the corresponding port according to the port - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 72
Choose the menu Switching→Port→Loopback Detection to load the following page. Figure 6-7 Loopback Detection function globally. Set a loopback detection interval between 1 and 1000 seconds. By default, it's 30 seconds. Time after which the blocked port would automatically recover to normal status - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 73
disable Loopback Detection function for the port. Select the mode how the switch processes the detected loops. Alert: When a loop is detected, to manually remove the block status of selected ports. Note: Loopback Detection must coordinate with storm control. 6.2 LAG LAG (Link Aggregation Group - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 74
view the information of the current LAG of the switch. Choose the menu Switching→LAG→LAG Table to load the following page. Figure IP addresses of the packets. DST IP: When this option is selected, the Aggregate Arithmetic will apply to the destination IP addresses of the packets. SRC IP + DST IP - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 75
of the LAG. Click the Detail button for the detailed information of your selected LAG. Figure 6-9 Detailed Information 6.2.2 Static LAG On this page, you can manually configure the LAG. 65 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 76
Choose the menu Switching→LAG→Static LAG to load the following page. Figure 6-10 Manually Config The following entries are displayed link aggregation and disaggregation by exchanging LACP packets with its partner. The switch can dynamically group similarly configured ports into a single logical link - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 77
On this page, you can configure the LACP feature of the switch. Choose the menu Switching→LAG→LACP Config to load the following page. Figure 6-11 LACP determines which link aggregation a link belongs to, and the system with lower priority adds the proper links to the link aggregation according - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 78
Port Priority: Mode: Status: LAG: Click LAGS to configure the link aggregation groups. Select the desired port for LACP configuration. It to monitor the traffic and analyze the network abnormity. Choose the menu Switching→Traffic Monitor→Traffic Summary to load the following page. Figure 6-12 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 79
Click unit number to display the information of the physical ports associated with this unit member. Click LAGS to display the information of the link aggregation groups. Select the desired port for clearing. It is multi-optional. Displays the port number. Displays the number of packets received on - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 80
Choose the menu Switching→Traffic Monitor→Traffic Statistics to load the following page. Figure 6-13 the physical ports associated with this unit member. Click LAGS to display the information of the link aggregation groups. Port: Enter a port number and click the Select button or select the port - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 81
. Address Table contains the port-based MAC address information, which is the base for the switch to forward packets quickly. The entries in the Address Table can be updated by auto-learning or configured manually. Most entries are generated and updated by auto-learning. In the stable networks, the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 82
Address and Filtering Address. 6.4.1 Address Table On this page, you can view all the information of the Address Table. Choose the menu Switching→MAC Address→Address Table to load the following page. Figure 6-14 Address Table The following entries are displayed on this screen: Search Option - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 83
address table maintains the static address entries which can be added or removed manually, independent of the aging time. In the stable networks, the static MAC address entries can facilitate the switch to reduce broadcast packets and remarkably enhance the efficiency of packets forwarding without - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 84
port number of the MAC address is not correct, or the connected port (or the device) has been changed, the switch cannot forward the packets correctly. Please reset the static address entry appropriately. 2. If the MAC address of a device has been added to the Static Address Table, connecting - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 85
Choose the menu Switching→MAC Address→Dynamic Address to load the following page. Figure 6-16 Dynamic Address The following entries are displayed on this screen: Aging Config Auto Aging: - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 86
This decreases the forwarding performance of the switch. It is recommended to keep the default value. 6.4.4 Filtering Address The filtering address is to forbid the undesired packets to be forwarded. The filtering address can be added or removed manually, independent of the aging time. The filtering - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 87
VLAN ID: Port: Type: Aging Status: Displays the corresponding VLAN ID. Here the symbol "--" indicates no specified port. Displays the type of the MAC address. Displays the aging status of the MAC address. Note: The MAC address in the Filtering Address Table cannot be added to the Static Address - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 88
occupy plenty of bandwidth resources, causing potential serious security problems. A Virtual Local Area Network (VLAN) is a different physical network segments. This switch supports 802.1Q VLAN to classify VLANs. VLAN tags in the packets are necessary for the switch to identify packets of different - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 89
is VLAN-tagged. By default, it is 0x8100 in this switch. (2) Priority: Priority Guide, the tagged packet refers to the packet with VLAN tag whereas the untagged packet refers to the packet without VLAN tag, and the priority-tagged packet refers to the packet with VLAN tag whose VLAN ID is 0. Link - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 90
port, indicating the default VLAN to which the port belongs, is an important parameter with the following two purposes: (1) When the switch receives an un-VLAN default VLAN. Different packets, tagged or untagged, will be processed in different ways, after being received by ports of different link - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 91
the tagged ports of the specific VLAN. 7.1.2 Port Config Before creating the 802.1Q VLAN, please acquaint yourself with all the devices connected to the switch in order to configure the ports properly. 81 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 92
this screen: VLAN Port Config UNIT/LAGS: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. PVID: Enter the PVID - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 93
the name for the VLAN. Meanwhile, specify its member ports and the link type of the ports. Optional. On the VLAN→802.1Q VLAN→VLAN . 7.2 Application Example for 802.1Q VLAN Network Requirements Switch A is connecting to PC A and Server B; Switch B is connecting to PC B and Server A; PC - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 94
Config page, create a VLAN with its VLAN ID as 20, owning Port 3 and Port 4. Configure the link type of Port 3 and Port 4 as Tagged and Untagged respectively. Configure Switch B Step 1 Operation Create VLAN10 2 Create VLAN20 Description Required. On VLAN→802.1Q VLAN→VLAN Config page, create - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 95
2. When receiving tagged packet, the switch will process it basing on the 802.1Q VLAN. If the . 3. If the MAC address of a Host is classified into 802.1Q VLAN, please set its connected port of switch to be a member of this 802.1Q VLAN so as to ensure the packets forwarded normally. 7.3.1 MAC VLAN On - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 96
are disabled for MAC VLAN function by default. Configuration Procedure: Step Operation Description the VLAN. Meanwhile, specify its member ports and the link type of the ports. 2 Create MAC VLAN. Required VLAN, it's required to set its connected port of switch to be a member of this VLAN so as - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 97
-70. 5 Port Enable Required. On the VLAN→MAC VLAN→Port Enable page, select and enable Port 11 and Port 12 for MAC VLAN feature. Configure switch B Step Operation 1 Create VLAN10 2 Create VLAN20 Description Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 10 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 98
be sorted by IP, IPX, DECnet, AppleTalk, Banyan and so on. Through the Protocol VLANs, the broadcast domain can span over multiple switches and the Host network clients basing on their actual applications and services effectively. This switch can classify VLANs basing on the common protocol types - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 99
2. When receiving tagged packet, the switch will process it basing on the 802.1Q VLAN. If the received port is the member of the VLAN to which the tagged packet belongs, - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 100
the physical ports of this unit member. Click LAGS to configure the link aggregation groups. 7.5.3 Protocol Template The Protocol Template should be created before configuring the Protocol VLAN. By default, the switch has defined the IP Template, ARP Template, RARP Template, etc. You can add more - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 101
page, click the Create button to create a VLAN. Enter the VLAN ID and the description for the VLAN. Meanwhile, specify its member ports and the link type of the ports. 91 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 102
Department A is connected to the company LAN via Port12 of switch A; Department A has IP host and AppleTalk host; IP host, in VLAN10, is served by IP server while AppleTalk host is served by AppleTalk server; Switch B is connected to IP server and AppleTalk server. Network Diagram 92 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 103
the egress rule of Port 11 as Tagged Port 12 as Untagged. Configure switch B Step Operation 1 Create VLAN10 2 Create VLAN20 3 Create Protocol Template 4 Create →Protocol VLAN→Protocol Group page, create protocol VLAN 10 with Protocol as IP. Select and enable Port 3, Port 4 and Port 5 for Protocol - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 104
to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a local network. Devices running STP discover loops in the network and and all the switches supporting STP receive and process the received BPDUs. BPDUs carry the information that is needed for switches to figure out - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 105
from 1 to 10 seconds. It specifies the interval to send BPDU packets. It is used to test the links. Max. Age: Max. Age ranges from 6 to 40 seconds. It specifies the maximum time the switch can wait without receiving a BPDU before attempting to reconfigure. Forward Delay: Forward Delay ranges from - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 106
is chosen as the root bridge. Selecting the root port and designate port The operation is taken in the following way: Step Operation 1 For each switch (except the one chosen as the root bridge) in a network, the port that receives the BPDU with the highest priority is chosen as the root - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 107
through handshake. RSTP Elements Edge Port: Indicates the port connected directly to terminals. P2P Link: Indicates the link between two switches directly connected. MSTP (Multiple Spanning Tree Protocol), compatible with both STP and RSTP and subject to IEEE 802.1s standard, not only enables - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 108
this bridge to the Root Bridge and forwards packets to the root. Designated Port: Indicates the port that forwards packets to a downstream network segment or switch. Master Port: Indicates the port that connects a MST region to the common root. The path from the master port to the common root is - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 109
STP Config, Port Config, MSTP Instance and STP Security. 8.1 STP Config The STP Config function, for global configuration of spanning trees on the switch, can be implemented on STP Config and STP Summary pages. 8.1.1 STP Config Before configuring spanning trees, you should make clear the roles each - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 110
congestions to be falsely regarded as link problems. A too large max age parameter result in the switches unable to find the link problems in time, which in turn handicaps spanning trees being regenerated in time and makes the network less adaptive. The default value is recommended. 4. If the TxHold - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 111
8.1.2 STP Summary On this page you can view the related parameters for Spanning Tree function. Choose the menu Spanning Tree→STP Config→STP Summary to load the following page. Figure 8-5 STP Summary 101 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 112
to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port for STP configuration. It is multi-optional. Displays the port number of the switch. Select Enable /Disable STP function for the desired port. Enter a value from 0 to 240 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 113
Port: Indicates the port that forwards packets to a downstream network segment or switch. Master Port: Indicates the port that connects a MST region to the point links. If the physical link of a port is not a point-to-point link and you forcibly configure the link as a point-to-point link, - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 114
8.3.1 Region Config On this page you can configure the name and revision of the MST region. Choose the menu Spanning Tree→MSTP Instance→Region Config to load the following page. Figure 8-7 Region Config The following entries are displayed on this screen: Region Config Region Name: Revision: - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 115
Instance ID for configuration. It is multi-optional. Displays Instance ID of the switch. Displays status of the instance. Enter the priority of the switch in the instance. It is an important criterion on determining if the switch will be chosen as the root bridge in the specific instance. Enter the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 116
configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port to specify its priority and path cost. It is multi-optional. Displays the port number of the switch. Enter the priority of the port in the instance. It is an - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 117
maintains the states of ports by receiving and processing BPDU packets from the upstream switch. However, when link congestions or link failures occurred to the network, a down stream switch does not receive BPDU packets for certain period, which results in spanning trees being regenerated and - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 118
state and stops forwarding packets (as if it is disconnected from the link). The port resumes the normal state if it does not receive any MSTP provides BPDU protect function. With this function enabled on the switch, the switch shuts down the edge ports that receive BPDUs and reports these - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 119
port for port protect configuration. It is multi-optional. Displays the port number of the switch. Loop Protect is to prevent the loops in the network brought by recalculating STP because of link failures and network congestions. Root Protect is to prevent wrong network topology change caused by - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 120
specify the TC Protect Cycle. The default value is 5. 8.5 Application Example for STP Function Network Requirements Switch A, B, C, D and E all support MSTP function. A is the central switch. B and C are switches in the convergence layer. D, E and F are switches in the access layer. There - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 121
Switch A: Step Operation Description 1 Configure ports On VLAN→802.1Q VLAN→VLAN Config page, configure the link type of the related ports as Tagged, and add the ports to VLAN101-VLAN106. The detailed instructions configure the region as TP-LINK and keep the default revision setting. 4 Configure - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 122
configure the region as TP-LINK and keep the default revision setting. 4 Configure Switch C: Step Operation Description 1 Configure ports On VLAN→802.1Q VLAN→VLAN Config page, configure the link type of the related ports as Tagged, and add the ports to VLAN101-VLAN106. The detailed instructions - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 123
Switch D: Step Operation Description 1 Configure ports On VLAN→802.1Q VLAN→VLAN Config page, configure the link type of the related ports as Tagged, and add the ports to VLAN101-VLAN106. The detailed instructions configure the region as TP-LINK and keep the default revision setting. 4 Configure - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 124
Suggestion for Configuration Enable TC Protect function for all the ports of switches. Enable Root Protect function for all the ports of root bridges. Enable Loop Protect function for the non-edge ports. Enable BPDU Protect function or - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 125
users requiring this information is not certain, unicast and broadcast deliver a low efficiency. Multicast solves this problem. It can deliver a high efficiency to send data in the point to multi-point service, which can save large bandwidth and reduce the network load. In multicast, the packets are - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 126
begins with 01-00-5E while the low-order 23 bits of a multicast MAC address are the low-order 23 bits of the multicast IP address. The mapping relationship is described as Figure 9-2. Figure 9-2 Mapping relationship between multicast IPv4 address and multicast MAC address The high-order 4 bits of - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 127
value used to limit the scope of the multicast group. The values are as follows: Value 0、3、F 1 2 4 5 6、7、9~D 8 E Indication reserved Interface-Local scope Link-Local scope Admin-Local scope Site-Local scope unassigned Organization-local scope Global scope Table 9-2 Indications of the Scope 117 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 128
usually used for obtaining the Layer 2 link-layer addresses of neighboring nodes within the local-link or applied in IPv6 Duplicate Address Detection. MAC address are the low-order 32 bits of the IPv6 multicast IP address. The mapping relationship is described as the following figure: Figure - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 129
are 0x3333, identifying the IPv6 multicast group. The low-order 32 bits of the IPv6 multicast IP address are mapped to the multicast MAC address. Multicast Address Table The switch is forwarding multicast packets based on the multicast address table. As the transmission of multicast packets - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 130
router port time specified; if the receiving port is already a router port, its router port time will be directly reset. When receiving IGMP group-specific-query message, the switch will send the group-specific query message to the members of the multicast group being queried. 2. IGMP Report Message - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 131
IGMP query message from the router port, it will consider this port is not a router port any more. The default value is 300 seconds. Member Port Time: Within the time, if the switch does not receive IGMP report message from the member port, it will consider this port is not a member port - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 132
the aging time of the router port. Within this time, if the switch does not receive IGMP query message from the router port, it will consider Specify the aging time of the member port. Within this time, if the switch does not receive IGMP report message from the member port, it will consider this - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 133
the link aggregation groups. Select the desired port for IGMP snooping feature configuration. It is multi-optional. Displays the port of the switch. the desired port. If Fast Leave is enabled for a port, the switch will immediately remove this port from the multicast group upon receiving IGMP leave - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 134
Fast Leave on the port is effective only when the host supports IGMPv2 or IGMPv3. 2. When Fast Leave feature is enabled Within this time, if the switch doesn't receive IGMP report message from the member port, it will consider this port is not a member port any more. By default, it is 0 and the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 135
this multicast information and deliver each VLAN owning a receiver one copy. This mode wastes a lot of bandwidth. The problem above can be solved by configuring a multicast VLAN. By adding switch ports to the multicast VLAN and enabling IGMP snooping, you can make users in different VLANs share the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 136
consider this port is not a router port any more. Member Port Time: Specify the aging time of the member port. Within this time, if the switch doesn't receive IGMP report message from the member port, it will consider this port is not a member port any more. Dynamic Router Ports: Static Router - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 137
Required. Enable IGMP snooping globally on the switch and for the port on Multicast→IGMP VLAN→802.1Q VLAN→VLAN Config page. Configure the link type of the router ports as Tagged. Optional. Enable VLAN page. It is recommended to keep the default time parameters. If it is successfully configured, the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 138
link type as Tagged, and add it to VLAN3, VLAN4 and VLAN5. For port 4, configure its link type as Untagged, and add it to VLAN3 and VLAN4. For port 5, configure its link the other parameters as default on Multicast→IGMP Snooping→ 9.1.5 Querier Config In an IP multicast network that runs IGMP - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 139
create and maintain multicast forwarding table on the switch with the Query messages it generates. Choose the Querier. General Query Source IP: Enter the source IP of the general query frame sent by IGMP Snooping Querier. It should not be a multicast IP or a broadcast IP. IGMP Snooping Querier - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 140
be a number between 1 and 999. Mode: The attributes of the profile. Permit: Only permit the IP address within the IP range and deny others. Deny: Only deny the IP address within the IP range and permit others. Search Option Search Option: Select the rules for displaying profile entries - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 141
entry for configuration. Index: Displays index of the IP-range which is not configurable. Start IP: Displays the start IP address of the IP-range. End IP: Displays the end IP address of the IP-range. 9.1.7 Profile Binding When the switch receives IGMP report message, it examines the profile - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 142
and Max Group Binding UNIT/LAGS: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select: Select the desired entry for configuration. Port: It is multi-optional. Displays the port number. Profile ID: The existing - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 143
table on Multicast→IGMP Snooping→Profile Config page to configure the mode or IP-range of the Profile. Optional. Configure Profile Binding for ports on Multicast you can view the multicast data traffic on each port of the switch, which facilitates you to monitor the IGMP messages in the network. - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 144
of the switch. Query Packet: Displays the number of query packets the port received. Report Packet (V1): Displays the number of IGMPv1 report packets the port received. Report Packet (V2): Displays the number of IGMPv2 report packets the port received. Report Packet (V3 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 145
switch port that links toward the multicast members. 3. Timers Router Port Aging Time: Within this time, if the switch does not receive MLD queries from the router port, it will delete this port from the router port list. The default aging time will be directly reset. 5. Membership Report The host - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 146
packets refer to those packets without corresponding forwarding entries in the IPv6 multicast table: When unknown multicast filter is enabled, the switch will discard all received unknown IPv6 multicast packets; When unknown multicast filer is disabled, all unknown IPv6 multicast packets are flooded - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 147
member port does not receive Report Message in the aging time, it will be aged. Enter the interval between the switch sends out MASQs. Enter the number of MASQs that the switch sends before aging out a multicast address when there is no MLD report response. Displays MLD snooping status. Displays the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 148
to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the port you want to configure. Displays the port number. . If Fast Leave is enabled for a port, the switch will immediately remove this port from the multicast group upon receiving MLD done - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 149
: Router Ports: Specify the aging time of the router port. Within this time, if the switch don't receive MLD query message from the router port, it will consider this port is not a router port any more. By default, it is 0 and the global router-time will be used. Specify the aging time - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 150
this multicast information and deliver each VLAN owning a receiver one copy. This mode wastes a lot of bandwidth. The problem above can be solved by configuring a multicast VLAN. By adding switch ports to the multicast VLAN and enabling MLD snooping, you can make users in different VLANs share the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 151
of the member port. Within this time, if the switch doesn't receive MLD report message from the member port cannot receive multicast streams. 3. Configure the link type of the router port in the and manage the multicast table. But MLD is not supported by the devices in Layer 2 network. MLD Snooping - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 152
General Query Message within this interval. Enter the value of Maximum Response Time of the Query message. Enter the Query Message source IP address. It is FE80::02FF:FFFF:FE00:0001 by default. MLD Snooping Querier List Select: VLAN ID: Query Interval: Max Response Time: General Query Source - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 153
and it should range from 1 to 999. The attributes of the profile. Permit: Only permit the IP address within the IP range and deny others. Deny: Only deny the IP address within the IP range and permit others. Search Option Search Option: Select the rules for displaying profile entries. All - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 154
entry for configuration. Index: Displays index of the IP-range which is not configurable. Start IP: Displays the start IP address of the IP-range. End IP: Displays the end IP address of the IP-range. 9.2.7 Profile Binding When the switch receives MLD report message, it examines the profile - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 155
: Port: Profile ID: Max Group: Overflow Action: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select the desired port for multicast filtering. It is multi-optional. The port to be bound. The existing Profile ID bound to - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 156
on Multicast→MLD Snooping→Profile Config page to configure the mode or IP-range of the Profile. 3 Configure Profile Binding Optional. Configure Profile Packet Statistics On this page you can view the MLD packets the switch received. It helps you to monitor the MLD snooping function. Choose the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 157
specify the auto fresh period. UNIT: Port: Query Packet: Report Packet (V1): Report Packet (V2): Done Packet: Error Packet: Click unit number to you can view the information of the multicast groups already on the switch. Multicast IP addresses range from 224.0.0.0 to 239.255.255.255. The range for - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 158
VLAN ID the desired entry must carry. Forward Port: Enter the port number the desired entry must carry. Multicast IP Table Multicast IP: VLAN ID: Displays multicast IP address. Displays the VLAN ID of the multicast group. Forward Port: Type: Displays the forward port of the multicast group - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 159
entries you want to configure. Displays multicast IP address. Displays the VLAN ID of the multicast group. Displays the forward port of the multicast group. 9.3.3 IPv6 Multicast Table This page displays the multicast groups which are already on the switch. Choose the menu Multicast→Multicast Table - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 160
Enter the port number the desired entry must carry. Displays the multicast IP. Displays the VLAN ID. Displays the forward ports of the group. on this screen: Create Static Multicast Multicast IP: VLAN ID: Forward Port: Enter the multicast IP address the desired entry must carry. Enter the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 161
Search Option Search Option: Select the rule for displaying multicast IP table. All: Displays all static multicast IP entries. Multicast IP: Enter the multicast IP address the desired entry must carry. VLAN ID: Enter the VLAN ID the desired entry must carry. Forward Port: Enter the port - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 162
The Routing module is mainly for routing management configuration of the switch, including four submenus: Interface, Routing Table, Static Routing and ARP or port channel. IP Address Mode: IP Address: Specify IP Address allocation mode. None: without ip. Static: setup manually. DHCP: - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 163
IP address allocation mode. None: without ip. Static: setup manually. DHCP: allocated through DHCP. BOOTP: allocated through BOOTP. Displays the IP status is up when admin status is enabled, line protocol is up and IP Address is set. You can configure the interface by clicking the Edit, - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 164
ID, loopback interface, routed port or port-channel. View and modify the IP address allocation mode. None: without ip. Static: setup manually. DHCP: allocated through DHCP. BOOTP: allocated through BOOTP. View and modify the IP address of the interface. View and modify the subnet mask of the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 165
IP address allocation mode. None: without ip. Static: setup manually. DHCP: allocated through DHCP. BOOTP: allocated through BOOTP. Displays the IP , line protocol is up and IP address is set. Displays the line protocol status, which is up if any up-link port is connected to the interface - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 166
. 10.3 Static Routing Static routes are special routes manually configured by the administrator and cannot change automatically with the to modify. Displays the destination IP address of the packets. Displays the subnet mask of the destination IP address. Displays the IP address to which the packet - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 167
ARP on this page. Choose the menu Routing→ARP→Static ARP to load the following page. ARP Config IP Address: MAC Address: ARP Table Select: IP Address: Figure 10-5 Static ARP Specify the IP address of ARP entry. Specify the MAC address of ARP entry. Specify the static ARP entries to modify - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 168
MAC Address: Displays the MAC address of ARP entry. Return to CONTENTS 158 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 169
congested, the problem that many packets compete for resources must be solved, usually in the way of queue scheduling. The switch supports four schedule modes: SP, WRR, SP+WRR and Equ. Priority Mode This switch implements three priority modes based on port, on 802.1P and on DSCP. By default, the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 170
switch processes untagged packets based on the default priority mode. 3. DSCP Priority Figure 11-3 IP datagram As shown in the figure above, the ToS (Type of Service) in an IP non-IP datagram are mapped based on port priority mode. Schedule Mode When the network is congested, the problem that many - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 171
service time for each queue is not fixed, that is to say, if a queue is empty, the next queue will be scheduled. In this way, the bandwidth resources are made full use of. The default 0 to 127. In this way, when scheduling queues, the switch allows TC7 and zero-weight-value queue to occupy the whole - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 172
and then forwards the packets according to specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms. The port priorities are labeled as CoS0, CoS1... CoS7. The DiffServ - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 173
link aggregation groups. Select the desired port to configure its priority. It is multi-optional. Displays the physical port number of the switch. page you can select a schedule mode for the switch. When the network is congested, the problem that many packets compete for resources must be solved, - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 174
value for each queue. The weight values of TC0-TC7 can be customized and their default values are 1:2:4:8:16:32:64:127 respectively. SP+WRR-Mode: Strict-Priority + Weight Round Robin Mode. In this mode, the switch provides two scheduling groups, SP group and WRR group. SP group is processed prior - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 175
On this page you can configure DSCP priority. DSCP (DiffServ Code Point) is a new definition to IP ToS field given by IEEE. This field is used to divide IP datagram into 64 priorities. When DSCP Priority is enabled, IP datagram are mapped to different priority levels based on DSCP priority mode; non - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 176
Select: Select the desired DSCP value for DSCP priority configuration. It is multi-optional. DSCP: Indicates the priority determined by the DS region of IP datagram. It ranges from 0 to 63. Priority: Indicates the 802.1P priority the packets with tag are mapped to. The priorities are labeled as - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 177
configure the link aggregation groups. Select the desired port for Rate configuration. It is multi-optional. Displays the port number of the switch. Configure the bandwidth for receiving packets on the port. You can select a rate from the dropdown list or manually set Ingress - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 178
will be disabled for this port. 2. When manually set Ingress/Egress rate, the system will automatically to ensure the switch works normally. 11.2.2 Storm Control Storm Control function allows the switch to filter broadcast, LAGS to configure the link aggregation groups. Select: Select the desired - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 179
: Mulitcast Rate Mode: Multicast: UL-Frame Rate Mode: UL-Frame: LAG: Displays the port number of the switch. Enable or disable the PPS mode. Select the broadcast rate mode, pps mode is invalid if the PPS is several manufacturers. The following OUI addresses are preset of the switch by default. 169 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 180
VLAN Mode Voice Stream Type Link type of the port and processing mode TAG voice stream Automatic Mode Untagged: Not supported. Tagged: Supported. The default VLAN of the port cannot be voice VLAN. UNTAG voice Untagged: Supported. stream Tagged: Not supported. Manual Mode TAG voice stream - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 181
Security Mode of Voice VLAN When voice VLAN is enabled for a port, you can configure its security mode to filter data stream. If security mode is enabled, the port just forwards voice packets, and discards other packets whose source MAC addresses do not match OUI addresses. If security mode is - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 182
displayed on this screen: Port Config UNIT/LAGS: Click unit number to configure the physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select: Select the desired port for voice VLAN configuration. It is multi-optional. 172 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 183
switch automatically adds a port to the voice VLAN or removes a port from the voice VLAN by checking whether the port receives voice data or not. Manual: In this mode, you can manually . 11.3.3 OUI Config The switch supports OUI creation and adds the MAC address of the special voice device to the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 184
page, click the Create button to create a VLAN. 2 Add OUI address Optional. On QoS→Voice VLAN→OUI Config page, you can check whether the switch is supporting the OUI template or not. If not, please add the OUI address. 3 Configure the parameters Required. On QoS→Voice VLAN→Port Config page, of - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 185
time-ranges. The ACL module is mainly for ACL configuration of the switch, including four submenus: Time-Range, ACL Config, Policy Config and data packets can be filtered by differentiating the time-ranges. On this switch absolute time, week time and holiday can be configured. Configure an absolute - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 186
12.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figure 12-2 Time-Range Create Note: To successfully configure time-ranges, please firstly specify time-slices and then time-ranges. The following entries - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 187
are matched in match order. Once a rule is matched, the switch processes the matched packets taking the operation specified in the rule without performance of the switch. The ACL Config function can be implemented on ACL Summary, ACL Create, MAC ACL, Standard-IP ACL and Extend-IP ACL pages. 12 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 188
Choose the menu ACL→ACL Config→ACL Summary to load the following page. Figure 12-4 ACL Summary The following entries are displayed on this screen: Search Option Select ACL: Select the ACL you have created ACL Type: Displays the type of the ACL you select. Rule Order: Displays the rule - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 189
ID: Enter the rule ID. Operation: S-MAC: Select the operation for the switch to process packets which match the rules. Permit: Forward packets. Deny strictly match the address. 12.2.4 Standard-IP ACL Standard-IP ACLs analyze and process data packets based on a series of match conditions, - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 190
The following entries are displayed on this screen: Create Extend-IP ACL ACL ID: Select the desired Extend-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: S-IP: Select the operation for the switch to process packets which match the rules. Permit: Forward packets. Deny - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 191
contained in the rule when TCP/UDP is selected from the pull-down list of IP Protocol. Configure TCP/IP destination port contained in the rule when TCP/UDP is selected from the pull-down list of IP Protocol. 12.3 Policy Config A Policy is used to control the data packets those match the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 192
Figure 12-10 Create Policy The following entries are displayed on this screen: Create Policy Policy Name: Enter the name of the policy. 12.3.3 Action Create On this page you can add ACLs for the policy. Choose the menu ACL→Policy Config→Action Create to load the following page. Figure 12-11 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 193
12.4.1 Binding Table On this page view the ACL bound to port/VLAN. Choose the menu ACL→ACL Binding→Binding Table to load the following page. Figure 12-12 Binding Table The following entries are displayed on this screen: Search Option Show Mode: Select a show mode appropriate to your needs. - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 194
12.4.2 Port Binding On this page you can bind a ACL to a port. Choose the menu ACL→ACL Binding→Port Binding to load the following page. Figure 12-13 Bind the policy to the port The following entries are displayed on this screen: Port-Bind Config ACL ID: Select the ID of the ACL you want to - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 195
12.4.3 VLAN Binding On this page you can bind an ACL to a VLAN. Choose the menu ACL→ACL Binding→VLAN Binding to load the following page. Figure 12-14 Bind the policy to the VLAN The following entries are displayed on this screen: VLAN-Bind Config ACL ID: Select the ID of the ACL you want to - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 196
12.5.1 Binding Table On this page view the policy bound to port/VLAN. Choose the menu ACL→Policy Binding→Binding Table to load the following page. Figure 12-15 Binding Table The following entries are displayed on this screen: Search Option Show Mode: Select a show mode appropriate to your - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 197
12.5.2 Port Binding On this page you can bind a policy to a port. Choose the menu ACL→ACL Binding→Port Binding to load the following page. Figure 12-16 Bind the policy to the port The following entries are displayed on this screen: Port-Bind Config Policy Name: Select the name of the policy - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 198
12.5.3 VLAN Binding On this page you can bind a policy to a VLAN. Choose the menu ACL→Policy Binding→VLAN Binding to load the following page. Figure 12-17 Bind the policy to the VLAN The following entries are displayed on this screen: VLAN-Bind Config Policy Name: Select the name of the policy - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 199
3. The staff of the marketing department can access to the Internet but cannot visit the forum. 4. The R&D department and marketing department cannot communicate with each other. Network Diagram Configuration Procedure Step Operation 1 Configure for requirement 1 Description On ACL→ACL - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 200
ACL→ACL Config→ACL Create page, create ACL 500. On ACL→ACL Config→Standard-IP ACL page, select ACL 500, create Rule 1, configure operation as Deny, configure S-IP as 10.10.70.0 and mask as 255.255.255.0, configure D-IP as 10.10.50.0 and mask as 255.255.255.0. On ACL→ACL - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 201
network access and only allow the Hosts matching the bound entries to access the network. The following three IP-MAC Binding methods are supported by the switch. (1) Manually: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 202
entries. Note: Among the entries with Critical collision level, the one with the highest Source priority will take effect. 13.1.2 Manual Binding You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the related information of the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 203
Binding The following entries are displayed on this screen: Manual Binding Option Host Name: Enter the Host Name. IP Address: Enter the IP Address of the Host. MAC Address: Enter the MAC Address of the Host. VLAN ID: Enter the VLAN ID. Protect Type: Select the Protect Type - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 204
of the Host on Data link layer, is necessary for the packet to reach the very device. So the destination IP address carried in a packet switch to send the ARP request packets of the specified IP field to the Hosts in the LAN or VLAN. Upon receiving the ARP reply packet, the switch can get the IP - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 205
unit member. Select: Select the desired entry to be deleted or bound. It is multi-optional. Host Name: Displays the Host Name here. IP Address: Displays the IP Address of the Host. MAC Address: Displays the MAC Address of the Host. VLAN ID: Displays the VLAN ID here. Port: Displays the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 206
developed basing on the BOOTP, functions to solve the above mentioned problems. DHCP Working Principle DHCP works via the "Client/Server" Server provides three IP address assigning methods: (1) Manually assign the IP address: Allows the administrator to bind the static IP address to the specific - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 207
location of the DHCP Client. Upon receiving the DHCP-REQUEST packet, the switch adds the Option 82 to the packet and then transmits the packet to account management of Client. The Server supported Option 82 also can set the distribution policy of IP addresses and the other parameters according to - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 208
least a sub-option should be defined. This switch supports two sub-options: Circuit ID and Remote ID in the network, network confusion and security problem will happen. The common cases incurring DHCP server is manually configured by the user by mistake. (2) Hacker exhausted the IP addresses of the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 209
of which the DHCP Snooping function is enabled. Option 82 Config Option 82 Support: Existed Option 82 field: Enable/Disable the Option 82 feature. Select the operation field of the packets with the switch defined one. Drop: Indicates to discard the packets including the Option 82 field. 199 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 210
physical ports of this unit member. Click LAGS to configure the link aggregation groups. Select: Select your desired port for configuration. It specify the maximum amount of DHCP messages that can be forwarded by the switch of this port per second. The excessive DHCP packets will be discarded. - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 211
Circuit ID: LAG: Enter the sub-option circuit ID for the customized Option 82 field. Displays the LAG to which the port belongs to. 13.3 ARP Inspection According to the ARP Implementation Procedure stated in 13.1.3 ARP Scanning, it can be found that ARP protocol can facilitate the Hosts in the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 212
this false destination MAC address for packets, which results in a breakdown of the normal communication. Cheating Terminal Hosts The attacker sends the false IP address-to-MAC address mapping entries of terminal Host/Server to another terminal Host, which causes that the two terminal Hosts in the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 213
Figure 13-12 ARP Attack - Cheating Terminal Hosts As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 214
with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; a dramatic slowdown of network speed. Meantime, the Gateway learns the false IP address-to-MAC address mapping entries from these ARP packets and updates its - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 215
ARP Detect ARP Detect feature enables the switch to detect the ARP packets basing on the bound entries in the IP-MAC Binding Table and filter the illegal as up-linked port, routing port and LAG port, should be set as Trusted Port. To ensure the normal communication of the switch, please configure - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 216
ID and the connected Port connected Port number of number of the Host together via Manual Binding, ARP the Host together. Scanning or DHCP Snooping. 2 Enable the protection for the Required. On the Network Security→IP-MAC bound entry. Binding→Binding Table page, specify a protect type for the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 217
The following entries are displayed on this screen: ARP Defend UNIT: Select: Port: Defend: Speed(10-100)pps: Current Speed(pps): Status LAG: Operation: Click unit number to configure the physical ports of this unit member. Select your desired port for configuration. It is multi-optional. - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 218
is an ARP Trusted Port or not. Illegal ARP Packet: Displays the number of the received illegal ARP packets. 13.4 DoS Defend DoS (Denial of Service) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 219
With DoS Defend function enabled, the switch can analyze the specific fields of the IP packets and distinguish the malicious DoS attack packets. Upon detecting the packets, the switch will discard the illegal packets directly and limit the transmission rate of the legal packets if the over legal - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 220
issues of wireless LANs. It was then used in Ethernet as a common access control mechanism for LAN ports to solve mainly authentication and security problems. 802.1X is a port-based network access control protocol. It authenticates and controls devices requesting for access in terms of the ports of - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 221
1X-supported network device, such as this TP-LINK switch. It provides the physical or logical port for the supplicant system to access the LAN and authenticates the supplicant system. (3) Authentication Server System: The authentication server system is an entity that provides authentication service - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 222
to allow them successfully reach the authentication server. This mode normally requires the RADIUS server to support the two fields of EAP: the EAP-message field and the Message-authenticator field. This switch supports EAP-MD5, EAP-TLS, EAP-TTLS and EAP-PEAP authentication way for the EAP relay - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 223
. And then the switch will monitor the status of supplicant by sending hand-shake packets periodically. By default, the switch will force the supplicant , PAP or CHAP is employed between the switch and the RADIUS server. This switch supports the PAP terminating mode. The authentication procedure - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 224
do not pass the authentication to access the specific network resource. By default, all the ports connected to the supplicants belong to a VLAN, not sent any response back, the switch will then add these ports into the Guest VLAN according to their link types. Only when the corresponding user passes - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 225
Handshake feature. The Handshake feature is used to detect the connection status of the TP-LINK 802.1X Client with the switch. Please disable Handshake feature if you are using other client software instead of TP-LINK 802.1X Client. Guest VLAN: Guest VLAN ID: Enable/Disable the Guest VLAN feature - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 226
Choose the menu Network Security→802.1X→Port Config to load the following page. Figure 13-22 Port Config The following entries are displayed on this screen: Port Config UNIT: Select: Port: Status: Guest VLAN: Control Mode: Control Type: Authorized: LAG: Click unit number to configure the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 227
The default port is 1812. Key Modify: Select to modify the authentication key. Auth Key: Set the shared password for the switch and the authentication servers to exchange messages. Accounting Config Accounting: Enable/Disable the accounting feature. Primary IP: Secondary IP: Enter the IP - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 228
takes effect only when it is enabled globally on the switch and for the port. 2. The 802.1X function cannot TP-LINK 802.1X Client provided on the CD. Please refer to the software guide in the same directory with the software for more information. 3 Configure the 802.1X Required. By default - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 229
Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP provides a management frame to monitor and maintain the among SNMP Network Elements SNMP Versions This switch supports SNMP v3, and is compatible with SNMP v1 and SNMP v2c. The SNMP versions adopted by - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 230
a password. SNMP v2c: SNMP v2c also adopts community name authentication. It is compatible with SNMP v1 while enlarges the function of SNMP v1. SNMP v3: Based on SNMP v1 and SNMP v2c, SNMP v3 extremely enhances the security and manageability. It adopts VACM (View-based Access Control Model) and USM - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 231
for SNMP Management Station to access the SNMP Agent, functioning as the password. SNMP module is used to configure the SNMP function of the switch, including three submenus: SNMP Config, Notification and RMON. 14.1 SNMP Config The SNMP Config can be implemented on the Global Config, SNMP View, SNMP - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 232
ID characters must be even. 14.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to manage MIB - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 233
Name is used for authentication. SNMP v1 can be configured on the SNMP Community page directly. v2c: SNMPv2c is defined for the group. In this model, the Community Name is used for authentication. SNMP v2c can be configured on the SNMP Community page directly. v3: SNMPv3 is defined for the group - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 234
in the entry and click the Modify button to apply. Note: Every Group should contain a Read View. The default Read View is viewDefault. 14.1.4 SNMP User The User in a SNMP Group can manage the switch via the management station software. The User and its Group have the same security level and access - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 235
, Security Model and Security Level. Select the Security Model for the User. Select the Security Level for the SNMP v3 User. Select the Authentication Mode for the SNMP v3 User. None: No authentication method is used. MD5: The port authentication is performed via HMAC-MD5 algorithm. SHA: The - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 236
the same Security Model and Security Level. 14.1.5 SNMP Community SNMP v1 and SNMP v2c adopt community name authentication. The community name can limit from SNMP network management station, functioning as a password. If SNMP v1 or SNMP v2c is employed, you can directly configure the SNMP Community - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 237
button to modify the MIB View and the Access right of the Community, and then click the Modify button to apply. Note: The default MIB View of SNMP Community is viewDefault. Configuration Procedure: If SNMPv3 is employed, please take the following steps: Step Operation 1 Enable SNMP function - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 238
default OID is 1. Configure access level for the User. Create SNMP Community directly. Create SNMP Group and SNMP User. Required alternatively. Create SNMP Community directly. On the SNMP→SNMP Config→SNMP Community page, create SNMP Community based on SNMP v1 reply. The switch will resend - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 239
than the Trap type. Specify the amount of times the switch resends an inform request. The switch will resend the inform request if it doesn't get the UDP port functions with the IP address for the notification sending. The default is 162. Select the IP mode of the IP address. Select the Security - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 240
v3 User. Displays the type of the notifications. Displays the amount of times the switch resends an inform request. Displays the maximum time for the switch between management station and managed agent. RMON Group This switch supports the following four RMON Groups defined on the RMON standard ( - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 241
The RMON Groups can be configured on the Statistics, History, Event and Alarm pages. 14.3.1 Statistics On this page you can configure and view the statistics entry. Choose the menu SNMP→RMON→Statistics to load the following page. Figure 14-9 Statistics The following entries are displayed on this - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 242
. Max Buckets: Displays the maximum number of buckets desired for the RMON history group of statistics, ranging from 1 to 130. The default is 50 buckets. 130 buckets supported at most so far. Owner: Enter the name of the device or user that defined the entry. Status: Select Enable/Disable the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 243
14.3.3 Event On this page, you can configure the RMON events. Choose the menu SNMP→RMON→Event to load the following page. Figure 14-11 Event Config The following entries are displayed on this screen: Event Table Select: Select the desired entry for configuration. Index: Displays the index - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 244
14.3.4 Alarm Config On this page, you can configure Statistic Group and Alarm Group for RMON. Choose the menu SNMP→RMON→Alarm to load the following page. Figure 14-12 Alarm Config The following entries are displayed on this screen: Alarm Config Select: Select the desired entry for configuration - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 245
Alarm Type: Interval: Owner: Status: Specify the type of the alarm. All: The alarm event will be triggered either the sampled value exceeds the Rising Threshold or is under the Falling Threshold. Rising: When the sampled value exceeds the Rising Threshold, an alarm event is triggered. Falling - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 246
to locate and solve the network problem. (1) System Monitor: Monitor the utilization status of the memory and the CPU of switch. (2) Log: View the configuration parameters of the switch and find out the errors via the Logs. (3) Device Diagnostics: Cable Test tests the connection status of the cable - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 247
to monitor and display its Memory utilization rate every four seconds. 15.2 Log The Log system of switch can record, classify and manage the system information effectively, providing powerful support for network administrator to monitor network operation and diagnose malfunction. The Logs of - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 248
Table 15-1 Log Level The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages. 15.2.1 Log Table The switch supports logs output to two directions, namely, log buffer and log file. The information in log buffer will be lost after the - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 249
displays logs in the log buffer, and at most 512 logs are displayed. 15.2.2 Local Log Local Log is the log information saved in switch. By default, the logs with severities from level_0 to level_6 are saved in log buffer and the logs with severities from level_0 to level_3 are saved in - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 250
Log Host The following entries are displayed on this screen: Log Host Index: Displays the index of the log host. The switch supports 4 log hosts. Host IP: Configure the IP for the log host. UDP Port: Displays the UDP port used for receiving/sending log information. Here we use the standard - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 251
wait without any operation. 15.3 Device Diagnostics This switch provides Cable Test for device diagnose. 15.3.1 Cable Test Cable Test functions to test the connection status of the cable connected to the switch, which facilitates you to locate and diagnose the trouble spot of the network. 241 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 252
Test to load the following page. Figure 15-7 Cable Test The following entries are displayed on this screen: Cable Test testing. Displays the Pair number. Displays the connection status of the cable connected to the port. The test 1. The interval between two cable tests for one port must be more - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 253
on this screen: Ping Config Destination IP: Enter the IP address of the destination node for Ping test. Both IPv4 and IPv6 are supported. Ping Times: Data Size: Interval: Enter the amount of times to send test data during Ping testing. The default value is recommended. Enter the size of - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 254
15-9 Tracert The following entries are displayed on this screen: Tracert Config Destination IP: Enter the IP address of the destination device. Both IPv4 and IPv6 are supported. Max Hop: Specify the maximum number of the route hops the test data can pass through. Return to CONTENTS 244 - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 255
. 5 or above 1000Base-T: 4-pair UTP (≤100m) of Cat. 5e, Cat.6 or above 1000Base-X: MMF or SMF SFP Module (Optional) PWR, SYS, Master, Link/Act, 1000Mbps, 25-28, Unit ID LED Transmission Method Store and Forward Packets Forwarding Rate 10BASE-T: 14881pps/port 100BASE-TX: 148810pps/port 1000BASE - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 256
) BOOTP is used to provide bootup information for network devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file. Class of Service (CoS) CoS is supported by prioritizing packets based on the required level of - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 257
Switching A process whereby the switch filters incoming multicast frames for services forwhich no attached host has registered, or forwards them to all ports contained within the designated multicast group. Layer 2 Data Link mirrored to a monitor port for troubleshooting with a logic analyzer or RMON - TP-Link T1700G-28TQ | T1700G-28TQ V1 User Guide - Page 258
for any loops. A loop can often occur in complicated or backup linked network systems. Spanning Tree detects and directs data along the shortest switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
 |
 |
T1700G-28TQ
JetStream 24-Port Gigabit Stackable
Smart Switch with 4 10GE SFP+ Slots
REV1.0.0
1910011379