TP-Link T2500G-10MPS T2500G-10MPSUN V1 Configuration Guide
TP-Link T2500G-10MPS Manual
View all TP-Link T2500G-10MPS manuals
Add to My Manuals
Save this manual to your list of manuals |
TP-Link T2500G-10MPS manual content summary:
- TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 1
Configuration Guide T2500G-10MPS 1910012152 REV1.0.0 May 2017 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 2
without permission from TP-Link Technologies Co., Ltd. Copyright © 2017 TP-Link Technologies Co., Ltd. All rights reserved. http://www.tp-link.com FCC and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 3
This device complies with Industry Canada license-exempt RSSs. Operation is subject to the following two conditions: 1) This device may not cause interference, and 2) This device must accept any interference, including interference that may cause undesired operation of the device. Le présent - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 4
. Don't disassemble the product, or make repairs yourself. You run the risk of electric shock and voiding the limited warranty. If you ne ed service, please contact us. Avoid water and wet locations. Explanation of the symbols on the product label Symbol Explanation AC voltage. Indoor use only - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 5
the Switch's IP Address and Default Gateway...18 Managing System System...20 Overview...20 Supported Features... 20 System Info Configurations...22 Using the GUI...22 Viewing the System Summary...22 Specifying the Device Description...24 Setting the System Time...25 Setting - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 6
the Device Description...29 Setting the System Time...30 Setting the Daylight Saving Time... Switch...45 Backing up the Configuration File...46 Upgrading the Firmware...46 Configuring Auto Install Function...47 Rebooting the switch...48 Configuring the Reboot Schedule...48 Reseting the Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 7
the SSH Feature...68 Enabling the Telnet Function...70 Appendix: Default Parameters...71 Managing Physical Interfaces Physical Interface...75 Overview...75 Supported Features...75 Basic Parameters Configurations...76 Using the GUI...76 Using the CLI...77 Port Mirror Configuration...80 Using the GUI - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 8
Configuration Scheme...100 Using the GUI...100 Using the CLI...101 Appendix: Default Parameters...103 Configuring LAG LAG ...106 Overview...106 Supported Features...106 LAG Configuration...107 Using the GUI...108 Configuring Load-balancing Algorithm...108 Configuring Static LAG or LACP...109 Using - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 9
Address Configurations...130 Using the GUI...130 Adding Static MAC Address Entries ...130 Modifying the Aging Time of Dynamic Address Entries 132 Adding MAC Filtering Address Entries...133 Viewing Address Table Entries...133 Using the CLI...134 Adding Static MAC Address Entries ...134 Modifying the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 10
Configuring DDM Shutdown...156 Configuring Temperature Threshold...157 Configuring Voltage Threshold...158 Configuring Bias Current Threshold...159 Configuring Tx Power Threshold...161 Configuring Rx Power Threshold...162 Viewing DDM Configuration...163 Viewing DDM Status...164 Appendix: Default - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 11
the CLI...189 Appendix: Default Parameters ...191 Configuring MAC VLAN Overview...193 MAC VLAN Configuration...194 Using the GUI...194 Configuring 802.1Q VLAN...194 Binding the MAC Address to the VLAN...195 Enabling MAC VLAN for the Port...195 Using the CLI...196 Configuring 802.1Q VLAN...196 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 12
: Default Parameters...231 Configuring VLAN-VPN VLAN-VPN...233 Overview...233 Supported Features...234 Basic VLAN-VPN Configuration...235 Using the GUI...235 Configuring 802.1Q VLAN...235 Enabling VLAN-VPN Globally and Configuring Up-link Ports 235 Using the CLI...236 Configuring 802.1Q VLAN...236 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 13
Overview...269 Basic Concepts...269 STP/RSTP Concepts...269 MSTP Concepts...273 STP Security...274 STP/RSTP Configurations...277 Using the GUI...277 Configuring STP/RSTP Parameters on Ports...277 Configuring STP/RSTP Globally...279 Verifying the STP/RSTP Configurations...281 Using the CLI...282 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 14
Multicast...329 Overview...329 Supported Layer 2 Multicast Protocols Querier...339 Configuring the Querier...339 Viewing Settings of IGMP Querier...339 Configuring IGMP Profile... IP Range of the Profile...341 Binding Profile and Member Ports...341 Binding Profile and Member Ports...342 Configuring - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 15
362 Configuring Query Interval, Max Response Time and General Query Source IP 362 Configuring Multicast Filtering...364 Creating Profile...364 Binding Profile to the Port...365 Enabling IGMP Accounting and Authentication...366 Enabling IGMP Authentication on the Port 366 Enabling IGMP Accounting - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 16
the Multicast VLAN...373 Creating Multicast VLAN and Configuring Basic Settings 373 (Optional) Creating Replace Source IP...374 Viewing Dynamic Profile...377 Editing IP Range of the Profile...377 Binding Profile and Member Ports...378 Binding Profile and Member Ports...378 Configuring Max Groups a - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 17
...397 Configuring Query Interval, Max Response Time and General Query Source IP 397 Configuring Multicast Filtering...399 Creating Profile...399 Binding Profile to the Port...400 Viewing Multicast Snooping Configurations...402 Using the GUI...402 Viewing IPv4 Multicast Snooping Configurations 402 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 18
Using the GUI...407 Using the CLI...409 Example for Configuring Multicast VLAN...411 Network Requirements...411 Configuration Scheme...411 Network Topology...411 Using the GUI...412 Using the CLI...415 Example for Configuring Unknown Multicast and Fast Leave 418 Network Requirement...418 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 19
Configuring QoS QoS...444 Overview...444 Supported Features...444 DiffServ Configuration...445 Using the GUI...446 Configuring Priority Mode...446 Configuring Schedule Mode...448 Using CLI...450 Configuring Priority Mode...450 Configuring - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 20
the CLI...502 Appendix: Default Parameters...506 Configuring PoE PoE ...508 Overview...508 Supported Features...508 PoE Power Management Configurations...509 Using the GUI...509 Configuring the PoE Parameters Manually...509 Configuring the PoE Parameters Using the Profile 511 Using the CLI...513 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 21
Network Security...566 Overview...566 Supported Features...566 IP-MAC Binding Configurations...571 Using the GUI...571 Binding Entries Manually...571 Binding Entries Dynamically...572 Viewing the Binding Entries...573 Using the CLI...575 Binding Entries Manually...575 Viewing Binding Entries...576 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 22
DHCP Snooping Configuration...577 Using the GUI...577 Enabling DHCP Snooping on VLAN...577 Configuring DHCP Snooping on Ports...578 (Optional) Configuring Option 82...579 Using the CLI...580 Enabling DHCP Snooping on VLAN...580 Configuring DHCP Snooping on Ports...581 (Optional) Configuring Option - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 23
...644 Network Requirements...644 Configuration Scheme...644 Using the GUI...645 Using the CLI...648 Appendix: Default Parameters...651 Configuring LLDP LLDP...657 Overview...657 Supported Features...657 LLDP Configurations...658 Using the GUI...658 Global Config...658 Port Config...660 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 24
Device Info...672 Viewing LLDP Statistics...674 Using CLI...675 Viewing LLDP-MED Settings...677 Using GUI...677 Using CLI...679 Configuration Example...680 Example for Configuring LLDP : Default Parameters...698 Configuring Maintenance Maintenance ...700 Overview...700 Supported Features...700 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 25
Monitoring the System...701 Using the GUI...701 Monitoring the CPU...701 Monitoring the Memory...702 Using the CLI...703 Monitoring the CPU...703 Monitoring the Memory...703 System Log Configurations...704 Using the GUI...705 Configuring the Local Log...705 Configuring the Remote Log...706 Backing - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 26
Configuring SNMP & RMON SNMP Overview...726 SNMP Configurations...727 Using the GUI...728 Enabling SNMP...728 Creating an SNMP View...728 Creating an SNMP Group...729 Creating SNMP Users ...731 Creating SNMP Communities...732 Using the CLI...733 Enabling SNMP...733 Creating an SNMP View...735 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 27
Using the CLI...767 Appendix: Default Parameters...773 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 28
Guide provides information for managing T2500G-10MPS. Please read this guide carefully before operation. Intended Readers This Guide is intended for network managers familiar with IT concepts and network terminologies. Conventions When using this guide, please notice that features of the switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 29
at Download Center at http://www.tp-link.com/support. The Installation Guide (IG) can be found where you find this guide or inside the package of the switch. Specifications can be found on the product page at http://www.tp-link.com. A Technical Support Forum is provided for you to discuss - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 30
Part 1 Accessing the Switch CHAPTERS 1. Overview 2. Web Interface Access 3. Command Line Interface Access - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 31
Overview 1 Overview You can access and manage the switch using the GUI (Graphical User Interface, also called web interface in this text) or using the CLI (Command than the CLI configuration. You can choose the method according to their available applications and preference. Configuration Guide 4 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 32
PC: 1) Make sure that the route between the host PC and the switch is available. 2) Launch a web browser. The supported web browsers include, but are not limited to, the following types: You can view the switch's running status and configure the switch on this interface. Configuration Guide 5 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 33
interface Web Interface Access 2.2 Save Config Function The switch's configuration files fall into two types: the running file. The configurations will be lost when the switch reboots. If you need to keep the configurations after the switch reboots, please user the Save Config function on the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 34
Accessing the Switch Figure 2-4 Save Config Web Interface Access 2.3 Disable the Web Server You can shut down the HTTP server or HTTPS server to interface. Go to System > Access Security > HTTP Config, disable the HTTP server and click Apply. Figure 2-5 Shut down HTTP server Configuration Guide 7 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 35
the Management VLAN, you can connect to the switch through VLAN 1. However, if another VLAN is created and set to be the Management VLAN, you may have switch's new IP address id available. Subnet Mask Enter a new subnet mask. Default Gateway Enter your desired default gateway. Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 36
switch's command line interface through the console (only for switch with console port), Telnet or SSH connection, and manage the switch switch's console port directly, while Telnet and SSH connection support switch with console port) Follow these steps to log in to the switch on the switch with the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 37
Figure 3-1 CLI Main Window Command Line Interface Access 4) Enter enable to enter the User EXEC Mode to further configure the switch. Figure 3-2 User EXEC Mode Note: In Windows XP, go to Start > All Programs > Accessories > Communications > Hyper Terminal to open the Hyper Terminal and configure - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 38
switch supports Login Local Mode for authentication by default. Login Local Mode: Username and password are required, which are both admin by default. The following steps show how to manage the switch to the Switch 3) set a password for users who want to access the Privileged EXEC Mode. - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 39
switch with CLI commands through Telnet connection. 3.3 SSH Login SSH login supports Authentication Mode (Recommended): A public key for the switch and a private key for the client software ( the Session page. Enter the IP address of the switch in the Host Name field and keep the default value - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 40
2) Enter the login username and password to log in to the switch, and you can continue to configure the switch. Figure 3-9 Log In to the Switch Key Authentication Mode 1) Open the PuTTY Key Generator. In the key pair is generated, and the length of each key is 1024 bits. Configuration Guide 13 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 41
Accessing the Switch Figure 3-10 Generate a Public/Private Key Pair Command Line Interface Access Note: • The key length should be between 512 and 3072 bits. • a TFTP server; click Save private key to save the private key to the host PC. Figure 3-11 Save the Generated Keys Configuration Guide 14 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 42
public key is downloaded, open PuTTY and go to the Session page. Enter the IP address of the switch and select SSH as the Connection type (keep the default value in the Port field). Figure 3-13 Configure key file to PuTTY. Click Open to start the connection and negotiation. Configuration Guide 15 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 43
the username to log in. If you can log in without entering the password, the key authentication completed successfully. Figure 3-15 Log In to the Switch 3.4 Disable Telnet login You can shut down the Telnet function to block any Telnet access to the CLI interface. Using the GUI: Go to System - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 44
Using the CLI: Switch#configure Switch(config)#telnet disable the CLI: Switch#configure Switch(config)#no ip ssh server 3.6 Copy running-config startup-config The switch's configuration files be lost when the switch reboots. If you need to keep he configurations after the switch reboots, please use - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 45
following example, we will show how to configure the switch's gateway as 192.168.0.100. By default, the switch has no default gateway. Switch#configure Switch(config)#ip route 0.0.0.0 255.255.255.0 192.168.0.100 1 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 18 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 46
Part 2 Managing System CHAPTERS 1. System 2. System Info Configurations 3. User Management Configurations 4. System Tools Configurations 5. Access Security Configurations 6. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 47
the settings of the switch from being randomly changed. System Tools The System Tools are used to manage the configuration file of the switch. With these tools, you can configure the boot file of the switch, backup and restore the configurations of the switch, update the firmware, reset the switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 48
System HTTPS Config function is based on the SSL or TLS protocol working in transport layer. It supports a security access via a web browser. SSH Config function is based on the SSH protocol, connection, but SSH can provide information security and powerful authentication. Configuration Guide 21 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 49
2 System Info Configurations With system information configurations, you can: View the system summary Specify the device description Set the system time Set the daylight saving time Specify the Serial Port Parameter 2.1 Using the GUI 2.1.1 Viewing the System Summary Choose the menu - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 50
the port to view the detailed information of the port. Figure 2-2 Port Information Port Information Indication Port Displays the port number of the switch. Type Displays the type of the port. Speed Displays the maximum transmission rate of the port. Status Displays the connection status of - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 51
page. Figure 2-4 Specifying the Device Description 1) In the Device Description section, specify the following information. Device Name Enter the name of the switch. Device Location Enter the location of the switch. System Contact 2) Click Apply. Enter the contact information. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 52
Time Source Displays the current time source of the switch. In the Time Config section, follow these steps to configure the system time: 1) Choose one method to set the system time and specify the information. Manual Set the system time manually. Date: Specify the date of the system. Time - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 53
2-6 Setting the Daylight Saving Time Follow these steps to configure Daylight Saving Time: 1) In the DST Config section, select Enable to enable the Daylight Saving Time function. 2) Choose one method to set the Daylight Saving Time of the switch and specify the information. Configuration Guide 26 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 54
DST schedule for the switch. USA: Select the Daylight switch. This configuration will be used every year. Offset: Specify the time to set switch. This configuration will be used only one time. Offset: Specify the time to set Setting to load the following page. Figure 2-7 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 55
Settings System Contact, Hardware Version, Firmware Version, System Time, Switch#show system-info System Description - JetStream 8-Port Gigabit L2 Managed PoE+ Switch with 2 SFP Slots System Name - T2500G-10MPS System Location - SHENZHEN Contact Information - www.tp-link.com Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 56
privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to set the device name as Switch_A, set the location as BEIJING and set the contact information as http://www.tp-link.com. Switch#configure Configuration Guide 29 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 57
-info System Description - JetStream 8-Port Gigabit L2 Managed PoE+ Switch with 2 SFP Slots System Name - Switch_A System Location - BEIJING Contact Information - http://www.tp-link.com ... Switch(config)#end Switch#copy running-config startup-config 2.2.3 Setting the System Time Follow - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 58
server. backup-ntp-server: Specify the IP address of the backup NTP server. fetching-rate: Specify the interval fetching time from the NTP server. Configuration Guide 31 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 59
system time by Get Time from NTP Server and set the time zone as UTC+08:00, set the NTP server as 133.100.9.2, set the backup NTP server as 139.78.100.163 and set the update rate as 11. Switch#configure Switch(config)#system-time ntp UTC+08:00 133.100.9.2 139.78.100 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 60
00 a.m. on the First Sunday in April. Use the following command to set the Daylight Saving Time in recurring mode: system-time dst recurring { sweek Daylight Saving Time. The default value is 60. Use the following command to set the Daylight Saving Time in date mode: system-time dst date { smonth - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 61
set the Daylight Saving Time by Date Mode. Set the start time as 01:00 August 1st, 2016, set the end time as 01:00 September 1st,2016 and set the offset as 50. Switch#configure Switch 50 minutes DST configuration is one-off Switch(config)#end Switch#copy running-config startup-config 2.2.5 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 62
as 9600 and view the serial port parameters. Switch#config Switch(config)#serial_port baud_rate 9600 Switch(config)#show serial_port Serial Port Settings Baud rate: 9600 Data Bits: 8 Parity Bits: None Stop Bits: 1 Switch(config)#end Switch#copy running-config startup-config Configuration Guide 35 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 63
and password. User Name Create a user name for users' login. It contains 16 characters at most, composed of digits, English letters and underscore only. Configuration Guide 36 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 64
Admin. Admin: Admin can edit, modify and view all the settings of different functions. Operator: Operator can edit, modify and view most of the settings of different functions. Power User: Power User can edit, modify the drop-down list and specify the user name and password. Configuration Guide 37 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 65
User. Admin: Admin can edit, modify and view all the settings of different functions. Operater: Operator can edit, modify and view most of the settings of different functions. Power User: Power User can edit, modify Password on this page to get the administrative privileges. Configuration Guide 38 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 66
admin: Select the access level for the user. Admin can edit, modify and view all the settings of different functions. 0: Specify the encryption type. 0 indicates that the password you entered is with fixed length, which you can copy from another switch's configuration file. Configuration Guide 39 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 67
the current users. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. 3.2.2 Creating Accounts of Other Types You can create accounts with the of other type: Step 1 configure Enter global configuration mode. Configuration Guide 40 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 68
settings of different functions. Power User can edit, modify and view some the settings of different functions. User only can view the settings switch settings of different functions. Power User can edit, modify and view some the settings of different functions. User only can view the settings switch's - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 69
with fixed length, which you can copy from another switch's configuration file. After the encrypted password is configured, privileged EXEC mode. Step 7 copy running-config startup-config Save the settings in the configuration file. Tips: The AAA function applies another Configuration Guide 42 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 70
the password as 123. Enable AAA function and set the enable password as abc123. Switch#configure Switch(config)#user name user1 privilege operator password 123 Switch(config)#aaa enable Switch(config)#enable admin password abc123 Switch(config)#show user account-list Index User-Name User-Type - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 71
the configuration of the switch Back up the configuration file Upgrade the firmware Configure the Auto Install Function Reboot the switch Configure the reboot schedule Reset the switch 4.1 Using the GUI select one or more units and configure the relevant parameters. Configuration Guide 44 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 72
the number of the unit. Displays the current startup image. Select the next startup image. When the switch is powered on, it will try to start up with the next startup image. The next startup and successfully, the device will reboot to make the configuration change effective. Configuration Guide 45 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 73
the Firmware Choose the menu System > System Tools > Firmware Upgrade to load the following page. Figure 4-4 Upgrading the Firmware In the Firmware operation will only effect the backup image. Firmware Version Displays the current firmware version of the system. Hardware Version Displays - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 74
enable the Auto Install function and the switch will download the configuration file and the Auto Save Mode. If you select Enable, the switch will save the configuration file downloaded as startup configuration Mode. If you select Enable, the switch will reboot automatically after the auto install - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 75
Install process is failed, the switch will restart the process every 10 minutes. You can stop the process manually. 4.1.6 Rebooting the switch Choose the menu System > restore the configuration of the switch: 1) In the Reboot Schedule Setting section, select one method and specify the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 76
reset. By default, it is ALL Unit. Note: After the system is reset, configurations of the switch will be reset to the default. 4.2 Using the CLI 4.2.1 Configuring the Boot File Follow these steps to configure the boot file: Step 1 configure Enter global configuration mode. Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 77
file. The following example shows how to set the next startup image as image 1 and set the backup image as image 2. Switch#configure Switch(config)#boot application filename image1 startup Switch(config)#boot application filename image2 backup Switch(config)#show boot Boot config: Current - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 78
address 192.168.0.100. Switch>enable Switch#copy tftp startup-config up the current configuration of the switch in a file: Step 1 enable server. Both IPv4 and IPv6 addresses are supported. name: Specify the name of the IP address 192.168.0.100. Switch>enable Switch#copy startup-config tftp ip - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 79
firmware, you need to choose to reboot the switch with the backup image. ip-addr: Specify the IP address of the TFTP server. Both IPv4 and IPv6 addresses are supported. name: Specify the name of the desired firmware , the switch will start mode and the switch will save the the switch will - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 80
settings in the configuration file. Note: • The switch manually. The following example shows how to configure the Auto Install function. Switch#configure Switch(config)#boot autoinstall persistent-mode Switch(config)#boot autoinstall auto-save Switch(config)#boot autoinstall auto-reboot Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 81
to set the switch to reboot at 12:00 on 15/06/2017. Switch#configure Switch(config)#reboot-schedule at 12:00 15/06/2017 save_before_reboot Reboot system at 15/07/2017 12:00. Continue? (Y/N): Y Reboot Schedule Settings Reboot schedule at 2017-06-15 12:00 (in 17007 minutes) Configuration Guide 54 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 82
end Switch#copy running-config startup-config 4.2.8 Reseting the Switch Follow these steps to reset the switch: Step 1 Step 2 enable Enter privileged mode. reset Reset the switch. Note: After the system is reset, configurations of the switch will be reset to the default. Configuration Guide 55 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 83
: Only the users within the IP-range you set here are allowed to access the switch. MAC-based: Only the users with the MAC address you set here are allowed to access the switch. Port-based: Only the users connecting to the ports you set here are allowed to access the switch. Configuration Guide 56 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 84
IP Address Displays the IP range of the entry. Access Interface Displays the access interface you set of the entry. Operation Click Edit to modify the parameters of the desired entry. When connected to these ports are allowed to access the switch. 2) Click Apply. Configuration Guide 57 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 85
the HTTP function. HTTP HTTP function is based on the HTTP protocol. It allows users to manage the switch through a web browser. 2) In the Session Config section, specify the Session Timeout and click Apply. . Specify the maximum number of users whose access level is User. Configuration Guide 58 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 86
load the following page. Table 5-1 Configuring the HTTPS Function 1) In the Global Config section, select Enable to enable HTTPS function and select the protocol the switch supports. Click Apply. Configuration Guide 59 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 87
TLS protocol. It provides a secure connection between the client and the switch. SSL Version 3 Select Enable to make the switch support SSL Version 3 protocol. SSL is a transport protocol. It can provide Download and Key Download section, download the certificate and key. Configuration Guide 60 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 88
each other, otherwise the HTTPS connection will not work. Select the desired Key to download to the switch. The key must be BASE64 encoded. The SSL certificate and key downloaded must match each other, strong encryption. Protocol V1 Select Enable to enable SSH version 1. Configuration Guide 61 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 89
set. 2) In the Encryption Algorithm section, select the encryption algorithm you want the switch to support and click Apply. 3) In Data Integrity Algorithm section, select the integrity algorithm you want the switch to support to the switch. The switch remotely. 5.2 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 90
Save the settings in the configuration file. The following example shows how to set the type of access control as IP-based. Set the IP address as 192.168.0.100,set the subnet mask as 255.255.255.0 and make the switch support snmp, telnet, http and https. Switch#configure Configuration Guide 63 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 91
Index IP Address Access Interface 1 192.168.0.0/24 SNMP Telnet HTTP HTTPS Switch(config)#end Switch#copy running-config startup-config 5.2.2 Configuring the HTTP Function Follow these steps to number and the idle-timeout, etc. end Return to privileged EXEC mode. Configuration Guide 64 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 92
the HTTPS function. By default, it is enabled. ip http secure-protocol { [ ssl3 ] [ tls1 ] } Configure to make the switch support the corresponding protocol. By default, the switch supports SSLv3 and TLSv1. ssl3: Enable the SSL version 3 protocol. SSL is a transport protocol. It can provide server - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 93
Both IPv4 and IPv6 addresses are supported. ip http secure-server download key ssl-key ip-address ip-addr Download the desired key to the switch from TFTP server. ssl-key: and IPv6 addresses are supported. show ip http secure-server Verify the global configuration of HTTPS. Configuration Guide 66 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 94
set the maximum admin number as 2, operator number as 2, power user number as 5, and user number as 4. Download the certificate named ca.crt and the key named ca.key from the TFTP server with the IP address 192.168.0.100. Switch#configure Switch 5 HTTPS Max Users as User: 4 Configuration Guide 67 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 95
v2 } Configure to make the switch support the corresponding protocol. By default, the switch supports SSHv1 and SSHv3. v1 | established when the number of the connections reaches the maximum number you set. num: Enter the number of the connections, which ranges from supported. Configuration Guide 68 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 96
settings function. Set the version Switch(config)#ip ssh server Switch(config)#ip ssh version v1 Switch(config)#ip ssh version v2 Switch(config)#ip ssh timeout 100 Switch(config)#ip ssh max-client 4 Switch(config)#ip ssh algorithm AES128-CBC Switch(config)#ip ssh algorithm Cast128-CBC Switch Switch( - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 97
File: ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "dsa-key-20160711" Switch(config)#end Switch#copy running-config startup-config 5.2.5 Enabling the Telnet Function Follow these steps -config startup-config Save the settings in the configuration file. Access Security Configurations Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 98
Parameter Device Name Device Location System Contact Default Setting The model name of the switch. SHENZHEN www.tp-link.com Table 6-2 Default Settings of Daylight Saving Time Configuration Parameter DST status Default Setting Disabled Default settings of User Management are listed in the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 99
6-8 Default Settings of SSH Configuration Parameter SSH Protocol V1 Protocol V2 Idle Timeout Max Connect AES128-CBC AES192-CBC AES256-CBC Blowfish-CBC Cast128-CBC 3DES-CBC Default Setting Disabled Enabled Enabled 120 seconds 5 Enabled Enabled Enabled Enabled Enabled Enabled Configuration Guide 72 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 100
Managing System Parameter HMAC-SHA1 HMAC-MD5 Key Type: Default Setting Enabled Enabled SSH-2 RSA/DSA Table 6-9 Default Settings of Telnet Configuration Parameter Control Mode Default Setting Enabled Appendix: Default Parameters Configuration Guide 73 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 101
Part 3 Managing Physical Interfaces CHAPTERS 1. Physical Interface 2. Basic Parameters Configurations 3. Port Mirror Configuration 4. Port Security Configuration 5. Port Isolation Configurations 6. Loopback Detection Configuration 7. Configuration Examples - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 102
basic parameters for ports. Port Mirror This function allows the switch to forward packet copies of the monitored ports to a specific monitoring port. Then you can analyze the copied packets to monitor network traffic and troubleshoot network problems. Port Security You can use this feature to limit - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 103
Switching > Port > Port Config to load the following page. Figure 2-1 Configuring Basic Parameters Follow these steps to set basic parameters for ports: 1) Set device. The default setting is Auto. This value is recommended if both ends of the line support autonegotiation. Configuration Guide 76 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 104
with the connected device. The default setting is Auto. With this option enabled, the switch synchronizes the data transmission speed with the that you set the ports on both ends of a link as the same speed and duplex mode. 2.2 Using the CLI Follow these steps to set basic . Configuration Guide 77 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 105
(Maximum Transmission Unit) size on the port to support jumbo frames. The default MTU size for frames setting a description for the port, making the port autonegotiate speed and duplex with the neighboring port, and enabling the flow-control and jumbo feature: Switch#configure Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 106
(config-if)#jumbo Switch(config-if)#show interface configuration gigabitEthernet 1/0/1 Port State Speed Duplex FlowCtrl Jumbo Description Gi1/0/1 Enable Auto Auto Enable Enable router connection Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 79 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 107
Managing Physical Interfaces 3 Port Mirror Configuration Port Mirror Configuration 3.1 Using the GUI Choose the menu Switching > Port > Port Mirror to load the following page. Figure 3-1 Mirror Session List The above page displays a mirror session, and no more session can be created. - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 108
port for the mirror session, and click Apply. 2) In the Source Port section, select one or multiple monitored ports for configuration. Then set the parameters and click Apply. UNIT:1/LAGS Click 1 to select physical ports. Click LAGS to select LAGs. Ingress With this option enabled, the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 109
be set as a monitoring port or monitored port. • A port cannot be set as the and set the -channel-id } mode Set the monitored ports. session_num config Save the settings in the configuration Switch#configure Switch(config)#monitor session 1 destination interface gigabitEthernet 1/0/10 Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 110
Managing Physical Interfaces Switch(config)#show monitor session Monitor Session: 1 Destination Port: Gi1/0/10 Source Ports(Ingress): Gi1/0/1-3 Source Ports(Egress): Gi1/0/1-3 Switch(config-if)#end Switch#copy running-config startup-config Port Mirror Configuration Configuration Guide 83 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 111
Physical Interfaces 4 Port Security Configuration Port Security Configuration 4.1 Using the GUI Choose the menu Switching > Port > Port Security to load the following page. Figure 4-1 Port Security Follow these number of MAC addresses that have been learned on the port. Configuration Guide 84 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 112
the default setting. Static: The learned MAC addresses are out of the influence of the aging time and can only be deleted manually. The learned entries will be cleared after the switch is rebooted port | range gigabitEthernet port-list } Enter interface configuration mode. Configuration Guide 85 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 113
the aging time and can only be deleted manually. The learned entries will be cleared after the switch is rebooted. permanent: The learned MAC address running-config startup-config Save the settings in the configuration file. The following example shows how to set the maximum number of MAC addresses - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 114
Managing Physical Interfaces Switch(config-if)#end Switch#copy running-config startup-config Port Security Configuration Configuration Guide 87 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 115
Managing Physical Interfaces 5 Port Isolation Configurations Port Isolation Configurations 5.1 Using the GUI Choose the menu Switching > Port > Port Isolation to load the following page. Figure 5-1 Port Isolation List The above page displays the port isolation list. Click Edit to configure Port - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 116
-forward-list: The list of LAGs. Step 4 show port isolation interface { fastEthernet port | gigabitEthernet port } Verify the Port Isolation configuration of the specified port. Configuration Guide 89 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 117
mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to add ports 1/0/1-3 and LAG 4 to the forward list of port 1/0/5: Switch#configure Switch(config)#interface gigabitEthernet 1/0/5 Switch(config-if)#port isolation gi-forward-list - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 118
about storm control, refer to Configuring QoS. Choose the menu Switching > Port > Loopback Detection to load the following page. Figure Apply. Loopback Detection Status Enable loopback detection globally. Detection Interval Set the interval of sending loopback detection packets. The valid values - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 119
port: Alert: The switch will display alerts. It is the default setting. Port Based: In addition to displaying alerts, the switch will block the automatic recovery time. It is the default setting. Manual: You need to manually release the blocked port. Click the Recovery . Configuration Guide 92 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 120
interval-time Set the interval recovery-time Set the recovery manual } ] Set the process mode when a loopback is detected on the port. There are two modes: alert: The switch setting. port-based: In addition to displaying alerts, the switch will block the port on which the loop is detected. Set settings - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 121
shows how to enable loopback detection of port 1/0/3 and set the process mode as alert and recovery mode as auto: Switch#configure Switch(config)#interface gigabitEthernet 1/0/3 Switch(config-if)#loopback-detection Switch(config-if)#loopback-detection config process-mode alert recovery-mode - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 122
switch. For network security and troubleshooting , the network manager needs to use the network analyzer to monitor the data packets from the end hosts. Figure 7-1 Network Topology Gi1/0/2-5 Gi1/0/1 Hosts Switch , allowing the switch to copy the menu Switching > Port - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 123
the received and sent packets to be copied to the monitoring port. Then click Apply. Figure 7-4 Source Port Configuration 4) Click Save Config to save the settings. Configuration Guide 96 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 124
Switch#configure Switch(config)#monitor session 1 destination interface gigabitEthernet 1/0/1 Switch(config)#monitor session 1 source interface gigabitEthernet 1/0/2-5 both Switch(config)#end Switch , three hosts and a server are connected to the switch and all belong to VLAN 10. With the VLAN - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 125
can configure port isolation to implement the requirement. Set 1/0/4 as the only forwarding port for port 1/0/1, the GUI and using the CLI. 7.2.3 Using the GUI 1) Choose the menu Switching > Port > Port Isolation to load the following page. It displays the port . Click Apply. Configuration Guide 98 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 126
Configuration Examples 3) Click Save Config to save the settings. 7.2.4 Using the CLI Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#port isolation gi-forward-list 1/0/4 Switch(config-if)#end Switch#copy running-config startup-config Verify the Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 127
Switch A Gi1/0/1 Gi1/0/2 Gi1/0/3 Management Host Access-layer Switches Loop 7.3.2 Configuration Scheme Enable loopback detection on ports 1/0/1-3 and configure SNMP to receive the notifications. For detailed instructions the GUI 1) Choose the menu Switching > Port > Loopback Detection to load - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 128
configure Switch(config)#loopback-detection Switch(config)#loopback-detection interval 30 Switch(config)#loopback-detection recovery-time 3 2) Enable loopback detection on ports 1/0/1-3 and set the process mode and recovery mode. Switch(config)#interface gigabitEthernet 1/0/1 Configuration Guide 101 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 129
Switch(config-if)#exit Switch(config)#interface gigabitEthernet 1/0/3 Switch(config-if)#loopback-detection Switch(config-if)#loopback-detection config process-mode port-based recovery-mode auto Switch(config-if)#end Switch detection configuration on ports: Switch#show loopback-detection interface - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 130
Appendix: Default Parameters Default settings of Switching are listed in th following tables. Table 8-1 Configurations for Ports Parameter Default Setting Port Config Type Copper Status 3 detection times Web Refresh Status Disable Web Refresh Interval 6 seconds Configuration Guide 103 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 131
Managing Physical Interfaces Parameter Port Status Operation mode Recovery mode Default Setting Disable Alert Auto Appendix: Default Parameters Configuration Guide 104 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 132
Part 4 Configuring LAG CHAPTERS 1. LAG 2. LAG Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 133
to enhance the connection reliability. 1.2 Supported Features You can configure LAG in two ways: static LAG and LACP (Link Aggregation Control Protocol). Static LAG The member ports are manually added to the LAG. LACP The switch uses LACP to implement dynamic link aggregation and disaggregation by - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 134
link work in the same LAG mode. For example, if the local end works in LACP mode, the peer end should be set link fails, the other active links share the traffic evenly. One LACP LAG supports more than eight member ports, but at most eight of them can be active. Using LACP protocol, the switches - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 135
the menu Switching > LAG based on which the switch can choose the port forwarded on different physical links to implement load balancing not well shared by each link, you can change the algorithm one physical link. For example, Switch A receives set the algorithm as "SRC MAC+SRC IP" to allow Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 136
one LAG mode: Static LAG or LACP. And make sure both ends of a link use the same LAG mode. Configuring Static LAG Choose the menu Switching > LAG > Static LAG to load the following page. Figure 2-3 Static LAG Apply. Note: Clearing all member ports will delete the LAG. Configuration Guide 109 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 137
of other static LAGs cannot be set as an Admin Key. The valid value of the Admin Key is determined by the maximum number of LAG supported by your switch. For example, if your switch supports up to 14 LAGs, the valid the port with a smaller port number has the higher priority. Configuration Guide 110 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 138
In LACP, the switch uses LACPDU (Link Aggregation Control Protocol Data Unit) to negotiate the parameters with the peer end. In this way, the two ends select active ports and form the aggregation link. The LACP load-balancing algorithm. end Return to privileged EXEC mode. Configuration Guide 111 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 139
in the configuration file. The following example shows how to set the global load-balancing mode as src-dst-mac: Switch#configure Switch(config)#port-channel load-balance src-dst-mac Switch(config)#show etherchannel load-balance EtherChannel Load-Balancing Configuration: src-dst-mac EtherChannel - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 140
Step 2 lacp system-priority pri Specify the system priority for the switch. To keep active ports consistent at both ends, you can set the priority of one device to be higher than that of the other the default value is 32768. A smaller value means a higher device priority. Configuration Guide 113 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 141
form the aggregation link. The LACP settings in the configuration file. The following example shows how to specify the system priority of the switch as 2: Switch#configure Switch(config)#lacp system-priority 2 Switch(config)#show lacp sys-id 2, 000a.eb13.2397 Switch(config)#end Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 142
set the mode as LACP, and select the LACPDU sending mode as active: Switch#configure Switch(config)#interface range gigabitEthernet 1/0/1-4 Switch(config-if-range)#channel-group 6 mode active Switch Switch(config-if-range)#end Switch#copy running-config startup-config Configuration Guide 115 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 143
for ports 1/0/9-10 to set them as the backup ports. When any of the active ports is down, the backup ports will be enabled to transmit data. Demonstrated with T2500G-10MPS, the following sections provide configuration procedure in two ways: using the GUI and using the CLI. Configuration Guide 116 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 144
A as 0 and Click Apply. Remember to ensure that the system priority value of Switch B is bigger than 0. Figure 3-3 System Priority Configuration 3) In the LACP Config section, select ports 1/0/1-10, and respectively set the admin key, port priority, mode and status for each port as follows. Click - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 145
port-channel load-balance src-dst-mac 2) Specify the system priority of Switch A as 0. Remember to ensure that the system priority value of Switch B is bigger than 0. Switch(config)#lacp system-priority 0 3) Add ports 1/0/1-8 to LAG 1 and set the mode as LACP. Then specify the port priority as 0 to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 146
Configuring LAG 0, 000a.eb13.2397 Configuration Example Verify the LACP configuration: Switch#show lacp internal Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast Gi1/0/9 SA Down 1 0x1 0 0x9 0x45 Gi1/0/10 SA Down 2 0x1 0 0xa 0x45 Configuration Guide 119 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 147
Parameters Default settings of Switching are listed in the following tables. Table 4-1 Default Settings of LAG Parameter LAG Table Hash Algorithm LACP Config System Priority Admin Key Port Priority Mode Status Default Setting SRC MAC+DST MAC 32768 0 32768 Passive Disable Configuration Guide 120 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 148
Part 5 Monitoring Traffic CHAPTERS 1. Traffic Monitor 2. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 149
section, or click Refresh at the bottom of the page. Auto Refresh: With this potion enabled, the switch refreshes the web timely. Refresh Rate: Specify the refresh interval in seconds. 2) In the Traffic Summary received on the port. Error packets are not counted in. Configuration Guide 122 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 150
1.1.2 Viewing the Traffic Statistics in Detail Choose the menu Switching > Traffic Monitor > Traffic Statistics to load the following page the bottom of the page. Auto Refresh: With this option enabled, the switch refreshes the web timely. Refresh Rate: Specify the refresh interval in seconds. - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 151
transmitted on the port. Error frames are not counted in. Collisions: Displays the number of collisions experienced by a half-duplex port during packet transmissions. Configuration Guide 124 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 152
of the received packets (including error packets) that are over 1023 bytes. Collisions: Displays the number of collisions experienced by a port during packet transmissions. Configuration Guide 125 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 153
Monitoring Traffic Appendix: Default Parameters 2 Appendix: Default Parameters Table 2-1 Traffic Statistics Monitoring Parameter Traffic Summary Auto Refresh Refresh Rate Traffic Statistics Auto Refresh Refresh Rate Default Setting Disable 10 seconds Disable 10 seconds Configuration Guide 126 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 154
Part 6 Managing MAC Address Table CHAPTERS 1. MAC Address Table 2. Address Configurations 3. Security Configurations 4. Example for Security Configurations 5. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 155
set the MAC address of the server as a static entry to enhance the forwarding efficiency of the switch. Filtering address Filtering addresses are manually added to configure the switch to automatically drop the packets with specific source or destination MAC addresses. Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 156
and the MAC address change activity. For example, you can configure the switch to send you notifications when new users access the network. Limiting number of MAC addresses that can be learned in specified VLANs. The switch will not learn addresses when the number of learned addresses has reached - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 157
Adding Static MAC Address Entries You can add static MAC address entries by manually specifying the desired MAC address or binding dynamic MAC address entries. Adding MAC Addresses Manually Choose the menu Switching > MAC Address > Static Address to load the following page. Figure 2-1 Adding MAC - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 158
, once an address is configured as a static address, it cannot be set as a filter- ing address, and vice versa. • Multicast or broadcast addresses cannot be set as static addresses. • Ports in LAGs (Link Aggregation Group) are not supported for static address configuration. Configuration Guide 131 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 159
Aging Enable Auto Aging, then the switch automatically updates the dynamic address table with the aging mechanism. By default, it is enabled. Aging Time 2) Click Apply. Set the length of time that a you keep the default value if you are unsure about settings in your case. Configuration Guide 132 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 160
Filtering Address Entries Choose the menu Switching > MAC Address > Filtering Address Specify a MAC address to configure the switch to drop packets which include this MAC address as it cannot be set as a static address, and vice versa. • Multicast or broadcast addresses cannot be set as filtering - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 161
Address Table Address Configurations Choose the menu Switching > MAC Address > Address Table to . Step 2 mac address-table static mac-addr vid vid interface gigabitEthernet port Bind the MAC address, VLAN and port together to add a static address to the specified VLAN. Configuration Guide 134 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 162
be set as static addresses. • Ports in LAGs (Link Aggregation Group) are not supported for Switch#configure Switch(config)# mac address-table static 00:02:58:4f:6c:23 vid 10 interface gigabitEthernet 1/0/1 Switch for this criterion: 1 Switch(config)#end Switch#copy running-config startup-config - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 163
settings in the configuration file. The following example shows how to modify the aging time to 500 seconds. A dynamic entry remains in the MAC address table for 500 seconds after the entry is used or updated. Switch#configure Switch 3 end Return to privileged EXEC mode. Configuration Guide 136 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 164
a static address, and vice versa. • Multicast or broadcast addresses cannot be set as filtering addresses . The following example shows how to add the MAC filtering address 00:1e:4b:04:01:5d to VLAN 10. Then the switch will drop the packet that is received in VLAN 10 with this address as - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 165
MAC addresses in VLANs 3.1 Using the GUI 3.1.1 Configuring MAC Notification Traps Choose the menu Switching > MAC Address > MAC Notification to load the following page. Figure 3-1 Configuring MAC , and click Apply. Global Status Enable MAC notification feature globally. Configuration Guide 138 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 166
and reduce traffic. Notification Interval is the interval time between each set of New MAC Learned notifications that are generated. By default, it 3.1.2 Limiting the Number of MAC Addresses in VLANs Choose the menu Switching > MAC Address > MAC VLAN Security to load the following page Guide 139 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 167
space. Therefore, before you set the number limit, please be sure you are familiar with the network topology and the switch system configuration. 3) Choose the mode that the switch adopts when the maximum notification will be generated and sent to the management host. Configuration Guide 140 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 168
refer to Configuring SNMP & RMON. The following example shows how to enable new-MAC-learned trap on port 1, and set the interval time as 10 seconds. After you have further configured SNMP, the switch will bundle notifications of new addresses in every 10 seconds and send to the management host - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 169
disable enable Switch(config-if)#end Switch#copy in the specified VLAN and select a mode for the switch to adopt when the maximum number is exceeded. vid Set the maximum number of MAC addresses in the specific VLAN. It ranges from 0 to 16383. drop | forward | disable: The mode that the switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 170
Managing MAC Address Table VlanId Max-learn Current-learn Status ------ 10 100 0 Drop Switch(config)#end Switch#copy running-config startup-config Security Configurations Configuration Guide 143 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 171
of any new access users. Figure 4-1 The Network Topology Internet Gi1/0/1 Gi1/0/2 Gi1/0/3 Switch ...... Marketing Department VLAN 10 R&D Department VLAN 30 4.2 Configuration Scheme VLAN Security can procedures in two ways: using the GUI and using the CLI. Configuration Guide 144 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 172
the menu Switching > MAC Address > MAC VLAN Security to load the following page. Set the menu Switching > MAC Address > MAC Notification to load the following page. Enable Global Status, set notification Click Save Config to save the settings. 4) Enable SNMP and set a management host. For detailed - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 173
set notification interval as 10 seconds. Switch(config)#mac address-table notification global-status enable Switch(config)#mac address-table notification interval 10 Switch(config)#interface gigabitEthernet 1/0/2 Switch MAC Notification on port 1/0/2. Switch#show mac address-table notification - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 174
Disable Notification Interval 1 Second Learned Mode Change Notification Disable Exceed Max Learned Notification Disable New MAC Learned Notification Disable Table 5-4 Default Settings of MAC VLAN Security Parameter Default Setting MAC VLAN Security Disable Configuration Guide 147 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 175
Part 7 Configuring DDM CHAPTERS 1. Overview 2. DDM Configuration 3. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 176
DDM (Digital Diagnostic Monitoring) function allows the user to monitor the status of the SFP modules inserted into the SFP ports on the switch. The user can choose to shut down the monitored SFP port automatically when the specified parameter exceeds the alarm threshold or warning threshold. The - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 177
specified threshold for warning or alarm. 2.1 Using the GUI 2.1.1 Configuring DDM Globally Choose the menu Switching > DDM > DDM Config to load the following page. Figure 2-1 Configure DDM Globally Follow 2) Click Apply. Displays the LAG number which the port belongs to. Configuration Guide 150 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 178
DDM Configuration 2.1.2 Configuring the Temperature Threshold Choose the menu Switching > DDM > Temperature Threshold to load the following 2.1.3 Configuring the Voltage Threshold Choose the menu Switching > DDM > Voltage Threshold to load the following page. Figure 2-3 Configure - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 179
the LAG number which the port belongs to. 2.1.4 Configuring the Bias Current Threshold Choose the menu Switching > DDM > Bias Current Threshold to load the following page. Figure 2-4 Configure Bias Current Threshold will be taken. The valid values are from 0 to 131. Configuration Guide 152 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 180
the LAG number which the port belongs to. 2.1.5 Configuring the Tx Power Threshold Choose the menu Switching > DDM > Tx Power Threshold to load the following page. Figure 2-5 Configure Tx Power Threshold Follow Apply. Displays the LAG number which the port belongs to. Configuration Guide 153 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 181
DDM DDM Configuration 2.1.6 Configuring the Rx Power Threshold Choose the menu Switching > DDM > Rx Power Threshold to load the following page. belongs to. 2.1.7 Viewing DDM Status Choose the menu Switching > DDM > DDM Status to load the following page. Figure 2-7 View DDM Status Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 182
Enable DDM on this SFP port. show ddm configuration state Display the DDM state of the SFP ports. end Return to Privileged EXEC Mode. Configuration Guide 155 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 183
/0/10 Enable None Switch(config-if)#end Switch#copy running-config startup-config 2.2.2 Configuring DDM Shutdown Follow these steps to configure settings for shutting down SFP EXEC Mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 156 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 184
to set SFP port 1/0/9 to shut down when the warning threshold is exceeded. Switch#configure Switch(config)#interface gigabitEthernet 1/0/9 Switch(config-if)#ddm shutdown warning Switch(config-if temperature threshold on the SFP ports. end Return to Privileged EXEC Mode. Configuration Guide 157 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 185
set SFP port 1/0/9's high alarm temperature threshold as 110 Celsius. Switch#configure Switch(config)#interface gigabitEthernet 1/0/9 Switch(config-if)#ddm temperature_threshold high_alarm 110 Switch( Enter the threshold value in V. The valid values are from 0 to 6.5535. Configuration Guide 158 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 186
set SFP port 1/0/9's high alarm threshold voltage as 5 V. Switch#configure Switch(config)#interface gigabitEthernet 1/0/9 Switch(config-if)#ddm vlotage_threshold high_alarm 5 Switch port | range ten-gigabitEthernet port-list } Enter interface configuration mode. Configuration Guide 159 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 187
file. The following example shows how to set SFP port 1/0/9's high alarm threshold bias current as 120 mA. Switch#configure Switch(config)#interface gigabitEthernet 1/0/9 Switch(config-if)#ddm vlotage_threshold high_alarm 120 Switch(config-if)#show ddm configuration bias_current Voltage - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 188
configuration file. The following example shows how to set SFP port 1/0/9's high alarm threshold Tx power as 6 mW. Switch#configure Switch(config)#interface gigabitEthernet 1/0/9 Switch(config-if)#ddm tx_power_threshold high_alarm 6 Switch(config-if)#show ddm configuration tx_power Tx Power - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 189
file. The following example shows how to set SFP port 1/0/9's high alarm threshold Rx power as 6 mW. Switch#configure Switch(config)#interface gigabitEthernet 1/0/9 Switch(config-if)#ddm rx_power_threshold high_alarm 6 Switch(config-if)#show ddm configuration rx_power Configuration Guide 162 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 190
end Return to Privileged EXEC Mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to view SFP ports' Rx power threshold. Switch#configure Switch(config)#show ddm configuration rx_power Rx Power Threshold(mW) : High Alarm Low - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 191
the digital diagnostic monitoring status of SFP modules inserted into the switch's SFP ports. Step 1 Step 2 Step 3 configure Enter global The following example shows how to view SFP ports' DDM status. Switch#configure Switch(config)#show ddm status Temperature(C) Voltage(V) Bias Current(mA) Tx - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 192
of DDM are listed in the following table. Table 3-1 Default Settings of DDM Parameter Default Setting DDM Status Enable. All the SFP ports are being monitored. Threshold Action None. The port will not be shut down even if the alarm or warning threshold is exceeded. Configuration Guide 165 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 193
Part 8 Configuring L2PT CHAPTERS 1. Overview 2. L2PT Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 194
service providers to transparently transmit layer 2 protocol data units (PDUs) between customer networks at different locations through a public ISP network. Some terminology that is used in this section is defined as follows: Edge Switch: The switch this problem, the on the edge switches (PE1 and - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 195
its original destination MAC address. With L2PT feature configured accordingly, the switch can transparently transmit the PDUs of the following layer 2 protocols: Protocol), PAgP (Port Aggregation Protocol), UDLD (UniDirectional Link Detection) and PVST+(Per VLAN Spanning Tree Plus). Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 196
2.1 Using the GUI Choose the menu Switching > L2PT > L2PT Config to load the specify your desired protocols on the port. In addition, you can also set the threshold for packets-per-second to be processed on the UNI setting is NONE, which indicates that L2PT is disabled on this port. - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 197
as 01000CCCCCCD. ALL: All the above layer 2 protocols are supported for tunneling. Threshold Specify the maximum number of packets to ISP network. The default setting is NONE, which indicates that L2PT is disabled on this port. LAG 4) Click Apply. Displays the link aggregation group which the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 198
tunneling for the STP packets. all: All the above layer 2 protocols are supported for tunneling. threshold: Set a threshold which determines the maximum number of packets to be processed for the . copy running-config startup-config Save the settings in the configuration file. Configuration Guide 171 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 199
as a UNI port for the layer 2 protocol GVRP and set the threshold as 1000: Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#l2protocol-tunnel type uni gvrp threshold 1000 Switch(config-if)#show l2protocol-tunnel interface gigabitEthernet 1/0/1 Interface Type - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 200
second. Demonstrated with T2500G-10MPS, the following sections provide configuration procedure in two ways: using the GUI and using the CLI. 3.3 Using the GUI The configurations of Switch A and Switch B are similar. The following introductions take Switch A as an example. Configuration Guide 173 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 201
3) Click Save Config to save the settings. 3.4 Using the CLI The configurations of Switch A and Switch B are similar. The following introductions take Switch A as an example. Switch_A#configure Switch_A 1000 Switch_A(config-if)#end Switch_A#copy running-config startup-config Configuration Guide 174 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 202
---- Gi1/0/1 nni --,--,--,-- --,--,--,-- N/A Verify the configuration on port 1/0/2: Switch_A#show l2protocol-tunnel interface gigabitEthernet 1/0/2 Interface Type Protocol Threshold LAG --------- --------- ---- Gi1/0/2 uni stp,--,--,-- 1000,--,--,-- N/A Configuration Guide 175 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 203
Configuring L2PT Appendix: Default Parameters 4 Appendix: Default Parameters Default settings of L2PT are listed in the following table. Table 4-1 Default Settings of L2PT Parameter Defualt Setting Global Config Layer 2 Protocol Tunneling Disable Port Config Type NONE Protocol NONE - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 204
Part 9 Configuring 802.1Q VLAN CHAPTERS 1. Overview 2. 802.1Q VLAN Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 205
need not be located in the same place. It eases the management of devices in the same work group but located in different places. Configuration Guide 178 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 206
menu VLAN > 802.1Q VLAN > Port Config to load the following page. Figure 2-1 Configuring the Port Select a port and configure its PVID. Click Apply. Configuration Guide 179 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 207
link type of the port. It is Access by default. ACCESS: The port can only be added to one VLAN and is usually connected to a terminal device that does not support device, such as a switch or a router, to carry to each VLAN. Set the default VLAN ID untagged packet, the switch inserts a VLAN tag to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 208
ports will forward untagged packets in the target VLAN. Tagged port 3) Click Apply. The selected ports will forward tagged packets in the target VLAN. Configuration Guide 181 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 209
mode. Step 6 copy running-config startup-config Save the settings in the configuration file. The following example shows how to create VLAN 2 and name it as RD : Switch#configure Switch(config)#vlan 2 Switch(config-vlan)#name RD Switch(config-vlan)#show vlan id 2 VLAN Name Status Ports - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 210
running-config startup-config Save the settings in the configuration file. The following example shows how to configure the link type of port 1/0/5 as Trunk, the PVID of port 1/0/5 as VLAN 2: Switch#configure Switch(config)#interface gigabitEthernet 1/0/5 Switch(config-if)#switchport mode trunk - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 211
Egress-rule Tagged Switch(config-if)#end Switch#copy running-config running-config startup-config Save the settings in the configuration file. The following example Switch#configure Switch(config)#interface gigabitEthernet 1/0/5 Switch(config-if)#switchport general allowed vlan 2 tagged Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 212
Configuring 802.1Q VLAN PVID: 2 Member in LAG: N/A Link Type: General Member in VLAN: Vlan Name Egress-rule ------- 1 System-VLAN Untagged 2 rd Tagged Switch(config-if)#end Switch#copy running-config startup-config 802.1Q VLAN Configuration Configuration Guide 185 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 213
different offices are connected to different switches. It is required that computers usually do not support VLAN tags. Configure the switch ports connected to the link between two switches carries traffic from two VLANs simultaneously. Configure the ports on both ends of the intermediate link - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 214
2 are similar. The following introductions take Switch 1 as an example. 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. For port 1/0/2 and port 1/0/3, set the link type as Access; for port 1/0/4, set the link type as Trunk. Then click Apply. Configuration Guide 187 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 215
Department_A. Add port 1/0/2 as an untagged port and port 1/0/4 as a tagged port to VLAN 10. Then click Apply. Figure 3-3 Create VLAN 10 for Department A Configuration Guide 188 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 216
Department B 4) Click Save Config to save the settings. 3.5 Using the CLI The configurations of Switch 1 and Switch 2 are similar. The following introductions take Switch 1 as an example. 1) Create VLAN 10 for Switch_1(config)#vlan 20 Switch_1(config-vlan)#name Department-B Configuration Guide 189 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 217
switchport mode access Switch_1(config-if)#switchport access vlan 20 Switch_1(config-if)#exit 3) Set the link type of port 1/0/4 as Trunk, and then add it to both VLAN 10 and Gi1/0/9, Gi1/0/10 10 Department-A active Gi1/0/2, Gi1/0/4 20 Department-B active Gi1/0/3, Gi1/0/4 Configuration Guide 190 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 218
Configuring 802.1Q VLAN Appendix: Default Parameters 4 Appendix: Default Parameters Default settings of 802.1Q VLAN are listed in the following table. Table 4-1 Default Settings of 802.1Q VLAN Parameter Default Setting VLAN ID 1 PVID 1 Link Type ACCESS Configuration Guide 191 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 219
Part 10 Configuring MAC VLAN CHAPTERS 1. Overview 2. MAC VLAN Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 220
switch via different ports. For example, a terminal device that accessed the switch switch to access the original VLAN. Using MAC VLAN can free the user from such a problem Server B VLAN 20 Switch 1 Switch 3 Switch 2 Meeting Room 1 To meet this requirement, simply bind the MAC addresses of the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 221
1Q VLAN. 2) Bind the MAC address switch will insert the corresponding tag to the data packet and forward it within the VLAN. If no, the switch the switch will forward the data packet. Otherwise, the switch data packet, the switch will directly process the set the port type according to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 222
1) Enter the MAC address of the device, give it a description, and enter the VLAN ID to bind it to the VLAN. MAC Address Enter the MAC address of the device. The address should be in 00 is disabled on all ports. You need to enable MAC VLAN for your desired ports manually. Configuration Guide 195 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 223
click Apply. Note: The member port of an LAG (Link Aggregation Group) follows the configuration of the LAG but not its set the port type according to network requirements. For details, refer to Configuring 802.1Q VLAN. 2.2.2 Binding the MAC Address to the VLAN Follow these steps to bind Guide 196 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 224
Save the settings in the configuration file. The following example shows how to bind the MAC address 00:19:56:8A:4C:71 to VLAN 10, with the address description as Dept.A. Switch#configure Switch(config)#mac-vlan on each interface. end Return to privileged EXEC mode. Configuration Guide 197 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 225
Step 6 copy running-config startup-config Save the settings in the configuration file. The following example shows how to enable MAC VLAN for port 1/0/1. Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#mac-vlan Switch(config-if)#show mac-vlan interface Port STATUS - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 226
VLAN 20 Gi1/0/4 Gi1/0/2 Gi1/0/2 Switch 1 Gi1/0/1 Gi1/0/5 Switch 3 Gi1/0/3 Gi1/0/2 Switch 2 Gi1/0/1 Laptop A Meeting VLAN to meet this requirement. On Switch 1 and Switch 2, bind the MAC addresses of the laptops to each of the three switches, set different port types, and add the ports - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 227
Example Untagged; for the ports connecting to other switch, set the link type as General, and set the egress rule as Tagged. 2) On Switch 1 and Switch 2, bind the MAC addresses of the laptops to their untagged port and port 1/0/2 as tagged ports to VLAN 10. Click Apply. Configuration Guide 200 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 228
to load the following page. Create VLAN 20, and add port 1/0/1 as untagged port and port 1/0/2 as tagged ports to VLAN 20. Click Apply. Configuration Guide 201 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 229
menu VLAN > MAC VLAN > MAC VLAN to load the following page. Enter MAC Address, Description, VLAN ID and click Create to bind the MAC address of Laptop A to VLAN 10 and bind the MAC address of Laptop B to VLAN 20. Figure 3-5 MAC VLAN Configuration 5) Choose the menu VLAN > MAC VLAN > Port Enable - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 230
6) Click Save Config to save the settings. Configurations for Switch 3 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of port1/0/2-5 as General, and untagged port and ports 1/0/2-3 as tagged ports to VLAN 10. Click Apply. Configuration Guide 203 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 231
Configuring MAC VLAN Figure 3-8 VLAN 10 Configuration Configuration Example 3) Click Create to load the following page. Create VLAN 20, and add port 1/0/5 as untagged port and ports 1/0/2-3 as tagged ports to VLAN 20. Click Apply. Configuration Guide 204 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 232
settings. 3.4 Using the CLI Configurations for Switch 1 and Switch 2 The configurations of Switch 1 and Switch 2 are the same. The following introductions take Switch Switch_1(config-vlan)#exit 2) For port 1/0/2, set the type as General, set the egress rule as Tagged, and add it to both - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 233
-if)#exit 3) Set port 1/0/1 set the type as General, set the egress rule if)#exit 4) Bind the MAC address of Laptop A to VLAN 10 and bind the MAC address -config startup-config Configurations for Switch 3 1) Create VLAN 10 for 1/0/2 and port 1/0/3, set the type as General, set the egress rule as - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 234
port 1/0/4 and port 1/0/5, set the type as General, set the egress rule as Untagged running-config startup-config Verify the Configurations Switch 1 Switch_1#show mac-vlan all MAC Address 10 00:19:56:82:3B:70 PCB 20 Switch 2 Switch_2#show mac-vlan all MAC Address Description VLAN - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 235
Switch 3 Switch_3#show vlan VLAN Name Status Ports 1 System-VLAN active Gi1/0/1, Gi1/0/2, Gi1/0/3, Gi1/0/4, Gi1/0/5, Gi1/0/6, Gi1/0/7, Gi1/0/8 Gi1/0/9, Gi1/0/10 10 DeptA active Gi1/0/2, Gi1/0/3, Gi1/0/4 20 DeptB active Gi1/0/2, Gi1/0/3, Gi1/0/5 Configuration Guide 208 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 236
Configuring MAC VLAN Appendix: Default Parameters 4 Appendix: Default Parameters Default settings of MAC VLAN are listed in the following table. Table 4-1 Default Settings of MAC VLAN Parameter Default Setting MAC Address None Description None VLAN ID None Port Enable Disable - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 237
Part 11 Configuring Protocol VLAN CHAPTERS 1. Overview 2. Protocol VLAN Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 238
on specific applications and services of network users. The figure below shows a common application scenario of protocol VLAN. With protocol VLAN configured, Switch 2 can forward Router VLAN 10 Router VLAN 20 Switch 2 Switch 1 IPv4 Hosts VLAN 10 IPv6 Hosts VLAN 20 Configuration Guide 211 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 239
setting the port type. 2) Create protocol template. 3) Configure Protocol VLAN. Configuration Guidelines You can use the IP, ARP, RARP, and other protocol templates provided by TP-Link switches switch will first process MAC VLAN.) If there is a match, the switch packet, the switch will directly - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 240
the data type of the frame. 2) Click Create to create the protocol template. Note: A protocol template that is bound to a VLAN cannot be deleted. Configuration Guide 213 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 241
select the protocol name and enter the VLAN ID to bind the protocol type to the VLAN. Protocol Name Select the Click Apply. Note: The member port of an LAG (Link Aggregation Group) follows the configuration of the LAG but not .1Q VLAN and set the port type according to network requirements. For - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 242
settings in the configuration file. The following example shows how to create an IPv6 protocol template: Switch#configure Switch(config)#protocol-vlan template name IPv6 ether-type 86dd Switch ether-type 86DD Switch(config)#end Switch#copy running-config startup-config Configuration Guide 215 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 243
Return to Privileged EXEC Mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to bind the IPv6 protocol template to VLAN 10: Switch#configure Switch(config)#show protocol-vlan template Index Protocol Name Protocol Type 1 IP - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 244
vlan Index Protocol-Name VID Member -------- 1 IPv6 10 Switch(config-if)#protocol-vlan group 1 Switch(config-if)#show protocol-vlan vlan Index Protocol-Name VID Member 1 IPv6 10 Gi1/0/2 Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 217 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 245
VLAN 20, and these hosts access the network via Switch 1. Switch 2 is connected to two routers to access the Gi1/0/1 VLAN 10 Gi1/0/3 VLAN 20 Switch 2 Gi1/0/1 Gi1/0/3 Switch 1 Gi1/0/2 VLAN 20 IPv4 Host of Switch 2 to meet this requirement. When this port receives packets, Switch 2 will - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 246
set the port type, and add each port to the corresponding VLAN. 2) Use the IPv4 protocol template provided by the switch, and create the IPv6 protocol template. 3) Bind Configurations for Switch 1 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 247
Configuring Protocol VLAN Configuration Example 2) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 10, and add port 1/0/1 and port 1/0/3 as untagged ports to VLAN 10. Click Apply. Figure 3-3 Create VLAN 10 Configuration Guide 220 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 248
Configuring Protocol VLAN Configuration Example 3) Click Create to load the following page. Create VLAN 20, and add ports 1/0/2-3 as untagged ports to VLAN 20. Click Apply. Figure 3-4 Create VLAN 20 4) Click Save Config to save the settings. Configuration Guide 221 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 249
Configurations for Switch 2 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of ports 1/0/1-3 as General, and respectively set the PVID of port 1/0/2 and port 1/0/3 as 10 and 20. Click Apply. Figure 3-5 Port Configuration Configuration Guide 222 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 250
page. Create VLAN 10, and add port 1/0/1 as tagged port and port 1/0/2 as untagged port to VLAN 10. Click Apply. Figure 3-6 Create VLAN 10 Configuration Guide 223 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 251
86DD in the Ether Type field, and click Create to create the IPv6 protocol template. Tips: The IPv4 protocol template is already provided by the switch. You only need to create the IPv6 protocol template. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 252
port 1, and click Apply. Select the IPv6 protocol name, enter VLAN ID 20, select port 1, and click Apply. Figure 3-9 Configure the IPv4 Protocol Group Configuration Guide 225 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 253
. Here you can view the protocol VLAN configuration. Figure 3-11 Protocol VLAN configuration 7) Click Save Config to save the settings. 3.4 Using the CLI Configurations for Switch 1 1) Create VLAN 10 and VLAN 20. Switch_1#configure Switch_1(config)#vlan 10 Switch_1(config-vlan)#name IPv4 Switch_1 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 254
and port 1/0/2, set the type as General, set the egress )#exit 3) For port 1/0/3, set the type as General, set the egress rule as Untagged -config startup-config Configurations for Switch 2 1) Create VLAN 10 and vlan)#exit 2) For port 1/0/1, set the type as General, set the egress rule as Tagged, - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 255
VLAN Configuration Example Switch_2(config-if)#exit 3) For port 1/0/2 and port 1/0/3, set the type as General, set the egress rule as Untagged, and add them to VLAN 10 and VLAN 20 6 6) Add port 1/0/1 to the protocol groups. Switch_2(config)#show protocol-vlan vlan Configuration Guide 228 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 256
end Switch_2#copy running-config startup-config Verify the Configurations Switch 1 Verify 802.1Q VLAN configuration: Switch_1#show vlan VLAN Gi1/0/8, Gi1/0/9, Gi1/0/10 Gi1/0/1, Gi1/0/3 Gi1/0/2, Gi1/0/3 Switch 2 Verify 802.1Q VLAN configuration: Switch_2#show vlan VLAN Name Status - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 257
Configuring Protocol VLAN 10 IPv4 20 IPv6 active active Gi1/0/1, Gi1/0/2 Gi1/0/1, Gi1/0/3 Verify protocol group configuration: Switch_2#show protocol-vlan vlan Index Protocol-Name VID 1 IP 10 2 IPv6 20 Member Gi1/0/1 Gi1/0/1 Configuration Example Configuration Guide 230 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 258
table. Table 4-1 Default Settings of Protocol VLAN Parameter Default Setting 1 2 Protocol Template Table 3 4 5 IP Ethernet II ether-type 0800 ARP Ethernet II ether-type 0806 RARP Ethernet II ether-type 8035 IPX SNAP ether-type 8137 AT SNAP ether-type 809B Configuration Guide 231 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 259
Part 12 Configuring VLAN-VPN CHAPTERS 1. VLAN-VPN 2. Basic VLAN-VPN Configuration 3. Flexible VLAN-VPN Configuration 4. Configuration Example 5. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 260
Service Provider) network. With VLAN-VPN, when forwarding packets from the customer network to the ISP network, the switch the ISP network to the customer network, the switch remove the outer VLAN tag of the packets. configure VLAN-VPN at the ISP edge switches to allow packets from customer VLAN 100 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 261
-VPN VLAN-VPN 1.2 Supported Features The VLAN-VPN function includes: basic VLAN-VPN and flexible VLAN-VPN (VLAN mapping). Basic VLAN-VPN All packets from customer VLANs are encapsulated with the same VLAN tag of the ISP network, and sent to the ISP network. Additionally, you can set the TPID (Tag - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 262
follow these steps: 1) Configure 802.1Q VLAN. 2) Enable VLAN-VPN globally and configure up-link ports Configuration Guidelines The TPID preset by the switch is 0x8100. If devices in the ISP network do not support the value, you should change it to ensure VLAN-VPN packets sent to the ISP network can - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 263
link Global TPID Set the global TPID a VPN up-link port forwards a packet, link Ports section, set ports that are connected to the ISP network as VPN up-link ports. Click Apply. VPN Up-link Port VPN up-link an LAG (Link Aggregation Group) VLAN-VPN, set the link type of ports Configuring Up-link Ports - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 264
link ports. Step 5 Step 6 Step 7 Step 8 switchport dot1q-tunnel mode nni Set ports that are connected to the ISP network as VPN up-link ports. nni : Set globally and set the TPID as 0x9100: Switch#configure Switch(config)#dot1q-tunnel Switch(config)#dot1q-tunnel tpid 9100 Switch(config)#show - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 265
Basic VLAN-VPN Configuration The following example shows how to set port 1/0/2 as the VPN up-link port: Switch#configure Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#switchport dot1q-tunnel mode nni Switch(config-if)#show dot1q-tunnel interface Port Type Member NNI - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 266
only after you have set VPN up-link ports and VPN ports switch will check the VLAN Mapping List. If a match is found, the switch switch process the packet in rules of MAC VLAN, Protocol VLAN and 802.1Q VLAN. For untagged packets, the switch choose a VPN up-link port to enable VLAN mapping. - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 267
entry. Port Choose a VPN up-link port to enable VLAN mapping. You set a VLAN mapping entry named mapping1 on port 1/0/3 to map customer network VLAN 15 to ISP network VLAN 1040: Switch#configure Switch(config)#show dot1q-tunnel VLAN-VPN Mode: Enabled Global TPID: 0X8100 Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 268
)#interface gigabitEthernet 1/0/3 Switch(config-if)#switchport dot1q-tunnel mapping 15 1040 mapping1 Switch(config-if)#show dot1q-tunnel mapping Port C-VLAN SP-VLAN Name Gi1/0/3 15 1040 mapping1 Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 241 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 269
VLAN-VPN configuration. Create ISP network VLAN 1050 on the switch, and add port1/0/1 tagged and port 1/0/2 untagged to Set the PVID of port 1/0/1 and port 1/0/2 as 1050. 2) Set port 1/0/1 as the VPN up-link port. 3) Enable the VPN feature globally, and set global TPID as 0x9100. Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 270
Configuration Example 4.3 Using the GUI The configurations of Switch 1 and Switch 2 are similar. The following introductions take Switch 1 as an example. 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of ports 1/0/1-2 as General, and modify PVID - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 271
Configuring VLAN-VPN Figure 4-3 Creating VLAN 1050 Configuration Example 3) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page. Create VLAN 100, and add port 1/0/2 tagged to the VLAN. Click Apply. Figure 4-4 Creating VLAN 100 Configuration Guide 244 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 272
to the VLAN. Click Apply. Figure 4-5 Creating VLAN 200 5) Choose the menu VLAN > VLAN-VPN > VPN Config to load the following page. Enable VPN globally, set TPID as 9100, and select port 1/0/1 as the up-link port. Click Apply. Figure 4-6 Configuring Global VLAN-VPN 6) Click Save Config to save the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 273
the CLI The configurations of Switch 1 and Switch 2 are similar. The following introductions take Switch 1 as an example. 1) Switch_1(config-if)#switchport dot1q-tunnel mode nni Switch_1(config-if)#exit 3) Set the link type of port 1/0/2 as general, add it to VLAN 1050 as Configuration Guide 246 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 274
TPID: 0X9100 Mapping Mode: Disabled Verify the configurations of VPN up-link port. Switch_1#show dot1q-tunnel interface Port Type Member NNI Gi1 gigabitEthernet 1/0/1 Port Gi1/0/1: PVID: 1050 Member in LAG: N/A Link Type: General Member in VLAN: Vlan Name Egress-rule ----------- - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 275
Configuring VLAN-VPN Member in LAG: N/A Link Type: General Member in VLAN: Vlan Name Egress-rule ----------- 1 System-VLAN Untagged 100 Client_VLAN100 Tagged 200 Client_VLAN200 Tagged 1050 SP_VLAN Untagged Configuration Example Configuration Guide 248 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 276
VLAN-VPN Appendix: Default Parameters 5 Appendix: Default Parameters Default settings of VLAN-VPN are listed in the following table. Table 5-1 Default Settings of VLAN-VPN Parameter Global VLAN-VPN VLAN Mapping Global TPID Default Setting Disable Enable 0x8100 Configuration Guide 249 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 277
Part 13 Configuring GVRP CHAPTERS 1. Overview 2. GVRP Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 278
and VLAN 1 is configured on Switch B and Switch C. Switch C can receive messages sent from Switch A in VLAN 10 only when the network administrator has manually created VLAN 10 on Switch B and Switch C. Figure 1-1 VLAN Topology Switch B VLAN 10 Switch A Switch C The configuration may seem easy - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 279
2 Static VLAN 2 Switch A Switch C Similarly, if you want to delete a VLAN from all ports, two-way deregistration is required. And you need to manually delete the static VALN on both ends of the link. 2.1 Using the GUI GVRP requires VLAN creation first. And you need to set the link type of the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 280
the desired port for GVRP configuration. It is multi-optional. For selected ports, the link type must be set as Trunk, or the system will prompt error when applying the configuration. Status Enable or and deregister VLANs, and can transmit only information of VLAN 1. Configuration Guide 253 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 281
times the Join value. 2.2 Using the CLI GVRP requires VLAN creation first. And you need to set the link type of the ports as Trunk, for GVRP can be enabled only on trunk interfaces. For -id | range port-channel portchannelid-list } Enter interface configuration mode. Configuration Guide 254 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 282
the corresponding attribute before the Leave timer expires, the participant deregisters the attribute. value: Set a value for the timer. For LeaveAll timer, the range is 1000 to 30000 mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 255 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 283
the LAG. • When setting the timer values, make Switch(config-if)# show gvrp interface gigabitEthernet 1/0/1 Port Status Reg-Mode LeaveAll JoinIn Leave LAG ---- Gi1/0/1 Enabled Fixed 1000 20 60 N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 284
manual configuration and maintenance workload, GVRP can be enabled to implement dynamic VLAN registration and update on the switches. When configuring GVRP, please note the following: Before enabling GVRP, set the link dynamic VLAN creation on other switches, set the registration mode of the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 285
share similar configurations. The following configuration procedures take Switch 1, Switch 2 and Switch 5 as example. Configurations for Switch 1 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of port 1/0/1 as Trunk, and click Apply. Figure - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 286
Example 3) Choose the menu VLAN > GVRP > GVRP Config to load the following page. Enable GVRP globally, then click Apply. Select port 1/0/1, set Status as Enable, and set Registration Mode as Fixed. Keep the values of the timers as default. Click Apply. Figure 3-4 GVRP Configuration Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 287
GVRP Configuration Example 4) Click Save Config to save the settings. Configurations for Switch 2 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of port 1/0/1 as Trunk. Figure 3-5 Set Link Type for the Port 2) Choose the menu VLAN > 802 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 288
Example 3) Choose the menu VLAN > GVRP > GVRP Config to load the following page. Enable GVRP globally, then click Apply. Select port 1/0/1, set Status as Enable, and set Registration Mode as Fixed. Keep the values of the timers as default. Click Apply. Figure 3-7 GVRP Configuration Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 289
GVRP Configuration Example 4) Click Save Config to save the settings. Configurations for Switch 5 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of ports 1/0/1-3 as Trunk. Figure 3-8 Set Link Type for the Port 2) Choose the menu VLAN > GVRP - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 290
take Switch 1, Switch 2 and Switch 5 as example. Configurations for Switch 1 1) Enable GVRP globally. Switch_1#configure Switch_1(config)#gvrp 2) Create VLAN 10. Switch_1(config)#vlan 10 Switch_1(config-vlan)#name Department A Switch_1(config-vlan)#exit 3) For port 1/0/1, set the link type - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 291
config-vlan)#exit 3) For port 1/0/1, set the link type as Trunk, and add it to VLAN 20. Enable GVRP and set the registration mode as Fixed. Switch_2( Configurations for Switch 5 1) Enable GVRP globally. Switch_5#configure Switch_5(config)#gvrp 2) For ports 1/0/1-3, set the link type as Trunk and - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 292
end Switch_5#copy running-config startup-config Verify the Configuration Switch 1 Verify the global GVRP configuration: Switch_1#show gvrp global 20 60 N/A Gi1/0/2 Disabled Normal 1000 20 60 N/A ...... Switch 2 Verify the global GVRP configuration: Switch_2#show gvrp global GVRP Global - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 293
1000 20 60 N/A Gi1/0/2 Disabled Normal 1000 20 60 N/A ...... Switch 5 Verify global GVRP configuration: GVRP Global Status Enabled Verify GVRP configuration for N/A Gi1/0/3 Enabled Normal 1000 20 60 N/A Gi1/0/4 Disabled Normal 1000 20 60 N/A ...... Configuration Guide 266 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 294
settings of GVRP are listed in the following tables. Table 4-1 Default Settings of GVRP Parameter Global Config GVRP Port Config Status Registration Mode LeaveAll Timer Join Timer Leave Timer Default Setting Disable Disable Normal 1000 centisecond 20 centisecond 60 centisecond Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 295
Part 14 Configuring Spanning Tree CHAPTERS 1. Spanning Tree 2. STP/RSTP Configurations 3. MSTP Configurations 4. STP Security Configurations 5. Configuration Example for MSTP 6. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 296
in the network. As is shown in Figure 1-1, STP helps to: Block specified ports of the switches to build a loop-free topology. Detect topology changes and automatically generate a loop-free topology. Figure , this section will introduce some basic concepts in STP/ RSTP. Configuration Guide 269 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 297
be configured manually on the switch, and the switch with the lowest priority value will be elected as the root bridge. If the priority of all the switches are the same, the switch with the for it receives better BPDUs from another switch, it will become an alternate port. Configuration Guide 270 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 298
Backup Port If a port is not selected as the designated port for it receives better BPDUs from the switch it belongs to, it will become an backup port. In RSTP/MSTP, the backup port is the backup for status is the grouping of STP's Blocking, Listening and Disabled, and the Configuration Guide 271 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 299
status specified in STP. In TP-Link switches, the port status includes: link speed of the port. The smaller the value, the higher link speed the port has. The path cost can be manually other switches. When root bridge sends its BPDU, the root path cost value is 0. When a connected switch receives - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 300
Unit) contain a lot of information, like bridge ID, root path cost, port priority and so on. Switches share these information to help determine the tree topology. 1.2.2 MSTP Concepts MSTP, compatible with STP and RSTP in a region, and each instance has its own root bridge. Configuration Guide 273 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 301
Tree, comprising IST and CST, is the spanning tree that connects all the switches in the network. 1.3 STP Security STP Security prevents the loops caused by function is used to prevent loops caused by link congestions or link failures. It is recommended to enable this function on root - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 302
switch cannot receive BPDUs because of link congestions or link link restores links may be lead to low-speed links switch switch receives malicious BPDUs, it forwards these BPDUs to the other switches switch from being attacked by BPDUs. »» TC Protect TC Protect function is used to prevent the switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 303
If a user maliciously sends a large number of TC-BPDUs to a switch in a short period, the switch will be busy with removing MAC address entries, which may decrease the exceeds the maximum number you set in the TC threshold, the switch will not remove MAC address entries in the TC protect cycle - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 304
Guidelines Before configuring the spanning tree, it's necessary to make clear the role that each switch plays in a spanning tree. To avoid any possible network flapping caused by STP/RSTP parameter Enable or disable spanning tree function on the desired port. Configuration Guide 277 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 305
forwarding directly. Three options are supported: Auto, Open(Force) and Close(Force). By default, it is Auto. Auto: The switch automatically checks if the port is connected to a P2P link, then determines the status is Open or Close. Open(Force): The port is manually identified as connected to a P2P - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 306
to. 2.1.2 Configuring STP/RSTP Globally Choose the menu Spanning Tree > STP Config > STP Config to load the following page. Figure 2-2 Configuring STP/RSTP Globally Configuration Guide 279 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 307
from 1 to 10 in seconds, and the default value is 2. Max Age Specify the maximum time the switch can wait without receiving a BPDU before attempting to regenerate a spanning tree. The valid values are from 6 Enable or disable spanning tree function globally on the switch. Configuration Guide 280 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 308
tree mode as MSTP. 2.1.3 Verifying the STP/RSTP Configurations Verify the STP/RSTP information of your switch after all the configurations are finished. Choose the menu Spanning Tree > STP Config > STP Summary Tree Displays the status of the spanning tree function. Configuration Guide 281 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 309
mode as STP/RSTP. Internal Path Cost The internal path cost is the root path cost from the switch to the root bridge of IST. It is not displayed when you choose the spanning tree mode as configuration mode. spanning-tree Enable spanning tree function for desired ports. Configuration Guide 282 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 310
the port's link speed. External set the port as an edge port. point-to-point { auto | open | close }: Specify the P2P link link settings Switch#configure Switch(config)#interface gigabitEthernet 1/0/3 Switch(config-if)#spanning-tree Switch(config-if)#spanning-tree common-config port-priority 32 Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 311
sends configuration BPDUs at an interval of Hello Time to check whether the links are failed. max-age: Specify the value of Max Age. The valid of the switch. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 284 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 312
Max-Age Hold-Count Max-Hops -------- Enable Rstp 36864 2 12 20 5 20 Switch(config)#end Switch#copy running-config startup-config 2.2.3 Enabling STP/RSTP Globally Follow these steps to configure of STP/RSTP. Step 5 end Return to privileged EXEC mode. Configuration Guide 285 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 313
-config Save the settings in the configuration file. This example shows how to enable spanning tree function, configure the spanning tree mode as RSTP and verify the configurations: Switch#configure Switch(config)#spanning-tree mode rstp Switch(config)#spanning-tree Switch(config)#show spanning - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 314
Guidelines Before configuring the spanning tree, it's necessary to make clear the role that each switch plays in a spanning tree. To avoid any possible network flapping caused by MSTP parameter changes Status Enable or disable spanning tree function on the desired port. Configuration Guide 287 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 315
forwarding directly. Three options are supported: Auto, Open(Force) and Close(Force). By default, it is Auto. Auto: The switch automatically detects if the port is connected to a P2P link, then determines the status is Open or Close. Open(Force): The port is manually identified as connected to a P2P - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 316
region is regarded as a 'switch', and the master port is the root port of that 'switch'. Alternate Port: Indicates the level, VLAN-Instance mapping of the switch. The switches with the same region name, the region. Besides, configure the priority of the switch, the priority and path cost of ports in - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 317
Config section, set the name and MAC address of the switch. Revision 2) Click Apply. Enter the revision the VLAN-Instance Mapping and Switch Priority Choose the menu Spanning configure the priority of the switch in the desired instance: switch in the desired instance, and click Apply. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 318
61440 to specify the priority of the switch, which is divisible by 4096, and the default value is 32768. The switch with the lower value has the higher priority, and the switch with the highest priority will be elected select the desired instance ID for its port configuration. Configuration Guide 291 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 319
Path Cost Enter the value of the path cost. The default setting is Auto, which means the port calculates the path cost automatically according to the port's link speed. It is the path cost of the port in the to any device. LAG Displays the LAG which the port belongs to. Configuration Guide 292 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 320
values are from 1 to 10 in seconds, and the default value is 2. Max Age Specify the maximum time the switch can wait without receiving a BPDU before attempting to regenerate a spanning tree. The valid values are from 6 to are from 1 to 40, and the default value is 20. Configuration Guide 293 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 321
choose the STP mode as MSTP and click Apply. Spanning-Tree Enable or disable spanning tree function globally on the switch. Mode Select the desired STP mode as MSTP on the switch. By default, it is STP. STP: Specify the spanning tree mode as STP. RSTP: Specify the spanning tree mode as - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 322
current switch. Root Bridge Displays the bridge ID of the root bridge in CIST. External Path Cost Displays the external path cost. It is the root path cost from the switch to the root bridge in CIST. Regional Root Bridge Displays the bridge ID of the root bridge in IST. Configuration Guide 295 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 323
Internal Path Cost Displays the internal path cost. It is the root path cost from the current switch to the regional root bridge. Designated Bridge Displays the bridge ID of the designated bridge in the . spanning-tree Enable spanning tree function for the desired port. Configuration Guide 296 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 324
to the port's link speed. External path to the port's link speed. Internal path set the port as an edge port. point-to-point { auto | open | close }: Specify the P2P link the P2P link are a port switches to the STP switch back to MSTP mode. In this case, you can switch the settings in - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 325
has the higher priority, and the switch with the highest priority will be elected as the root bridge in the desired instance. Step 3 spanning-tree mst configuration Enter MST configuration mode, as to configure the VLAN-Instance mapping, region name and revision level. Configuration Guide 298 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 326
mode. Step 9 copy running-config startup-config Save the settings in the configuration file. This example shows how to create an Switch#configure Switch(config)#spanning-tree mst configuration Switch(config-mst)#name R1 Switch(config-mst)#revision 100 Switch(config-mst)#instance 5 vlan 2-6 Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 327
Vlans-Mapped 0 1,7-4094 5 2-6, Switch(config-mst)#end Switch#copy running-config startup-config which means the port calculates the path cost automatically according to the port's link speed. It is the root path cost from the port to the root EXEC mode. Configuration Guide 300 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 328
settings in the configuration file. This example shows how to configure the priority as 144, the path cost as 200 of port 1/0/3 in instance 5: Switch#configure Switch(config)#interface gigabitEthernet 1/0/3 Switch 144 200 N/A LnkDwn Switch(config-if)#end Switch#copy running-config startup- - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 329
whether the links are failed. time the switch can wait switch. Step 7 end Return to privileged EXEC mode. Step 8 copy running-config startup-config Save the settings Switch#configure Switch(config)#spanning-tree priority 36864 Switch(config-if)#spanning-tree timer forward-time 12 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 330
Switch(config-if)#spanning-tree hold-count 8 Switch(config-if)#spanning-tree max-hops 25 Switch 25 Switch(config-if)#end Switch#copy config startup-config Save the settings in the configuration file. Switch#configure Switch(config)#spanning-tree mode mstp Switch(config)#spanning-tree Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 331
-0a-eb-13-12-ba Local bridge is the root bridge Designated Bridge Priority : 32768 Address : 00-0a-eb-13-12-ba Local Bridge Configuration Guide 304 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 332
Configuring Spanning Tree Priority : 32768 Address : 00-0a-eb-13-12-ba Interface Prio Cost Role Status Gi/0/6 128 200000 Altn Blk Gi/0/8 128 200000 Mstr Fwd Switch(config)#end Switch#copy running-config startup-config MSTP Configurations Configuration Guide 305 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 333
the Port Protect Configure the Port Protect features for the selected ports, and click Apply. UNIT Select the desired unit or LAGs for configuration. Configuration Guide 306 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 334
loops caused by link congestions or link failures. With receive BPDUs. After the link restores to normal, the root switches. TC Protect function is used to prevent the switch from maximum number you set in the TC threshold, the switch will not own BPDUs, preventing the switch from being attacked by - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 335
Protect function is used to prevent loops caused by link congestions or link failures. With Loop Protect function enabled, the port will or forward BPDUs, but it sends out its own BPDUs, preventing the switch from being attacked by BPDUs. spanning-tree bpduguard (Optional) Enable the BPDU Guide 308 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 336
running-config startup-config Save the settings in the configuration file. This example shows how to enable Loop Protect, Root Protect, BPDU Filter and BPDU Protect functions on port 1/0/3: Switch#configure Switch(config)#interface gigabitEthernet 1/0/3 Switch(config-if)#spanning-tree guard loop - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 337
switches. Traffic in VLAN 101-VLAN 106 is transmitted in this network. The link speed between the switches Switch A MAC: 00-0A-EB-13-23-97 Gi1/0/2 Gi1/0/1 200000 200000 Switch B MAC: 00-0A-EB-13-12-97 Gi1/0/1 Gi1/0/2 200000 Gi1/0/1 Gi1/0/2 Switch MSTP function on the switches. Map the VLANs - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 338
switches. 5.3 Using the GUI Configurations for Switch A 1) Choose the menu Spanning Tree > STP Config > Port Config to load the following page. Enable spanning tree function on port 1/0/1 and port 1/0/2. Here we leave the values of the other parameters as default settings. Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 339
the menu Spanning Tree > MSTP Instance > Region Config to load the following page. Set the region name as 1 and the revision level as 100. Figure 5-4 Configuring the MST Instance > Instance Port Config to load the following page. Set the path cost of port 1/0/1 in instance 1 as 400000. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 340
> STP Config > STP Config to load the following page. Enable MSTP function globally, here we leave the values of the other global parameters as default settings. Figure 5-7 Configure the Global MSTP Parameters of the Switch 6) Click Save Config to save the settings. Configuration Guide 313 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 341
Switch B 1) Choose the menu Spanning Tree > STP Config > Port Config to load the following page. Enable the spanning tree function on port 1/0/1 and port 1/0/2. Here we leave the values of the other parameters as default settings Config to load the following page. Set the region name as 1 and the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 342
B as 0 to set it as the root bridge in instance 1. Figure 5-11 Configuring the Priority of Switch B in Instance 1 5) Choose the menu Spanning Tree > MSTP Instance > Instance Port Config to load the following page. Set the path cost of port 1/0/2 in instance 2 as 400000. Configuration Guide 315 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 343
> STP Config > STP Config to load the following page. Enable MSTP function globally. Here we leave the values of the other global parameters as default settings. Figure 5-13 Configuring the MSTP Globally 7) Click Save Config to save the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 344
Switch C 1) Choose the menu Spanning Tree > STP Config > Port Config to load the following page. Enable the spanning tree function on port 1/0/1 and port 1/0/2. Here we leave the values of the other parameters as default settings Config to load the following page. Set the region name as 1 and the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 345
in instance 2. Figure 5-17 Configuring the Priority of Switch C in Instance 2 5) Choose the menu Spanning Tree > STP Instance > STP Config to load the following page. Enable MSTP function globally, here we leave the values of the other global parameters as default settings. Configuration Guide 318 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 346
Spanning Tree Figure 5-18 Configuring the MSTP Globally Configuration Example for MSTP 6) Click Save Config to save the settings. 5.4 Using the CLI Configurations for Switch A 1) Enable the spanning tree function on port 1/0/1 and port 1/0/2, and specify the path cost of port 1/0/1 in instance - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 347
to instance 2; configure the priority of Switch B in instance 1 as 0 to set it as the root bridge in instance 1: Switch(config)#spanning-tree mst configuration Switch(config-mst)#name 1 Switch(config-mst)#revision 100 Switch(config-mst)#instance 1 vlan 101-103 Switch(config-mst)#instance 2 vlan 104 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 348
to instance 2; configure the priority of Switch C in instance 2 as 0 to set it as the root bridge in instance 2: Switch(config)#spanning-tree mst configuration Switch(config-mst)#name 1 Switch(config-mst)#revision 100 Switch(config-mst)#instance 1 vlan 101-103 Switch(config-mst)#instance 2 vlan 104 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 349
MSTP Interface Prio Cost Role Status LAG Gi1/0/1 128 400000 Root Fwd N/A Gi1/0/2 128 200000 Altn Blk N/A Verify the configurations of Switch A in instance 2: Switch(config)#show spanning-tree mst instance 2 MST-Instance 2 Root Bridge Priority : 0 Address : 3c-46-d8-9d-88-f7 Internal Cost - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 350
Fwd N/A Gi1/0/2 128 200000 Root Fwd N/A Switch B Verify the configurations of Switch B in instance 1: Switch(config)#show spanning-tree mst instance 1 MST-Instance 128 200000 Desg Fwd Verify the configurations of Switch B in instance 2: Switch(config)#show spanning-tree mst instance 2 MST-Instance - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 351
Role Status Gi1/0/1 128 200000 Altn Blk Gi1/0/2 128 200000 Root Fwd Switch C Verify the configurations of Switch C in instance 1: Switch(config)#show spanning-tree mst instance 1 MST-Instance 1 Root Bridge Priority : : 3c-46-d8-9d-88-f7 Configuration Example for MSTP Configuration Guide 324 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 352
Status Gi1/0/1 128 200000 Desg Fwd Gi1/0/2 128 200000 Root Fwd Verify the configurations of Switch C in instance 2: Switch(config)#show spanning-tree mst instance 2 MST-Instance 2 Root Bridge Priority : 0 Address Gi1/0/2 128 200000 Desg Fwd Configuration Example for MSTP Configuration Guide 325 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 353
Parameters Parameter Default Setting Status Disable Priority 128 Ext-Path Cost Auto In-Path Cost Auto Edge Port Disable P2P Link Auto MCheck ------ Table 6-3 Default Settings of the MSTP Instance Parameter Default Setting Status Disable Priority 32768 Configuration Guide 326 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 354
Configuring Spanning Tree Parameter Port Priority Path Cost Default Setting 128 Auto Appendix: Default Parameters Configuration Guide 327 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 355
Part 15 Configuring Layer 2 Multicast CHAPTERS 1. Layer 2 Multicast 2. IGMP Snooping Configurations 3. Configuring MLD Snooping 4. Viewing Multicast Snooping Configurations 5. Configuration Examples 6. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 356
and impacting information security. Multicast, however, solves all the problems caused by unicast and broadcast. With multicast, the source provider can provide value-added services such as Online Live, IPTV . Layer 2 Multicast allows Layer 2 switches to listen for IGMP packets between Layer Guide 329 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 357
switch Host A Receiver Host B Multicast packets Host C Receiver Host A Receiver 1.2 Supported Layer 2 Multicast Protocols Host B Host C Receiver Layer 2 Multicast protocol for IPv4: IGMP Snooping On the Layer 2 device, IGMP Snooping transmits data on demand on data link on data link layer - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 358
Unknown Multicast Unknown Multicast decides how to process the multicast data when its destination multicast address is not in the multicast forwarding table of the switch. Configuration Guide 331 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 359
switches that support MLD Snooping, IGMP Snooping and MLD Snooping share the setting the switch processes the switch. the switch will members on the switch. A port is considered to be a switch does not receive IGMP membership report message from the member port within the member port time. The switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 360
Multicast-Address-Specific Queries (MASQs) are sent and no report message is received, the switch will delete the multicast address from the multicast forwarding table. Follow these steps to configure Status Table displays VLANs and ports with IGMP Snooping enabled. Configuration Guide 333 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 361
With Fast Leave enabled on a port, the switch will remove this port from the forwarding list of receives a leave message. Once deleted, the switch will no longer forward MASQs to this port Apply. With Fast Leave enabled on a port, the switch will remove this port from the forwarding list of the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 362
to configure relevant parameters for the designate VLAN. 1) Set up the VLAN that the router ports and the query message within the router port time, the switch will no longer consider this port as a multicast group within the member port time, the switch will no longer consider this port as a member - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 363
, Multicast VLAN saves bandwidth and reduces network load of Layer 3 devices. Choose the menu Multicast > IGMP Snooping > Multicast VLAN to load the following page. Configuration Guide 336 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 364
these steps to enable Multicast VLAN and to finish the basic settings: 1) Set up the VLAN that the router ports and the member ports does not receive any IGMP general query message within the router port time, the switch will no longer consider this port as a router port and delete it from the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 365
does not receive any IGMP membership report message from the multicast group within the member port time, the switch will no longer consider this port as a member port and delete it from the multicast forwarding table. to forbid them from being router ports in the VLAN. Configuration Guide 338 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 366
IP address of the general query messages sent by the querier. It cannot be a multicast address or a broadcast address. 2) Click Add. 3) You can edit the settings in the IGMP Snooping Querier Table. Viewing Settings of IGMP Querier The IGMP Snooping Querier Table displays all the related - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 367
IGMP Profile With IGMP Profile, the switch can define a blacklist or whitelist : similar to a whitelist, means that the switch only allows specified member ports to join specific multicast groups. Deny similar to a blacklist, means that the switch disallows specific member ports to join specific - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 368
groups. Deny: similar to a blacklist, means that the switch disallows specific member ports to join specific multicast groups. Start an IP range. 3) Click Submit to save the settings. Click Back to go back to the previous page. 2.1.7 Binding Profile and Member Ports With this function, you can - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 369
port. One port can only be bound to one profile. ClearBinding 2) Click Apply. Click to clear the binding between the profile and the port. Configuring Max Groups a Port Can Join Follow these steps to configure the the port can join. The valid values are from 0 to 1000. Configuration Guide 342 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 370
will refresh automatically. Refresh Period After Auto Refresh is enabled, enter the interval between each refresh. The valid values are from 3 to 300 seconds. Configuration Guide 343 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 371
To use this function, you should also enable Authentication, Authorization and Accounting (AAA) globally and configure RADIUS server on the switch. Follow these steps to enable IGMP Accounting globally. 1) Enable IGMP Accounting globally. Accounting 2) Click Apply. Select Enable to enable IGMP - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 372
Port To use this function, you should also enable AAA globally and configure RADIUS server on the switch. Follow these steps to enable IGMP Authentication on the port. 1) Specify the ports and enable IGMP . 1) Enter the Multicast IP and VLAN ID. Specify the Static Member Port. Configuration Guide 345 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 373
igmp snooping Show the basic IGMP snooping configuration. copy running-config startup-config Save the settings in the configuration file. 2.2.2 Enabling IGMP Snooping on the Port Step 1 Step 2 -id | range port-channe port-channel-list} Enter interface configuration mode. Configuration Guide 346 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 374
IGMP snooping configuration. Step 6 copy running-config startup-config Save the settings in the configuration file. The following example shows how to enable IGMP Snooping Enable Port:Gi1/0/3 Enable VLAN: Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 347 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 375
settings in the configuration file. The following example shows how to enable Report Message Suppression: Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping report-suppression Switch :Disable Enable Port: Enable VLAN: Switch(config-if)#end Configuration Guide 348 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 376
Show the basic IGMP snooping configuration. Step 5 copy running-config startup-config Save the settings in the configuration file. For switches that support MLD Snooping, IGMP Snooping and MLD Snooping share the setting of Unknown Multicast, so you have to enable MLD Snooping globally at the same - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 377
settings in Switch(config)#ip igmp snooping rtime 200 Switch(config)#ip igmp snooping mtime 200 Switch(config)#show ip igmp snooping IGMP Snooping :Enable Unknown Multicast :Pass Last Query Times :2 Last Query Interval :1 Global Member Age Time :200 Global Router Age Time :200 Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 378
on a port, the switch will delete the port-multicast settings in the configuration file. The following example shows how to enable Fast Leave on port 1/0/3: Switch#configure Switch(config)#ip igmp snooping Switch(config)#interface gigabitEternet 1/0/3 Switch(config-if)#ip igmp snooping Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 379
EXEC mode. Step 7 copy running-config startup-config Save the settings in the configuration file. The following example shows how to configure Switch#configure Switch(config)#ip igmp snooping Switch(config)#interface gigabitEternet 1/0/3 Switch(config-if)#ip igmp snooping Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 380
Switch(config-if)#end Switch by the switch. The of MASQs sent by the switch. The valid values are from Save the settings in Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping last-listener query-count 5 Switch(config)#ip igmp snooping last-listener query-interval 5 Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 381
: Enable VLAN: Switch(config)#end Switch#copy running-config startup Step 5 copy running-config startup-config Save the settings in the configuration file. The following example shows Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping vlan-config 2-3 rtime 500 Switch( - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 382
None Dynamic Router Port:None Forbidden Router Port:None Switch(config)#show ip igmp snooping vlan 3 Vlan Id: None Forbidden Router Port:None Switch(config)#end Switch#copy running-config startup- copy running-config startup-config Save the settings in the configuration file. The following example - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 383
Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping vlan-config 2 rport interface gigabitEthernet 1/0/2 Switch Port:None Switch(config)#end Switch#copy running-config config startup-config Save the settings in the configuration file. Switch#configure Switch(config)#ip igmp snooping Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 384
Port:Gi1/0/4-6 Switch(config)#end Switch#copy running-config running-config startup-config Save the settings in the configuration file. The Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping vlan-config 2 static 226.0.0.2 interface gigabitEthernet 1/0/9-10 Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 385
how to configure VLAN 5 as the multicast VLAN, set the router port time as 500 seconds and the member port time as 400 seconds: Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping multi-vlan-config 5 rtime 500 Switch(config)#ip igmp snooping multi-vlan-config 5 mtime - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 386
shows how to configure VLAN 5 as the multicast VLAN, and set port 1/0/5 as the static router port: Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping multi-vlan-config 5 rport interface gigabitEthernet 1/0/5 Switch(config)#show ip igmp snooping multi-vlan Multicast Vlan - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 387
Configurations Forbidden Router Port:None Switch(config)#end Switch#copy running-config startup-config and set port 1/0/6 as the forbidden router port: Switch#configure Switch(config)#ip igmp snooping Switch( -ports-forbidden interface gigabitEthernet 1/0/6 Switch(config)#show ip igmp snooping multi - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 388
Switch(config)#show ip igmp snooping multi-vlan Multicast Vlan:Enable Vlan Id: 5 Router Time:300 Member Time:260 Replace Source IP:192.168.0.1 Static Router Port:None Dynamic Router Port:None Forbidden Router Port:None Switch(config)#end Switch#copy running-config startup-config Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 389
settings in the configuration file. The following example shows how to enable IGMP Snooping and IGMP Querier in VLAN 4: Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping querier vlan 4 Switch IP: 192.168.0.1 Switch(config)#end Switch#copy running-config startup-config - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 390
shows how to enable IGMP Snooping and IGMP Querier in VLAN 4, set the query interval as 100 seconds, the max response time as 20 seconds, and the general query source IP as 192.168.0.1: Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp snooping querier vlan 4 query-interval 100 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 391
the settings in the configuration file. The following example shows how to configure Profile 1 so that the switch filters multicast data sent to 226.0.0.5-226.0.0.10: Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp profile 1 Switch(config-igmp-profile)#deny Switch(config - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 392
-config Save the settings in the configuration file. The following example shows how to bind Profile 1 to port 1/0/2 so that port 1/0/2 filters multicast data sent to 226.0.0.5-226.0.0.10: Switch#configure Switch(config)#ip igmp snooping Switch(config)#ip igmp profile 1 Switch(config-igmp-profile - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 393
Binding Port(s) Gi1/0/2 Switch(config)#end Switch settings in the configuration file. The following example shows how to enable IGMP Authentication on port 1/0/2: Switch#configure Switch(config)#ip igmp snooping Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#ip igmp snooping Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 394
Configuring Layer 2 Multicast IGMP Snooping Configurations Switch(config)#end Switch#copy running-config startup-config Note: IGMP Authentication takes effect to privileged EXEC mode. Step 5 copy running-config startup-config Save the settings in the configuration file. Configuration Guide 367 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 395
how to process the multicast data when its destination multicast address is not in the multicast forwarding table of the switch. IGMP Snooping and MLD Snooping share the setting of Unknown Multicast, so you have to enable IGMP Snooping globally on the Multicast > IGMP Snooping > Snooping Config page - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 396
how the switch processes the the switch. (Optional , the switch will only members on the switch. A port is considered to be a member switch does not receive MLD membership report message from the member port within the member port time. The switch Query Count when the switch receives an MLD leave - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 397
: 1) Specify the interval between MASQs. Last Listener Query Interval When the switch receives an MLD leave message, the switch obtains the address of the multicast group that the host wants to leave from to load the following page. Figure 3-2 Enable MLD Snooping on Port Configuration Guide 370 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 398
the Fast Leave column. Fast Leave 2) Click Apply. With Fast Leave enabled on a port, the switch will remove this port from the forwarding list of the corresponding multicast group once the port receives a Config to load the following page. Figure 3-3 MLD Snooping in VLAN Configuration Guide 371 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 399
follow these steps to configure relevant parameters for the designate VLAN. 1) Set up the VLAN that the router ports and the member ports are in report message from the multicast group within the member port time, the switch will no longer consider this port as a member port and delete it Guide 372 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 400
to load the following page. Figure 3-4 Multicast VLAN Config Creating Multicast VLAN and Configuring Basic Settings In the Multicast VLAN section, follow these steps to enable Multicast VLAN and to finish the basic settings: 1) Set up the VLAN that the router ports and the member ports are in. For - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 401
does not receive any MLD membership report message from the multicast group within the member port time, the switch will no longer consider this port as a member port and delete it from the multicast forwarding table. VLAN will be forwarded through the static router ports. Configuration Guide 374 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 402
from 10 to 300 seconds. Max Response Time Enter the host's maximum response time to general query messages in a range of 1 to 25 seconds. Configuration Guide 375 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 403
displays all the related settings of the MLD querier. 3.1.6 Configuring MLD Profile With MLD Profile, the switch can define a blacklist or filtering mode. Permit: similar to a whitelist, means that the switch only allows specified member ports to join specific multicast groups. Deny: similar to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 404
edit profile mode and its IP range: 1) Click Edit in the MLD Profile Info table. Edit its IP range and click Add to save the settings. Figure 3-7 Add IP-range 2) In the IP-range Table, you can select an IP range and click Delete to delete an IP range. 3) Click Submit - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 405
One port can only be bound to one profile. ClearBinding 2) Click Apply. Click to clear the binding between the profile and the port. Configuring Max Groups a Port Can Join Follow these steps to Max Group and Overflow Action. Select Select the port to be configured. Configuration Guide 378 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 406
auto refresh. 1) Enable or disable Auto Refresh. Auto Refresh If Auto Refresh is enabled, statistics of MLD packets on this page will refresh automatically. Configuration Guide 379 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 407
Port. Multicast IP Specify the multicast group that the static member is in. VLAN ID Specify the VLAN that the static member is in. Configuration Guide 380 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 408
snooping configuration. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. 3.2.2 Enabling MLD Snooping on the Port Step 1 Step 2 . Step 3 ipv6 mld snooping Enable MLD Snooping on the specified port. Configuration Guide 381 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 409
settings in the configuration file. The following example shows how to enable MLD Snooping globally and enable MLD Snooping Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#interface gigabitEthernet 1/0/3 Switch(config-if)#ipv6 mld snooping Switch : Switch(config-if)#end Switch#copy - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 410
is enabled, the switch will only forward settings in the configuration file. The following example shows how to enable Report Message Suppression: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ipv6 mld snooping report-suppression Switch VLAN: Switch(config)#end Switch#copy running - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 411
share the setting of Unknown Multicast, so you have to enable IGMP Snooping globally at the same time. The following example shows how to configure the switch to discard unknown multicast data: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ip igmp snooping Switch(config)#ipv6 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 412
the settings in Switch(config)#show ipv6 mld snooping MLD Snooping :Enable Unknown Multicast :Pass Last Query Times :2 Last Query Interval :1 Global Member Age Time :200 Global Router Age Time :200 Global Report Suppression :Disable Enable Port: Enable VLAN: Switch(config)#end Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 413
-config startup-config Save the settings in the configuration file. The following example shows how to enable Fast Leave on port 1/0/3: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#interface gigabitEternet 1/0/3 Switch(config-if)#ipv6 mld snooping Switch(config-if)#ipv6 mld - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 414
Switch(config-if)#ipv6 mld snooping max-groups 500 Switch(config-if)#ipv6 mld snooping max-groups action drop Switch(config-if)#show ipv6 mld snooping interface gigabitEthernet 1/0/3 max-groups Port Max-Groups Overflow-Action ---- ---------- Gi1/0/3 500 Drop Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 415
-config Save the settings in the configuration Switch(config)#show ipv6 mld snooping MLD Snooping :Enable Unknown Multicast :Pass Last Query Times :5 Last Query Interval :5 Global Member Age Time :260 Global Router Age Time :300 Global Report Suppression :Disable Enable Port: Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 416
-config Save the settings in the configuration file Switch(config)#ipv6 mld snooping vlan-config 2-3 mtime 400 Switch(config)#show ipv6 mld snooping vlan 2 Vlan Id: 2 Router Time:500 Member Time:400 Static Router Port:None Dynamic Router Port:None Forbidden Router Port:None Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 417
Forbidden Router Port:None Switch(config)#end Switch#copy running-config running-config startup-config Save the settings in the configuration file. The Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ipv6 mld snooping vlan-config 2 rport interface gigabitEthernet 1/0/2 Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 418
copy running-config startup-config Save the settings in the configuration file. The following Switch(config)#show ipv6 mld snooping vlan 2 Vlan Id: 2 Router Time:0 Member Time:0 Static Router Port:None Dynamic Router Port:None Forbidden Router Port:Gi1/0/4-6 Switch(config)#end Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 419
startup-config Save the settings in the configuration file. Switch(config)#show ipv6 mld snooping groups static Multicast-ip VLAN-id Addr-type Switch-port ----------- ff01::1234:02 2 static Gi1/0/9-10 Switch(config)#end Switch#copy running-config startup-config Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 420
how to configure VLAN 5 as the multicast VLAN, set the router port time as 500 seconds and the member port time as 400 seconds: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ipv6 mld snooping multi-vlan-config 5 rtime 500 Switch(config)#ipv6 mld snooping multi-vlan-config 5 mtime - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 421
how to configure VLAN 5 as the multicast VLAN, and set port 1/0/5 as the static router port: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ipv6 mld snooping multi-vlan-config 5 rport interface gigabitEthernet 1/0/5 Switch(config)#show ipv6 mld snooping multi-vlan Multicast Vlan - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 422
the multicast VLAN, and set port 1/0/6 as the forbidden router port: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ipv6 mld snooping multi-vlan-config 5 router-ports-forbidden interface gigabitEthernet 1/0/6 Switch(config)#show ipv6 mld snooping multi-vlan Multicast Vlan:Enable - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 423
Return to privileged EXEC mode. Step 5 copy running-config startup-config Save the settings in the configuration file. The following example shows how to configure VLAN 5 as Port:None Forbidden Router Port:None Switch(config)#end Switch#copy running-config startup-config Configuration Guide 396 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 424
settings in the configuration file. The following example shows how to enable MLD Snooping and MLD Querier in VLAN 4: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ipv6 mld snooping querier vlan 4 Switch fe80::2ff:ffff:fe00:1 Switch(config)#end Switch#copy running-config startup- - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 425
to enable MLD Snooping and MLD Querier in VLAN 4, set the query interval as 100 seconds, the max response time as 20 seconds, and the general query source IP as fe80::2ff:ffff:fe00:1: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ipv6 mld snooping querier vlan 4 query-interval 100 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 426
-config Save the settings in the configuration file. The following example shows how to configure Profile 1 so that the switch filters multicast data sent to ff01::1234:5-ff01::1234:8: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ipv6 mld profile 1 Switch(config-mld-profile - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 427
-config Save the settings in the configuration file. The following example shows how to bind Profile 1 to port 1/0/2 so that port 1/0/2 filters multicast data sent to ff01::1234:5-ff01::1234:8: Switch#configure Switch(config)#ipv6 mld snooping Switch(config)#ipv6 mld profile 1 Switch(config-mld - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 428
Configuring Layer 2 Multicast range ff01::1234:5 ff01::1234:8 Binding Port(s) Gi1/0/2 Switch(config)#end Switch#copy running-config startup-config Configuring MLD Snooping Configuration Guide 401 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 429
ID of the VLAN that the multicast group is in. Forward Port All ports in the multicast group, including router ports and member ports. Configuration Guide 402 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 430
of IGMP Snooping in specific VLAN or all the VLANs. show ip igmp snooping multi-vlan Displays settings of IGMP Snooping in the multicast VLAN. show ip igmp snooping groups vlan vlan-id multicast_addr Displays information of specific multicast group in the specific VLAN. Configuration Guide 403 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 431
of MLD Snooping in specific VLAN or all the VLANs. show ipv6 mld snooping multi-vlan Displays settings of MLD Snooping in the multicast VLAN. show ipv6 mld snooping groups vlan vlan-id multicast_addr Displays information of specific multicast group in the specific VLAN. Configuration Guide 404 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 432
mld snooping querier [vlan vlan-id] Displays information of MLD Querier in all VLANs or in the specific VLAN. show ipv6 mld profile [id] Displays settings in all profiles or in the specific profile. clear ipv6 mld snooping statistics Clear all statistics of all MLD packets. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 433
IGMP Snooping 5.1.1 Network Requirements Host B, Host C and Host D are in the same VLAN of the switch. All of them want to receive multicast data sent to multicast group 225.1.1.1. As shown in the following a VLAN and configure their PVIDs. Enable IGMP Snooping in the VLAN. Configuration Guide 406 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 434
Configuring Layer 2 Multicast Configuration Examples Demonstrated with T2500G-10MPS, this section provides configuration procedures in two ways: using the GUI and using the CLI. IGMP Snooping > Port Config to load the following page. Enable IGMP Snooping on port 1/0/1-4. Configuration Guide 407 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 435
Examples 3) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. For port 1/0/1-4, configure the link type as General and the PVID as 10. Figure 5-4 Configure Link Type and PVID 4) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 436
settings. 5.1.4 Using the CLI 1) Enable IGMP Snooping globally. Switch#configure Switch(config)#ip igmp snooping 2) Enable IGMP Snooping on port 1/0/1-4. Switch(config)#interface range gigabitEthernet 1/0/1-4 Switch(config-if-range)#ip igmp snooping Switch(config-if-range)#exit Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 437
3) Create VLAN 10. Switch(config)#vlan 10 Switch(config-vlan)#name vlan10 Switch(config-vlan)#exit 4) For port 1/0/1-3, set the link type as General, and the PVID as 10. Then add the ports to VLAN 10 as untagged ports. Switch(config)#interface range gigabitEthernet 1/0/1-3 Switch(config-if-range - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 438
Gi1/0/3, Gi1/0/4 Show status of IGMP Snooping globally, on the ports and in the VLAN: Switch(config)#show ip igmp snooping IGMP Snooping :Enable Unknown Multicast :Pass Last Query Times :2 Last Query network in the upper layer network. These 4 ports are all Untagged ports. Configuration Guide 411 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 439
Gi1/0/1 Gi1/0/4 Gi1/0/3 Gi1/0/2 Host B Receiver Host C Receiver Host D Receiver Demonstrated with T2500G-10MPS, this section provides configuration procedures in two ways: using the GUI and using the CLI. values in the Router Port Time and Member Port Time fields. Configuration Guide 412 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 440
Snooping on port 1/0/1-4. Figure 5-9 Configure IGMP Snooping Globally 3) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Configure the link type of port 1/0/1-4 as General. Configure the PVID of port 1/0/1 as 10, port 1/0/2 as 20, port 1/0/3 as 30 and port 1/0/4 as 40 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 441
Configuring Layer 2 Multicast Figure 5-10 Configure Link Type and PVID Configuration Examples 4) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load to VLAN 20, and port 1/0/3 to VLAN 30 as untagged ports. Figure 5-11 Create VLAN and Add Member Ports Configuration Guide 414 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 442
Config to save the settings. 5.2.5 Using the CLI 1) Enable IGMP Snooping Globally. Switch#configure Switch(config)#ip igmp snooping 2) Enable IGMP Snooping on port 1/0/1-4. Switch(config)#interface range gigabitEthernet 1/0/1-4 Switch(config-if-range)#ip igmp snooping Switch(config-if-range)#exit - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 443
VLAN 40 as untagged port. Switch(config)#interface range gigabitEthernet 1/0/1 Switch(config-if)#switchport mode general Switch(config-if)#switchport pvid 10 Switch(config-if)#switchport general allowed vlan 10,40 untagged Switch(config-if)#exit 5) For port 1/0/2, set the link type as General, and - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 444
multicast VLAN. Switch(config)#ip igmp snooping multi-vlan-config 40 9) Save the settings. Switch(config)#end Switch#copy running-config startup-config Verify the Configurations Switch(config)#show Accounting:Disable Enable Port:Gi1/0/1-4 Enable VLAN:Multicast VLAN 40 Configuration Guide 417 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 445
solutions to this problem. As shown in the following network topology, port 1/0/4 on the switch is connected to in network congestion. The solution to this problem is using Unknown Multicast and Fast Leave. message about leaving the previous channel. The switch will then drop multicast data from the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 446
2 Multicast Configuration Examples Demonstrated with T2500G-10MPS, this section provides configuration procedures in Snooping Globally Note: IGMP Snooping and MLD Snooping share the setting of Unknown Multicast, so you have to enable MLD Snooping globally on port 1/0/2. Configuration Guide 419 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 447
IGMP Snooping in the VLAN 4) Click Save Config to save the settings. 5.3.4 Using the CLI 1) Enable IGMP Snooping Globally. Switch#configure Switch(config)#ip igmp snooping 2) Configure Unknown Multicast as Discard globally. Switch(config)#ip igmp snooping drop unknown 3) Enable IGMP Snooping on port - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 448
Switch(config)#ip igmp snooping vlan-config 10 5) Save the settings. Switch(config)#end Switch#copy running-config startup-config Verify the Configurations Show global settings of IGMP Snooping: Switch Enable VLAN:10 Show settings of IGMP Snooping on port 1/0/2: Switch(config)#show ip igmp - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 449
With the functions for managing multicast groups, whitelist and blacklist mechanism (profile binding), the switch can only allow specific member ports to join specific multicast groups or forbid /0/4 Gi1/0/3 Gi1/0/2 Host B Receiver VLAN 10 Host C Receiver Host D Receiver Configuration Guide 422 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 450
Configuring Layer 2 Multicast Configuration Examples Demonstrated with T2500G-10MPS, this section provides configuration procedures in two ways: using the GUI and using the CLI. 5.4.4 Snooping > Port Config to load the following page. Enable IGMP Snooping on port 1/0/1-4. Configuration Guide 423 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 451
Examples 3) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. For port 1/0/1-4, configure the link type as General and the PVID as 10. Figure 5-21 Configure Link Type and PVID 4) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Create to load the following page - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 452
Snooping in VLAN 10. Keep 0 as the Router Port Time and Member Port Time, which means the global settings will be used. Figure 5-23 Enable IGMP Snooping in the VLAN 6) Specify the multicast data that Host C > IGMP Snooping > Profile Config to load the following page. Configuration Guide 425 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 453
these ports. Figure 5-26 Bind Profile 1 to Port 1/0/2 and Port 1/0/3 7) Specify the multicast data that Host B can receive. a. Choose the menu Multicast > IGMP Snooping > Profile Config to load the following page. Create Profile 2, select Deny as the Mode and click Create. Configuration Guide 426 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 454
both Start IP and End IP fields, and click Add. Figure 5-28 Edit Add IP-range in Profile 2 c. Choose the menu Multicast > IGMP Snooping > Profile Binding to load the following page. Select port 1/0/1, enter 2 in the Profile ID field and click Apply to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 455
Snooping on port 1/0/1-4. Switch(config)#interface range gigabitEthernet 1/0/1-4 Switch(config-if-range)#ip igmp snooping Switch(config-if-range)#exit 3) Create VLAN 10. Switch(config)#vlan 10 Switch(config-vlan)#name vlan10 Switch(config-vlan)#exit 4) For port 1/0/1-3, set the link type as General - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 456
)#deny Switch(config-igmp-profile)#range 225.0.0.2 225.0.0.2 Switch(config-igmp-profile)#exit 10) Bind Profile 2 to Port 1/0/1. Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#ip igmp filter 2 Switch(config-if)#exit 11) Save the settings. Switch(config)#end Configuration Guide 429 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 457
Show global settings of IGMP Snooping: Switch(config)#show bindings: Switch(config)#show ip igmp profile IGMP Profile 1 permit range 225.0.0.1 225.0.0.1 Binding Port(s) Gi1/0/2-3 IGMP Profile 2 deny range 225.0.0.2 225.0.0.2 Binding Port(s) Gi1/0/1 Configuration Examples Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 458
Setting Disabled Forward Disabled 300 seconds 260 seconds 1 second 2 Disabled Disabled Disabled 0, use global settings. 0, use global settings. None 0, use global settings. 0, use global settings. 0.0.0.0, indicating no replacement. Disabled 60 seconds 10 seconds 192.168.0.1 Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 459
Member Port Time Replace Source IP Default Setting Disabled Forward Disabled 300 seconds 260 seconds 1 second 2 Disabled Disabled Disabled 0, use global settings. 0, use global settings. None 0, use global settings. 0, use global settings. ::, indicating no replacement. Configuration Guide 432 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 460
Configuring Layer 2 Multicast Function IGMP Snooping Querier Parameter Enable or Not Query Interval Max Response Time General Query Source IP Appendix: Default Parameters Default Setting Disabled 60 seconds 10 seconds FE80::02FF:FFFF:FE00:0001 Configuration Guide 433 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 461
Part 16 Configuring DHCP VLAN Relay CHAPTERS 1. DHCP VLAN Relay 2. DHCP VLAN Relay Configuration 3. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 462
switch switch will forward the client's requests to the DHCP server through the default agent interface, and forward the DHCP server's response to the client. Through this mechanism, the client can get IP addresses from the DHCP server. For T2500G-10MPS, you can set Switch DHCP Relay DHCP Clients - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 463
In the Option 82 Configuration section, configure Option 82. DHCP Relay Enable or disable DHCP Relay. Option 82 Support Select whether to enable Option 82 or not. By default, it is disabled. Option 82 is used to enable Option 82 on the relay device closest to the client. Configuration Guide 436 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 464
of the packets with the switch defined one. By default, manually. Enter the customized circuit ID, which contains up to 64 characters. The circuit ID configurations of the switch ID configurations of the switch and the DHCP server default relay agent interface. The switch will use its IP address to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 465
Save the settings in the configuration file. The following example shows how to enable DHCP Relay: Switch#configure Switch(config)#service dhcp relay Switch(config)#show ip dhcp relay DHCP relay is enabled. ...... Switch(config)#end Switch#copy running-config startup-config Configuration Guide 438 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 466
switch will keep the Option 82 information in the packet. replace: The switch will replace the Option 82 information with the customized configurations on the switch. drop: The switch Mode. copy running-config startup-config Save the settings in the configuration file. The following example shows - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 467
relay option 82 is enabled. Existed option 82 field operation: keep. ...... Switch(config)#end Switch#copy running-config startup-config 2.2.3 Specifying DHCP Server for VLAN You can Mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 440 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 468
Configuration The following example shows how to set interface VLAN 1 (the management VLAN) as the default relay agent interface and configure the DHCP server address as 192.168.1.8 on VLAN 10: Switch#configure Switch(config)#interface vlan 1 Switch(config-if)# ip dhcp relay default-interface - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 469
of DHCP Relay are listed in the following table. Table 3-1 Default Settings of DHCP Relay Parameter Default Setting DHCP Relay DHCP Relay Disable Option 82 Support Disable Existed Option 82 field Keep Customization Disable Circuit ID None Remote ID None DHCP VLAN Relay Interface - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 470
Part 17 Configuring QoS CHAPTERS 1. QoS 2. DiffServ Configuration 3. Bandwidth Control Configuration 4. Configuration Examples 5. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 471
Services) to certain types of traffic. 1.2 Supported Features You can configure the DiffServ and bandwidth control features on the switch supported, Port Priority, 802.1P Priority and DSCP Priority. Schedule Mode: Four schedule modes are supported function allows the switch to filter broadcast - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 472
mode appropriate to your network requirements. Three modes are supported on the switch, 802.1P Priority, DSCP Priority and Port Priority. DSCP priority determines the priority of packets based on the ToS (Type of Service) field in their IP header. RFC2474 re-defines the ToS field in the Guide 445 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 473
Configuring Priority Mode The instructions of the three priority modes values are from 0 to 7. CoS-id is a value for the switch to establish mapping relations between the priorities and TC queues. The valid The switch supports 8 TC queues, from TC0 for the lowest priority to TC 7 for - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 474
or the redefined DSCP value by the ACL Remark feature. Priority 3) Click Apply. Select a TC queue that the DSCP priority will be mapped to. The switch supports 8 TC queues, from TC0 for the lowest priority to TC 7 for the highest priority. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 475
the port priority: 1) Select the desired port or LAG to set its priority. Priority Specify the TC queue that the port will be mapped to. The switch supports 8 TC queues, from TC0 for the lowest priority to TC menu QoS > DiffServ > Schedule Mode to load the following page. Configuration Guide 448 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 476
Strict-Priority + Weight Round Robin Mode. In this mode, the switch provides two scheduling groups, SP group and WRR group. When scheduling queues, the switch allows the queues in the SP group to occupy the whole bandwidth TC queue if the schedule mode is WRR of SP+WRR. Configuration Guide 449 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 477
In SP+WRR mode, TC7 and the queue with its weight value set as 0 are in the SP group; other queues, with none 3) Click Apply. Note: With ACL Redirect feature, the switch maps all the packets that meet the configured ACL rules Configuring Priority Mode The instructions of the three priority Guide 450 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 478
Save the settings in the configuration file. The following example shows how to map CoS2 to TC0, and keep other CoS-id-TC as default: Switch#configure Switch(config)#qos queue cos-map 2 0 Switch(config)#show tc-id: Specify the TC-ID. The valid values are from 0 to 7. Configuration Guide 451 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 479
Save the settings in Switch#configure Switch(config)#qos queue dscp-map 10-14 0 Switch(config)#show qos status 802.1p priority is disabled. DSCP priority is enabled. Switch Switch(config)#end Switch#copy running-config startup-config Configuring Port Priority Select the desired port to set - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 480
Save the settings in the Switch(config-if-range)#qos 1 Switch(config-if-range)#show qos interface gigabitEthernet 1/0/5-7 Port TC Value LAG Gi1/0/5 TC 1 N/A Gi1/0/6 TC 1 N/A Gi1/0/7 TC 1 N/A Switch(config-if-range)#end Switch#copy running-config startup-config Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 481
: In SP+WRR mode, this switch provides two scheduling groups, SP group and WRR group. When scheduling queues, the switch allows the queues in the SP values are from 0 to 127. TC7 and the queue with its weight value set as 0 are in the SP group; other queues, with nonezero weight value, Guide 454 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 482
Configuring QoS DiffServ Configuration Step 6 copy running-config startup-config Save the settings in the configuration file. Note: With ACL Redirect feature, the switch maps all the packets that meet the configured ACL rules to the new TC queue, regardless of the mapping relations configured in - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 483
for sending packets on the port. The valid values are from 1 to 1000000 Kbps. LAG Displays the aggregation group which the port is in. Configuration Guide 456 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 484
broadcast packets in the Broadcast field. The packet traffic exceeding the rate will be discarded. The switch supports the following three rate modes: kbps: Specify the upper rate limit in kilo-bits per second, broadcast rate control, select Disable in the Broadcast field. Configuration Guide 457 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 485
field. The packet traffic exceeding the rate will be discarded. The switch supports the following three rate modes: kbps: Specify the upper rate • For ports in the same LAG, rate limit / storm control should be set to the same value to ensure a successful port aggregation. • For one port Guide 458 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 486
mode. copy running-config startup-config Save the settings in the configuration file. The following example shows Switch#configure Switch(config)#interface gigabitEthernet 1/0/5 Switch(config-if)#bandwidth ingress 5120 egress 1024 Switch 1024 N/A Switch(config-if)#end Switch#copy running- - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 487
Switch(config-if)#storm-control broadcast kbps 10240 Switch(config-if)#show storm-control interface gigabitEthernet 1/0/5 Port BcRate Mcate UlRate LAG Gi1/0/5 kbps 10240 kbps 0 kbps 0 N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 488
Host A, can access the local network server through the switch. Configure the switch to ensure the traffic from the Admin can be treated . Figure 4-1 QoS Application Topology Server Gi1/0/1 Gi1/0/3 Gi1/0/2 Switch Admin 4.1.2 Configuration Scheme Host A The overview of the configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 489
to load the following page, and select SPMode as the schedule mode. Click Apply. Figure 4-3 Configure Schedule Mode 3) Click Save Config to save the settings. 4.1.4 Using the CLI 1) Set the priority for port 1/0/1 to TC1 and priority for port 1/0/2 to TC0. Switch#configure Configuration Guide 462 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 490
Switch(config-if)#qos 1 Switch(config-if)#exit Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#qos 0 Switch(config-if)#exit 2) Select SP-Mode as the schedule mode and save the settings. Switch(config)#qos queue mode sp Switch(config)#exit Switch . Configure the switches to ensure the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 491
Scheme Marketing Dept. 10.10.20.0/24 Configure Switch A to add different VLAN tags to the packets from the two departments respectively. Configure Switch B to classify the incoming packets from the two configuration, ensure network segments are reachable to each other. Configuration Guide 464 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 492
Configuring QoS Configuration Examples Configurations for Switch A 1) Choose VLAN > 802.1Q VLAN > Port Config, change the type of port 1/0/1-3 to General. Figure 4-5 Configure the Port as an untagged port and port 1/0/3 as a tagged port to VLAN 10. Then click Apply. Configuration Guide 465 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 493
Configuring QoS Figure 4-6 Configure VLAN 10 Configuration Examples 3) Click Create again to load the following page. Create VLAN 20 with the description of Marketing. Add port 1/0/2 as an untagged port and port 1/0/3 as a tagged port to VLAN 20. Then click Apply. Configuration Guide 466 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 494
Configuration Examples 4) Click save config to save the settings. Configurations for Switch B 1) Choose VLAN > 802.1Q VLAN > Port Config to load the following page. For port 1/0/1, set the Link Type as TRUNK, and for port 1/0/2, set the Link Type as ACCESS. Click Apply. Configuration Guide 467 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 495
10 and VLAN 20, and add port 1/0/1 to the two VLANs; create VLAN 30, and add port 1/0/2 to VLAN 30. Figure 4-9 Configure VLAN 10 Configuration Guide 468 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 496
Configuring QoS Figure 4-10 Configure VLAN 20 Configuration Examples Figure 4-11 Configure VLAN30 Configuration Guide 469 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 497
as Permit. Click Apply. Figure 4-13 Create Rule 1 4) Create Policy RD and bind it to ACL 10, select QoS Remark and set Local Priority to TC1. Choose ACL > Policy Config > Policy Create to load the RD, and ACL 10, click QoS Remark and set the Local Priority to TC 1. Click Apply. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 498
Figure 4-15 Action Create Configuration Examples 5) Create Policy Marketing and bind it to ACL 10, select QoS Remark and set Local Priority to TC0. Choose ACL > Policy Config > Policy Policy Marketing, and ACL 10, click QoS Remark and set the Local Priority to TC 0. Click Apply. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 499
Configuring QoS Figure 4-17 Action Create Configuration Examples 6) Choose ACL > Policy Binding > VLAN Binding. Bind Policy RD and Policy Marketing to VLAN10 and VLAN 20 respectively. Figure 4-18 Bind Policy RD to VLAN 10 Figure 4-19 Bind Policy Marketing to VLAN 20 Configuration Guide 472 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 500
higher priority. Figure 4-20 Configure Schedule Mode 8) Click Save Config to save the settings. 4.2.4 Using the CLI Note: Before configuration, ensure network segments are reachable to each other. Configurations for Switch A 1) Create VLAN 10 with the name RD and VLAN 20 with the name Marketing - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 501
end Switch_A#copy running-config startup-config Configurations for For Switch B (Demonstrated with T3700G-28TQ) 1) Create VLAN 10 and VLAN 20. Configure the Link Type of port 1/0/1 as Trunk, and add it to the (config-if)#switchport access vlan 30 Switch_B(config-if)#exit Configuration Guide 474 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 502
exit 4) Create Policy RD and bind it to ACL 10, enable QoS Remark and set Local Priority to TC1. Switch_B( Create Policy Marketing and bind it to ACL 10, enable QoS Remark and set Local Priority to bind Marketing Switch_B(config-if)#exit 7) Select WRR-Mode as the schedule mode and save the settings - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 503
Verify the configuration Switch A: Verify the VLAN Gi1/0/1, Gi1/0/3 20 Marketing active Gi1/0/2, Gi1/0/3 Switch B: Verify ACL configuration: Switch_B#show access-list Mac -list 10 priority 0 Verify Policy binding: Switch_B#show access-list bind Index Policy Name Interface/VID Direction - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 504
Configuring QoS Verify the schedule mode. Switch_B#show qos queue mode Scheduler Mode | WRR Configuration Examples Configuration Guide 477 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 505
Default Parameters DiffServ Table 5-1 DiffServ Parameter Port Priority 802.1P Priority DSCP Priority Schedule Mode Default Setting Enabled. Packets from all ports are mapped to the same TC queue. Enabled. See Table 5-3 for CoS-id TC 0 TC 1 TC 2 TC 3 TC 4 TC 5 TC 6 TC 7 Configuration Guide 478 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 506
Configuring QoS Bandwidth Control Table 5-4 Bandwidth Control Parameter Rate Limit Storm Control Default Setting Disabled Disabled Appendix: Default Parameters Configuration Guide 479 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 507
Part 18 Configuring Voice VLAN CHAPTERS 1. Overview 2. Voice VLAN Configuration 3. Configuration Example 4. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 508
can configure the voice VLAN and set priority for voice traffic. Voice VLAN Modes on Ports A voice VLAN can operate in two modes: manual mode and automatic mode. Manual mode: This mode is applicable when the switch port forwards voice traffic only. You manually add ports connecting IP phones to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 509
Address (Organizationally Unique Identifier Address) The OUI address is used by the switch to determine whether a packet is a voice packet. An OUI address is complies with the OUI addresses in the switch, the switch identifies the packet as a voice packet and prioritizes it in transmission - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 510
traffic Untagged voice traffic Manual Suggested Link Type and PVID PVID cannot be the voice VLAN ID. Not supported. Tagged; PVID configuration with a voice VLAN tag. »» If your switch provides the LLDP-MED feature, you can also configure it to instruct the voice device to send tagged voice traffic - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 511
about the OUI address. OUI Enter the OUI address of your device. Mask Specify a mask to determine the depth of the OUI that the switch uses to check source addresses of received packets. Description Give an OUI address description for identification. The length is no more than 16 characters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 512
voice VLAN feature, and enter a VLAN ID. VLAN ID Specify an existing VLAN as the voice VLAN. 2) Set the aging time for the voice VLAN. Aging Time Specify the length of time that a port remains in the For details about schedule mode, please refer to Configuring QoS. Configuration Guide 485 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 513
switch automatically manually add the ports connecting voice devices to the voice VLAN. Member State Displays the current state of the ports that are connected to voice devices. Active: The corresponding port is in the voice VLAN. Inactive: The corresponding port is not in the voice VLAN. 2) Set - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 514
depth of the OUI that the switch uses to check source addresses of received packets. descript: Give an OUI address description for identification. Step 4 voice vlan priority pri Set the priority for voice packets. about schedule mode, please refer to Configuring QoS. Configuration Guide 487 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 515
Set manual } Choose the way of adding the specified ports to the voice VLAN. auto: The switch other VLANs, how the switch processes the packets is tagged | untagged } (For ports in manual voice VLAN mode) Add the specified ports voice VLAN. tagged | untagged: Set the egress rule as tagged or untagged - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 516
end Return to privileged EXEC mode. Step 14 copy running-config startup-config Save the settings in the configuration file. The following example shows how to set port 1/0/1 in manual voice VLAN mode. Configure the switch to forward voice traffic with an IEEE 802.1p priority of 5 and to transmit - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 517
forward only legal voice packets. In the meeting room, the switch provides dedicated connections to IP phones. In this situation, IP phones do not need to send traffic with the voice VLAN tag. Set ports that are connected to IP phones in manual voice VLAN mode. Meanwhile, configure the voice VLAN to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 518
Gi1/0/1 Gi1/0/2 IP Phone 10 Switch A Gi1/0/3 Gi1/0/1 Gi1/0/2 Switch B Gi1/0/4 ...... Office Area IP Phone 20 IP Phone 30 PC 20 Meeting Room Demonstrated with T2600G-28TS, this chapter provides configuration procedures in two ways: using the GUI and using the CLI. Configuration Guide 491 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 519
VLAN Configuration Example 3.4 Using the GUI Configurations for Switch A 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Set the link type of port1/0/1-2 as General, and click Apply. Figure 3-2 Configuring the Link Type of port 1/0/1-2 2) Choose the menu VLAN - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 520
Config to load the following page. Enable voice VLAN, enter 10 in the VLAN ID field and set aging time as 1440 minutes and priority as 6. Then click Apply. Figure 3-4 Configuring Voice VLAN Globally enable security mode. Select port 1/0/2 and choose manual mode. Click Apply. Configuration Guide 493 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 521
1/0/2 5) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and edit VLAN 10 to load the following page. Add port 1/0/2 to the voice VLAN. Configuration Guide 494 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 522
to load the following page. Enable LLDP globally. Figure 3-8 Enabling LLDP Globally 7) Choose the menu LLDP > LLDP-MED> Global Config to load the following page. Set fast start count as 4. Figure 3-9 Configuring LLDP-MED Globally Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 523
the TLV information which will be carried in LLDP-MED frames and sent out by port 1/0/1. Select all TLVs, and configure location identification parameters. Configuration Guide 496 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 524
Voice VLAN Figure 3-11 Configuring TLVs Configuration Example For details about LLDP-MED, please refer to Configuring LLDP. 9) Click Save Config to save the settings. Configurations for Switch B 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Configure the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 525
Configuring Voice VLAN Figure 3-12 Configuring the Link Type of port 1/0/1-3 Configuration Example 2) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and > Global Config to load the following page. Enable voice VLAN, enter 10 in the VLAN ID field and set priority as 6. Configuration Guide 498 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 526
Voice VLAN Globally Configuration Example 4) Choose the menu QoS > Voice VLAN > Port Config to load the following page. Select ports 1/0/1-3, choose manual mode and enable security mode. Click Apply. Figure 3-15 Configuring Voice VLAN Mode on Ports 5) Choose the menu VLAN > 802.1Q VLAN - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 527
Figure 3-16 Adding Ports to the Voice VLAN Configuration Example 6) Click Save Config to save the settings. Configurations for Switch C 1) Choose the menu VLAN > 802.1Q VLAN > Port Config to load the following page. Configure the link type of ports 1/0/1-3 as General. Click Apply. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 528
Configuring Voice VLAN Figure 3-17 Configuring the Link Type of port 1/0/1-3 Configuration Example 2) Choose the menu VLAN > 802.1Q VLAN > VLAN Config and click Apply. Figure 3-18 Creating a VLAN and Adding Ports to the VLAN 3) Click Save Config to save the settings. Configuration Guide 501 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 529
Example 3.5 Using the CLI Configurations for Switch A 1) Configure the link type of ports 1/0/1-2 as General. Switch_A#configure voice vlan mode manual Switch_A(config-if)#switchport general allowed vlan 10 tagged Switch_A(config-if)#exit 6) Enable LLDP globally and set the fast start count - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 530
Switch Switch B 1) Create VLAN 10. Switch_B#configure Switch_B(config)#vlan 10 Switch_B(config-vlan)#name VoiceVLAN Switch_B(config-vlan)#exit 2) Set manual Switch_B(config-if-range)#switchport voice vlan security Switch_B(config-if-range)#exit 4) For ports 1/0/1-2, set the link set the link type - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 531
Switch C 1) Create VLAN 10. Switch_C#configure Switch_C(config)#vlan 10 Switch_C(config-vlan)#name VoiceVLAN Switch_C(config-vlan)#exit 2) For ports 1/0/1-3, set the link #copy running-config startup-config Verify the Configurations Switch A Verify the global configuration of voice VLAN: Switch_A - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 532
Auto Enabled Inactive N/A Gi1/0/2 Manual Disabled Active N/A Gi1/0/3 Auto Disabled Inactive N/A ...... Switch B Verify the global configuration State LAG Gi1/0/1 Manual Enabled Active N/A Gi1/0/2 Manual Enabled Active N/A Gi1/0/3 Manual Enabled Active N/A ...... Switch C Verify the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 533
VLAN ID None Aging Time 1440 minutes Priority 6 Table 4-2 Default Settings of Port Configuration Parameter Default Setting Port Mode Auto Security Mode Disable Member State Inactive Table 4-3 Entries in Philips Phone Pingtel Phone PolyCom Phone 3Com Phone Configuration Guide 506 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 534
Part 19 Configuring PoE CHAPTERS 1. PoE 2. PoE Power Management Configurations 3. Time-Range Function Configurations 4. Example for PoE Configurations 5. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 535
via TP-Link PoE switches. 1.2 Supported Features PoE Power Management PoE Power Management is used for users to manage the power the PoE switch supplied. The PoE switch allocates the power to the PDs according to your configurations. Time-Range Function The time-range function is used to set the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 536
one via configuring the PoE parameters manually. You can also set a profile with the desired parameters and bind the profile to the corresponding ports power the PoE switch can supply. System Power Consumption Displays the real-time system power consumption of the PoE switch. System Power Remain - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 537
the system power limit, the switch will power off PDs on are provided: Auto: The switch will allocate a value as port can supply is 30W. Manual: Enter a value manually. Time Range Select a time PoE priority or power limit manually. For how to create a linked PD belongs to. Power Status - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 538
power the port can supply for the PoE profile. The following options are provided: Auto: The switch will allocate a value as the maximum power that the port can supply automatically. Class1: The maximum power that the port can supply is 30W. Manual: Enter a value manually. Configuration Guide 511 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 539
Bind the Profile to the Corresponding Ports Follow these steps to bind switch. System Power Remain Displays the real-time system remaining power of the PoE switch. 2) In the Port Config section, select a profile and bind the PoE profile set in the PoE or power limit manually. Power(w) Displays - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 540
PoE Parameters Manually Follow these switch can supply globally. power-limit: Specify the maximum power the PoE switch switch will power off PDs on low-priority ports to ensure stable running of other PDs. The default setting the switch will or you can enter a value manually. The value ranges from 1 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 541
set the system power limit as 100W. Set the priority as middle and set the power limit as class3 in the port 1/0/5. Switch#configure Switch(config)#power inline consumption 100 Switch(config)#interface gigabitEthernet 1/0/5 Switch System Power Remain: 100.0w Switch(config-if)#show power inline - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 542
Switch(config-if)#end Switch switch. In a profile, the PoE status, PoE priority and power limit are configured. You can bind the system power limit, the switch will power off PDs on low switch you can enter a value manually. The value ranges from power inline profile name Bind a PoE profile to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 543
EXEC mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to create a profile named profile1and bind the profile to the port 1/0/6. Switch#configure Switch(config)#power profile profile1 supply enable priority middle consumption - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 544
need a reliable clock source. We recommend that you use Network Time Protocol (NTP) to synchronize the switch clock. For details, refer to System Info Configurations in Managing System. 3.1 Using the GUI 3.1.1 Creating time-range. Name Specify a name for the time-range. Configuration Guide 517 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 545
Time Specify the end time of the periodic mode. Day of the Week Select day of the week for the periodic mode. 3) Click Apply. Configuration Guide 518 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 546
mode of the time-range function. Displays the state of the time-range function. View or edit the configuration of the time-range function. Configuration Guide 519 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 547
Step 3 Step 4 configure Enter global configuration mode. power time-range name Create a time-range for the switch and enter Power Time-range Configuration Mode. name: Specify a name for the PoE time-range. It ranges it is 1-7. exit Exit Power Time-range Configuration Mode. Configuration Guide 520 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 548
2016/09/0800:00 to 2016/09/10-24:00. Set the periodic mode from 01:00 to 23:00 in Friday. Bind the time-range to the port 1/0/7. Switch#configure Switch(config)#power time-range time-range1 Switch(config-time-range)#holiday include Switch(config-time-range)#absolute from 09/08/2016-00:00 to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 549
EXEC mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to create a holiday named holiday1. Set the starting date as 08/16, set the ending date as 08/20. Switch#configure Switch(config)#power holiday holiday1 start-date 08/16 end - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 550
. All PoE time-range configurations will be displayed if the name is not specified. The following example shows how to view the time-range table. Switch#show power time-range Time-range entry: office time (Active) holiday: include number of absolute time: 0 (01/01/2000-00:00 to 12/31/2099 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 551
service and only work in the daytime. Figure 4-1 Network Topology Switch A Gi1/0/1 Gi1/0/2 Gi1/0/4 Gi1/0/3 Camera1 Camera2 AP1 AP2 4.2 Configuring Scheme To implement this requirement, you can set at the default settings here. 4.3 Using -range settings not be affected on holiday. Set the time - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 552
Example for PoE Configurations 2) Choose the menu PoE > Time-Range > Holiday Config to load the following page. Specify a name for the holiday and set the starting date and ending date. Figure 4-3 Configure the Holiday 3) Choose the menu PoE > PoE Config > PoE Config to load the following page - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 553
3) Enable the PoE function on the port 1/0/3. Specify the basic parameters for the port 1/0/3 and bind the time-range "office time" to the port. Switch_A(config)#interface gigabitEthernet 1/0/3 Switch_A(config-if)# the configuration of the holiday: Switch_A#show power holiday Configuration Guide 526 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 554
#show power inline configuration interface gigabitEthernet 1/0/3 Interface PoE-Status PoE-Prio Power-Limit(w) Time-Range PoE-Profile Gi1/0/3 Enable Low Class4 office time None Configuration Guide 527 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 555
Settings of Time-Range Create Parameter Name Holiday Type From Time To Time Default Setting None Include Absolute 01/01/2000-00:00 01/01/2000-24:00 Table 5-4 Default Settings of Holiday Config Parameter Holiday Name Start Date End Date Default Setting None 01/01 01/01 Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 556
Part 20 Configuring ACL CHAPTERS 1. Overview 2. ACL Configuration 3. Configuration Example for ACL 4. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 557
traffic as it passes through a switch, and permits or denies packets crossing downloading bandwidth. 1.2 Supported Features »» ACL Binding To"permit" or "deny" received packets, bind the ACL to a rule will be forwarded or dropped. »» Policy Binding Configure Policy if you need to further process the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 558
different packets. 3) Create a Policy and configure the policy action for packets that match the ACL rule. 4) Bind the Policy to a port or VLAN to make it effective. Configuration Guidelines A packet "matches" an will be forwarded without being processed by the ACL. Configuration Guide 531 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 559
ACL ACL Configuration 2.1 Using the GUI 2.1.1 Configuring Time-Range Some ACL-based services or features may need to be limited to take effect only during a specified effect during specified time periods in the day. 3) Click Apply to make the settings effective. Configuration Guide 532 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 560
Start Date / End Date Specify the start and end date of the holiday 2) Click Apply to make the settings effective. 2.1.3 Creating an ACL You can create different types of ACL and define the rules based on source MAC IP address, IP protocols and so on for matching operations. Configuration Guide 533 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 561
number to identify the ACL 2) Click Apply to make the settings effective. Note: The supported ACL type and ID range varies on different switch models. Please refer to the onscreen information. 2.1.4 Configuring ACL the following page. Figure 2-4 Creating the MAC ACL Configuration Guide 534 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 562
which the rule will take effect. The default value is No Limit, which means the rule is always in effect.. 4) Click Apply to make the settings effective. Configuring the Standard-IP ACL Rule Choose the menu ACL > ACL Config > Standard-IP ACL to load the following page. Figure 2-5 Creating the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 563
> Extend-IP ACL to load the following page. Figure 2-6 Creating the Extend-IP ACL Rule Follow these steps to create the Extend-IP ACL: Configuration Guide 536 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 564
the flag is not used for matching operations. URG: Urgent flag. ACK: Acknowledge flag PSH: Push flag. RST: Reset flag. SYN: Synchronize flag. FIN: Finish flag S-Port / D-Port Enter the TCP/UDP source and destination port No Limit, which means the rule is always in effect. Configuration Guide 537 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 565
rule IDs. By default, a rule configured earlier is listed before a rule configured later. The switch matches a received packet with the rules in order. When a packet matches a rule, the device , then click Apply. Policy Name Enter a Policy Name between 1 and 16 characters. Configuration Guide 538 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 566
the specified rate. Redirect Configure the redirect action for the matched packets. Destination Port Select a destination port to which the packets will be redirected. Configuration Guide 539 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 567
. Local Priority Specify the local priority for thematched packets. 3) Click Apply to make the settings effective. 2.1.6 Configuring the ACL Binding and Policy Binding You can select ACL binding or Policy binding according to your needs. An ACL or policy takes effect only after it is bound to - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 568
Binding the ACL to a VLAN Follow these steps to bind the ACL to a VLAN: Select the ACL and enter the VLAN ID, and click Apply. ACL ID Select an ACL from the drop-down list. Note: Packet Content ACLs cannot be bound to any VLANs. VLAN ID Enter the VLAN ID. Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 569
Port: Select the policy and the port to be bound, and click Apply. Policy Name Select a Policy from the drop-down list. Binding the Policy to a VLAN Choose the menu ACL > Policy Binding > VLAN Binding to load the following page. Figure 2-13 Binding the Policy to a VLAN Configuration Guide 542 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 570
ID. Verifying the Binding Configuration Verifying the ACL Binding You can view both port binding and VLAN binding entries in the Binding > Binding Table to load the following page. Figure 2-14 Verifying the ACL Binding Verifying the Policy Binding You can view both port binding and VLAN binding - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 571
the menu ACL > Policy Binding > Binding Table to load the following page. Figure 2-15 Verifying the Policy Binding 2.2 Using the CLI 2.2.1 Configuring Time Range Some services or features that use ACL period. name:Assign a name to the time-range using 1-16 characters. Configuration Guide 544 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 572
all time-range configurations. show holiday (Optional) Display all defined holiday times. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 545 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 573
pm on Monday to Friday: Switch#configure Switch(config)#time-range work_time Switch(config-time-range)#periodic week-date 1-5 time-slice1 08:30-18:00 Switch(config-time-range)#exit Switch(config)#show time-range Time-range . access-list-num:Enter an ACL ID between 0 and 499. Configuration Guide 546 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 574
that match the rule. By default, it is set to permit. The packets will be discarded if "deny 7 copy running-config startup-config Save the settings in the configuration file. The following example shows a2:d4:34:b5: Switch#configure Switch(config)#mac access-list 50 Switch(config-mac-acl)#rule - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 575
smask ff:ff:ff:ff:ff:ff Switch(config)#end Switch#copy running-config startup-config Standard ; permit means to forward. By default, it is set to permit. source-ip: Enter the source IP address 5 copy running-config startup-config Save the settings in the configuration file. The following example - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 576
(config)#show access-list 600 Standard IP access list 600 rule 1 permit sip 192.168.1.100 smask 255.255.255.255 Switch(config)#end Switch#copy running-config startup-config Extend-IP ACL Step 1 configure Enter global configuration mode. Step 2 access-list create access-list-num Create an - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 577
to forward. By default, it is set to permit. source-ip: Enter the (acknowledge flag), PSH(push flag), RST(reset flag), SYN(synchronize flag), and FIN(finish config startup-config Save the settings in the configuration file. 100: Switch#configure Switch(config)#access-list create 1700 Switch(config - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 578
rule 7 deny sip 192.168.2.100 smask 255.255.255.255 protocol 6 d-port 23 Switch(config)#end Switch#copy running-config startup-config 2.2.3 Configuring Policy Policy allows you to further process the matched the policy. acl-id: The ID number of the ACL to be applied. Configuration Guide 551 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 579
Switch(config)#access-list policy name RD Switch(config)#access-list policy action RD 600 Switch(config-action)#redirect interface gigabitEthernet 1/0/4 Switch(config-action)#exit Switch(config)#show access-list policy RD Policy name : RD access-list 600 redirect-port Gi1/0/4 Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 580
-config startup-config Save the settings in the configuration file. The following example shows how to bind policy 1 to port 2 and policy 2 to VLAN 2: Switch#configure Switch(config)#interface gigabitEthernet 1/0/2 Switch(config-if)#access-list bind 1 Switch(config-if)#exit Configuration Guide 553 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 581
Switch(config)#interface vlan 2 Switch(config-if)#access-list bind 2 Switch(config-if)#exit Switch(config)#show access-list bind Index Policy Name Interface/VID ----- ----------- 1 1 Gi1/0/2 2 2 2 Index ACL ID Interface/VID ----- ----------- Switch(config)#end Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 582
the settings in the configuration file. The following example shows how to bind ACL 1 to port 3 and ACL 2 to VLAN 4: Switch#configure Switch(config)#interface gigabitEthernet 1/0/3 Switch(config-if)#access-list bind acl 1 Switch(config-if)#exit Switch(config)#interface vlan 4 Switch(config - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 583
internal server group can provide different types of services. It is required that: the switch via port 1/0/2. Figure 3-1 Network Topology Internet Gi1/0/1 Gi1/0/2 Server Group IP: 10.10.80.0/24 Marketing IP: 10.10.70.0/24 3.3 Configuration Scheme To meet the requirements above, you can set - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 584
a rule, the switch stops the matching process and initiates the action defined in the rule. Binding Configuration Apply the Extend-IP ACL to a Policy and bind the Policy to port 1/0/1 so that the ACL rules will apply to the Marketing department only. Demonstrated with T2500G-10MPS, the following - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 585
. Select the Extend- IP ACL 1600, configure rule 2 and rule 3 to permit packets with source IP 10.10.70.0 and destination port TCP 80 (http service port) and UDP 443 (https service port). Figure 3-4 Configuring Rule 2 Configuration Guide 558 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 586
ACL 1600, configure Rule 4 and Rule 5 to permit packets with source IP 10.10.70.0 and with destination port TCP 53 or UDP 53 (DNS service port). Figure 3-6 Configuring Rule 4 Configuration Guide 559 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 587
10.10.70.0. Figure 3-8 Configuring Rule 6 6) Choose the menu ACL > Policy Config > Policy Create to load the the following page. Then create Policy Market. Configuration Guide 560 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 588
load the the following page. Then apply ACL 1600 to Policy Market. Figure 3-10 Applying the ACL to the Policy 8) Choose the menu ACL > Policy Binding > Port Binding to load the the following page. Bind Policy Market to port 1/0/1 to make it take effect. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 589
Binding the Policy to Port 1/0/1 Configuration Example for ACL 9) Click Save Config to save the settings. 3.5 Using the CLI 1) Create Extended-IP ACL 1600. Switch#configure Switch port TCP 80 (http service port) or TCP 443 (https service port). Switch(config)#access-list extended 1600 rule - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 590
Switch(config-action)#exit 7) Bind Policy Market to Port 1. Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#access-list bind Market Switch(config-if)#exit Switch(config)#end Switch 70.0 smask 255.255.255.0 Switch(config)#show access-list bind Index Policy Name Interface/VID - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 591
Parameters 4 Appendix: Default Parameters For MAC ACL: Parameter Operation User Priority Time-Range Default Setting Permit No Limit No Limit For Standard-IP ACL: Parameter Operation Time-Range Default Setting Permit No Limit For Extend-IP ACL: Parameter Operation IP Protocol DSCP IP ToS IP - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 592
Part 21 Configuring Network Security CHAPTERS 1 . Network Security 2 . IP-MAC Binding 3 . DHCP Snooping 4 . ARP Inspection 5 . DoS Defend 6 . 802.1X 7 . PPPoE ID-Insertion 8 . AAA 9 . Configuration Examples 10 .Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 593
switch can prevent the ARP cheating attacks with the ARP Detection feature and filter the packets that don't match the binding entries with the IP Source Guard feature. The binding entries can be manually configured, or learned by ARP scanning or DHCP snooping. DHCP Snooping DHCP Snooping supports - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 594
binding. Option 82 Option 82 records the location of the DHCP client. The switch can add option 82 to the DHCP request packet and then transmit the packet to the DHCP server. Administrators can check the location of the DHCP client via option 82. The DHCP server supporting option 82 can also set - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 595
by sending numerous service requests to the hosts. It results in an abnormal service or breakdown of the network. With DoS Defend feature, the switch can analyze the figure below: Figure 1-2 802.1X Authentication Model Clients Switch Authenticator Authentication Server Configuration Guide 568 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 596
that you install TP-Link 802.1X authentication client software on the client hosts, enabling them to request 802.1X authentication to access the LAN. Authenticator An authenticator is usually a network device that supports 802.1X protocol. As the above figure shows, the switch is an authenticator - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 597
Switch BRAS PPPoE Server RADIUS Server AAA AAA stands for authentication, authorization and accounting. On TP-Link switches , this feature is mainly used to authenticate the users trying to log in to the switch can be processed locally on the switch or centrally on the RADIUS/TACACS - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 598
the specified entries in the Binding Table. 2.1 Using the GUI 2.1.1 Binding Entries Manually You can manually bind the IP address, MAC Binding > Manual Binding to load the following page. Figure 2-1 Manual Binding In the Manual Binding Option section, follow these steps to configure IP-MAC Binding - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 599
Bind. 2.1.2 Binding Entries Dynamically The binding entries can be dynamically learned from ARP Scanning and DHCP Snooping. ARP Scanning With ARP Scanning, the switch 2-2 ARP Scanning Follow these steps to configure IP-MAC Binding via ARP scanning: 1) In the Scanning Option section, specify - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 600
, MAC address, VLAN ID and the connected port number of the host. For instructions on how to configure DHCP Snooping, refer to DHCP Snooping Configurations. 2.1.3 Viewing the Binding Entries With the Binding Table, you can view and search the specified binding entries. Configuration Guide 573 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 601
Displays the entries from all sources. Manual: Displays the manually bound entries. Scanning: Displays the binding entries learned from ARP Scanning. Snooping: Displays the binding entries learned from DHCP Snooping. IP: feature. Source Displays the source of the entry. Configuration Guide 574 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 602
supported by the CLI; Binding entries via DHCP Snooping is introduced in DHCP Snooping Configurations. The following sections introduce how to bind entries manually and view the binding entries. 2.2.1 Binding Entries Manually You can manually bind Scanning or DHCP Snooping. Configuration Guide 575 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 603
-config Save the settings in the configuration file. The following example shows how to bind an entry with the Gi1/0/5 ARP-D Switch(config)#end Switch#copy running-config startup-config 2.2.2 Viewing Binding Entries On privileged Manually, ARP Scanning and DHCP Snooping. Configuration Guide 576 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 604
on the specified port. Tips: The switch can dynamically bind the entries via DHCP Snooping after step 1 and step 2 are completed. By default, the binding entries are applied to ARP Detection. Configuration DHCP Snooping. 2) Enable DHCP Snooping on a VLAN or range of VLANs. Configuration Guide 577 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 605
ports and configure the parameters. Trusted Port Select Enable to set the port that is connected to the DHCP server as a trusted port. Select Disable to set the other ports as untrusted ports. MAC Verify Enable or per second. The excessive DHCP packets will be discarded. Configuration Guide 578 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 606
switch can add option 82 to the DHCP request packet and then transmit the packet to the DHCP server. Administrators can check the location of the DHCP client via option 82. The DHCP server supporting Option 82 can also set the packets that include the Option 82 field. Configuration Guide 579 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 607
of DHCP Snooping. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to enable DHCP Snooping globally and on VLAN 5: Switch#configure Switch(config)#ip dhcp snooping Configuration Guide 580 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 608
Enter interface configuration mode. Step 3 ip dhcp snooping trust Set the port that is connected to the DHCP server as a trusted port. The switch can forward the DHCP packets on the trusted port and /second). The default value is 0, which indicates disabling this feature. Configuration Guide 581 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 609
location of the DHCP client. The switch can add the Option 82 to the DHCP request packet and then transmit the packet to the DHCP server. Administrators can check the location of the DHCP client via option 82. The DHCP server supporting Option 82 can also set the distribution policy of IP addresses - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 610
with one defined by switch. By default, the configurations of the switch and the DHCP configurations of the switch and the DHCP server -config Save the settings in the configuration Switch#configure Switch(config)#interface gigabitEthernet 1/0/7 Switch(config-if)#ip dhcp - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 611
Switch(config-if)#show ip dhcp snooping information interface gigabitEthernet 1/0/7 Interface Option 82 Status Operation Strategy Circuit ID Remote ID LAG Gi1/0/7 Enable Replace VLAN20 Host1 N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 612
ARP Detection The ARP Detection feature allows the switch to detect the ARP packets based on the binding entries in the IP-MAC Binding Table and filter out the illegal ARP packets . The specific ports, such as up-link ports and routing ports are suggested to be set as trusted. Configuration Guide 585 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 613
ARP Inspection Configurations 3) Click Apply. 4.1.2 Configuring ARP Defend With ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the legal the next 300 seconds. LAG Displays the LAG that the port is in. Configuration Guide 586 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 614
Port Indicates whether the port is an ARP trusted port or not. Illegal ARP Packet Displays the number of the received illegal ARP packets. Configuration Guide 587 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 615
Detection feature allows the switch to detect the ARP packets basing on the binding entries in the IP-MAC Binding Table and filter the will not take effect. The specific ports, such as up-linked ports and routing ports are suggested to be set as trusted ports. Step 5 show ip arp inspection Verify - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 616
YES Gi1/0/2 NO ...... Switch(config-if)#end Switch#copy running-config startup-config 4.2.2 Configuring ARP Defend With ARP Defend enabled, the switch can terminate receiving the ARP mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 589 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 617
gigabitEthernet 1/0/1 Switch(config-if)#ip arp recover Switch(config-if)#show ip arp inspection interface gigabitEthernet 1/0/1 Port OverSpeed Rate Current Status LAG Gi1/0/1 Disabled 15 N/A Normal N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 590 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 618
View the ARP statistics on each port, including whether the port is trusted port and the number of received ARP packets on the port. Configuration Guide 591 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 619
the source IP address and the destination IP address of the SYN packet are set to be the IP address of the host, the host will be trapped in SYNFIN The attacker sends the packet with its SYN field and the FIN field set to 1. The SYN field is used to request initial connection whereas the FIN field - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 620
the illegal packet with the same source port and destination port on Layer 4 and with its URG field set to 1. Similar to the Land Attack, the system performance of the attacked host is reduced because the Host . Step 2 ip dos-prevent Globally enable the DoS defend feature. Configuration Guide 593 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 621
building the initial connection. scan-synfin: The attacker sends the packet with its SYN field and the FIN field set to 1. The SYN field is used to request initial connection whereas the FIN field is used to request . show ip dos-prevent Verify the Dos Defend configuration. Configuration Guide 594 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 622
mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to enable the DoS Defend type named land: Switch#configure Switch(config)#ip dos-prevent Switch(config)#ip dos-prevent type land Switch(config)#show ip dos-prevent Type Status - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 623
disabled. 6.1 Using the GUI 6.1.1 Configuring the RADIUS Server Enable AAA function on the switch, configure the parameters of RADIUS sever and configure the RADIUS server group. Enabling In the Global Config section, enable AAA function on the switch and click Apply. Configuration Guide 596 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 624
request is resent to the server if the server does not respond. The default setting is 2. Timeout Specify the time interval that the switch waits for the server to reply before resending. The default setting is 5 seconds. Configuring the RADIUS Server Group You can configure the radius servers - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 625
to be added to the group from the Server IP drop-down list . Then click Add to add this server to the server group. Configuration Guide 598 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 626
. 2) In the Accounting Dot1x Method List section, select an existing RADIUS server group for accounting from the Pri1 drop-down list and click Apply. Configuration Guide 599 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 627
switch and the client. The transmission of EAP (Extensible Authentication Protocol) packets is terminated at the switch EAP packets to exchange information between the switch and the client. The EAP packets connection status between the TP-Link 802.1X Client and the switch. Please disable Handshake - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 628
10 seconds. The quiet period starts after the authentication fails. During the quiet period, the switch does not process authentication requests from the same client. Retry Times Specify the maximum number of 802.1X authentication on the desired port and click Apply . Configuration Guide 601 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 629
6.2.1 Configuring the RADIUS Server Follow these steps to configure RADIUS: Step 1 configure Enter global configuration mode. Step 2 aaa enable Enable the AAA function globally. Configuration Guide 602 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 630
time: Specify the time interval that the switch waits for the server to reply before resending. The valid values are from 1 to 9 seconds and the default setting is 5 seconds. retransmit number: Specify to different server groups respectively for authentication and accounting. Configuration Guide 603 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 631
-config Save the settings in the configuration Switch(config)#aaa accounting dot1x default radius1 Switch(config)#show radius-server Server Ip Auth Port Acct Port Timeout Retransmit Shared key 192.168.0.100 1812 1813 5 2 123456 Switch(config)#show aaa group radius1 Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 632
option is selected, the 802.1X authentication system uses EAP packets to exchange information between the switch and the client. The EAP packets with authentication data are encapsulated in the advanced protocol ( the guest VLAN can only access resources from specific VLANs. Configuration Guide 605 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 633
configure the quiet period. time: Set a value between 1 and 999 period, the switch does not for which the switch waits for response from . If the switch does not receive Save the settings in the Switch#configure Switch(config)#dot1x system-auth-control Switch(config)#dot1x auth-method pap Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 634
: 10 sec. Max Retry-times For RADIUS Packet: 3 Supplicant Timeout: 3 sec. Switch(config)#end Switch#copy running-config startup-config 6.2.3 Configuring 802.1X on Ports Follow these steps to configure the control type of the port should be configured as port-based. Configuration Guide 607 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 635
port is entered, the switch will show configurations of all ports. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. -based unauthorized N/A Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 608 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 636
Insertion feature. With this option enabled, the switch will insert a Circuit ID to the received of the received packet, the IP address of the switch and the port number. This is the default value address of the packet, the MAC address of the switch and the port number. UDF: The circuit ID includes - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 637
ID includes the following three parts: the source MAC address of the received packet, the IP address of the switch and the port number. This is the default value. udf [Value]: Specify a string with at most 40 global Verify the global configuration of PPPoE ID-Insertion. Configuration Guide 610 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 638
the settings in the Switch(config-if)#show pppoe id-insertion interface gigabitEthernet 1/0/1 Port Circuit-ID C-ID Type C-ID Value(UDF) Remote-ID R-ID Value Gi1/0/1 Enabled UDF-ONLY 123 Enabled host1 Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 639
processed locally on the switch or centrally on the to form a method list. The switch uses the first method in the method list to authenticate that method fails to respond, the switch selects the next method. This process or the secure server or the local switch denies the user's access, the authentication - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 640
Application List The switch supports the following access can add one or more RADIUS/TACACS+ servers on the switch for authentication. If multiple servers are added, the server highest priority and authenticates the users trying to access the switch. The others act as backup servers in case the first - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 641
, configure the following parameters. Server IP Enter the IP address of the server running the TACACS+ secure protocol. Timeout Specify the time interval that the switch waits for the server to reply before resending. The default setting is 5 seconds. Configuration Guide 614 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 642
used on the TACACS+ server for AAA. The default setting is 49. 2) Click Add to add the TACACS+ server on the switch. 8.1.3 Configuring Server Groups The switch has two built-in server groups, one for RADIUS the newly added group, and click edit in the Operation column. Configuration Guide 615 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 643
Configuring the Method List A method list describes the authentication methods and their sequence to authenticate the users. The switch supports Login Method List for users of all types to gain access to the switch, and Enable Method List for guests to get administrative privileges. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 644
if the previous method does not respond, and so on. local: Use the local database in the switch for authentication. none: No authentication is used. radius: Use the remote RADIUS server/server groups for for authentication. 2) Click Add to add the new method. Configuration Guide 617 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 645
Login method list. This method list will authenticate the users trying to log in to the switch. Enable List 2) Click Apply. Select a previously configured Enable method list. This method list Specify the Enable password in the Enable Admin section, and click Apply. Configuration Guide 618 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 646
For Enable password configuration: On RADIUS server, the user name should be set as $enable$, and the Enable password is customizable. All the users trying 5 copy running-config startup-config Save the settings in the configuration file. The following example shows how to globally - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 647
the time interval that the switch waits for the server to reply before resending. The valid values are from 1 to 9 seconds and the default setting is 5 seconds. retransmit of another switch. The key or encrypted-key you configure here will be displayed in the encrypted form. Configuration Guide 620 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 648
of RADIUS server. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to add a RADIUS server on the switch. Set the IP address of the server as 192.168.0.10, the authentication port as 1812, the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 649
of TACACS+ server. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to add a TACACS+server on the switch. Set the IP address of the server as 192.168.0.20, the authentication port as 49, the shared - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 650
Server Groups The switch has two . Step 6 copy running-config startup-config Save the settings in the configuration file. The following example shows how to Switch#configure Switch(config)#aaa group radius RADIUS1 Switch(aaa-group)#server 192.168.0.10 Switch(aaa-group)#server 192.168.0.20 Switch( - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 651
switch supports Login Method List for users of all types to gain access to the switch -config startup-config Save the settings in the configuration file. The Switch#configure Switch(config)##aaa authentication login Login1 radius local Switch(config)#show aaa authentication login Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 652
radius server group and the method 2 as local. Switch#configure Switch(config)##aaa authentication enable Enable1 radius local Switch(config)#show aaa authentication enable Methodlist pri1 pri2 pri3 pri4 console input is only active on one console port at a time. Configuration Guide 625 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 653
config Save the settings in the Switch(config-line)#show aaa global ...... Module Login List Enable List Console Login1 Enable1 Telnet default default Ssh default default Http default default Switch(config-line)#end Switch#copy running-config startup-config Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 654
Switch(config)#line telnet Switch(config-line)#login authentication Login1 Switch(config-line)#enable authentication Enable1 Switch(config-line)#show aaa global ...... Module Login List Enable List Console default default Telnet Login1 Enable1 Ssh default default Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 655
default Switch(config-line)#end Switch#copy copy running-config startup-config Save the settings in the configuration file. The following example Switch#configure Switch(config)#line ssh Switch(config-line)#login authentication Login1 Switch(config-line)#enable authentication Enable1 Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 656
default default Switch(config-line)#end Switch#copy running 6 copy running-config startup-config Save the settings in the configuration file. The following example Switch#configure Switch(config)#ip http login authentication Login1 Switch(config)#ip http enable authentication Enable1 Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 657
Switch(config)#end Switch switch or centrally on the RADIUS/TACACS+ server(s). On the Switch -password } Set the Enable configuration file of another switch. The key or | 5 encrypted-password } Set the Enable password. This command switch's configuration file. end Return to privileged EXEC mode - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 658
can be customized. For Enable password configuration: On RADIUS server, the user name should be set as $enable$, and the Enable password is customizable. All the users trying to get administrative privileges the command enable-admin and providing the Enable password. Configuration Guide 631 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 659
be prevented from ARP attacks. Figure 9-1 Network Topology Legal DHCP Server Gi1/0/4 Switch A Gi1/0/1 Gi1/0/2 Gi1/0/5 Gi1/0/3 Attacker/Illegal DHCP Server User 1 of configuration is as follows: 1) Configure DHCP Snooping on Switch A. Set port 1/0/4 that is connected to the legal DHCP server - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 660
need to manually bind the entry for User 3. 3) Enable ARP Detection on Switch A to prevent ARP cheating attacks. 4) Configure ARP Defend on Switch A to limit the speed of receiving the legal ARP packets on each port, thus to prevent ARP flooding attacks. Demonstrated with T2500G-10MPS, the following - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 661
Examples 3) Choose the menu Network Security > IP-MAC Binding > Manual Binding to load the following page. Enter the host name select port 1/0/3 on the panel. Click Bind. Figure 9-4 Manual Binding 4) Choose the menu Network Security > IP-MAC Binding > Binding Table to load the following page. Select - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 662
Configuring Network Security Figure 9-5 Binding Table Configuration Examples 5) Choose the menu Network Security > ARP Inspection > ARP Detect to load the following page. Enable ARP Detection and set ports 1/0/4 as trusted port. Click Apply. Figure 9-6 ARP Detect 6) Choose the menu Network - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 663
3) Manually bind the entry for User 3. Switch_A(config)#ip source binding User3 192.168.0.33 88:a9:d4:54:fd:c3 vlan 1 interface gigabitEthernet 1/0/3 arp-detection 4) Enable ARP Detection globally and set port Snooping: Switch_A#show ip dhcp snooping Global Status: Enable Configuration Guide 636 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 664
Enable 0 0 N/A Gi1/0/4 Enable Enable 0 0 N/A ...... Verify the IP-MAC Binding entries: Switch_A#show ip source binding U No. Host IP-Addr MAC-Addr VID -------- --- 1 1 User1 192.168.0.20 NO Gi1/0/4 YES ...... Verify the configuration of ARP Defend: Configuration Guide 637 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 665
802.1X authentication, configure the control mode as auto, and set the control type as MAC based. Enable 802.1X Switch A acts as the authenticator. Port 1/0/1 is connected to the client, port 1/0/2 is connected to the RADIUS server, and port 1/0/3 is connected to the Internet. Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 666
Configuring Network Security Figure 9-8 Network Topology Internet Switch A Authenticator Gi1/0/3 Gi1/0/2 Gi1/0/1 Configuration Examples RADIUS Server 192.168.0.10/24 Auth Port:1812 Client Client Client Demonstrated with T2500G-10MPS acting as the authenticator, the following sections - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 667
the Authentication Dot1x Method List section, select radius1 as the radius server group for authentication, and click Apply. Figure 9-13 Configure Authentication RADIUS Server Configuration Guide 640 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 668
EAP. Enable the Quiet feature and then keep the default authentication settings. Figure 9-14 Global Config 7) Choose the menu Network Security > the following page. For port 1/0/1, enable 802.1X authentication, set the Control Mode as auto and set the Control Type as MAC Based; For port 1/0/2 and - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 669
on port 1/0/2 and port 1/0/3. Enable 802.1X authentication on port 1/0/1, set the control mode as auto, and set the control type as MAC based. Switch_A(config)#interface gigabitEthernet 1/0/2 Switch_A(config (config-if)#dot1x port-control auto Switch_A(config-if)#exit Configuration Guide 642 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 670
of RADIUS : Switch_A#show aaa global AAA global status: Enable Module Login List Enable List Console default default Telnet default default Ssh default default Configuration Guide 643 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 671
Network Requirements As shown below, the switch needs to be managed remotely via Telnet Figure 9-16 Network Topology Administrator Management Network Switch RADIUS Server 1 192.168.0.10/24 Auth servers, and configure the AAA feature on the switch. The IP addresses of the two RADIUS servers are - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 672
switch. 2) Create a new RADIUS server group and add the two servers to the group. Make sure that RADIUS Server 1 is the first server for authentication. 3) Configure the method list. 4) Configure the AAA application list. Demonstrated with T2500G-10MPS Server 1 on the switch. Figure 9-18 Add RADIUS - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 673
Server 1 to the group. Then select 192.168.0.20 from the drop-down list, and click Add to add RADIUS Server 2 to the group. Configuration Guide 646 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 674
Method-Login, select the List Type as Authentication Login, and select the Pri1 as RADIUS1. Click Add to set the method list for the Login authentication. Figure 9-22 Configure Login Method List 7) On the same page, Login and Enable List as Method-Enable. Then click Apply. Configuration Guide 647 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 675
AAA Application List Configuration Examples 9) Click Save Config to save the settings. 9.3.4 Using the CLI 1) Enable AAA globally. Switch#configure Switch(config)#aaa enable 2) Add RADIUS Server 1 and RADIUS Server 2 on the switch. Switch(config)#radius-server host 192.168.0.10 auth-port 1812 key - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 676
configuration of the RADIUS servers: Switch#show radius-server Server Ip of server group RADIUS1: Switch#show aaa group RADIUS1 192.168.0.10 192.168 of the method lists: Switch#show aaa authentication Authentication Login list: Switch#show aaa global AAA global status: - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 677
Configuring Network Security Module Console Telnet Ssh Http Login List Enable List default default Method-Login Method-Enable default default default default Configuration Examples Configuration Guide 650 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 678
Network Security Appendix: Default Parameters 10 Appendix: Default Parameters Default settings of Network Security are listed in the following tables. Table 10-1 IP-MAC Binding Parameter Default Setting Protect Type For Manual Binding: None For ARP Scanning: None For DHCP Snooping: All Table - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 679
Table 10-5 802.1X Parameter Global Config 802.1X Authentication Auth Method Handshake Guest VLAN Accounting Quiet Feature Quiet Feature Quiet Period Retry Times Default Setting Disable EAP Enable Disable Disable Disable 10 seconds 3 Appendix: Default Parameters Configuration Guide 652 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 680
Configuring Network Security Parameter Default Setting Supplicant Timeout 3 seconds Port Config 802.1X List List Name: default Pri1:radius Table 10-6 PPPoE ID-Insertion Parameter Default Setting Global Config PPPoE ID-Insertion Disable Port Config Circuit-ID Disable Circuit-ID Type - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 681
Configuring Network Security Parameter Defualt Setting RADIUS Config Server IP None Shared Key None Auth Port 1812 Acct Port 1813 Retransmit 2 Timeout 5 : default Enable List: default Login List: default ssh Enable List: default Appendix: Default Parameters Configuration Guide 654 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 682
Configuring Network Security Parameter http Defualt Setting Login List: default Enable List: default Appendix: Default Parameters Configuration Guide 655 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 683
Part 22 Configuring LLDP CHAPTERS 1. LLDP 2. LLDP Configurations 3. LLDP-MED Configurations 4. Viewing LLDP Settings 5. Viewing LLDP-MED Settings 6. Configuration Example 7. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 684
Features The switch supports LLDP and LLDP-MED. LLDP allows the local device to encapsulate its management address, device ID, interface ID and other information into a LLDPDU (Link Layer Discovery Protocol Data Unit) and periodically advertise this LLDPDU to its neighbor devices on the network - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 685
Configuring LLDP LLDP Configurations 2 LLDP Configurations With LLDP configurations, you can: 1) Enable the LLDP feature on the switch. 2) (Optional) Configure the LLDP feature globally. 3) (Optional) Configure the LLDP feature for the interface. 2.1 Using the GUI 2.1.1 Global Config Choose the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 686
quickly discovered by its neighbors. After the specified number of LLDP packets are sent, the Transmit Interval will be restored to the specified value. Configuration Guide 659 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 687
to configure the LLDP feature for the interface. 1) Select the desired port and set its Admin Status and Notification Mode. Admin Status Set Admin Status for the port to deal with LLDP packets. Tx&Rx: The Length/Value) included in the LLDP packets according to your needs. Configuration Guide 660 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 688
link initiation or of manual set override action. FS: Used to advertise the maximum frame size capability of the implemented MAC and PHY. PW: Used to advertise the port's PoE (Power over Ethernet) support capabilities. 2.2 Using the CLI 2.2.1 Global Config Enable the LLDP feature on the switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 689
Privileged EXEC Mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to configure -iInterval=5 seconds, fast-count=3. Switch#configure Switch(config)#lldp Switch(config)#lldp hold-multiplier 4 Switch(config)#lldp timer tx-interval 30 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 690
-MED Fast Start Repeat Count: 4 Switch(config)#end Switch#copy running-config startup-config 2.2.2 Port Config Select the desired port and set its Admin Status, Notification Mode and EXEC Mode. copy running-config startup-config Save the settings in the configuration file. Configuration Guide 663 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 691
Yes System-Description Yes System-Name Yes Management-Address Yes Port-VLAN-ID Yes Protocol-VLAN-ID Yes VLAN-Name Yes Link-Aggregation Yes MAC-Physic Yes Max-Frame-Size Yes Power Yes Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide 664 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 692
you also need configure the Voice VLAN feature. Refer to Configuring Voice VLAN for detailed instructions. 3.1 Using the GUI 3.1.1 Global Config Choose the LLDP > LLDP-MED> Global Network Connectivity Device and Endpoint Device. The switch is a Network Connectivity device. Configuration Guide 665 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 693
outgoing LLDP packets. If Location Identification is selected, you need configure the Emergency Number or select Civic Address to configure the details. Click Apply. Configuration Guide 666 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 694
Endpoint devices and Network Connectivity devices. Used to advertise the inventory information. The Inventory TLV set contains seven basic Inventory management TLVs, that is, Hardware Revision TLV, Firmware Revision TLV, Software Revision TLV, Serial Number TLV, Manufacturer Name TLV, Model Name TLV - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 695
local device, DHCP Server, Switch or LLDP-MED Endpoint. LLDP feature on the switch. lldp med-fast-count settings in the configuration file. The following example shows how to configure LLDP-MED fast count as 4: Switch#configure Switch(config)#lldp Switch(config)#lldp med-fast-count 4 Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 696
: 5 seconds Fast-packet Count: 3 LLDP-MED Fast Start Repeat Count: 4 Switch(config)#end Switch#copy running-config startup-config 3.2.2 Port Config Select the desired port, enable LLDP- | ten-gigabitEthernet port } Display LLDP configuration of the corresponding port. Configuration Guide 669 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 697
-config Save the settings in the configuration Switch(config)#lldp Switch(config)#lldp med-fast-count 4 Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#lldp med-status Switch(config-if)#lldp med-tlv-select all Switch Link-Aggregation Yes MAC-Physic Yes Max-Frame-Size - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 698
Configuring LLDP LLDP-MED Status: Enabled TLV Status --- ------ Network Policy Yes Location Identification Yes Extended Power Via MDI Yes Inventory Management Yes Switch(config)#end Switch#copy running-config startup-config LLDP-MED Configurations Configuration Guide 671 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 699
steps to view the local information: 1) In the Auto Refresh section, enable the Auto Refresh feature and set the Refresh Rate according to your needs. Click Apply. 2) In the Local Info section, select the desired ID type. Chassis ID Displays the value of the Chassis ID. Configuration Guide 672 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 700
Configuring LLDP Viewing LLDP Settings Port ID Subtype Displays the system description of the local device. System Capabilities Supported Displays the supported capabilities of the local system. System Capabilities Enabled these steps to view the neighbor information: Configuration Guide 673 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 701
1) In the Auto Refresh section, enable the Auto Refresh feature and set the Refresh Rate according to your needs. Click Apply. 2) In the Local Info section, select the Info to load the following page. Figure 4-3 Static Info Follow these steps to view LLDP statistics: Configuration Guide 674 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 702
1) In the Auto Refresh section, enable the Auto Refresh feature and set the Refresh Rate according to your needs. Click Apply. 2) In the Global Statistics section, view ten gigabitEthernet port } Display the information of the neighbor device which is connected to the port. Configuration Guide 675 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 703
Configuring LLDP Viewing LLDP Settings Viewing LLDP Statistics show lldp traffic interface { fastEthernet port | gigabitEthernet port | tengigabitEthernet port } View the statistics of the corresponding port on the local device. Configuration Guide 676 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 704
-MED Settings Follow these steps to view LLDP-MED local information: 1) In the Auto Refresh section, enable the Auto Refresh feature and set the Refresh Rate according to your needs. Click Apply. 2) In the LLDP-MED Local Info section, select the desired port and view the LLDP-MED settings - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 705
Settings Application Type Displays the supported applications of the local device. Unknown Policy Flag Displays the unknown location settings information: 1) In the Auto Refresh section, enable the Auto Refresh feature and set the Refresh Rate according to your needs. Click Apply. 2) In the LLDP - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 706
Configuring LLDP Viewing LLDP-MED Settings Application Type Location Data Format Power Type Information Displays the application type of the interface { fastEthernet port | gigabitEthernet port | tengigabitEthernet port } View the statistics of the corresponding port. Configuration Guide 679 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 707
the devices in the company network to know about the link situation and network topology so that he can troubleshoot the potential network faults in advance. 6.1.2 Network Topology and configure the related parameters. Here we take the default settings as an example. Configuration Guide 680 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 708
Example 2) Choose the menu LLDP > Basic Config > Port Config to load the following page. Set the Admin Status of port Gi1/0/1 to Tx&Rx, enable Notification Mode and configure all the and configure the corresponding parameters. Switch_A#configure Switch_A(config)#lldp Configuration Guide 681 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 709
2 reinit-delay 3 notify-interval 5 fastcount 3 2) Set the Admin Status of port Gi1/0/1 to Tx&Rx, startup-config Verify the Configurations View LLDP settings globally Switch_A#show lldp LLDP Status: Enabled Start Repeat Count: 4 View LLDP settings on each port Switch_A#show lldp interface - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 710
Management-Address Yes Port-VLAN-ID Yes Protocol-VLAN-ID Yes VLAN-Name Yes Link-Aggregation Yes MAC-Physic Yes Max-Frame-Size Yes Power Yes LLDP-MED Status: : Interface name Port ID: GigabitEthernet1/0/1 Port description: GigabitEthernet1/0/1 Interface Configuration Guide 683 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 711
T2500G-10MPS System description: JetStream 24-Port Gigabit L2 Managed Switch with 4 SFP Slots System capabilities supported Port and protocol VLAN supported: Yes Port and supported: Yes Auto-negotiation enabled: Yes OperMau: speed(1000)/duplex(Full) Link aggregation supported: Yes Link - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 712
Switch - Country Code: CN Hardware Revision: T2500G-10MPS 2.0 Firmware Revision: Reserved Software Revision: 2.0.0 Build 20160905 Rel.74744(s) Serial Number: Reserved Manufacturer Name: TP-Link Model Name: T2500G-10MPS GigabitEthernet1/0/2 Interface TTL: 120 Configuration Guide 685 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 713
Configuring LLDP Configuration Example System name: T1600G-52PS System description: JetStream 48-Port Gigabit Smart PoE Switch with 4 SFP Slots System capabilities supported: Bridge Router System capabilities enabled: Bridge Router Management address type: ipv4 Management address: 192. - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 714
the switch, connect the IP the switch. the switch. Voice VLAN for detailed instructions. 6.2.3 Network switch. Port Gi1/0/2 on the switch is connect Switch A Voice Gateway To ensure the voice traffic can be preferentially treated, configure the corresponding settings on each device in the link - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 715
QoS > Voice VLAN > Global Config, enable Voice VLAN and set the VLAN ID to 10. Figure 6-6 Configuring Voice VLAN Globally Choose the menu QoS > Voice VLAN > Port Config, set the Voice VLAN mode on Gi1/0/1 and Gi1/0/2 as Auto and Manual respectively. Figure 6-7 Configuring Voice VLAN Mode on Port - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 716
VLAN. Figure 6-9 Adding Port 1/0/2 to the Voice VLAN 3) Choose the LLDP > Basic Config > Global Config to load the following page and enable LLDP globally. Configuration Guide 689 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 717
packets. Figure 6-13 LLDP-MED Port Config-Detail In the Location Identification Parameters section, configure the detailed address of the IP phone. Click Apply. Configuration Guide 690 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 718
. Switch_A(config)#interface gigabitEthernet 1/0/1 Switch_A(config-if)#switchport voice vlan mode auto Switch_A(config-if)#exit 3) Configure the Voice VLAN mode on port Gi1/0/2 as Manual and add port Gi1/0/2 to Voice VLAN. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 719
config-if)#switchport voice vlan mode manual Switch_A(config-if)#switchport general allowed V6A 1P9 Verify the Configurations View global LLDP-MED settings: Switch_A#show lldp LLDP Status: Enabled Tx Start Repeat Count: 4 View LLDP-MED settings on each port: Switch_A#show lldp interface - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 720
System-Name Yes Management-Address Yes Port-VLAN-ID Yes Protocol-VLAN-ID Yes VLAN-Name Yes Link-Aggregation Yes MAC-Physic Yes Max-Frame-Size Yes Power Yes LLDP-MED Status: Enabled TLV address Chassis ID: 00:0A:EB:13:23:97 Port ID type: Interface name Configuration Guide 693 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 721
Switch System description: JetStream 24-Port Gigabit L2 Managed Switch with 4 SFP Slots System capabilities supported Port and protocol VLAN supported: Yes Port and protocol supported: Yes Auto-negotiation enabled: Yes OperMau: speed(100)/duplex(Full) Link aggregation supported: Yes Link - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 722
No.5 - Postal/Zip Code: 518057 Hardware Revision: T2500G-10MPS 2.0 Firmware Revision: Reserved Software Revision: 1.0.1 Build 20151216 Rel.65850(s) Serial Number: Reserved Manufacturer Name: TP-Link Model Name: T2500G-10MPS 2.0 Asset ID: unknown View the neighbor information - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 723
VLAN enabled: Protocol identity: Auto-negotiation supported: Yes Auto-negotiation enabled: Yes OperMau: speed(100)/duplex(Full) Link aggregation supported: Link aggregation enabled: Aggregation port ID: Power port class: PSE power supported: PSE power enabled: Configuration Guide 696 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 724
Priority: DSCP: Power Type: Power Source: Power Priority: Power Value: Hardware Revision: Firmware Revision: Software Revision: Serial Number: Manufacturer Name: Capabilities Network Policy Extended Power via tnp31.3-2-0-11.bin term31.default FCH1537A2JV Cisco Systems, Inc. Configuration Guide 697 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 725
LLDP Settings on the Port Parameter Admin Status Notification Mode Included TLVs Default Setting Tx&Rx Disable All Default LLDP-MED Settings Table 7-3 Default LLDP-MED Settings Parameter Fast Start Count LLDP-MED Status Included TLVs Default Setting 4 Disable All Configuration Guide 698 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 726
Part 23 Configuring Maintenance CHAPTERS 1. Maintenance 2. Monitoring the System 3. System Log Configurations 4. Diagnosing the Device 5. Diagnosing the Network 6. DLDP Configuration 7. Configuration Example for Remote Log 8. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 727
assembles various system tools for network troubleshooting. 1.2 Supported Features The maintenance module includes system monitor, log, device diagnose, network diagnose and DLDP. System Monitor You can monitor the memory and the CPU utilizations of the switch. Log You can check system messages - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 728
malfunctions. For example, the switch fails to respond to management requests. In similar situations, you can monitor the system to verify a CPU or memory utilization problem. 2.1 Using the GUI 2.1.1 Monitoring the CPU Choose the menu Maintenance > System Monitor > CPU Monitor to load the following - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 729
Configuring Maintenance Monitoring the System Click Monitor to enable the switch to monitor and display its CPU utilization rate every four page. Figure 2-2 Monitoing the Memory Click Monitor to enable the switch to monitor and display its memory utilization rate every four seconds. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 730
the memory utilization of the switch in the last 5 seconds, 1minute and 5minutes. The following example shows how to monitor the CPU: Switch#show cpu-utilization Unit | memory-utilization View the memory utilization of the switch in the last 5 seconds, 1minute and 5minutes. The following example shows - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 731
into the following eight levels. Messages of levels 0 to 4 mean the functionality of the switch is affected. Please take actions according to the log message. Table 3-1 Levels of Logs Severity applied to a port. The display command is used. General operational information. Configuration Guide 704 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 732
buffer is displayed on the Maintenance > Log> Log Table page. It will be lost when the switch is restarted. Log File indicates the flash sector for saving system log. The information in the log file will , you can modify the log synchronization frequency using the CLI. Configuration Guide 705 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 733
steps to configure remote log: 1) Select an entry to enable the status, and then set the host IP address and severity. Host IP UDP Port Severity Status 2) Click Apply. a file on your computer. If the switch system breaks down, you can check the file for troubleshooting. Configuration Guide 706 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 734
same or smaller. 3.2 Using the CLI 3.2.1 Configuring the Local Log Follow these steps to configure the local log: Step 1 configure Enter global configuration mode. Configuration Guide 707 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 735
switch stores the system log messages to the RAM. And the information will be lost when the switch the switch. The information in the flash will not be lost after the switch is the settings in the configuration file. The following example shows how to configure the local log on the switch. - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 736
other devices. You can remotely monitor the settings and operation status of other devices through the log host. idx: Enter the index of the log host. The switch supports 4 log hosts at most. host- running-config startup-config Save the settings in the configuration file. Configuration Guide 709 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 737
The following example shows how to set the remote log on the switch. Enable log host 2, set its IP address as 192.168.0.148, and allow logs of levels 0 to 5 to be sent to the host: Switch#configure Switch(config)# logging host index 2 192.168.0.148 5 Switch(config)# show logging loghost Index - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 738
the port for cable testing. The interval between two cable tests for one port must be more than 3 seconds. Pair Displays the Pair number. Configuration Guide 711 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 739
here displays the length from the port to the trouble spot. The value makes sense only when the cable that is connected to the switch. show cable-diagnostics interface gigabitEthernet port check the cable diagnostics of port 1/0/2: Switch#show cable-diagnostics interface gigabitEhternet 1/0/2 Port - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 740
5-1 Configuring the Ping Test Follow these steps to test the connectivity between the switch and another device in the network: 1) In the Ping Config section, enter the IP address of the destination device for Ping test, set Ping times, data size and interval according to your needs, and then click - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 741
: 1) In the Tracert Config section, enter the IP address of the destination, set the max hop, and then click Tracert to start the test. Destination IP Enter the IP address of the destination device. Both IPv4 and IPv6 are supported. Max Hop Specify the maximum number of the route hops the test - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 742
ip/ipv6 is not selected, both IPv4 and IPv6 addresses are supported, such as 192.168.0.100 or fe80::1234. -n count: following example shows how to test the connectivity between the switch and the destination device with the IP address 192.168.0. Maximum = 0ms , Average = 0ms Configuration Guide 715 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 743
to test the connectivity between the switch and routers along the path from the selected, both IPv4 and IPv6 addresses are supported, such as 192.168.0.100 or fe80 connectivity between the switch and the network device with the IP address 192.168.0.100. Set the maxhops as 2: Switch#tracert 192.168.0. - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 744
globally. Adver Interval Configure the interval to send advertisement packets. The valid values are from 1 to 30 seconds, and the default value is 5 seconds. Configuration Guide 717 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 745
traps and shut down the port, and the DLDP link state will transit to Disable. Manual: When an unidirectional link is detected on a port, DLDP will generate logs and traps, and then the users can manually shut down the unidirectional link ports. Enable or disable the web automatic refresh function - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 746
manual } Configure the DLDP shutdown mode when a unidirectional link is detected. auto: The switch automatically shuts down ports when a unidirectional link is detected. It is the default setting. manual: The switch displays an alert when a unidirectional link config Save the settings in the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 747
Switch(config-if)#show dldp interface Port DLDP State Protocol State Link State Neighbor State ---- ---------- Gi1/0/1 Enable Inactive Link-Down N/A Gi1/0/2 Disable Initial Link-Down N/A ... Switch(config-if)#end Switch#copy running-config startup-config Configuration Guide - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 748
network of department A for troubleshooting. Figure 7-1 Network Topology Department A Switch IP: 1.1.0.2/16 PC IP: switch and the PC are reachable to each other; configure a log server that complies with the syslog standard on the PC and set the PC as the log host. Demonstrated with T2500G-10MPS - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 749
)#end Switch#copy running-config startup-config Verify the Configurations Switch# show logging loghost Index Host-IP Severity Status 1 1.1.0.1 5 enable 2 0.0.0.0 6 disable 3 0.0.0.0 6 disable 4 0.0.0.0 6 disable Configuration Example for Remote Log Configuration Guide 722 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 750
.168.0.1 Ping Times 4 Data Size 64 bytes Interval 1000 milliseconds Table 8-4 Default Settings of Tracert Config Parameter Default Setting Destination IP 192.168.0.100 Max Hop 4 hops Table 8-5 Default Settings of DLDP Parameter Default Setting Global Config Configuration Guide 723 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 751
Configuring Maintenance Parameter DLDP State Adver Interval Shut Mode Web Refresh State Web Refresh Interval Port Config DLDP State Default Setting Disable 5 seconds Auto Disable 5 seconds Disable Appendix: Default Parameters Configuration Guide 724 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 752
Part 24 Configuring SNMP & RMON CHAPTERS 1. SNMP Overview 2. SNMP Configurations 3. Notification Configurations 4. RMON Overview 5. RMON Configurations 6. Configuration Example 7. Appendix: Default Parameters - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 753
troubleshoot according to notifications sent by those devices in a timely manner. The device supports three SNMP versions: SNMPv1, SNMPv2c and SNMPv3.Table 1-1 lists features supported good security (such as VPNs), but with busy services in which the traffic congestion may occur. You can Guide 726 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 754
2 SNMP Configurations To complete the SNMP configuration, choose an SNMP version according to network requirements and supportability of the NMS software, and then follow these steps: Choose SNMPv3 1) Enable SNMP. 2) Read/Write View is the same for the user and the group. Configuration Guide 727 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 755
local engine ID. Click Apply. Local Engine ID Set the ID of the local SNMP Agent with 10 switch. 3) In the Remote Engine section, configure the remote engine ID. Click Apply. Remote Engine ID Set the remote device thats receives inform messages from Switch. Note: The engine ID must contain an - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 756
a specific function of the device. For specific ID rules, refer to the device related MIBs. View Type Set the view to include or exclude the related MIB object. By default, it is included. Include: The NMS SNMP Group Create an SNMP group and configure related parameters. Configuration Guide 729 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 757
to create an SNMP Group: 1) Set the group name and security model. If to further configure security level. Group Name Set the SNMP group name. You may enter is used for authentication. Security Level Set the security level which for the SNMPv3 Set the read, write and notify view of - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 758
the group which the user belongs to. Set the security model according to the related to configure the security level. User Name Set the SNMP user name. You may use is the SNMP Agent of the switch. Remote User: The user resides on a this user type, you need to set the remote engine ID first. - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 759
is SNMPv1. The setting should be identical SNMPv3. Security Level Set the security level security level, you need to set corresponding Auth Mode or Privacy Mode security level, you need to set Auth Mode, which is None Password Set the password for privacy. Privacy Password Set the password for encryption - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 760
to load the following page. Figure 2-5 SNMP Community Set the community name, access rights and the related view. Click Create. Community Name Set the community name with 1 to 16 characters. For Step 2 configure Enter global configuration mode. snmp-server Enabling SNMP. Configuration Guide 733 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 761
in the configuration file. The following example shows how to enable SNMP and set 123456789a as the remote engine ID: Switch#configure Switch(config)#snmp-server Switch(config)#snmp-server engineID remote 123456789a Switch(config)#show snmp-server 0 SNMP agent is enabled. 0 SNMP packets input 0 Bad - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 762
next PDUs 0 Set-request PDUs 0 SNMP packets output 0 Too big errors(Maximum packet size 1500) 0 No such name errors 0 Bad value errors 0 General errors 0 Response PDUs 0 Trap PDUs Switch(config)#show snmp Displays the view table. Step 4 end Return to Privileged EXEC Mode. Configuration Guide 735 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 763
in the configuration file. The following example shows how to set a view to allow the NMS to manage all function. Name the view as View: Switch#configure Switch(config)#snmp-server view View 1 include Switch(config)#show snmp-server view No. View Name Type MOID 1 viewDefault include - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 764
. Name the group as nmsmonitor, enable Auth Mode and Privacy Mode, and set the view as read View and notify View: Switch#configure Switch(config)#snmp-server group nms-monitor smode v3 slev authPriv read View notify View Switch(config)#show snmp-server group No. Name Sec-Mode Sec-Lev Read-View - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 765
users. end Return to privileged EXEC mode. copy running-config startup-config Save the settings in the configuration file. The following example shows how to create an SNMP user on the switch. Name the user as admin, and set the user as a remote user, SNMPv3 as the security mode, authPriv as the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 766
the privacy password: Switch#configure Switch(config)#snmp-server user SHA cpwd 1234 emode DES epwd 1234 Switch(config)#show snmp-server user No. authPriv SHA DES Switch(config)#end Switch#copy running-config startup settings in the configuration file. The following example shows how to set - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 767
SNMP & RMON SNMP Configurations Switch(config)#snmp-server community nms-monitor read-write View Switch(config)#show snmp-server community Index Name Type MIB-View 1 nms-monitor read-write View Switch(config)#end Switch#copy running-config startup-config Configuration Guide 740 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 768
Configuration Guidelines To guarantee the communication between the switch and the NMS, ensure the switch and the NMS are able to reach one another. network environment. IP Address If you set the IP Mode to IPv4, specify an IPv4 address for the host. If you set the IP Mode to IPv6, Guide 741 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 769
on the settings of the be consistent with settings of the user . The setting should be switch. Thus the switch cannot determine whether the trap is received or not, and the trap that is not received will not be resent. Inform: Set the switch Set the retry times for Informs; the default is 3. The switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 770
. And it will stop sending Inform message when the retry times reaches the limit. timeout: Set the length of time that the switch waits for a response. The range is 1 to 3600 seconds; the default is 100 seconds. The switch will resend the Inform message if it does not receive a response from the NMS - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 771
settings in the configuration file. The following example shows how to set timeout 100 Switch(config)#show Switch(config)#end Switch supported on the switch. linkup: When a port status changes from linkdown to linkup, the switch linkup to linkdown, the switch sends a linkdown trap. on the switch is - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 772
settings in the configuration file. The following example shows how to configure the switch to send linkup traps: Switch#configure Switch(config)#snmp-server traps snmp linkup Switch(config)#end Switch ] Configure parameters of PoE traps supported on the switch. over-max-pwr-budget: Enable Guide 745 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 773
loopback-detection | storm-control | spanning-tree | memory } Configure parameters of extended traps supported on the switch. bandwidth-control: The trap is used to monitor whether the bandwidth has reached the limit that you have set. The trap is disabled by default. The trap can be triggered when - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 774
3 end Return to privileged EXEC mode. Step 4 copy running-config startup-config Save the settings in the configuration file. The following example shows how to configure the switch to enable all the SNMP DDM trap: Switch#configure Switch(config)#snmp-server traps DDM Configuration Guide 747 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 775
-config Save the settings in the configuration file. The following example shows how to configure the switch to enable link-status trap: Switch#configure Switch(config)#interface gigabitEthernet 1/0/1 Switch(config-if)#snmp-server traps link-status Switch(config-if)#end Switch#copy running-config - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 776
that runs the management software to manage Agents of network devices. And the Agent is usually a switch or router that collects traffic statistics (such as total packets on a network segment during a certain the following four groups: statistics, history, event and alarm. Configuration Guide 749 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 777
SNMP Notification before RMON configurations. 5.1 Using the GUI 5.1.1 Configuring Statistics Choose the menu SNMP > RMON > Statistics to load the following page. Figure 5-1 Statistics Config Configuration Guide 750 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 778
monitored, and the owner name of the entry. Set the entry as valid or underCreation, and click Create the owner name of the entry with1 to 16 characters. Status Set the entry as valid or underCreation. By default, it is valid Set the sample interval and the maximum buckets of history - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 779
switch collects packet information and generates a record in every interval. Max Buckets Set the owner name, and set the status of the entry an event entry, and set the SNMP User of the set in SNMP previously. By default, it is public. 2) Set the description and type of the event. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 780
notifications. Notify: The switch initiates notifications to the NMS. Log&Notify: The switch records the event in the log and sends notifications to the NMS. 3) Enter the owner name, and set the status of the of alarm entries. There are 12 alarm entries all together. Configuration Guide 753 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 781
. Statistics Associate the alarm entry with a statistics entry. Then the switch monitors the specified variable of the statistics entry. 2) Set the sample type, the rising and falling threshold, the corresponding event when the sampled value is below the preset threshold. Configuration Guide 754 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 782
threshold or is below the falling threshold. 3) Enter the owner name, and set the status of the entry. Click Apply. Owner Enter the owner name the format of 1-3 or 5. port: Enter the port number in 1/0/1 format to bind it to the entry. owner-name: Enter the owner name of the entry with Guide 755 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 783
settings in the configuration file. The following example shows how to create two statistics entries on the switch Switch(config)#end Switch number in 1/0/1 format to bind it to the entry. seconds: Set the sample interval. The default name is monitor. number: Set the maximum number of records for - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 784
Save the settings in the configuration file. The following example shows how to create a history entry on the switch to monitor port 1/0/1. Set the sample interval as 100 seconds, max buckets as 50, and the owner as monitor: Switch#configure Switch - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 785
following example shows how to create an event entry on the switch. Set the user name as admin, the event type as Notify (set the switch to initiate notifications to the NMS), and the owner as monitor: Switch#configure Switch(config)#rmon event 1 user admin description rising-notify type notify - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 786
1-3 or 5. sindex: Set the index of the switch will monitor the specified variable in sample intervals and act in the set switch compares the sampling value against the preset threshold; in the delta mode, the switch 12 to bind it to to 12 to bind it to the Set the sampling interval. The - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 787
Save the settings in the configuration file. The following example shows how to set an alarm entry to monitor BPackets on the switch. Set the related Statistics startup: All Interval: 10 Owner: monitor Switch(config)#end Switch#copy running-config startup-config Configuration Guide 760 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 788
of TP-Link switches has sample interval, the switch should notify the NMS switch should record but not notify the NMS when the number of packets transmitted and received is below the threshold. 6.2 Configuration Scheme 1) Set Packets), set the rising threshold and falling threshold, and bind the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 789
another. Figure 6-1 Network Topology Gi1/0/1 Switch A Gi1/0/2 Gi1/0/3 Switch B NMS IP: 172.168.1.222 Demonstrated with T2500G-10MPS, this chapter provides configuration procedures in two load the following page. Enable SNMP, and set the Remote Engine ID as 123456789a. Click Apply. Configuration - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 790
> SNMP View to load the following page. Name the SNMP view as View, set MIB Object ID as 1 (which means all functions), and set the view type as Include. Click Create. Figure 6-3 SNMP View Configuration 3) Choose SNMP and add View to Read View and Notify View. Click Create. Configuration Guide 763 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 791
the NMS, set the user type as Remote User and specify the group name. Set the Security DES privacy algorithm, and set corresponding passwords. Click Create. host for transmitting notifications. Set the User, Security Model and Security Save Config to save the settings. Enabling Bandwith-control Trap - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 792
SNMP & RMON Configuration Example Switch(config)#snmp-server traps bandwidth-control trap. Enable Bandwitch-control Configuring RMON 1) Choose SNMP > RMON > Statistics to load the following page. Create two entries and bind them to ports 1/0/1 and 1/0/2 respectively. Set the owner of the - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 793
SNMP > RMON > Event to load the following page. Configure entries 1 and 2. For entry 1, set the SNMP user name as admin, type as Notify, description as "rising notify", owner as monitor, and interval as 10 seconds, the owner name as monitor. For entry 2, set the associated Configuration Guide 766 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 794
5) Click Save Config to save settings. 6.5 Using the CLI Configuring Switch#configure Switch(config)#snmp-server Switch(config)#snmp-server engineID remote 123456789a 2) Create a view with the name View; set Privacy Mode, and set the view as read View and notify view. Switch(config)#snmp-server - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 795
1/0/2 owner monitor status valid 2) Create two history entries and bind them to ports 1/0/1 and 1/0/2 respectively. Set the sample interval as 100 seconds, max buckets as 50, and the owner as monitor. Switch(config)#rmon history 1 interface gigabitEthernet 1/0/1 interval 100 owner monitor - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 796
Example Switch( the Configurations Verify global SNMP configurations: Switch(config)#show snmp-server SNMP agent is 0 Get-request PDUs 0 Get-next PDUs 0 Set-request PDUs 0 SNMP packets output 0 Too big errors Verify SNMP engine ID: Switch(config)#show snmp-server engineID Local engine ID - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 797
view configurations: Switch(config)#show SNMP group configurations: Switch(config)#show snmp- authPriv View View Verify SNMP user configurations: Switch(config)#show snmp-server user No. U-Name authPriv SHA DES Verify SNMP host configurations: Switch(config)#show snmp-server host No. Des- - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 798
monitor Enable 2 Gi1/0/2 100 50 monitor Enable Verify RMON event configurations: Switch(config)#show rmon event Index User Description Type -------- 1 admin rising-notify Index-State: 2-Enabled Owner ---------monitor monitor State ---------Enable Enable Configuration Guide 771 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 799
Configuring SNMP & RMON Statistics index: 2 Alarm variable: BPkt Sample Type: Absolute RHold-REvent: 3000-1 FHold-FEvent: 2000-2 Alarm startup: All Interval: 10 Owner: monitor Configuration Example Configuration Guide 772 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 800
Parameters Default settings of SNMP are listed in the following table. Table 7-1 Default Global Config Settings Parameter SNMP Default Setting Disable View Settings Parameter View Name MIB Object ID View Type Default Setting None None Include Table 7-3 Default SNMP View Table Settings View - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 801
Settings Parameter Community Name Access MIB View Default Setting None read-only viewDefault Appendix: Default Parameters Default settings Default Host Config Settings Parameter IP Address UDP Port User IP Mode Security Model Security Level Type Retry Timeout Default Setting None 162 None IPv4 - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 802
Configuring SNMP & RMON Table 7-8 Default Statistics Config Settings Parameter Default Setting ID Port Owner IP Mode None None None valid Table 7-9 Default Settings for History Entries Parameter Default Setting Port Interval Max Buckets Owner Status 1/0/1 1800 seconds 50 monitor Disable - TP-Link T2500G-10MPS | T2500G-10MPSUN V1 Configuration Guide - Page 803
Configuring SNMP & RMON Parameter Status Default Setting Disable Appendix: Default Parameters Configuration Guide 776
Configuration Guide
T2500G-10MPS
1910012152
REV1.0.0
May 2017