Home » TP-Link Manuals » Hubs & Switches » TP-Link T2600G-28MPS » Manual Viewer

TP-Link T2600G-28MPS T2600G-28MPSUN V1 User Guide - Page 304

PPPoE

View all TP-Link T2600G-28MPS manuals

Add to My Manuals
Save this manual to your list of manuals

Page 304 highlights

Configuration Procedure: Step Operation Description 1 Install the 802.1X client Required. For the client computers, you are required to software. install the TP-LINK 802.1X Client provided on the CD. Please refer to the software guide in the same directory with the software for more information. 2 Configure the 802.1X globally. Required. By default, the global 802.1X function is disabled. On the Network Security→802.1X→Global Config page, configure the 802.1X function globally. 3 Configure the 802.1X for the Required. On the Network Security→802.1X→Port port. Config page, configure the 802.1X feature for the port of the switch basing on the actual network. 4 Connect an authentication Required. Record the information of the client in the LAN server to the switch and do to the authentication server and configure the some configuration. corresponding authentication username and password for the client. 5 Enable the AAA function Required. On the Network Security→AAA→Global globally. Conifg page, enable the AAA function globally. 6 Configure the parameters of Required. On the Network Security→AAA→RADIUS the authentication server. Server Conifg page, configure the parameters of the RADIUS server. Note: 1. The 802.1X function takes effect only when it is enabled globally on the switch and for the port. 2. The 802.1X function cannot be enabled for LAG member ports. That is, the port with 802.1X function enabled cannot be added to the LAG. 3. The 802.1X function should not be enabled for the port connected to the authentication server. 14.10 PPPoE  PPPoE ID-Insertion Overview  The PPPoE ID-Insertion feature provides a way to extract a Vendor-specific tag as an identifier for the authentication, authorization, and accounting (AAA) access requests on an Ethernet interface. When enabled, the switch attaches a tag to the PPPoE discovery packets, which is called the PPPoE Vendor-Specific tag and it contains a unique line identifier. There are two formats of Vendor-specific tags: Circuit-ID format and Remote-ID format. The BRAS receives the tagged packet, decodes the tag, and uses the Circuit-ID/Remote-ID field of that tag as a NAS-Port-ID attribute in the RADIUS server for PPP authentication and AAA (authentication, authorization, and accounting) access requests. The switch will remove the Circuit-ID/Remote-ID tag from the received PPPoE Active Discovery Offer and Session-confirmation packets from the BRAS. In this Chapter the switch will work as a DSLAM. 293

Section	Page
Package Contents	12
Chapter 1 About this Guide	13
1.1 Intended Readers	13
1.2 Conventions	13
1.3 Overview of This Guide	14
Chapter 2 Introduction	19
2.1 Overview of the Switch	19
2.2 Appearance Description	19
2.2.1 Front Panel	19
2.2.2 Rear Panel	24
Chapter 3 Login to the Switch	25
3.1 Login	25
3.2 Configuration	26
Chapter 4 System	27
4.1 System Info	27
4.1.1 System Summary	27
4.1.2 Device Description	28
4.1.3 System Time	29
4.1.4 Daylight Saving Time	30
4.1.5 Serial Port Setting	31
4.2 User Management	32
4.2.1 User Table	32
4.2.2 User Config	32
4.3 System Tools	34
4.3.1 Boot Config	34
4.3.2 Config Restore	35
4.3.3 Config Backup	35
4.3.4 Firmware Upgrade	36
4.3.5 System Reboot	37
4.3.6 Reboot Schedule	37
4.3.7 System Reset	38
4.4 Access Security	38
4.4.1 Access Control	38
4.4.2 HTTP Config	40
4.4.3 HTTPS Config	40
4.4.4 SSH Config	43
4.4.5 Telnet Config	50
4.5 SDM Template	50
4.5.1 SDM Template Config	50
Chapter 5 Switching	52
5.1 Port	52
5.1.1 Port Config	52
5.1.2 Port Mirror	53
5.1.3 Port Security	55
5.1.4 Port Isolation	57
5.1.5 Loopback Detection	58
5.2 LAG	60
5.2.1 LAG Table	61
5.2.2 Static LAG	62
5.2.3 LACP Config	63
5.3 Traffic Monitor	65
5.3.1 Traffic Summary	65
5.3.2 Traffic Statistics	66
5.4 MAC Address	67
5.4.1 Address Table	69
5.4.2 Static Address	70
5.4.3 Dynamic Address	71
5.4.4 Filtering Address	73
5.4.5 MAC Notification	74
5.4.6 MAC VLAN Security	75
5.5 L2PT	76
5.5.1 L2PT Config	77
Chapter 6 VLAN	79
6.1 802.1Q VLAN	80
6.1.1 VLAN Config	81
6.1.2 Port Config	82
6.2 Application Example for 802.1Q VLAN	84
6.3 MAC VLAN	85
6.3.1 MAC VLAN	86
6.3.2 Port Enable	87
6.4 Application Example for MAC VLAN	87
6.5 Protocol VLAN	89
6.5.1 Protocol Group Table	90
6.5.2 Protocol Group	91
6.5.3 Protocol Template	91
6.6 Application Example for Protocol VLAN	93
6.7 VLAN VPN	95
6.7.1 VPN Config	96
6.7.2 Port Enable	97
6.7.3 VLAN Mapping	97
6.8 GVRP	100
6.9 Private VLAN	103
6.9.1 PVLAN Config	105
6.9.2 Port Config	106
6.10 Application Example for Private VLAN	107
Chapter 7 Spanning Tree	110
7.1 STP Config	115
7.1.1 STP Config	115
7.1.2 STP Summary	117
7.2 Port Config	118
7.3 MSTP Instance	119
7.3.1 Region Config	120
7.3.2 Instance Config	120
7.3.3 Instance Port Config	121
7.4 STP Security	123
7.4.1 Port Protect	123
7.4.2 TC Protect	126
7.5 Application Example for STP Function	126
Chapter 8 Ethernet OAM	131
8.1 Basic Config	134
8.1.1 Basic Config	135
8.1.2 Discovery Info	136
8.2 Link Monitoring	138
8.3 RFI	139
8.4 Remote Loopback	140
8.5 Statistics	141
8.5.1 Statistics	141
8.5.2 Event Log	142
8.6 DLDP	143
8.7 Application Example for DLDP	147
Chapter 9 Multicast	150
9.1 IGMP Snooping	154
9.1.1 Snooping Config	156
9.1.2 Port Config	158
9.1.3 VLAN Config	159
9.1.4 Multicast VLAN	160
9.1.5 Querier Config	164
9.1.6 Profile Config	165
9.1.7 Profile Binding	167
9.1.8 Packet Statistics	168
9.1.9 IGMP Authentication	170
9.2 MLD Snooping	171
9.2.1 Snooping Config	172
9.2.2 Port Config	175
9.2.3 VLAN Config	176
9.2.4 Multicast VLAN	177
9.2.5 Querier Config	179
9.2.6 Profile Config	180
9.2.7 Profile Binding	182
9.2.8 Packet Statistics	183
9.3 Multicast Table	185
9.3.1 IPv4 Multicast Table	185
9.3.2 Static IPv4 Multicast Table	185
9.3.3 IPv6 Multicast Table	187
9.3.4 Static IPv6 Multicast Table	187
Chapter 10 Routing	190
10.1 Interface	190
10.2 Routing Table	202
10.2.1 IPv4 Routing Table	202
10.2.2 IPv6 Routing Table	202
10.3 Static Routing	203
10.3.1 IPv4 Static Routing Config	203
10.3.2 IPv6 Static Routing Config	204
10.4 DHCP Server	205
10.4.1 DHCP Server	211
10.4.2 Pool Setting	212
10.4.3 Manual Binding	213
10.4.4 Binding Table	214
10.4.5 Packet Statistics	215
10.4.6 Application Example for DHCP Server and Relay	216
10.5 DHCP Relay	218
10.5.1 Global Config	220
10.5.2 DHCP Server	221
10.6 ARP	222
10.6.1 ARP Table	222
10.6.2 Static ARP	222
Chapter 11 QoS	224
11.1 DiffServ	227
11.1.1 Port Priority	227
11.1.2 Schedule Mode	228
11.1.3 802.1P Priority	229
11.1.4 DSCP Priority	230
11.2 Bandwidth Control	232
11.2.1 Rate Limit	232
11.2.2 Storm Control	233
11.3 Voice VLAN	234
11.3.1 Global Config	236
11.3.2 Port Config	237
11.3.3 OUI Config	238
Chapter 12 PoE	240
12.1 PoE Config	240
12.1.1 PoE Config	241
12.1.2 PoE Profile	242
12.2 Time-Range	243
12.2.1 Time-Range Summary	244
12.2.2 Time-Range Create	244
12.2.3 Holiday Config	246
Chapter 13 ACL	248
13.1 Time-Range	248
13.1.1 Time-Range Summary	248
13.1.2 Time-Range Create	249
13.1.3 Holiday Config	250
13.2 ACL Config	250
13.2.1 ACL Summary	250
13.2.2 ACL Create	251
13.2.3 MAC ACL	251
13.2.4 Standard-IP ACL	253
13.2.5 Extend-IP ACL	254
13.2.6 Combined ACL	255
13.2.7 IPv6 ACL	256
13.3 Policy Config	258
13.3.1 Policy Summary	258
13.3.2 Policy Create	259
13.3.3 Action Create	259
13.4 ACL Binding	260
13.4.1 Binding Table	261
13.4.2 Port Binding	262
13.4.3 VLAN Binding	263
13.5 Policy Binding	263
13.5.1 Binding Table	264
13.5.2 Port Binding	265
13.5.3 VLAN Binding	266
13.6 Application Example for ACL	266
Chapter 14 Network Security	269
14.1 IP-MAC Binding	269
14.1.1 Binding Table	269
14.1.2 Manual Binding	270
14.1.3 ARP Scanning	272
14.2 IPv6-MAC Binding	273
14.2.1 Binding Table	274
14.2.2 Manual Binding	275
14.2.3 ND Snooping	277
14.3 DHCP Snooping	279
14.3.1 Global Config	282
14.3.2 Port Config	283
14.3.3 Option 82 Config	284
14.4 DHCPv6 Snooping	285
14.5 ARP Inspection	286
14.5.1 ARP Detect	289
14.5.2 ARP Defend	290
14.5.3 ARP Statistics	291
14.6 ND Detection	292
14.7 IP Source Guard	294
14.8 DoS Defend	296
14.8.1 DoS Defend	297
14.9 802.1X	297
14.9.1 Global Config	301
14.9.2 Port Config	302
14.10 PPPoE	304
14.11 AAA	307
14.11.1 Global Config	308
14.11.2 Privilege Elevation	308
14.11.3 RADIUS Server Config	308
14.11.4 TACACS+ Server Config	309
14.11.5 Authentication Server Group Config	310
14.11.6 Authentication Method List Config	312
14.11.7 Application Authentication List Config	313
14.11.8 802.1X Authentication Server Config	314
14.11.9 Default Settings	314
Chapter 15 SNMP	316
15.1 SNMP Config	318
15.1.1 Global Config	318
15.1.2 SNMP View	319
15.1.3 SNMP Group	320
15.1.4 SNMP User	321
15.1.5 SNMP Community	323
15.2 Notification	325
15.3 RMON	327
15.3.1 Statistics	328
15.3.2 History	329
15.3.3 Event	330
15.3.4 Alarm Config	331
Chapter 16 LLDP	333
16.1 Basic Config	337
16.1.1 Global Config	337
16.1.2 Port Config	338
16.2 Device Info	339
16.2.1 Local Info	339
16.2.2 Neighbor Info	340
16.3 Device Statistics	341
16.4 LLDP-MED	342
16.4.1 Global Config	343
16.4.2 Port Config	343
16.4.3 Local Info	346
16.4.4 Neighbor Info	347
Chapter 17 Maintenance	348
17.1 System Monitor	348
17.1.1 CPU Monitor	348
17.1.2 Memory Monitor	349
17.2 sFlow	350
17.2.1 sFlow Collector	351
17.2.2 sFlow Sampler	352
17.2.3 Default Settings	353
17.3 Log	353
17.3.1 Log Table	353
17.3.2 Local Log	354
17.3.3 Remote Log	355
17.3.4 Backup Log	356
17.4 Device Diagnostics	357
17.4.1 Cable Test	357
17.5 Network Diagnostics	358
17.5.1 Ping	358
17.5.2 Tracert	359
Appendix A. Password Recovery	360
Appendix B. Specifications	361

Match case Limit results 1 per page

Configuration Procedure:

Step

Operation

Description

Install

the

802.1X

client

software.

Required. For the client computers, you are required to

install the TP-LINK 802.1X Client provided on the CD.

Please refer to the software guide in the same directory

with the software for more information

Configure the 802.1X globally.

Required. By default, the global 802.1X function is

disabled. On the

Network Security

→

802.1X

→

Global

Config

page, configure the 802.1X function globally.

Configure the 802.1X for the

port.

Required. On the

Network Security

→

802.1X

→

Port

Config

page, configure the 802.1X feature for the port of

the switch basing on the actual network.

Connect

authentication

server to the switch and do

some configuration.

Required. Record the information of the client in the LAN

the

authentication

server

and

configure

the

corresponding authentication username and password for

the client.

Enable

the

AAA

function

globally.

Required. On the

Network Security

→

AAA

→

Global

Conifg

page, enable the AAA function globally.

Configure the parameters of

the authentication server.

Required. On the

Network Security

→

AAA

→

RADIUS

Server Conifg

page, configure the parameters of the

RADIUS server.

Note:

1. The 802.1X function takes effect only when it is enabled globally on the switch and for the port.

2. The 802.1X function cannot be enabled for LAG member ports. That is, the port with 802.1X

function enabled cannot be added to the LAG.

3. The 802.1X function should not be enabled for the port connected to the authentication server.

14.10 PPPoE



PPPoE ID-Insertion Overview



The PPPoE ID-Insertion feature provides a way to extract a Vendor-specific tag as an

identifier for the authentication, authorization, and accounting (AAA) access requests on an

Ethernet interface. When enabled, the switch attaches a tag to the PPPoE discovery packets,

which is called the PPPoE Vendor-Specific tag and it contains a unique line identifier. There

are two formats of Vendor-specific tags: Circuit-ID format and Remote-ID format. The BRAS

receives the tagged packet, decodes the tag, and uses the Circuit-ID/Remote-ID field of that

tag as a NAS-Port-ID attribute in the RADIUS server for PPP authentication and AAA

(authentication, authorization, and accounting) access requests. The switch will remove the

Circuit-ID/Remote-ID

tag

from

the

received

PPPoE

Active

Discovery

Offer

and

Session-confirmation packets from the BRAS.

In this Chapter the switch will work as a DSLAM.

293