TP-Link T2500-28TCTL-SL5428E T2500-28TCUN V1 User Guide
TP-Link T2500-28TCTL-SL5428E Manual
 |
View all TP-Link T2500-28TCTL-SL5428E manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link T2500-28TCTL-SL5428E manual content summary:
- TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 1
T2500-28TC (TL-SL5428E) 24-Port 10/100Mbps + 4-Port Gigabit JetStream L2 Managed Switch REV1.0.0 1910011796 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 2
. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 3
't disassemble the product, or make repairs yourself. You run the risk of electric shock and voiding the limited warranty. If you need service, please contact us. Avoid water and wet locations. Explanation of the symbols on the product label Symbol Explanation AC voltage RECYCLING This - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 4
CONTENTS Package Contents ...1 Chapter 1 About This Guide ...2 1.1 Intended Readers...2 1.2 Conventions ...2 1.3 Overview of This Guide 3 Chapter 2 Introduction ...7 2.1 Overview of the Switch 7 2.2 Appearance Description 7 2.2.1 Front Panel ...7 2.2.2 Rear Panel ...8 Chapter 3 Login to the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 5
5.1.1 Port Config ...39 5.1.2 Port Mirror...40 5.1.3 Port Security ...41 5.1.4 Port Isolation ...43 5.1.5 Loopback Detection 44 5.2 DDM ...45 5.2.1 DDM Config ...45 5.2.2 Temperature Threshold 46 5.2.3 Voltage Threshold 47 5.2.4 Bias Current Threshold 48 5.2.5 Tx Power Threshold 48 5.2.6 Rx - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 6
6.5 Application Example for MAC VLAN 78 6.6 Application Example for Protocol VLAN 79 6.7 VLAN VPN...81 6.7.1 VPN Config...82 6.7.2 VLAN Mapping 82 6.7.3 Port Enable...83 6.8 Private VLAN...85 6.8.1 PVLAN Config 88 6.8.2 Port Config ...89 6.9 GVRP ...91 6.10 Application Example for Private VLAN - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 7
9.1 DHCP Relay ...138 Chapter 10 Multicast...142 10.1 IGMP Snooping ...146 10.1.1 Snooping Config 147 10.1.2 VLAN Config...148 10.1.3 Port Config ...149 10.1.4 IP-Range ...151 10.1.5 Multicast VLAN 152 10.1.6 Static Multicast IP 155 10.1.7 Packet Statistics 156 10.1.8 Querier Config 157 10.1.9 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 8
VLAN Binding 199 12.5 Application Example for ACL 200 Chapter 13 Network Security...202 13.1 IP-MAC Binding...202 13.1.1 Binding Table 202 13.1.2 Manual Binding 203 13.1.3 ARP Scanning 205 13.2 DHCP Snooping ...206 13.2.1 DHCP Snooping 210 13.2.2 Option 82 ...211 13.3 ARP Inspection...212 13 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 9
13.6.1 Global Config 226 13.6.2 Port Config ...228 13.7 AAA ...229 13.7.1 Global Config 230 13.7.2 Privilege Elevation 231 13.7.3 RADIUS Server Config 231 13.7.4 TACACS+ Server Config 232 13.7.5 Authentication Server Group Config 233 13.7.6 Authentication Method List Config 234 13.7.7 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 10
15.4.2 Port Config ...268 15.4.3 Local Info ...271 15.4.4 Neighbor Info 272 Chapter 16 Cluster...274 16.1 NDP ...275 16.1.1 Neighbor Info 275 16.1.2 NDP Summary 276 16.1.3 NDP Config...278 16.2 NTDP...279 16.2.1 Device Table ...279 16.2.2 NTDP Summary 281 16.2.3 NTDP Config 282 16.3 Cluster ... - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 11
switch One power cord One console cable Two mounting brackets and other fittings Installation Guide Resource CD for T2500-28TC switch, including: • This User Guide • The CLI Reference Guide • SNMP Mibs • 802.1X Client Software • Other Helpful Information Note: Make sure that the package - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 12
language, and Internet service provider. All screenshots, images, parameters and descriptions documented in this guide are used for Download Center at http://www.tp-link.com/support. The Installation Guide (IG) can be found where you find this guide or inside the package of the switch. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 13
products at http://forum.tp-link.com. Our Technical Support contact information can be found at the Contact Technical Support page at http://www.tp-link.com/support. 1.3 Overview of This Guide Chapter Chapter 1 About This Guide Chapter 2 Introduction Chapter 3 Login to the switch Chapter 4 System - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 14
with VLAN tags of private networks to be encapsulated with VLAN tags of public networks at the network access terminal of the Internet Service Provider. GVRP: GVRP allows the switch to automatically add or remove the VLANs via the dynamic VLAN registration information and propagate the local - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 15
is used to configure QoS function to provide different quality of service for various network applications and requirements. Here mainly introduces: control mechanism for LAN ports to solve mainly authentication and security problems. AAA: Configure the AAA function protect the device from - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 16
This module is used to configure LLDP function to provide information for SNMP applications to simplify troubleshooting. Here mainly introduces: Basic Config: Configure the LLDP parameters of the device. via FTP function. Lists the glossary used in this manual. Lists the glossary used in this - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 17
, T2500-28TC from TP-LINK provides wire-speed performance and full set of layer 2 management features. It provides a variety of service features and multiple powerful functions with high security. The EIA-standardized framework and smart configuration capacity can provide flexible solutions for - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 18
can also ground the switch through the PE (Protecting Earth) cable of AC cord or with Ground Cable. For detail information, please refer to Installation Guide. AC Power Socket: Connect the female connector of the power cord here, and the male connector to the AC power outlet. Please make sure the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 19
Chapter 3 Login to the Switch 3.1 Login 1. To access the configuration utility, open a web-browser and type in the default address http://192.168.0.1 in the address field of the browser, then press the Enter key. Figure 3-1 Web-browser Tips: To log in to the switch, the IP address of your PC should - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 20
Figure 3-3 Main Setup-Menu Note: Clicking Apply can only make the new configurations effective before the switch is rebooted. If you want to keep the configurations effective even the switch is rebooted, please click Save Config. You are suggested to click Save Config before cutting off the power or - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 21
Chapter 4 System The System module is mainly for system configuration of the switch, including four submenus: System Info, User Management, System Tools and Access Security. 4.1 System Info The System Info, mainly for basic properties configuration, can be implemented on System Summary, Device - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 22
Indicates the 1000Mbps port is at the speed of 1000Mbps. Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. Indicates the SFP port is not connected to a device. Indicates the SFP port is at the speed of 1000Mbps. Indicates the SFP port is at the speed of 100Mbps. When the cursor moves - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 23
. On this page you can configure the system time and the settings here will be used for other time-based functions like ACL. You can manually set the system time, get UTC automatically if it has connected to an NTP server or synchronize with PC's clock as the system time. Choose - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 24
and time of the switch. Current Time Source: Displays the current time source of the switch. Time Config Manual: When this option is selected, you can set the date and time manually. Get Time from NTP Server: Synchronize with PC'S Clock: When this option is selected, you can configure the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 25
Figure 4-6 Daylight Saving Time The following entries are displayed on this screen: DST Config DST Status: Predefined Mode: Recurring Mode: Date Mode: Enable or Disable DST. Select a predefined DST configuration: USA: Second Sunday in March, 02:00 - First Sunday in November, 02:00. Australia - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 26
Web management page to operate the switch using this IP Address. The switch supports three modes to obtain an IP address: Static IP, DHCP and BOOTP is selected, you should enter IP Address, Subnet Mask and Default Gateway manually. DHCP: When this option is selected, the switch will obtain network - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 27
address size from 32 bits to 128 bits; this solves the IPv4 address exhaustion problem. IPv6 features IPv6 has the following features: 1. Adequate address space: The configuration: To simplify the host configuration, IPv6 supports stateful and stateless address configuration. Stateful address - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 28
In addition, a host can generate a link-local address on basis of its own link-layer address and the default prefix (FE80::/64) to communicate with other hosts on the link. 6. Enhanced neighbor discovery mechanism: The IPv6 neighbor discovery protocol is a group of Internet control message protocol - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 29
Multicast address: An identifier for a set of interfaces (typically belonging to different nodes), similar to an IPv4 multicast address. A packet sent to a multicast address is delivered to all interfaces identified by that address. There are no broadcast addresses in IPv6. Their function is - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 30
Figure 4-8 Global Unicast Address Format An interface ID is used to identify interfaces on a link. The interface ID must be unique to the link. It may also be unique over a broader scope. In many cases, an interface ID will be the same as or based on the link-layer address of an interface. Interface - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 31
Note: You can configure multiple IPv6 addresses per interface, but only one link-local address. IPv6 Neighbor Discovery The IPv6 neighbor discovery process uses ICMP messages and solicited-node multicast addresses to determine the link-layer address of a neighbor on the same network (local link), - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 32
RA messages typically include the following information: One or more onlink IPv6 prefixes that nodes on the local link can use to automatically configure their IPv6 addresses Lifetime information for each prefix included in the advertisement Sets of flags that indicate the type of - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 33
-local Address Config Config Mode: Link-local Address: Select the link-local address configuration mode. Manual: When this option is selected, you should assign a link-local address manually. Auto: When this option is selected, the switch will generate a link-local address automatically. Enter - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 34
DHCPv6 Server: When this option is enabled, the system will try to obtain the global address from the DHCPv6 Server. Add a global address manually Address Format: Global Address: You can select the global address format according to your requirements. EUI-64: Indicates that you only need to - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 35
access the switch using this address. Tips: After adding a global IPv6 address to your switch manually here, you can configure your PC's global IPv6 address in the same subnet with the switch Web management pages contained in this guide are subject to the admin's login without any explanation. 25 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 36
Choose the menu System→User Management→User Config to load the following page. Figure 4-12 User Config The following entries are displayed on this screen: User Info User Name: Create a name for users' login. Access Level: Password: Select the access level to login. Admin: Admin can edit, - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 37
4.3.1 Config Restore On this page you can upload a backup configuration file to restore your switch to this previous configuration. Choose the menu System→System Tools→Config Restore to load the following page. Figure 4-13 Config Restore The following entries are displayed on this screen: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 38
The following entries are displayed on this screen: Config Backup Backup Config: Click the Backup Config button to save the current configuration as a file to your computer. You are suggested to take this measure before upgrading. Note: It will take a few minutes to back up the configuration. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 39
Note: To avoid damage, please don't turn off the device while rebooting. 4.3.5 System Reset On this page you can reset the switch to the default. All the settings will be cleared after the switch is reset. Choose the menu System→System Tools→System Reset to load the following page. Figure 4-17 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 40
Choose the menu System→Access Security→Access Control to load the following page. Figure 4-18 Access Control The following entries are displayed on this screen: Access Control Config Control Mode: IP Address&Mask: MAC Address: Select the control mode for users to log on to the Web management - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 41
through ecommerce and online banking. SSL mainly provides the following services: 1. Authenticate the users and the servers based on the to trusted certificates or continue to this website. The switch also supports HTTPS connection for IPv6. After configuring an IPv6 address (for example - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 42
On this page you can configure the SSL function. Choose the menu System→Access Security→SSL Config to load the following page. Figure 4-19 SSL Config The following entries are displayed on this screen: Global Config SSL: Enable/Disable the SSL function on the switch. Certificate Download - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 43
the client sends authentication request to the server for login, and then the two can communicate with each other after successful authentication. This switch supports SSH server and you can log on to the switch via SSH connection using SSH client software. SSH key can be downloaded into the switch - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 44
Key File: Download: Select the desired key file to download. Click the Download button to down the desired key file to the switch. Note: 1. Please ensure the key length of the downloaded file is in the range of 256 to 3072 bits. 2. After the Key File is downloaded, the user's original key of the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 45
Application Example 2 for SSH: Network Requirements 1. Log on to the switch via key authentication using SSH and the SSH function is enabled on the switch. 2. PuTTY client software is recommended. Configuration Procedure 1. Select the key type and key length, and generate SSH key. Note: 1. The - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 46
2. After the key is successfully generated, please save the public key and private key to the computer. 3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Note: 1. The key type should accord with the type of the key file. 2. The SSH key - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 47
5. Click Browse to download the private key file to SSH client software and click Open. After successful authentication, please enter the login user name. If you log on to the switch without entering password, it indicates that the key has been successfully loaded. 37 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 48
only be configured through the console connection. For complete information about how to configure the Privileged EXEC Mode password, please refer to the CLI Reference Guide in the provided Resource CD. Return to CONTENTS 38 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 49
Chapter 5 Switching Switching module is used to configure the basic functions of the switch, including four submenus: Port, DDM, LAG, Traffic Monitor and MAC Address. 5.1 Port The Port function, allowing you to configure the basic features for the port, is implemented on the Port Config, Port Mirror - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 50
a specific port (mirroring port). Usually, the mirroring port is connected to a data diagnose device, which is used to analyze the mirrored packets for monitoring and troubleshooting the network. Choose the menu Switching→Port→Port Mirror to load the following page. Figure 5-2 Port Mirror Config 40 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 51
The following entries are displayed on this screen. Mirroring Port Mirroring Port: Select a port from the pull-down list as the mirroring port. When disable is selected, the Port Mirror feature will be disabled. Mirrored Port Port Select: Click the Select button to quick-select the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 52
. • Static: When Static mode is selected, the learned MAC address will be out of the influence of the aging time and can only be deleted manually. The learned entries will be cleared after the switch is rebooted. • Permanent: When Permanent mode is selected, the learned MAC address will be out of - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 53
Note: 1. The Port Security function is disabled for the LAG port member. Only the port is removed from the LAG, will the Port Security function be available for the port. 2. The Port Security function is disabled when the 802.1X function is enabled. 5.1.4 Port Isolation Port Isolation provides a - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 54
5.1.5 Loopback Detection With loopback detection feature enabled, the switch can detect loops using loopback detection packets. When a loop is detected, the switch will display an alert or further block the corresponding port according to the port configuration. Choose the menu Switching→Port→ - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 55
the port status whether a loopback is detected. Displays the port status about block or unblock. Displays the LAG number the port belongs to. Manually remove the block status of selected ports. Note: 1. Recovery Mode is not selectable when Alert is chosen in Operation Mode. 2. Loopback Detection - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 56
Choose the menu Switching→DDM→DDM Config to load the following page. Figure 5-6 DDM Config The following entries are displayed on this screen: Port Config Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. DDM Status: Select Enable/ - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 57
The following entries are displayed on this screen: Port Config Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. High Alarm: This is the highest threshold for the alarm. When the operating parameter rises above this value, action - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 58
High Warning: Low Warning: LAG: This is the highest threshold for the warning. When the operating parameter rises above this value, action associated with the warning will be taken. This is the lowest threshold for the warning. When the operating parameter falls below this value, action associated - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 59
Figure 5-10 Tx Power Threshold The following entries are displayed on this screen: Port Config Select: Select the desired port for configuration. It is multi-optional. Port: Displays the port number. High Alarm: This is the highest threshold for the alarm. When the operating parameter rises - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 60
Port: High Alarm: Low Alarm: High Warning: Low Warning: LAG: Displays the port number. This is the highest threshold for the alarm. When the operating parameter rises above this value, action associated with the alarm will be taken. This is the lowest threshold for the alarm. When the operating - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 61
5.3 LAG LAG (Link Aggregation Group) is to combine a number of ports together to make a single high-bandwidth data path, so as to implement the traffic load sharing among the member ports in the group and to enhance the connection reliability. For the member ports in an aggregation group, their - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 62
Choose the menu Switching→LAG→LAG Table to load the following page. Figure 5-13 LAG Table The following entries are displayed on this screen: Global Config Hash Algorithm: Select the applied scope of aggregate hash arithmetic, which results in choosing a port to transfer the packets. • SRC MAC - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 63
information of your selected LAG. Figure 5-14 Detail Information 5.3.2 Static LAG On this page, you can manually configure the LAG. The LACP feature is disabled for the member ports of the manually added Static LAG. Choose the menu Switching→LAG→Static LAG to load the following page. Figure 5-15 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 64
LAG Table Member Port: Select the port as the LAG member. Clearing all the ports of the LAG will delete this LAG. Tips: 1. The LAG can be deleted by clearing its all member ports. 2. A port can only be added to a LAG. If a port is the member of a LAG or is dynamically aggregated as the LACP - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 65
Choose the menu Switching→LAG→LACP Config to load the following page. Figure 5-16 LACP Config The following entries are displayed on this screen: Global Config System Priority: Specify the system priority for the switch. The system priority and MAC address constitute the system identification ( - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 66
Status: LAG: Enable/Disable the LACP feature for your selected port. Displays the LAG number which the port belongs to. 5.4 Traffic Monitor The Traffic Monitor function, monitoring the traffic of each port, is implemented on the Traffic Summary and Traffic Statistics pages. 5.4.1 Traffic Summary - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 67
Packets Tx: Octets Rx: Octets Tx: Statistics: Displays the number of packets transmitted on the port. Displays the number of octets received on the port. The error octets are counted in. Displays the number of octets transmitted on the port. Click the Statistics button to view the detailed traffic - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 68
, which is the base for the switch to forward packets quickly. The entries in the Address Table can be updated by auto-learning or configured manually. Most the entries are generated and updated by auto-learning. In the stable networks, the static MAC address entries can facilitate the switch to - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 69
(if the configuration is saved) MAC address and the port Static Manually No Yes Address configuring Table The bound MAC address cannot be learned can be learned by the other ports in the same VLAN. Filtering Manually No Yes - Address configuring Table Table 5-1 Types and features of - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 70
Aging status of the MAC address. 5.5.2 Static Address The static address table maintains the static address entries which can be added or removed manually, independent of the aging time. In the stable networks, the static MAC address entries can facilitate the switch to reduce broadcast packets and - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 71
The following entries are displayed on this screen: Create Static Address MAC Address: Enter the static MAC Address to be bound. VLAN ID: Enter the corresponding VLAN ID of the MAC address. Port: Select a port from the pull-down list to be bound. Search Option Search Option: Select a - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 72
On this page, you can configure the dynamic MAC address entry. Choose the menu Switching→MAC Address→Dynamic Address to load the following page. Figure 5-21 Dynamic Address The following entries are displayed on this screen: Aging Config Auto Aging: Allows you to Enable/Disable the Auto Aging - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 73
value. 5.5.4 Filtering Address The filtering address is to forbid the undesired packets to be forwarded. The filtering address can be added or removed manually, independent of the aging time. The filtering MAC address allows the switch to filter the packets which includes this MAC address as the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 74
Filtering Address Table Select: Select the entry to delete the corresponding filtering address. It is multi-optional. MAC Address: Displays the filtering MAC Address. VLAN ID: Displays the corresponding VLAN ID. Port: Here the symbol "__" indicates no specified port. Type: Displays the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 75
occupy plenty of bandwidth resources, causing potential serious security problems. A Virtual Local Area Network (VLAN) is a That is, hosts in a VLAN can belong to different physical network segment. This switch supports three ways, namely, 802.1Q VLAN, MAC VLAN and Protocol VLAN, to classify VLANs. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 76
the inbound port for the packet, and the packet will be assigned to the default VLAN of the inbound port for transmission. In this User Guide, the tagged packet refers to the packet with VLAN tag whereas the untagged packet refers to the packet without VLAN tag, and the priority-tagged - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 77
PVID PVID (Port VLAN ID) is the default VID of the port. When the switch receives an un-VLAN-tagged packet, it will add a VLAN tag to the packet according to the PVID of its received port and forward the packets. When creating VLANs, the PVID of each port, indicating the default VLAN to which the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 78
To ensure the normal communication of the factory switch, the default VLAN of all ports is set to VLAN1. The following entries are displayed on this screen: VLAN Table VLAN ID Select: Click the Select button to quick-select the corresponding entry based on the VLAN ID number you entered. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 79
The following entries are displayed on this screen: VLAN Config VLAN ID: Description: Check: Enter the ID number of VLAN. Give a description to the VLAN for identification. Click the Check button to check whether the VLAN ID you entered is valid or not. VLAN Members Port Select: Select: Port - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 80
Choose the menu VLAN→802.1Q VLAN→Port Config to load the following page. Figure 6-5 802.1Q VLAN - Port Config The following entries are displayed on this screen: VLAN Port Config Port Select: Click the Select button to quick-select the corresponding entry based on the port number you entered. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 81
Click the Detail button to view the information of the corresponding VLAN. Figure 6-6 View the Current VLAN of Port The following entries are displayed on this screen: VLAN of Port VLAN ID Select: Click the Select button to quick-select the corresponding entry based on the VLAN ID number you - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 82
received port. Thus, the packet is assigned automatically to the corresponding VLAN for transmission. 2. When receiving tagged packet, the switch will process it basing on the 802.1Q VLAN. If the received port is the member of the VLAN to which the tagged packet belongs, the packet will be forwarded - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 83
role always effective. By creating Protocol VLANs, the network administrator can manage the network clients basing on their actual applications and services effectively. This switch can classify VLANs basing on the common protocol types listed in the following table. Please create the Protocol - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 84
Protocol Type IPX IS-IS LACP 802.1X Type value 0x8137 0x8000 0x8809 0x888E Table 6-2 Protocol types in common use The packet in Protocol VLAN is processed in the following way: 1. When receiving an untagged packet, the switch matches the packet with the current Protocol VLAN. If the packet is - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 85
Protocol VLAN Table Select: Protocol: Ether Type: VLAN ID: Operation: Select the desired entry. It is multi-optional. Displays the protocol template of the VLAN. Displays the Ethernet protocol type field in the protocol template. Displays the corresponding VLAN ID of the protocol. Click the Edit - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 86
6.3.3 Port Enable On this page, you can enable the port for the Protocol VLAN feature. Only the port is enabled, can the configured Protocol VLAN take effect. Choose the menu VLAN→Protocol VLAN→Port Enable to load the following page. Figure 6-11 Enable Protocol VLAN for Port Select your desired - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 87
Switch B is connecting to PC B and Server A; PC A and Server A is in the same VLAN; PC B and Server B is in the same VLAN; PCs in the two VLANs cannot communicate with each other. Network Diagram Configuration Procedure Configure switch A Step 1 2 3 Operation Description Configure - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 88
6.5 Application Example for MAC VLAN Network Requirements Switch A and switch B are connected to meeting room A and meeting room B respectively, and the two rooms are for all departments; Notebook A and Notebook B, special for meeting room, are of two different departments; The two - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 89
Step Operation Description 4 Configure MAC On VLAN→MAC VLAN→MAC VLAN page, create MAC VLAN10 with VLAN 10 the MAC address as 00-19-56-8A-4C-71. 5 Configure MAC On VLAN→MAC VLAN→MAC VLAN page, create MAC VLAN10 with VLAN 20 the MAC address as 00-19-56-82-3B-70. 6 Port Enable Required. On the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 90
IP host, in VLAN10, is served by IP server while AppleTalk host is served by AppleTalk server; Switch B is connected to IP server and AppleTalk server. Network Diagram Configuration Procedure Configure switch A Step Operation Description 1 Configure the Required. On VLAN→802.1Q VLAN→ - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 91
of public networks at the network access terminal of the Internet Service Provider. And these packets will be transmitted with double-tag across work normally without changing the current configurations. In addition, the switch supports the feature to adjust the TPID Values of VLAN VPN Packets. TPID - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 92
Protocol type LACP 802.1X Value 0x8809 0x888E Table 6-3 Values of Ethernet frame protocol type in common use This VLAN VPN function is implemented on the VPN Config, VLAN Mapping and Port Enable pages. 6.7.1 VPN Config This page allows you to enable the VPN function, adjust the global TPID for - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 93
ID number of the Customer VLAN. C VLAN refers to the VLAN to which the packet received by switch belongs. Enter the ID number of the Service Provider VLAN. Give a description to the VLAN Mapping entry or leave it blank. C VLAN Select: Select: Operation: Click the Select button to quick-select the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 94
configure the VLAN Mapping entries basing on the actual application. 5 Create SP (Service Optional. On the VLAN→802.1Q VLAN page, create the Provider) VLAN. →VLAN VPN→Port Enable page, enable VLAN Mapping function for the ports. (Service Optional. On the VLAN→802.1Q VLAN page, create the SP VLAN. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 95
providers usually require that each individual user is layer-2 separated. VLAN feature can solve this problem. However, as stipulated by IEEE 802.1Q protocol, a device can only support up to 4094 VLANs. If a service provider assigns one VLAN per user, the VLANs will be far from enough; as a result - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 96
Packets from different Secondary VLANs can be forwarded to the uplink device via promiscuous port and carry no corresponding Secondary VLAN information. Packets from Primary VLANs can be sent to end users via host port and carry no Primary VLAN information. Private VLAN is designed to save VLAN - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 97
Port Port5 Port2 Port3 PVID 5 2 3 Allowed VLANs VLAN5 VLAN2 VLAN3 Table 6-4 Port settings before configuration synchronization Port Port5 Port2 Port3 PVID 5 2 3 Allowed VLANs VLAN2, 3, 5 VLAN2, 5 VLAN2, 5 Table 6-5 Port settings after configuration synchronization MAC address duplication: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 98
Packet forwarding in Private VLAN The Private VLAN packet forwarding process (here we take traffic transmission for PC2) based on the figure above is illustrated as follows: 1) PC2 sends out its first upstream packet with the source MAC as mac_2 and the destination MAC as mac_a. This packet is - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 99
Choose the menu VLAN→Private VLAN→PVLAN Config to load the following page. Figure 6-16 Create Private VLAN The following entries are displayed on this screen: Create Private VLAN Primary VLAN: Enter the ID number of the Primary VLAN. Secondary VLAN: Enter the ID number of the Secondary VLAN. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 100
Choose the menu VLAN→Private VLAN→Port Config to load the following page. Figure 6-17 Create and View Protocol Template The following entries are displayed on this screen: Port Config Port: Select the desired port for configuration. Port Type: Select the Port Type from the pull-down list for - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 101
Step Operation 4 Delete VLAN. Description Optional. On the VLAN→Private VLAN→PVLAN Config page, select the desired entry to delete the corresponding VLAN by clicking the Delete button. 6.9 GVRP GVRP (GARP VLAN Registration Protocol) is an implementation of GARP (generic attribute registration - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 102
• LeaveAll Timer: Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveAll message after the timer times out, so that other GARP entities can re-register all the attribute information on this entity. After that, the entity restarts the LeaveAll timer to begin a new cycle. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 103
Choose the menu VLAN→GVRP→GVRP Config to load the following page. Figure 6-18 GVRP Config Note: If the GVRP feature is enabled for a member port of LAG, please ensure all the member ports of this LAG are set to be in the same status and registration mode. The following entries are displayed on - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 104
LeaveAll Timer: Join Timer: Leave Timer: LAG: Once the LeaveAll Timer is set, the port with GVRP enabled can send a LeaveAll message after the timer times out, so that other GARP ports can re-register all the attribute information. After that, the LeaveAll timer will start to begin a new cycle. The - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 105
Network Diagram Configuration Procedure Configure switch A Step 1 Operation Create VLAN6 Description Required. On VLAN→802.1Q VLAN→VLAN Config page, create a VLAN with its VLAN ID as 6, owning Port 1. Configure switch B Step 1 2 3 4 Operation Description Create Private Required. On - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 106
Configure switch C Step 1 2 3 4 Operation Description Create Private Required. On the VLAN→Private VLAN→PVLAN Config page, VLANs. Enter the Primary VLAN 6 and Secondary VLAN 2-3, and then click the Create button. Add Promiscuous port to Private VLANs Required. On the VLAN→Private VLAN→ - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 107
devices. To implement spanning tree function, the switches in the network transfer BPDUs between each other to exchange information and all the switches supporting STP receive and process the received BPDUs. BPDUs carry the information that is needed for switches to figure out the spanning tree - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 108
Figure 7-1 Basic STP diagram STP Timers Hello Time: Hello Time ranges from 1 to 10 seconds. It specifies the interval to send BPDU packets. It is used to test the links. Max. Age: Max. Age ranges from 6 to 40 seconds. It specifies the maximum time the switch can wait without receiving a BPDU - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 109
Step Operation 1 If the priority of the BPDU received on the port is lower than that of the BPDU if of the port itself, the switch discards the BPDU and does not change the BPDU of the port. 2 If the priority of the BPDU is higher than that of the BPDU of the port itself, the switch replaces - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 110
can transit to forwarding state after getting response from the downstream switch through handshake. RSTP Elements Edge Port: Indicates the port connected directly to terminals. P2P Link: Indicates the link between two switches directly connected. MSTP (Multiple Spanning Tree Protocol), compatible - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 111
Port States In an MSTP, ports can be in the following four states: Forwarding: In this status the port can receive/forward data, receive/send BPDU packets as well as learn MAC address. Learning: In this status the port can receive/send BPDU packets and learn MAC address. Blocking: In this - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 112
Choose the menu Spanning Tree→STP Config→STP Config to load the following page. Figure 7-4 STP Config The following entries are displayed on this screen: Global Config STP: Enable/Disable STP function globally on the switch. Version: Select the desired STP version on the switch. STP: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 113
in the switches regenerating spanning trees frequently and cause network congestions to be falsely regarded as link problems. A too large max age parameter result in the switches unable to find the link problems in time, which in turn handicaps spanning trees being regenerated in time and makes the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 114
7.2 Port Config On this page you can configure the parameters of the ports for CIST Choose the menu Spanning Tree→Port Config to load the following page. Figure 7-6 Port Config The following entries are displayed on this screen: Port Config Port Select: Select: Port: Status: Priority: ExtPath: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 115
Port Role: Port Status: LAG: Displays the role of the port played in the STP Instance. Root Port: Indicates the port that has the lowest path cost from this bridge to the Root Bridge and forwards packets to the root. Designated Port: Indicates the port that forwards packets to a downstream - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 116
Figure 7-7 Region Config The following entries are displayed on this screen: Region Config Region Name: Revision: Create a name for MST region identification using up to 32 characters. Enter the revision from 0 to 65535 for MST region identification. 7.3.2 Instance Config Instance - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 117
Select: Instance: Status: Priority: VLAN ID: Clear: Select the desired Instance ID for configuration. It is multi-optional. Displays Instance ID of the switch. Displays status of the instance. Enter the priority of the switch in the instance. It is an important criterion on determining if the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 118
Figure 7-9 Instance Port Config The following entries are displayed on this screen: Port Config Instance ID: Port Select: Select: Port: Priority: Path Cost: Port Role: Port Status: LAG: Select the desired instance ID for its port configuration. Click the Select button to quick-select the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 119
Global configuration Procedure for Spanning Tree function: Step Operation Description 1 Make clear roles the switches Preparation. play in spanning tree instances: root bridge or designated bridge 2 Globally configure MSTP Required. Enable Spanning Tree function on the switch parameters - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 120
its position and network topology jitter to occur. In this case, flows that should travel along high-speed links may lead to low-speed links, and network congestion may occur. To avoid this, MSTP provides root protect function. Ports with this function enabled can only be set as designated ports in - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 121
Figure 7-10 Port Protect The following entries are displayed on this screen: Port Protect Port Select: Select: Port: Loop Protect: Root Protect: TC Protect: BPDU Protect: BPDU Filter: LAG: Click the Select button to quick-select the corresponding port based on the port number you entered. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 122
to 10 to specify the TC Protect Cycle. The default value is 5. 7.5 Application Example for STP Function Network Requirements Switch A, B, C, D and E all support MSTP function. A is the central switch. B and C are switches in the convergence layer. D, E and F are switches in the access layer - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 123
related ports as Trunk, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function ports as Trunk, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 124
related ports as Trunk, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function ports as Trunk, and add the ports to VLAN101-VLAN106. The detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 125
The configuration procedure for switch E and F is the same with that for switch D. The topology diagram of the two instances after the topology is stable For Instance 1 (VLAN 101, 103 and 105), the red paths in the following figure are connected links; the gray paths are the blocked links. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 126
Chapter 8 Ethernet OAM OAM Overview Ethernet OAM (Operation, Administration, and Maintenance) is a Layer 2 protocol for monitoring and troubleshooting Ethernet networks. It can report the network status to network administrators through the OAMPDUs exchanged between two OAM entities, facilitating - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 127
requests. Interconnected OAM entities notify the peer of their OAM configuration information and the OAM capabilities of the local nodes to support OAM by exchanging Information OAMPDUs, and then determine if OAM connections can be established. Only when the settings concerning Loopback, link - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 128
the peer entity for 5 seconds. Link Monitoring Link Monitoring is for detecting and locating link faults under a variety of circumstances. When there are problems detected on the link, the device will send its remote peer the Event Notification OAMPDUs to report link events. The link events are - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 129
of the link faults and take action in time. Remote Loopback Remote loopback helps to ensure the quality of links during installation or when troubleshooting. After the OAM connection is established, the active OAM entity can put its OAM peer into loopback mode using a loopback control OAMPDU. With - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 130
Figure 8-4 Basic Config The following entries are displayed on this screen: Basic Config Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Select: Select the desired port for configuration. It is multi-optional. Mode: State: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 131
. Displays the maximum size of the OAMPDU. Displays whether the local client supports remote loopback function. Displays whether the local client supports unidirectional OAM operation. Some devices support unidirectional OAM operation. These devices provide an OAMPDU-based mechanism to notify the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 132
: Variable Request: PDU Revision: Operation Status: Loopback Status: Displays whether the local client supports link monitoring function. Displays whether the local client supports variable request. If supports, the local client can send some variable requests to the remote client to learn about - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 133
Variable Request: PDU Revision: Vendor Information: Displays whether the remote client supports variable request. Displays the TLV revision of the OAMPDU. Displays the vender information of the remote client. 8.2 Link Monitoring On this page, you can configure - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 134
Threshold: Window: Notify: Specify the threshold for the selected link event. For Symbol Period Error, it is the number of error symbols in the period that is required to be exceeded. For Frame Error, it is the number of error frames in the period (measured by 100ms) that is required to be - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 135
Select: Dying Gasp Notify: Critical Event Notify: Select the desired port for configuration. It is multi-optional. Choose whether to notify the dying gasp or not. Choose whether to notify the critical event or not. 8.4 Remote Loopback On this page, you can initiate remote loopback if the OAM - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 136
Remote Loopback: To start or stop the remote loopback. 8.5 Statistics You can view the statistics about the detailed Ethernet OAM traffic information and event log information of a specific port here. 8.5.1 Statistics On this page, you can view the detailed Ethernet OAM traffic information of a - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 137
Variable Request OAMPDUs: Variable Response OAMPDUs: Loopback Control OAMPDUs: Organization Specific OAMPDUs: Unsupported OAMPDUs: Frames Lost Due To OAM: Displays the number of variable request OAMPDUs that have been transmitted or received on the port. Displays the number of variable response - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 138
device through the link layer, but the peer device cannot receive packets from the local device. Unidirectional links can cause a variety of problems, such as spanning-tree topology loops. Once detecting a unidirectional link, DLDP can shut down the related port automatically or inform users. DLDP - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 139
, the link will be tagged as unidirectional and the DLDP state will transit from Probe to Disable. This port will be shut down automatically or manually (depending on the Shut Mode configured). 129 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 140
packets and the port shutdown mode. You can also configure the refresh frequency of the port states and reset the certain port's DLDP state manually. Choose the menu Ethernet OAM→ DLDP→ DLDP to load the following page. Figure 8-12 DLDP Config The following entries are displayed on this screen - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 141
specified port in the Port Config table. 3 Configure Shut Mode. Optional. On the Ethernet OAM→DLDP→DLDP page, configure the Shut Mode as Auto or Manual under the Global Config tab. 4 Reset DLDP state. Optional. On the Ethernet OAM→DLDP→DLDP page, select the specified ports or select all the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 142
2. The unidirectional link should be disconnected once being detected, and the ports shut down by DLDP can be restored after the fiber pairs are correctly connected. Network Diagram Figure 8-13 DLDP Application Example Configuration Procedure Step Operation Description 1 Enable DLDP globally - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 143
After these four ports are correctly connected, select ports 1/0/27 and 1/0/28 in the Port Config table and click the Reset button to restore their state from Disable. Return to CONTENTS 133 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 144
is always designed to supply hosts with the configuration parameters in three policies. 1) Manual Assignment: For the specific DHCP clients (e.g., web server), the configuration parameters are manually specified by the administrator and are assigned to these clients via a DHCP server. 2) Automatic - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 145
The Process of DHCP DHCP uses UDP as its transport protocol. DHCP messages from a client to a server are sent to the 'DHCP server' port (67), and DHCP messages from a server to a client are sent to the 'DHCP client' port (68). DHCP clients and servers both construct DHCP messages by filling in - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 146
for the fields given in the figure will be used throughout this document to refer to the fields in DHCP messages. Figure 9-3 The Format of DHCP Message 1) op:Message type, '1' = BOOT-REQUEST, '2' = BOOT-REPLY. 2) htype:Hardware address type, '1' for ethernet. 3) hlen:Hardware address length, '6' for - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 147
DNS option is option 6, and it assigns the IP address of domain name server to the client which allows the client can use the web service in the internet. 4) option 12:Host Name option. The option12 is used to specify the name of the client, which may be requested by the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 148
DHCP option, please refer to RFC 2132. 9.1 DHCP Relay The switch supports DHCP relay function, and in this section, DHCP relay function on this server are unable to obtain their IP addresses dynamically. DHCP relay agent solves the problem. With the help of a relay agent, a DHCP client can request an - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 149
82 is defined, at least one sub-option should be defined. This Switch supports two sub-options, Circuit ID and Remote ID. Since there is no universal packets from DHCP Clients. Furthermore these two parameters also can be manually configured. The format of Option 82 defined on the switch by default - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 150
DHCP Relay: Enable or disable the DHCP Relay function. Option 82 configuration Configure the Option 82 which cannot be assigned by the switch. Option 82 Support: Enable or disable the Option 82 feature. 140 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 151
the DHCP server. Name: Displays the name of the DHCP server. Configuration Procedure: Step Operation 1 Enable DHCP Relay. 2 Configure Option 82 support. 3 Configure DHCP Server. Description Required. On the DHCP→DHCP Relay→DHCP Relay page, enable the DHCP Relay function. Optional. On the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 152
users requiring this information is not certain, unicast and broadcast deliver a low efficiency. Multicast solves this problem. It can deliver a high efficiency to send data in the point to multi-point service, which can save large bandwidth and reduce the network load. In multicast, the packets are - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 153
IPv4 Multicast Address 1. IPv4 Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as destination addresses of multicast packets. The multicast IP addresses range from 224.0.0.0-239.255.255.255. The following table displays the range and - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 154
Flags have 4 bits. The high-order flag is reserved, and must be initialized to 0. T=0 indicates a permanently-assigned multicast address assigned by the Internet Assgined Numbers Authority (IANA). T=1 indicates a non-permanently-assigned multicast address. Scope is a 4-bit value used to limit the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 155
The IPv6 solicited-node multicast address has the prefix FF02:0:0:0:0:1:FF00:0000/104 concatenated with the 24 low-order bits of a corresponding IPv6 unicast or anycast address. 2. IPv6 Multicast MAC Address The high-order 16 bits of an IPv6 multicast MAC address begins with 0x3333 while the low- - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 156
selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. The list is constructed and maintained by snooping IPv6 multicast control packets. MLD snooping performs a similar function in IPv6 as IGMP snooping in IPv4. The Multicast module - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 157
times out. The host, running IGMPv2 or IGMPv3, sends IGMP leave message when leaving a multicast group to inform the multicast router of its leaving. When receiving IGMP leave message, the switch will forward IGMP group-specific-query message to check if other members in the multicast group of the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 158
The following entries are displayed on this screen: Global Config IGMP Snooping: Enable/Disable IGMP Snooping function globally on the switch. Unknown Multicast: Select the operation for the switch to process unknown multicast, Forward or Discard. IGMP Snooping Status Description: Member: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 159
Static Router Ports: VLAN Table VLAN ID Select: Select: VLAN ID: Router Port Time: Member Port Time: Leave Time: Router Port: Enter the static router port which is mainly used in the network with stable topology. Click the Select button to quick-select the corresponding VLAN ID based on the ID - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 160
Figure 10-7 Port Config The following entries are displayed on this screen: Port Config Port Select: Select: Port: IGMP Snooping: Fast Leave: Filter: Click the Select button to quick-select the corresponding port based on the port number you entered. Select the desired port for IGMP Snooping - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 161
Note: 1. Fast Leave on the port is effective only when the host supports IGMPv2 or IGMPv3. 2. When both Fast Leave feature and Unknown Multicast Discard feature are enabled, the leaving of a user connected to a port owning multi-user - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 162
the multicast router will duplicate this multicast information and deliver each VLAN owning a receiver one copy. This mode wastes a lot of bandwidth. The problem above can be solved by configuring a multicast VLAN. By adding switch ports to the multicast VLAN and enabling IGMP Snooping, you can make - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 163
Router Ports: Replace Source IP: Enter the static router port which is mainly used in the network with stable topology. Specify the source IP which will replace the source of IGMP Request in multicast vlan. Note: 1. The router port should be in the multicast VLAN, otherwise the member ports cannot - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 164
Switch: Port 3 is connected to the router and the packets are transmitted in VLAN3; port 4 is connected to user A and the packets are transmitted in VLAN4; port 5 is connected to user B and the packets are transmitted in VLAN5. User A: Connected to Port 4 of the switch. User B: Connected to port 5 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 165
10.1.6 Static Multicast IP Static Multicast IP table, isolated from dynamic multicast group and multicast filter, is not learned by IGMP Snooping. It can enhance the quality and security for information transmission in some fixed multicast groups. Choose the menu Multicast→IGMP Snooping→Static - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 166
10.1.7 Packet Statistics On this page you can view the multicast data traffic on each port of the switch, which facilitates you to monitor the IGMP messages in the network. Choose the menu Multicast→IGMP Snooping→Packet Statistics to load the following page. Figure 10-11 Packet Statistics The - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 167
network that runs IGMP, a Layer 3 multicast device works as an IGMP querier to send IGMP queries and manage the multicast table. But IGMP is not supported by the devices in Layer 2 network. IGMP Snooping Querier can act as an IGMP Router in Layer 2 network. It can help to create and maintain - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 168
Last Member Query Times: Enter the times of sending specific query frames by IGMP Snooping Querier. At receiving a leave frame, a specific query frame will be sent by IGMP Snooping Querier. If a report frame is received before sending specific frames number reaches "Last Member Query Times", the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 169
Figure 10-13 IGMP Authentication The following entries are displayed on this screen: IGMP Authentication Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Select: Select the desired port for IGMP Authentication feature - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 170
The switch, running MLD Snooping, listens to the MLD messages transmitted between the host and the router, and tracks the MLD messages and the registered port. When receiving MLD report message, the switch adds the port to the multicast address table; when the switch listens to MLD Done message from - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 171
port will be processed: if the receiving port is a new member port, it will be added to the forward list of the multicast group with its member port aging time specified; if the receiving port is already a member port, its member port aging time will be directly reset. 3. Member Leave The host will - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 172
Report Message Suppression: Unknown Multicast Filter: Router Port Aging Time: Member Port Aging Time: Last Listener Query Interval: Last Listener Query Count: Multicast VLAN: Multicast VLAN ID: Enable or disable Report Message Suppression function globally. If this function is enabled, the first - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 173
Figure 10-15 VLAN Config The following entries are displayed on this screen: VLAN Config VLAN ID: Enter the VLAN ID you want to configure. Router Port Aging Time: Member Port Aging Time: Immediate Leave: Forbidden Router Ports: Enter the router port aging time for this VLAN. It will override - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 174
2. When the router port aging time or member port aging time is set for a VLAN, this value overrides the value configured globally. 3. You should only use the Immediate-Leave feature when there is a single receiver present on every port in the VLAN. If the immediate leave function is enabled on a - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 175
Figure 10-17 Port Config The following entries are displayed on this screen: Port Config Select: Port: Filter: Filter Mode: Select the port you want to configure. Displays the port number. Choose to enable or disable filter function in this port. Choose the filter action mode. You can accept or - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 176
that runs MLD, a Layer 3 multicast device works as an MLD querier to send out MLD queries and manage the multicast table. But MLD is not supported by the devices in Layer 2 network. MLD Snooping Querier can act as an MLD Router in Layer 2 network. It can help to create and maintain - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 177
The following entries are displayed on this screen: Querier Config VLAN ID: Maximum Response Time: Query Interval: Query Source IP: Enter the VLAN ID which you want to start Querier. Enter the value of Maximum Response Time field of the Query message. Enter the Query message interval time. The - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 178
Figure 10-20 Packet Statistics The following entries are displayed on this screen: Auto Fresh Auto Fresh: Fresh Period: MLD Packet Statistics Enable/Disable auto fresh feature. Enter the time from 3 to 300 seconds to specify the auto fresh period. Received Query : MLD Received Report: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 179
10.3.1 IPv4 Multicast Table On this page you can view the information of the multicast groups already on the switch. Multicast IP addresses range from 224.0.0.0 to 239.255.255.255. The range for receivers to join is from 224.0.1.0 to 239.255.255.255. Choose the menu Multicast→Multicast Table→IPv4 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 180
Choose the menu Multicast→Multicast Table→IPv6 Multicast Table to load the following page. Figure 10-22 IPv6 Multicast Table The following entries are displayed on this screen: Search Option Multicast IP: VLAN ID: Port: Type: Enter the multicast IP address the desired entry must carry. Enter - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 181
the bandwidth resource distribution so as to provide a network service experience of a better quality. QoS This switch the network is congested, the problem that many packets compete for resources must be solved, usually in the way of queue scheduling. The switch supports four schedule modes: SP, - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 182
Figure 11-3 IP datagram As shown in the figure above, the ToS (Type of Service) in an IP header contains 8 bits. The first three bits indicate IP precedence priority mode. Schedule Mode When the network is congested, the problem that many packets compete for resources must be solved, usually in the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 183
, packets in all the queues are sent in order based on the weight value for each queue and every queue can be assured of a certain service time. The weight value indicates the occupied proportion of the resource. WRR queue overcomes the disadvantage of SP queue that the packets in the queues - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 184
specified scheduling algorithms to implement QoS function. This switch implements three priority modes based on port, on 802.1P and on DSCP, and supports four queue scheduling algorithms. The port priorities are labeled as CoS0, CoS1... CoS7. The DiffServ function can be implemented on Port Priority - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 185
Configuration Procedure: Step Operation Description 1 Select the port priority Required. On QoS→DiffServ→Port Priority page, configure the port priority. 2 Configure the mapping Required. On QoS→DiffServ→802.1P/CoS mapping relation between the CoS page, configure the mapping relation between - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 186
Priority Level DSCP: Priority Level: Indicates the priority determined by the DSCP region of IP datagram. It ranges from 0 to 63. Indicates the priority level the packets with tag are mapped to. The priority levels are labeled as TC0, TC1, TC2 and TC3. Note: To complete QoS function - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 187
select a schedule mode. 11.1.4 Schedule Mode On this page you can select a schedule mode for the switch. When the network is congested, the problem that many packets compete for resources must be solved, usually in the way of queue scheduling. The switch will control the forwarding sequence of the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 188
WRR-Mode: SP+WRR-Mode: Equ-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue. The weight value ratio of TC0, TC1, TC2 and TC3 is 1:2:4:8. Strict-Priority + Weight Round Robin Mode. In this mode, this switch provides two - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 189
the switch. Ingress Rate (bps): Configure the bandwidth for receiving packets on the port. You can select a rate from the dropdown list or select "Manual" to set Ingress rate, the system will automatically select integral multiple of 64Kbps that closest to the rate you entered as the real Ingress - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 190
Figure 11-11 Storm Control The following entries are displayed on this screen: Storm Control Config Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. Select: Select the desired port for Storm Control configuration. It is multi- - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 191
VLAN Mode A voice VLAN can operate in two modes: automatic mode and manual mode. Automatic Mode: In this mode, the switch automatically adds a port Voice ports are automatically added into or removed from voice VLAN. Manual Mode: You need to manually add the port of IP phone to voice VLAN, and - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 192
and the egress rule of the access port in the voice VLAN should be UNTAG. ACCESS: Not supported. Manual Mode TAG voice stream TRUNK:Supported. The default VLAN of the port should not be voice VLAN. GENERAL:Supported. The default VLAN of the port cannot be voice VLAN and the egress rule of the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 193
Note: Don't transmit voice stream together with other business packets in the voice VLAN except for some special requirements. The Voice VLAN function can be implemented on Global Config, Port Config and OUI Config pages. 11.3.1 Global Config On this page, you can configure the global parameters of - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 194
adds a port to the voice VLAN or removes a port from the voice VLAN by checking whether the port receives voice data or not. Manual: In this mode, you can manually add a port to the voice VLAN or remove a port from the voice VLAN. Configure the security mode for forwarding packets. Disable: All - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 195
: Displays the state of the port in the current voice VLAN. Displays the LAG number which the port belongs to. 11.3.3 OUI Config The switch supports OUI creation and adds the MAC address of the special voice device to the OUI table of the switch. The switch determines whether a received packet - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 196
→Port Config page, click the Create button to create a VLAN. Optional. On QoS→Voice VLAN→OUI Config page, you can check whether the switch is supporting the OUI template or not. If not, please add the OUI address. Required. On QoS→Voice VLAN→Port Config page, configure the parameters of the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 197
Chapter 12 ACL ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control the access of the illegal users to the network. Besides, ACL functions to control traffic flows and save network resources. It provides a flexible and - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 198
12.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figure 12-2 Time-Range Create Note: To successfully configure time-ranges, please firstly specify time-slices and then time-ranges. The following entries - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 199
12.1.3 Holiday Config Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays according to your work arrangement. Choose the menu ACL→Time-Range→Holiday Config to load the following page. Figure 12-3 Holiday Configuration The - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 200
Choose the menu ACL→ACL Config→ACL Summary to load the following page. Figure 12-4 ACL Summary The following entries are displayed on this screen: Search Option Select ACL: Select the ACL you have created ACL Type: Displays the type of the ACL you select. Rule Order: Displays the rule - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 201
12.2.3 MAC ACL MAC ACLs analyze and process packets based on a series of match conditions, which can be the source MAC addresses, destination MAC addresses, VLAN ID, and EtherType carried in the packets. Choose the menu ACL→ACL Config→MAC ACL to load the following page. Figure12-6 Create MAC Rule - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 202
Choose the menu ACL→ACL Config→Standard-IP ACL to load the following page. Figure12-7 Create Standard-IP Rule The following entries are displayed on this screen: Create Standard-IP Rule ACL ID: Select the desired Standard-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 203
Figure12-8 Create Extend-IP Rule The following entries are displayed on this screen: Create Extend-IP Rule ACL ID: Select the desired Extend-IP ACL for configuration. Rule ID: Enter the rule ID. Operation: Fragment: Select the operation for the switch to process packets which match the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 204
S-Port: D-Port: DSCP: IP ToS: IP Pre: Time-Range: Configure TCP/IP source port contained in the rule when TCP/UDP is selected from the pull-down list of IP Protocol. Configure TCP/IP destination port contained in the rule when TCP/UDP is selected from the pull-down list of IP Protocol. Enter the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 205
Operation: S-MAC: D-MAC: Mask: VLAN ID EtherType User Priority Fragment: S-IP: D-IP: Mask: Time-Range: Select the operation for the switch to process packets which match the rules. Permit: Forward packets. Deny: Discard Packets. Enter the source MAC address contained in the rule. Enter the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 206
The following entries are displayed on this screen: Search Options Select Policy: Select name of the desired policy for view. If you want to delete the desired policy, please click the Delete button. Action Table Select: Select the desired entry to delete the corresponding policy. Index: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 207
Figure 12-11 Action Create The following entries are displayed on this screen: Create Action Select Policy: Select the name of the policy. Select ACL: Select the ACL for configuration in the policy. S-Mirror: Select S-Mirror to mirror the data packets in the policy to the specific port. S- - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 208
12.4 Policy Binding Policy Binding function can have the policy take its effect on a specific port/VLAN. The policy will take effect only when it is bound to a port/VLAN. In the same way, the port/VLAN will receive the data packets and process them based on the policy only when the policy is bound - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 209
Figure 12-13 Bind the policy to the port The following entries are displayed on this screen: Port-Bind Config Policy Name: Select the name of the policy you want to bind. Port: Enter the number of the port you want to bind. Port-Bind Table Index: Displays the index of the binding policy. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 210
VLAN ID: Direction: Displays the ID of the VLAN bound to the corresponding policy. Displays the binding direction. Configuration Procedure: Step Operation Description 1 Configure time-range effective Required. On ACL→Time-Range configuration pages, configure the effective time-ranges for ACLs. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 211
Configuration Procedure Step Operation Description 1 Configure On ACL→Time-Range page, create a time-range named work_time. Time-range Select Week mode and configure the week time from Monday to Friday. Add a time-slice 08:00-18:00. 2 Configure for On ACL→ACL Config→ACL Create page, - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 212
access and only allow the Hosts matching the bound entries to access the network. The following three IP-MAC Binding methods are supported by the switch. 1. Manually: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 213
take effect. 2. Among the conflicting entries with the same Source priority, only the last added or edited one will take effect. 13.1.2 Manual Binding You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you have got the related information of - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 214
ID: Enter the VLAN ID. Port: Select the number of port connected to the Host. Protect Type: Select the Protect Type for the entry. Manual Binding Table Select: Select the desired entry to be deleted. It is multi-optional. Host Name: Displays the Host Name here. IP Address: Displays the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 215
13.1.3 ARP Scanning ARP (Address Resolution Protocol) is used to analyze and map IP addresses to the corresponding MAC addresses so that packets can be delivered to their destinations correctly. IP address is the address of the Host on Network layer. MAC address, the address of the Host on Data link - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 216
Choose the menu Network Security→IP-MAC Binding→ARP Scanning to load the following page. Figure 13-4 ARP Scanning The following entries are displayed on this screen: Scanning Option Start IP Address: End IP Address: VLAN ID: Scan: Specify the Start IP Address. Specify the End IP Address. Enter - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 217
basing on the BOOTP, functions to solve the above mentioned problems. DHCP Working Principle DHCP works via the "Client/Server different DHCP Clients, DHCP Server provides three IP address assigning methods: 1. Manually assign the IP address: Allows the administrator to bind the static IP address - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 218
and account management of Client. The Server supported Option 82 also can set the distribution policy in the network, network confusion and security problem will happen. The common cases incurring the It's common that the illegal DHCP server is manually configured by the user by mistake. Hacker - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 219
Figure 13-7 DHCP Cheating Attack Implementation Procedure DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted port to forward DHCP packets and thereby ensures that users get proper IP addresses. DHCP Snooping is to monitor the process of the Host obtaining the IP - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 220
13.2.1 DHCP Snooping Choose the menu Network Security→DHCP Snooping→DHCP Snooping to load the following page. Figure 13-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the member ports are the same. The following - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 221
Port Config Port Select: Select: Port: Trusted Port: MAC Verify: Flow Control: Decline Protect: LAG: Click the Select button to quick-select the corresponding port based on the port number you entered. Select your desired port for configuration. It is multi-optional. Displays the port number. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 222
Option 82 Support: Enable/Disable the Option 82 feature. Existed Option 82 field: Select the operation for the Option 82 field of the DHCP request packets from the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 223
As the above figure shown, the attacker sends the fake ARP packets with a forged Gateway address to the normal Host, and then the Host will automatically update the ARP table after receiving the ARP packets. When the Host tries to communicate with Gateway, the Host will encapsulate this false - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 224
Figure 13-12 ARP Attack - Cheating Terminal Hosts As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after receiving the ARP packets. When Host B tries to communicate with Host A, it will encapsulate this - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 225
Suppose there are three Hosts in LAN connected with one another through a switch. Host A: IP address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP address is 192.168.0.103; MAC address is 00-00-00-33-33-33. 1. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 226
address, VLAN ID and the address, MAC address, VLAN ID and the connected Port connected Port number of number of the Host together via Manual Binding, ARP the Host together. Scanning or DHCP Snooping. 2 Enable the protection for the Required. On the Network Security→IP-MAC bound entry. Binding - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 227
13.3.2 ARP Defend With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the legal ARP packet on the port exceeds the defined value so as to avoid ARP Attack flood. Choose the menu Network Security→ARP Inspection→ARP Defend to - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 228
13.3.3 ARP Statistics ARP Statistics feature displays the number of the illegal ARP packets received on each port, which facilitates you to locate the network malfunction and take the related protection measures. Choose the menu Network Security→ARP Inspection→ARP Statistics to load the following - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 229
) Attack is to occupy the network bandwidth maliciously by the network attackers or the evil programs sending a lot of service requests to the Host, which incurs an abnormal service or even breakdown of the network. With DoS Defend function enabled, the switch can analyze the specific fields of the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 230
packets may incur a breakdown of the network. The switch can defend several types of DoS attack listed in the following table. DoS Attack Type Description Land Attack The attacker sends a specific fake SYN packet to the destination Host. Since both the source IP address and the destination IP - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 231
DoS Attack Type Description Ping Of Death ICMP ECHO Request Packet whose sum of "Fragment Offset" and "Total Length" fields in the IP header is greater than 65535 may cause Ping of Death attack. As the maximum packet length of an IPv4 packet including the IP header is 65,535 bytes, many computer - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 232
the physic environment of the network and block the unnecessary network services. 3. Enhance the network security via the protection devices, such access control mechanism for LAN ports to solve mainly authentication and security problems. 802.1X is a port-based network access control protocol. It - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 233
support the 802.1X authentication protocol. 2. Authenticator System: The authenticator system is usually an 802.1X-supported is in trouble, the alternate authentication server can substitute it to provide normal authentication service. instructions (accept or reject) received from the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 234
them successfully reach the authentication server. This mode normally requires the RADIUS server to support the two fields of EAP: the EAP-message field and the Message-authenticator field. This switch supports EAP-MD5 authentication way for the EAP relay mode. The following figure describes the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 235
are accomplished through RADIUS protocol. In this mode, PAP or CHAP is employed between the switch and the RADIUS server. This switch supports the PAP terminating mode. The authentication procedure of PAP is illustrated in the following figure. Figure 13-22 PAP Authentication Procedure In PAP - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 236
packet to the supplicant system if the supplicant system fails to respond in the specified timeout period. 2. RADIUS server timer (Server Timeout): This timer is triggered by the switch after the switch sends an authentication request packet to RADIUS server. The switch will resend the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 237
Choose the menu Network Security→802.1X→Global Config to load the following page. Figure 13-23 Global Config The following entries are displayed on this screen: Global Config 802.1X: Enable/Disable the 802.1X function. Auth Method: Guest VLAN: Select the Authentication Method from the pull- - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 238
Retry Times: Supplicant Timeout: supplicant during the Quiet Period. Specify the maximum transfer times of the repeated authentication request. Specify the maximum time for the switch to wait for the response from supplicant before resending a request to the supplicant. 13.6.2 Port Config On this - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 239
. For the client computers, you are required to software. install the TP-LINK 802.1X Client provided on the CD. Please refer to the software guide in the same directory with the software for more information. 2 Configure the 802.1X globally. Required. By default, the global 802.1X function is - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 240
: Console, Telnet, SSH and HTTP. Authentication Method List A method list describes the authentication methods and their sequence to authenticate a user. The switch supports Login List for users to gain access to the switch, and Enable List for normal users to gain administrative privileges. The - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 241
set by the admin users using the command lines. For more details please refer to the command enable password in the Command Line Interface Guide on the resource CD. 13.7.3 RADIUS Server Config This page is used to configure the authentication servers running the RADIUS security protocols. Choose the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 242
View, edit and delete the configured RADIUS servers in the Server list. Entry Description: Server IP: Shared Key: Auth Port: Acct Port: Retransmit: Timeout: Enter the IP of the server running the RADIUS secure protocol. Enter the shared key between the RADIUS server and the switch. The RADIUS - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 243
Port: Specify the TCP port used on the TACACS+ server for AAA. 13.7.5 Authentication Server Group Config On this page users can group authentication servers running the same secure protocol for authentication. The switch has two built-in authentication server group, one for RADIUS and the other - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 244
Note: 1. The two built-in server groups radius and tacacs cannot be deleted or edited. 2. Up to 16 servers can be added to one server group. 13.7.6 Authentication Method List Config Before you configure AAA authentication on a certain application, you should define an authentication method list - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 245
3) Configure the authencation method with priorities. The options are local, none, radius, tacacs or user-defined server groups. View and delete the configured method priority list in the Authentication Login Method List and Authentication Enable Method List. . Entry Description: Method List Name - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 246
2) Configure the authentication method list from the Login List drop-down menu. This option defines the authentication method for users accessing the switch. 3) Configure the authentication method list from the Enable List drop-down menu. Thisoption defines the authentication method for users - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 247
Access Server) vendors need to acquire the unique information from DSL (digital subscriber line) for RADIUS (Remote Authentication Dial In User Service) authentication and accounting processes. The PPPoE Circuit-ID Insertion feature uses a PPPoE intermediate agent function on the DSLAM. The DSLAM - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 248
The PPPoE discovery process is illustrated below: 1. The client sends PADI (PPPoE Active Discovery Initiation) packets to the switch. 2. The switch intercepts PADI packets and inserts a unique Circuit-ID tag to them. 3. The switch forwards the PADI packets with Circuit-ID tag to the BRAS. 4. The - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 249
The following entries are displayed on this screen: Global Config PPPoE Circuit-ID Insertion: Enable/Disable the PPPoE Circuit-ID Insertion function globally. Port Config Port Select: Click the Select button to quick-select the corresponding port based on the port number you entered. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 250
Management Station, SNMP Agent and MIB is illustrated in the following figure. Figure 14-1 Relationship among SNMP Network Elements SNMP Versions This switch supports SNMP v3, and is compatible with SNMP v1 and SNMP v2c. The SNMP versions adopted by SNMP Management Station and SNMP Agent should be - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 251
failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a password. SNMP v2c: SNMP v2c also adopts community name authentication. It is compatible with SNMP v1 while enlarges the function of SNMP v1. SNMP v3: Basing - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 252
SNMP module is used to configure the SNMP function of the switch, including three submenus: SNMP Config, Notification and RMON. 14.1 SNMP Config The SNMP Config can be implemented on the Global Config, SNMP View, SNMP Group, SNMP User and SNMP Community pages. 14.1.1 Global Config To enable SNMP - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 253
14.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Information Base) is the set of the OIDs. The SNMP View is created for the SNMP management station to manage MIB objects. Choose the menu SNMP→SNMP Config→ - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 254
Choose the menu SNMP→SNMP Config→SNMP Group to load the following page. Figure 14-5 SNMP Group The following entries are displayed on this screen: Group Config Group Name: Enter the SNMP Group name. The Group Name, Security Model and Security Level compose the identifier of the SNMP Group. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 255
Group Table Select: Group Name: Security Model: Security Level: Read View: Write View: Notify View: Operation: Select the desired entry to delete the corresponding group. It's multi-optional. Displays the Group Name here. Displays the Security Model of the group. Displays the Security Level of - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 256
User Type: Group Name: Security Model: Security Level: Auth Mode: Auth Password: Privacy Mode: Privacy Password: User Table Select: User Name: User Type: Group Name: Security Model: Security Level: Auth Mode: Privacy Mode: Operation: Select the type for the User. • Local User: Indicates that the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 257
14.1.5 SNMP Community SNMP v1 and SNMP v2c adopt community name authentication. The community name can limit access to the SNMP agent from SNMP network management station, functioning as a password. If SNMP v1 or SNMP v2c is employed, you can directly configure the SNMP Community on this page - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 258
Configuration Procedure: If SNMPv3 is employed, please take the following steps: Step Operation Description 1 Enable SNMP function globally. Required. On the SNMP→SNMP Config→Global Config page, enable SNMP function globally. 2 Create SNMP View. Required. On the SNMP→SNMP Config→SNMP View - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 259
14.2 Notification With the Notification function enabled, the switch can initiatively report to the management station about the important events that occur on the Views (e.g., the managed device is rebooted), which allows the management station to monitor and process the events in time. The - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 260
resends an inform request. Click the Edit button to modify the corresponding entry and click the Modify button to apply. 14.2.2 Traps Config The switch supports different kinds of SNMP traps. On this page, you can select the traps that you are concerned about. Then the switch will only report the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 261
Figure 14-9 Traps Config The following entries are displayed on this screen: SNMP Traps SNMP Authentication: If selected, the switch will send an SNMP Authentication trap when a received SNMP request fails the authentication. Coldstart: If selected, the switch will send a Coldstart trap when - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 262
Flash Operation: VLAN Create/Delete IP Change: Storm Control: Bandwidth Control: LLDP: MAC Address Table: Loopback Detection: Spanning Tree: Port Access: IP-MAC Binding: IP Duplicate: DHCP Filter: DDM Temperature: DDM Voltage: DDM Bias Current: DDM Tx Power: If selected, the switch will send a - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 263
to manage the large-scale network since it reduces the communication traffic between management station and managed agent. RMON Group This switch supports the following four RMON Groups defined on the RMON standard (RFC1757): History Group, Event Group, Statistic Group and Alarm Group. RMON Group - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 264
14.3.1 History Control On this page, you can configure the History Group for RMON. Choose the menu SNMP→RMON→History Control to load the following page. Figure 14-10 History Control The following entries are displayed on this screen: History Control Table Select: Select the desired entry for - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 265
14.3.2 Event Config On this page, you can configure the RMON events. Choose the menu SNMP→RMON→Event Config to load the following page. Figure 14-11 Event Config The following entries are displayed on this screen: Event Table Select: Select the desired entry for configuration. Index: Displays - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 266
14.3.3 Alarm Config On this page, you can configure Statistic Group and Alarm Group for RMON. Choose the menu SNMP→RMON→Alarm Config to load the following page. Figure 14-12 Alarm Config The following entries are displayed on this screen: Alarm Table Select: Select the desired entry for - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 267
Alarm Type: Interval: Owner: Status: Specify the type of the alarm. • All: The alarm event will be triggered either the sampled value exceeds the Rising Threshold or is under the Falling Threshold. • Rising: When the sampled value exceeds the Rising Threshold, an alarm event is triggered. • Falling - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 268
information can be used by SNMP applications to simplify troubleshooting, enhance network management, and maintain an accurate network to allow the port to both transmit and receive LLDPDUs. Four LLDP admin statuses are supported by each port. Tx&Rx: the port can both transmit and receive LLDPDUs. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 269
Disable: the port cannot transmit or receive LLDPDUs. 2) LLDPDU transmission mechanism If the ports are working in TxRx or Tx mode, they will advertise local information by sending LLDPDUs periodically. If there is a change in the local device, the change notification will be advertised. To - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 270
: For detailed introduction of TLV, please refer to IEEE 802.1AB standard. In TP-LINK switch, the following LLDP optional TLVs are supported. TLV Description Port Description TLV The Port Description TLV allows network management to advertise the IEEE 802 LAN station's port description. System - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 271
settings are the result of auto-negotiation during link initiation or of manual set override action. Max Frame Size TLV The Maximum Frame Size TLV MDI TLV allows network management to advertise and discover the MDI power support capabilities of the sending IEEE 802.3 LAN station. The LLDP module - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 272
15.1.1 Global Config On this page you can configure the LLDP parameters of the device globally. Choose the menu LLDP→Basic Config→Global Config to load the following page. Figure 15-1 Global Configuration The following entries are displayed on this screen: Global Config LLDP: Enable/disable - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 273
15.1.2 Port Config On this page you can configure all ports' LLDP parameters. Choose the menu LLDP→Basic Config→Port Config to load the following page. Figure 15-2 Port Configuration The following entries are displayed on this screen: LLDP Port Config Port Select: Select the desired port to - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 274
Choose the menu LLDP→Device Info→Local Info to load the following page. Figure 15-3 Local Information The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Specify the auto refresh rate. Local Info Enter the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 275
The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Specify the auto refresh rate. Neighbor Info Port Select: Click the Select button to quick-select the corresponding port based on the port number you - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 276
15.3 Device Statistics You can view the LLDP statistics of local device through this feature. Choose the menu LLDP→Device Statistics→Statistic Info to load the following page. Figure 15-5 Device Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/ - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 277
-MED Device at the network edge, providing some aspects of IP communications service, based on IEEE 802 LAN technology. Endpoint Devices may be a member that supports media stream capabilities. Communication Device Endpoint (Class III): The class of Endpoint Device that directly supports end users - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 278
, Software Revision TLV, Serial Number TLV, Manufacturer Name TLV, Model Name TLV and Asset ID TLV. If support for any of the TLVs in the Inventory Management set is implemented, then support for all Inventory Management TLVs shall be implemented. LLDP-MED is configured on the Global Config, Port - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 279
Choose the menu LLDP→LLDP-MED→Port Config to load the following page. Figure 15-7 LLDP-MED Port Configuration The following entries are displayed on this screen: LLDP-MED Port Config Select: LLDP-MED Status: Included TLVs: Detail: Select the desired port to configure. Configure the port's - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 280
Parameters Configure the Location Identification TLV's content in outgoing LLDPDU of the port. Emergency Number: Civic Address: Emergency number is Emergency Call Service ELIN identifier, which is used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. The Civic address is - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 281
close physical proximity to the server or network element. • Country Code: The two-letters ISO 3166 country code in capital ASCII letters, e.g., CN or US. • Language, Province/State, etc.: a part of civic address. 15.4.3 Local Info On this page you can see all ports' LLDP-MED configuration. Choose - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 282
VLAN tagged: Media Policy VLAN ID: Media Policy Layer 2 Priority: Media Policy DSCP: Indicates the VLAN type the specified application type is using, 'tagged' or 'untagged'. Displays the application (eg. Voice VLAN) VLAN identifier (VID) for the port. Displays the Layer 2 priority to be used for - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 283
Information: Click the Information button to display the detailed information of the corresponding neighbor. Return to CONTENTS 273 - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 284
device needs to be respectively configured to meet the application requirements, manpower are needed. The Cluster Management function can solve the above problem. It is mainly used to central manage the scattered devices in the network. A network administrator can manage and maintain the switches in - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 285
NDP, NTDP and Cluster. 16.1 NDP NDP (Neighbor Discovery Protocol) is used to get the information of the directly connected neighbor devices to support cluster establishing. An NDP-enabled device sends NDP packets regularly to neighbor devices as well as receives NDP packets from neighbor devices. An - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 286
The following entries are displayed on this screen: Neighbor Search Option: Select the information the desired entry should contain and then click the Search button to display the desired entry in the following Neighbor Information table. Neighbor Info Native Port: Displays the port number - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 287
The following entries are displayed on this screen: Global Config NDP: Displays the global NDP status (enabled or disabled) for the switch. Aging Time: Displays the period for the neighbor switch to keep the NDP packets from this switch. Hello Time: Displays the interval to send NDP packets. - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 288
16.1.3 NDP Config On this page you can configure the NDP function for the switch. Choose the menu Cluster→NDP→NDP Config to load the following page. Figure 16-4 NDP Config The following entries are displayed on this screen: Global Config NDP: Enable/Disable NDP function globally. Aging Time: - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 289
in network congestion and the commander switch overload. To avoid the above problem, two time parameters are designed to control the spread speed of NTDP matter whether a cluster is established, on this page you can manually collect NTDP information at any time to manage and control devices. Choose - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 290
Role: Hops: Neighbor Info: Collect Topology: Displays the role this device plays in the cluster. Commander: Indicates the device that can configure and manage all the devices in a cluster. Member: Indicates the device that is managed in a cluster. Candidate: Indicates the device that does not - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 291
16.2.2 NTDP Summary On this page you can view the NTDP configuration. Choose the menu Cluster→NTDP→NTDP Summary to load the following page. Figure 16-7 NTDP Summary The following entries are displayed on this screen: Global Config NTDP: NTDP Interval Time: NTDP Hops: NTDP Hop Delay: NTDP Port - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 292
16.2.3 NTDP Config On this page you can configure NTDP globally. Choose the menu Cluster→NTDP→NTDP Config to load the following page. Figure 16-8 NTDP Config The following entries are displayed on this screen: Global Config NTDP: Enable/Disable NTDP for the switch globally. NTDP Interval Time - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 293
the port. 16.3 Cluster A commander switch can recognize and add the candidate switch to a cluster automatically based on NDP and NTDP. You can manually add the candidate switch to a cluster. If the candidate switch is successfully added to the cluster, it will get a private IP address assigned by - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 294
For a commander switch,the following page is displayed: Figure 16-10 Cluster Summary for Commander Switch The following entries are displayed on this screen: Global Config Cluster: Displays the cluster status (enabled or disabled) of the switch. Cluster Role: Displays the role the switch - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 295
Hops: Displays the hop count from the member switch to the commander switch. For a member switch, the following page is displayed: Figure 16-11 Cluster Summary for Member Switch The following entries are displayed on this screen: Global Config Cluster: Displays the cluster status (enabled - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 296
16.3.2 Cluster Config On this page you can configure the status of the cluster the switch belongs to. Choose the menu Cluster→Cluster→Cluster Config to load the following page. For a candidate switch, the following page is displayed. Figure 16-13 Cluster Configuration for Candidate Switch The - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 297
For a commander switch, the following page is displayed. Figure 16-14 Cluster Configuration for Commander Switch The following entries are displayed on this screen: Current Role Role: Displays the role the current switch plays in the cluster. Role Change Candidate: Select this option to - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 298
the switch to be candidate switch. 16.3.3 Member Config When this switch is the commander switch of the cluster, via the commander switch you can manually add a candidate switch to the cluster as well as remove the designated member switch from the cluster. On this page you can configure and manage - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 299
Member Info Select: Device Name: Member MAC: IP Address: Status: Role: Online Time: Hops: Manage: Select the desired entry to manage/delete the corresponding member switch. Display the description of the member switch. Displays the MAC address of the member switch. Displays the IP address of the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 300
The following entries are displayed on this screen: Graphic Show Collect Topology: Manage: Click the Collect Topology button to display the cluster topology. If the current device is the commander switch in the cluster and the selected device is a member switch in the cluster, you can click the - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 301
information 4 View the detailed information of other switches in the cluster. Description Optional. On Cluster→NTDP→Device Table page, click the Collect Topology button to manually collect NTDP information. Or On Cluster→Cluster→Cluster Topology page, click the Collect Topology button to - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 302
switch, provides the convenient method to locate and solve the network problem. 1. System Monitor: Monitor the utilization status of the memory Cable Test: Test the connection status of the cable to locate and diagnose the trouble spot of the network. 4. Loopback: Test whether the ports of the switch - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 303
every four seconds. 17.2 Log The Log system of switch can record, classify and manage the system information effectively, providing powerful support for network administrator to monitor network operation and diagnose malfunction. The Logs of switch are classified into the following eight levels - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 304
The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages. 17.2.1 Log Table The switch supports logs output to two directions, namely, log buffer and log file. The information in log buffer will be lost after the switch is rebooted or - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 305
17.2.2 Local Log Local Log is the log information saved in switch. By default, all system logs are saved in log buffer and the logs with severities from level_0 to level_2 are saved in log file meanwhile. On this page, you can set the output channel for logs. Choose the menu Maintenance→Log→Local - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 306
page. Figure 17-5 Log Host The following entries are displayed on this screen: Log Host Index: Displays the index of the log host. The switch supports 4 log hosts. Host IP: Configure the IP for the log host. UDP Port: Displays the UDP port used for receiving/sending log information. Here we - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 307
. Cable Test functions to test the connection status of the cable connected to the switch, which facilitates you to locate and diagnose the trouble spot of the network. Choose the menu Maintenance→Device Diagnostics→Cable Test to load the following page. Figure 17-7 Cable Test The following - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 308
are displayed on this screen: Ping Config Destination IP: Enter the IP address of the destination node for Ping test. Both IPv4 and IPv6 are supported. Ping Times: Enter the amount of times to send test data during Ping testing. The default value is recommended. Data Size: Enter the size of - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 309
the test data. When malfunctions occur to the network, you can locate trouble spot of the network with this tracert test. Choose the menu Maintenance Enter the IP address of the destination device. Both IPv4 and IPv6 are supported. Max Hop: Specify the maximum number of the route hops the test data - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 310
Chapter 18 System Maintenance via FTP The firmware can be downloaded to the switch via FTP function. FTP (File Transfer Protocol), a protocol in the application layer, is mainly used to transfer files between the remote server and the local PCs. It is a common protocol used in the IP network for - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 311
Figure 18-2 Open Hyper Terminal 3. Download Firmware via bootUtil menu To download firmware to the switch via FTP function, you need to enter into the bootUtil menu of the switch and take the following steps. 1) Connect the console port of the PC to the console port of the switch and open hyper - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 312
4) Configure the parameters of the FTP server which keeps the upgrade firmware. Later you can download the firmware to the switch from the FTP server. The format of the command is: ftp host xxx.xxx.xxx.xxx user xxxxx pwd xxxxx file xxxxxx.bin. Here take the following parameters of the FTP server as - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 313
TFTP server that contains the devices system files, and the name of the boot file. Class of Service (CoS) CoS is supported by prioritizing packets based on the required level of service, and then placing them in the appropriate output queue. Data is transmitted from the queues using weighted round - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 314
virtual LANs, and defines a standard way for VLANs to communicate across switched networks. IEEE 802.1p An IEEE standard for providing quality of service (QoS) in Ethernet networks. The standard uses packet tags that define up to eight traffic classes and allows switches to transmit packets based - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 315
whereby data on a target port is mirrored to a monitor port for troubleshooting with a logic analyzer or RMON probe. This allows data on the target several lower-speed physical links. Remote Authentication Dial-in User Service (RADIUS) RADIUS is a logon authentication protocol that uses software - TP-Link T2500-28TCTL-SL5428E | T2500-28TCUN V1 User Guide - Page 316
(UDP) UDP provides a datagram mode for packet-switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets - connection-less datagrams that may be discarded before reaching their targets. UDP is useful
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
-
267
-
268
-
269
-
270
-
271
-
272
-
273
-
274
-
275
-
276
-
277
-
278
-
279
-
280
-
281
-
282
-
283
-
284
-
285
-
286
-
287
-
288
-
289
-
290
-
291
-
292
-
293
-
294
-
295
-
296
-
297
-
298
-
299
-
300
-
301
-
302
-
303
-
304
-
305
-
306
-
307
-
308
-
309
-
310
-
311
-
312
-
313
-
314
-
315
-
316
 |
 |
T2500-28TC (TL-SL5428E)
24-Port 10/100Mbps + 4-Port Gigabit
JetStream L2 Managed Switch
REV1.0.0
1910011796