Home » TP-Link Manuals » Hubs & Switches » TP-Link T3700G-28TQ » Manual Viewer

TP-Link T3700G-28TQ T3700G-28TQ V1 UG - Page 211

Authentication Methods, Master Election

View all TP-Link T3700G-28TQ manuals

Add to My Manuals
Save this manual to your list of manuals

Page 211 highlights

new master router will be elected among them to take the role of the master router if master router fails. 2. Master Election Initially-created routers work in Backup state and learn other members' priorities in the virtual router via VRRP packets. The one with the highest priority is elected as master router. If the priority values are the same, the router with the highest interface IP address is selected as the master.  In preemptible mode, when backup router receives VRRP packet, it will compare its priority with that of the advertisement packet. If of higher priority, the backup router will become the master router; otherwise, it will maintain Backup state.  In non-preemptible mode, physical routers in the backup group will maintain Master or Backup state as long as the master router functions normally. Even if backup router is given higher priority, it cannot become a master router in non-preempt mode. The VRRP priority ranges from 0 to 255 (the bigger the number is, the higher the priority is). Configurable range is 1-254. The priority value 0 is reserved for the current master when it gives up its role as master router. For example, when master router receives shutdown message, it would send VRRP packet with priority 0 to the backup group which the interface belongs to. The priority of the IP address owner must be 255. Therefore, if there exists an IP address owner in the backup group and it works normally, it must be the master router. 3. State Transition VRRP defines three state modes: Initialize, Master and Backup. Only in Master state can master router provide service for forwarding request via virtual IP address and forward VRRP packet. When the system just starts, it comes to Initialize state. If the virtual router is not given a virtual IP address, the system would maintain Initialize state. If the virtual IP address is configured properly, when the system receives startup message from interface, it would transition to the Backup state (in which case its priority is not 255) or Master state (in which case its priority is 255). Routers in master or backup state can change to Initialize state only when they receive shutdown message from interface. In Initialize state, router cannot deal with VRRP packet. If the master router functions properly, it will periodically send VRRP packets informing backup routers in the backup group that it functions properly. VRRP timer can be manually configured to customize the intervals that master router sends VRRP packet. If the backup router waits for a period longer than three times the advertisement timer and fails to receive VRRP packets from the master router, they will assume that the master router is dead and initiate an election process by transitioning to the Master state and forwarding VRRP packets. To avoid frequent Master-Backup state transition among routers in the backup group and provide enough time for backup routers to collect necessary information, backup router would not preempt to be master as soon as it receives packets with lower priority value. It would wait for a certain time, which is called preempt-mode delay time, and then send packets to take place of the former master. Users can customize the preempt-mode delay time. 4. Authentication Methods VRRP provides three authentication methods:  No authentication: the eligibility of VRRP packets is not verified and no security insurance is provided. In a safe network, no authentication can be set as authentication method.  Simple text password: in a network where security is possible to be threatened, simple text password is recommended. The router which forwards the VRRP packets fills the 200

Section	Page
Package Contents	12
Chapter 1 About This Guide	13
1.1 Intended Readers	13
1.2 Conventions	13
1.3 Overview of This Guide	13
Chapter 2 Introduction	18
2.1 Overview of the Switch	18
2.2 Main Features	18
2.3 Appearance Description	19
2.3.1 Front Panel	19
2.3.2 Rear Panel	21
Chapter 3 Login to the Switch	23
3.1 Login	23
3.2 Configuration	23
Chapter 4 System	25
4.1 System Info	25
4.1.1 System Summary	25
4.1.2 Device Description	27
4.1.3 System Time	28
4.1.4 Daylight Saving Time	29
4.2 User Management	30
4.2.1 User Table	30
4.2.2 User Config	30
4.3 System Tools	32
4.3.1 Boot Config	32
4.3.2 Config Restore	33
4.3.3 Config Backup	33
4.3.4 Firmware Upgrade	34
4.3.5 System Reboot	35
4.3.6 System Reset	35
4.4 Access Security	35
4.4.1 Access Control	35
4.4.2 SSL Config	37
4.4.3 SSH Config	38
Chapter 5 Stack	44
5.1 Stack Management	50
5.1.1 Stack Info	50
5.1.2 Stack Config	51
5.1.3 Switch Renumber	52
5.2 Application Example for Stack	53
Chapter 6 Switching	55
6.1 Port	55
6.1.1 Port Config	55
6.1.2 Port Mirror	56
6.1.3 Port Security	58
6.1.4 Port Isolation	60
6.2 LAG	61
6.2.1 LAG Table	62
6.2.2 Static LAG	63
6.2.3 LACP Config	64
6.3 Traffic Monitor	66
6.3.1 Traffic Summary	66
6.3.2 Traffic Statistics	68
6.4 MAC Address	70
6.4.1 Address Table	70
6.4.2 Static Address	72
6.4.3 Dynamic Address	73
6.4.4 Filtering Address	75
Chapter 7 VLAN	77
7.1 802.1Q VLAN	78
7.1.1 VLAN Config	79
7.1.2 Port Config	81
7.2 Application Example for 802.1Q VLAN	83
7.3 MAC VLAN	84
7.3.1 MAC VLAN	84
7.3.2 Port Enable	85
7.4 Application Example for MAC VLAN	86
7.5 Protocol VLAN	88
7.5.1 Protocol Group Table	88
7.5.2 Protocol Group	89
7.5.3 Protocol Template	90
7.6 Application Example for Protocol VLAN	91
7.7 VLAN VPN	93
7.7.1 VPN Config	94
7.7.2 Port Enable	94
7.7.3 VLAN Mapping	95
7.8 GVRP	97
7.9 Private VLAN	100
7.9.1 PVLAN Config	102
7.9.2 Port Config	103
7.10 Application Example for Private VLAN	104
Chapter 8 Spanning Tree	107
8.1 STP Config	112
8.1.1 STP Config	112
8.1.2 STP Summary	114
8.2 Port Config	114
8.3 MSTP Instance	116
8.3.1 Region Config	116
8.3.2 Instance Config	117
8.3.3 Instance Port Config	118
8.4 STP Security	120
8.4.1 Port Protect	120
8.4.2 TC Protect	122
8.5 Application Example for STP Function	123
Chapter 9 Multicast	127
9.1 IGMP Snooping	129
9.1.1 Snooping Config	130
9.1.2 Port Config	131
9.1.3 VLAN Config	132
9.1.4 Multicast VLAN	134
9.1.5 Querier Config	136
9.2 Application Example for Multicast VLAN	138
9.3 Multicast IP	140
9.3.1 Multicast IP Table	140
9.3.2 Static Multicast IP	140
9.4 Multicast Filter	142
9.4.1 Profile Config	142
9.4.2 Profile Binding	143
9.5 Packet Statistics	144
Chapter 10 Routing	146
10.1 Interface	146
10.2 Routing Table	149
10.3 Static Routing	149
10.4 DHCP Server	150
10.4.1 DHCP Server	156
10.4.2 Pool Setting	158
10.4.3 Manual Binding	159
10.4.4 Binding Table	159
10.4.5 Packet Statistics	160
10.5 DHCP Relay	161
10.5.1 Global Config	163
10.5.2 DHCP Server	164
10.6 Proxy ARP	165
10.7 ARP	167
10.8 RIP	168
10.8.1 Basic Config	171
10.8.2 Interface Config	173
10.8.3 RIP Database	174
10.8.4 Application Example for RIP	175
10.9 OSPF	176
10.9.1 Process	193
10.9.2 Basic	193
10.9.3 Network	196
10.9.4 Interface	197
10.9.5 Area	200
10.9.6 Area Aggregation	202
10.9.7 Virtual Link	203
10.9.8 Route Redistribution	205
10.9.9 ASBR Aggregation	206
10.9.10 Neighbor Table	207
10.9.11 Link State Database	208
10.10 VRRP	209
10.10.1 Basic Config	213
10.10.2 Advanced Config	215
10.10.3 Virtual IP Config	216
10.10.4 Track Config	217
10.10.5 Virtual Router Statistics	219
Chapter 11 Multicast Routing	221
11.1 Global Config	222
11.1.1 Global Config	222
11.1.2 Mroute Table	222
11.2 IGMP	224
11.2.1 Interface Config	228
11.2.2 Interface State	229
11.2.3 Static Multicast Config	230
11.2.4 Multicast Group Table	232
11.2.5 Profile Binding	233
11.2.6 Packet Statistics	235
11.3 PIM DM	235
11.3.1 PIM DM Interface	240
11.3.2 PIM DM Neighbor	241
11.4 PIM SM	242
11.4.1 PIM SM Interface	247
11.4.2 PIM SM Neighbor	248
11.4.3 BSR	249
11.4.4 RP	250
11.4.5 RP Mapping	251
11.4.6 RP Info	252
11.5 Static Mroute	253
11.5.1 Static Mroute Config	254
11.5.2 Static Mroute Table	255
Chapter 12 QoS	256
12.1 DiffServ	259
12.1.1 Port Priority	259
12.1.2 Schedule Mode	260
12.1.3 802.1P Priority	261
12.1.4 DSCP Priority	262
12.2 Bandwidth Control	264
12.2.1 Rate Limit	264
12.2.2 Storm Control	265
12.3 Voice VLAN	266
12.3.1 Global Config	268
12.3.2 Port Config	269
12.3.3 OUI Config	270
Chapter 13 ACL	272
13.1 Time-Range	272
13.1.1 Time-Range Summary	272
13.1.2 Time-Range Create	273
13.1.3 Holiday Config	274
13.2 ACL Config	274
13.2.1 ACL Summary	275
13.2.2 ACL Create	275
13.2.3 MAC ACL	276
13.2.4 Standard-IP ACL	276
13.2.5 Extend-IP ACL	277
13.3 Policy Config	279
13.3.1 Policy Summary	279
13.3.2 Policy Create	279
13.3.3 Action Create	280
13.4 Policy Binding	281
13.4.1 Binding Table	281
13.4.2 Port Binding	282
13.4.3 VLAN Binding	283
13.5 Application Example for ACL	284
Chapter 14 Network Security	286
14.1 IP-MAC Binding	286
14.1.1 Binding Table	286
14.1.2 Manual Binding	287
14.1.3 ARP Scanning	289
14.2 DHCP Snooping	290
14.2.1 Global Config	293
14.2.2 Port Config	295
14.3 ARP Inspection	296
14.3.1 ARP Detect	299
14.3.2 ARP Defend	300
14.3.3 ARP Statistics	301
14.4 IP Source Guard	302
14.5 DoS Defend	304
14.5.1 DoS Defend	305
14.6 802.1X	305
14.6.1 Global Config	309
14.6.2 Port Config	311
14.6.3 Radius Server	312
Chapter 15 SNMP	314
15.1 SNMP Config	316
15.1.1 Global Config	316
15.1.2 SNMP View	317
15.1.3 SNMP Group	317
15.1.4 SNMP User	319
15.1.5 SNMP Community	321
15.2 Notification	323
15.3 RMON	324
15.3.1 Statistics	325
15.3.2 History	326
15.3.3 Event	327
15.3.4 Alarm	327
Chapter 16 LLDP	330
16.1 Basic Config	333
16.1.1 Global Config	333
16.1.2 Port Config	334
16.2 Device Info	335
16.2.1 Local Info	335
16.2.2 Neighbor Info	337
16.3 Device Statistics	338
16.4 LLDP-MED	339
16.4.1 Global Config	340
16.4.2 Port Config	341
16.4.3 Local Info	343
16.4.4 Neighbor Info	344
Chapter 17 Cluster	346
17.1 NDP	347
17.1.1 Neighbor Info	347
17.1.2 NDP Summary	348
17.1.3 NDP Config	349
17.2 NTDP	350
17.2.1 Device Table	350
17.2.2 NTDP Summary	352
17.2.3 NTDP Config	353
17.3 Cluster	354
17.3.1 Cluster Summary	354
17.3.2 Cluster Config	357
17.3.3 Member Config	360
17.3.4 Cluster Topology	361
17.4 Application Example for Cluster Function	363
Chapter 18 Maintenance	365
18.1 System Monitor	365
18.1.1 CPU Monitor	365
18.1.2 Memory Monitor	366
18.2 Log	367
18.2.1 Log Table	368
18.2.2 Local Log	369
18.2.3 Remote Log	370
18.2.4 Backup Log	370
18.3 Device Diagnostics	371
18.3.1 Cable Test	371
18.3.2 Loopback	372
18.4 Network Diagnostics	373
18.4.1 Ping	373
18.4.2 Tracert	374
Chapter 19 System Maintenance via FTP	375
Appendix A: Specifications	381
Appendix B: Configuring the PCs	383
Appendix C: 802.1X Client Software	385

Match case Limit results 1 per page

new master router will be elected among them to take the role of the master router if master

router fails.

2. Master Election

Initially-created routers work in Backup state and learn other members' priorities in the virtual

router via VRRP packets. The one with the highest priority is elected as master router. If the

priority values are the same, the router with the highest interface IP address is selected as the

master.



In preemptible mode, when backup router receives VRRP packet, it will compare its priority

with that of the advertisement packet. If of higher priority, the backup router will become

the master router; otherwise, it will maintain Backup state.



In non-preemptible mode, physical routers in the backup group will maintain Master or

Backup state as long as the master router functions normally. Even if backup router is

given higher priority, it cannot become a master router in non-preempt mode.

The VRRP priority ranges from 0 to 255 (the bigger the number is, the higher the priority is).

Configurable range is 1-254. The priority value 0 is reserved for the current master when it

gives up its role as master router. For example, when master router receives shutdown

message, it would send VRRP packet with priority 0 to the backup group which the interface

belongs to. The priority of the IP address owner must be 255. Therefore, if there exists an IP

address owner in the backup group and it works normally, it must be the master router.

3. State Transition

VRRP defines three state modes: Initialize, Master and Backup. Only in Master state can

master router provide service for forwarding request via virtual IP address and forward VRRP

packet.

When the system just starts, it comes to Initialize state. If the virtual router is not given a virtual

IP address, the system would maintain Initialize state. If the virtual IP address is configured

properly, when the system receives startup message from interface, it would transition to the

Backup state (in which case its priority is not 255) or Master state (in which case its priority is

255). Routers in master or backup state can change to Initialize state only when they receive

shutdown message from interface. In Initialize state, router cannot deal with VRRP packet.

If the master router functions properly, it will periodically send VRRP packets informing backup

routers in the backup group that it functions properly. VRRP timer can be manually

configured to customize the intervals that master router sends VRRP packet. If the backup

router waits for a period longer than three times the advertisement timer and fails to receive

VRRP packets from the master router, they will assume that the master router is dead and

initiate an election process by transitioning to the Master state and forwarding VRRP packets.

To avoid frequent Master-Backup state transition among routers in the backup group and

provide enough time for backup routers to collect necessary information, backup router would

not preempt to be master as soon as it receives packets with lower priority value. It would wait

for a certain time, which is called preempt-mode delay time, and then send packets to take

place of the former master. Users can customize the preempt-mode delay time.

4. Authentication Methods

VRRP provides three authentication methods:



No authentication: the eligibility of VRRP packets is not verified and no security insurance

is provided. In a safe network, no authentication can be set as authentication method.



Simple text password: in a network where security is possible to be threatened, simple text

password is recommended. The router which forwards the VRRP packets fills the

200