TP-LINK TL-SL5428E V3 Guide de l'utilisateur

TL-SL5428E 24-Port 10/100Mbps + 4-Port Gigabit JetStream L2 Managed Switch REV2.0.0 1910011019

VII 16.4 Network Diagnostics ...270 16.4.1 Ping...

Figure 6-18 GVRP Config Note: If the GVRP feature is enabled for a member port of LAG, please ensure all the member ports of this LAG are set to be

LeaveAll Timer: Once the LeaveAll Timer is set, the port with GVRP enabled can send a LeaveAll message after the timer times out, so that other GARP

 Network Diagram  Configuration Procedure  Configure switch A Step Operation Description 1 Create VLAN6 Required. On VLAN→802.1Q VLAN→VLAN C

 Configure switch C Step Operation Description 1 Create Private VLANs. Required. On the VLAN→Private VLAN→PVLAN Config page, Enter the Primary VL

Chapter 7 Spanning Tree STP (Spanning Tree Protocol), subject to IEEE 802.1D standard, is to disbranch a ring network in the Data Link layer in a lo

Figure 7-1 Basic STP diagram  STP Timers Hello Time: Hello Time ranges from 1 to 10 seconds. It specifies the interval to send BPDU packets. It

Step Operation 1 If the priority of the BPDU received on the port is lower than that of the BPDU if of the port itself, the switch discards the BPD

point-to-point link, it can transit to forwarding state after getting response from the downstream switch through handshake.  RSTP Elements Edge

 Port States In an MSTP, ports can be in the following four states:  Forwarding: In this status the port can receive/forward data, receive/send

Figure 7-4 STP Config The following entries are displayed on this screen:  Global Config STP: Enable/Disable STP function globally on the switch.

Package Contents The following items should be found in your box:  One TL-SL5428E switch  One power cord  One console cable  Two mounting bra

Note: 1. The forward delay parameter and the network diameter are correlated. A too small forward delay parameter may result in temporary loops. A t

7.2 Port Config On this page you can configure the parameters of the ports for CIST Choose the menu Spanning Tree→Port Config to load the following

Port Role: Displays the role of the port played in the STP Instance.  Root Port: Indicates the port that has the lowest path cost from this bridge

Figure 7-7 Region Config The following entries are displayed on this screen:  Region Config Region Name: Create a name for MST region identifica

Select: Select the desired Instance ID for configuration. It is multi-optional. Instance: Displays Instance ID of the switch. Status: Displays sta

Figure 7-9 Instance Port Config The following entries are displayed on this screen:  Port Config Instance ID: Select the desired instance ID for

Step Operation Description 1 Make clear roles the switches play in spanning tree instances: root bridge or designated bridge Preparation. 2 Global

To avoid this, MSTP provides root protect function. Ports with this function enabled can only be set as designated ports in all spanning tree instanc

Figure 7-10 Port Protect The following entries are displayed on this screen:  Port Protect Port Select: Click the Select button to quick-select t

Figure 7-11 TC Protect The following entries are displayed on this screen:  TC Protect TC Threshold: Enter a number from 1 to 100. It is the maxi

Chapter 1 About This Guide This User Guide contains information for setup and management of TL-SL5428E switch. Please read this guide carefully befo

 Configuration Procedure  Configure switch A: Step Operation Description 1 Configure ports On VLAN→802.1Q VLAN page, configure the link type

 Configure switch C: Step Operation Description 1 Configure ports On VLAN→802.1Q VLAN page, configure the link type of the related ports as Trun

 The configuration procedure for switch E and F is the same with that for switch D.  The topology diagram of the two instances after the topolo

Chapter 8 Ethernet OAM  OAM Overview Ethernet OAM (Operation, Administration, and Maintenance) is a Layer 2 protocol for monitoring and troublesho

 Information OAMPDU: Information OAMPDU is used for discovery. It transmits the state information of an OAM entity (including local, remote, and o

Item Active OAM mode Passive OAM mode Transmitting Loopback Control OAMPDUs Available Unavailable Responding to Loopback Control OAMPDUs Available

As Information OAMPDUs are sent between the OAM entities periodically, an OAM entity can inform one of its OAM peers of link faults through Informat

Figure 8-4 Basic Config The following entries are displayed on this screen:  Basic Config Port Select: Click the Select button to quick-select t

Figure 8-5 Discovery Info The following entries are displayed on this screen:  Local Client The local client part shows the information of the loc

Variable Request: Displays whether the local client supports variable request. If supports, the local client can send some variable requests to the

Chapter Introduction Chapter 4 System This module is used to configure system properties of the switch. Here mainly introduces:  System Info: Con

PDU Revision: Displays the TLV revision of the OAMPDU. Vendor Information: Displays the vender information of the remote client. 8.2 Link Monito

Threshold: Specify the threshold for the selected link event.  For Symbol Period Error, it is the number of error symbols in the period that is

Select: Select the desired port for configuration. It is multi-optional. Dying Gasp Notify: Choose whether to notify the dying gasp or not. Critica

Remote Loopback: To start or stop the remote loopback. 8.5 Statistics You can view the statistics about the detailed Ethernet OAM traffic informati

Variable Request OAMPDUs: Displays the number of variable request OAMPDUs that have been transmitted or received on the port. Variable Response OAMPD

Error Frame Event: Displays the number of error frame link events that have occurred on the local link or remote link. Error Frame Period Event: Dis

State Description Advertisement This state indicates that no unidirectional link is detected, which includes two kinds of situations: 1. This devic

The typical bidirectional link detection process is ○2 →○4 →○5 , and the typical unidirectional link detection process is ○2 →○4 →○6 . On the DLDP pa

Shut Mode: Once detecting a unidirectional link, the port can be shut down in one of the following two modes:  Auto: In this mode, DLDP generates

2. The unidirectional link should be disconnected once being detected, and the ports shut down by DLDP can be restored after the fiber pairs are corr

Chapter Introduction Chapter 8 Ethernet OAM This module is used to configure Ethernet OAM function of the switch. Here mainly introduces:  Ba

After these four ports are correctly connected, select ports 1/0/27 and 1/0/28 in the Port Config table and click the Reset button to restore their

Chapter 9 Multicast  Multicast Overview In the network, packets are sent in three modes: unicast, broadcast and multicast. In unicast, the source

 IPv4 Multicast Address 1. IPv4 Multicast IP Address: As specified by IANA (Internet Assigned Numbers Authority), Class D IP addresses are used as

Flags have 4 bits. The high-order flag is reserved, and must be initialized to 0. T=0 indicates a permanently-assigned multicast address assigned b

The IPv6 solicited-node multicast address has the prefix FF02:0:0:0:0:1:FF00:0000/104 concatenated with the 24 low-order bits of a corresponding IPv6

ports in a VLAN. The list is constructed and maintained by snooping IPv6 multicast control packets. MLD snooping performs a similar function in IPv6

When receiving IGMP leave message, the switch will forward IGMP group-specific-query message to check if other members in the multicast group of the

The following entries are displayed on this screen:  Global Config IGMP Snooping: Enable/Disable IGMP Snooping function globally on the switch. Un

Static Router Ports: Enter the static router port which is mainly used in the network with stable topology.  VLAN Table VLAN ID Select: Click the

Figure 9-7 Port Config The following entries are displayed on this screen:  Port Config Port Select: Click the Select button to quick-select the

Chapter Introduction Chapter 12 Network Security This module is used to configure the multiple protection measures for the network security. Here m

2. When both Fast Leave feature and Unknown Multicast Discard feature are enabled, the leaving of a user connected to a port owning multi-user will

9.1.5 Multicast VLAN In old multicast transmission mode, when users in different VLANs apply for join the same multicast group, the multicast router

Note: 1. The router port should be in the multicast VLAN, otherwise the member ports can not receive multicast streams. 2. The Multicast VLAN won&a

Configure a multicast VLAN, and user A and B receive multicast streams through the multicast VLAN.  Network Diagram  Configuration Procedure Ste

Figure 9-10 Static Multicast IP Table The following entries are displayed on this screen:  Create Static Multicast Multicast IP: Enter static mul

Figure 9-11 Packet Statistics The following entries are displayed on this screen:  Auto Refresh Auto Refresh: Enable/Disable auto refresh feature

in Layer 2 network. IGMP Snooping Querier can act as an IGMP Router in Layer 2 network. It can help to create and maintain multicast forwarding table

Last Member Query Times: Enter the times of sending specific query frames by IGMP Snooping Querier. At receiving a leave frame, a specific query fram

 MLD Snooping Fundamentals 1. MLD Messages MLD Queries：MLD Queries include General Queries and Multicast-Address-Specific Queries (MASQs) and are s

multicast group. The user can control when a port membership is removed for an exiting address in terms of the number and interval of MASQs. If there

Chapter Introduction Chapter 16 Maintenance This module is used to assemble the commonly used system tools to manage the switch. Here mainly introd

Unknown Multicast Filter: Choose to forward or drop unknown multicast data. Unknown IPv6 multicast packets refer to those packets without correspondi

Figure 9-14 VLAN Config The following entries are displayed on this screen:  VLAN Config VLAN ID: Enter the VLAN ID you want to configure. Router

Note: 1. The VLAN configuration will take effect when global MLD Snooping function is enabled and the corresponding VLAN is created. 2. When the ro

9.2.4 Port Config On this page you can configure MLD Snooping function with each single port. Choose the menu Multicast→MLD Snooping→Port Config to l

Figure 9-17 Static Multicast The following entries are displayed on this screen:  Static Multicast Config VLAN ID: Enter the VLAN ID. Multicast I

 Querier Config VLAN ID: Enter the VLAN ID which you want to start Querier. Maximum Response Time: Enter the value of Maximum Response Time field

The following entries are displayed on this screen:  Auto Fresh Auto Fresh: Enable/Disable auto fresh feature. Fresh Period: Enter the time from

 Search Option Multicast IP: Enter the multicast IP address the desired entry must carry. VLAN ID: Enter the VLAN ID the desired entry must carry.

 Multicast IP Table Multicast IP: Displays the multicast IP. VLAN ID: Displays the VLAN ID. Forward Ports: Displays the forward ports of the gro

Chapter 10 QoS QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and opti

Chapter 2 Introduction Thanks for choosing the TL-SL5428E 24-Port 10/100Mbps + 4-Port Gigabit JetStream L2 Managed Switch! 2.1 Overview of the Swit

2. 802.1P Priority Figure 10-2 802.1Q frame As shown in the figure above, each 802.1Q Tag has a Pri field, comprising 3 bits. The 3-bit priority fi

Figure 10-4 SP-Mode 2. WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for e

10.1 DiffServ This switch classifies the ingress packets, maps the packets to different priority queues and then forwards the packets according to sp

Configuration Procedure: Step Operation Description 1 Select the port priority Required. On QoS→DiffServ→Port Priority page, configure the port

 Priority Level DSCP: Indicates the priority determined by the DSCP region of IP datagram. It ranges from 0 to 63. Priority Level: Indicates th

The following entries are displayed on this screen:  802.1P Priority Config 802.1P Priority: Enable/Disable 802.1P Priority.  Priority and CoS-m

WRR-Mode: Weight Round Robin Mode. In this mode, packets in all the queues are sent in order based on the weight value for each queue. The weight va

The following entries are displayed on this screen:  Rate Limit Config Port Select: Click the Select button to quick-select the corresponding port

Figure 10-11 Storm Control The following entries are displayed on this screen:  Storm Control Config Port Select: Click the Select button to quic

10.3 Voice VLAN Voice VLANs are configured specially for voice data stream. By configuring Voice VLANs and adding the ports with voice devices attach

+ Supports Telnet, CLI, SNMP v1/v2c/v3, RMON and web access. + Port Mirroring enables monitoring selected ingress/egress traffic. 2.3 Appearance D

Port Voice VLAN Mode Voice Stream Type Link type of the port and processing mode ACCESS: Not supported. TRUNK: Supported. The default VLAN of the p

Note: Don’t transmit voice stream together with other business packets in the voice VLAN except for some special requirements. The Voice VLAN functio

Figure 10-13 Port Config Note: 1. To enable voice VLAN function for the LAG member port, please ensure its member state accords with its port mode.

Member State: Displays the state of the port in the current voice VLAN. LAG: Displays the LAG number which the port belongs to. 10.3.3 OUI Config

Configuration Procedure of Voice VLAN: Step Operation Description 1 Configure the link type of the port Required. On VLAN→802.1Q VLAN→Port Confi

Chapter 11 ACL ACL (Access Control List) is used to filter packets by configuring match rules and process policies of packets in order to control th

11.1.2 Time-Range Create On this page you can create time-ranges. Choose the menu ACL→Time-Range→Time-Range Create to load the following page. Figu

11.1.3 Holiday Config Holiday mode is applied as a different secured access control policy from the week mode. On this page you can define holidays

Choose the menu ACL→ACL Config→ACL Summary to load the following page. Figure 11-4 ACL Summary The following entries are displayed on this screen: 

Choose the menu ACL→ACL Config→MAC ACL to load the following page. Figure11-6 Create MAC Rule The following entries are displayed on this screen: 

2.3.2 Rear Panel The rear panel of TL-SL5428E features a power socket and a Grounding Terminal (marked with). Figure 2-2 Rear Panel  Grounding Ter

Figure11-7 Create Standard-IP Rule The following entries are displayed on this screen:  Create Standard-IP Rule ACL ID: Select the desired Standa

Figure11-8 Create Extend-IP Rule The following entries are displayed on this screen:  Create Extend-IP Rule ACL ID: Select the desired Extend-IP

S-Port: Configure TCP/IP source port contained in the rule when TCP/UDP is selected from the pull-down list of IP Protocol. D-Port: Configure TCP/I

Operation: Click the Edit button to modify the action. 11.3.2 Policy Create On this page you can create the policy. Choose the menu ACL→Policy Conf

S-Mirror: Select S-Mirror to mirror the data packets in the policy to the specific port. S-Condition: Select S-Condition to limit the transmission

 Policy Bind Table Select: Select the desired entry to delete the corresponding binding policy.Index: Displays the index of the binding policy. P

Figure11-14 Bind the policy to the VLAN The following entries are displayed on this screen:  VLAN-Bind Config Policy Name: Select the name of

 Network Diagram  Configuration Procedure Step Operation Description 1 Configure Time-range On ACL→Time-Range page, create a time-range name

Step Operation Description 3 Configure for requirement 2 and 4 On ACL→ACL Config→ACL Create page, create ACL 100. On ACL→ACL Config→Standard-IP A

Chapter 12 Network Security Network Security module is to provide the multiple protection measures for the network security, including six submenus:

COPYRIGHT & TRADEMARKS Specifications are subject to change without notice. is a registered trademark of TP-LINK TECHNOLOGIES CO., LTD. Other

Chapter 3 Login to the Switch 3.1 Login  In the IPv4 network: 1) To access the configuration utility, open a web-browser and type in the default

The following entries are displayed on this screen:  Search Option Source: Select a Source from the pull-down list and click the Searchbutton to v

Figure 12-2 Manual Binding The following entries are displayed on this screen:  Manual Binding Option Host Name: Enter the Host Name. IP Address:

address of the Host on Network layer. MAC address, the address of the Host on Data link layer, is necessary for the packet to reach the very device.

Figure 12-4 ARP Scanning The following entries are displayed on this screen:  Scanning Option Start IP Address: Specify the Start IP Address. E

 DHCP Working Principle DHCP works via the “Client/Server” communication mode. The Client applies to the Server for configuration. The Server assig

（2） DHCP-OFFER Stage: Upon receiving the DHCP-DISCOVER packet, the DHCP Server selects an IP address from the IP pool according to the assigning pri

Figure 12-7 DHCP Cheating Attack Implementation Procedure DHCP Snooping feature only allows the port connected to the DHCP Server as the trusted por

Figure 12-8 DHCP Snooping Note: If you want to enable the DHCP Snooping feature for the member port of LAG, please ensure the parameters of all the

Decline Flow Control: Select the value to specify the Decline Flow Control. The trafficflow of the corresponding port will be limited to be this val

Attack, frequently occur to the network, especially to the large network such as campus network and so on. The following part will simply introduce t

Figure 3-3 Log in the switch 3) Type in the command enable → show ipv6 interface vlan 1 to obtain the switch’s link-local address. Figure 3-4 The

Figure 12-10 ARP Attack – Cheating Gateway As the above figure shown, the attacker sends the fake ARP packets of Host A to the Gateway, and then the

As the above figure shown, the attacker sends the fake ARP packets of Host A to Host B, and then Host B will automatically update its ARP table after

 ARP Flooding Attack The attacker broadcasts a mass of various fake ARP packets in a network segment to occupy the network bandwidth viciously, whi

 Trusted Port Trusted Port: Select the port for which the ARP Detect function is unnecessaryas the Trusted Port. The specific ports, such as up-li

Figure 12-14 ARP Defend The following entries are displayed on this screen:  ARP Defend Port Select: Click the Select button to quick-select the

Figure 12-15 ARP Statistics The following entries are displayed on this screen:  Auto Refresh Auto Refresh: Enable/Disable the Auto Refresh featu

Figure 12-16 IP Source Guard The following entries are displayed on this screen:  IP Source Guard Config Port Select: Click the Select button to

DoS Attack Type Description Land Attack The attacker sends a specific fake SYN packet to the destination Host. Since both the source IP address and

DoS Attack Type Description Ping Of Death ICMP ECHO Request Packet whose sum of "Fragment Offset" and "Total Length" fields in

Defend Type: Displays the Defend Type name. Attack Count: Displays the count of the corresponding attack. 12.4.2 DoS Detect DoS Detect functions t

Figure 3-5 Login Tips: After logging in to the switch, you can add a global IPv6 address to your switch manually in 4.1.6 System IPv6. Then you can

protocol enabled, a supplicant can access the LAN only when it passes the authentication, whereas those failing to pass the authentication are denied

 802.1X Authentication Procedure An 802.1X authentication can be initiated by supplicant system or authenticator system. When the authenticator sys

5. Upon receiving the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the switch, the client program encrypts the password of the supp

request packet to the supplicant system if the supplicant system fails to respond in the specified timeout period. （2） RADIUS server timer (Server T

Figure 12-22 Global Config The following entries are displayed on this screen:  Global Config 802.1X: Enable/Disable the 802.1X function. Auth M

Retry Times: Specify the maximum transfer times of the repeated authentication request. Supplicant Timeout: Specify the maximum time for the switch

working for its fixed unauthorized status. Control Type: Specify the Control Type for the port.  MAC Based: Any client connected to the port shoul

Secondary IP: Enter the IP address of the alternate accounting server. Accounting Port: Set the UDP port of accounting server(s). The default port

 PPPoE Circuit-ID Tag Operation Process The general PPPoE Circuit-ID Tag work process is shown below: Figure 12-25 PPPoE Discovery Process The PPP

Figure 12-26 PPPoE Circuit-ID Config The following entries are displayed on this screen:  Global Config PPPoE Circuit-ID Insertion: Enable/Disable

Config. You are suggested to click Save Config before cutting off the power or rebooting the switch to avoid losing the new configurations. Return to

Chapter 13 SNMP  SNMP Overview SNMP (Simple Network Management Protocol) has gained the most extensive application on the UDP/IP networks. SNMP pr

failing to pass community name authentication are discarded. The community name can limit access to SNMP Agent from SNMP NMS, functioning as a passwo

SNMP module is used to configure the SNMP function of the switch, including three submenus: SNMP Config, Notification and RMON. 13.1 SNMP Config The

13.1.2 SNMP View The OID (Object Identifier) of the SNMP packets is used to describe the managed objects of the switch, and the MIB (Management Info

Figure 13-5 SNMP Group The following entries are displayed on this screen:  Group Config Group Name: Enter the SNMP Group name. The Group Name, S

 Group Table Select: Select the desired entry to delete the corresponding group. It'smulti-optional. Group Name: Displays the Group Name her

User Type: Select the type for the User.  Local User: Indicates that the user is connected to a local SNMP engine.  Remote User: Indicates that

13.1.5 SNMP Community SNMP v1 and SNMP v2c adopt community name authentication. The community name can limit access to the SNMP agent from SNMP netw

Configuration Procedure:  If SNMPv3 is employed, please take the following steps: Step Operation Description 1 Enable SNMP function globally. Re

13.2 Notification With the Notification function enabled, the switch can initiatively report to the management station about the important events tha

Chapter 4 System The System module is mainly for system configuration of the switch, including four submenus: System Info, User Management, System T

Type: Select the type for the notifications.  Trap: Indicates traps are sent.  Inform: Indicates informs are sent. The Inform type has a higher

Figure 13-9 Traps Config The following entries are displayed on this screen:  SNMP Traps SNMP Authentication: If selected, the switch will send an

VLAN Create/Delete If selected, the switch will send a VLAN Create/Delete trap when a VLAN is being created or deleted. IP Change: If selected, the

13.3 RMON RMON (Remote Monitoring) basing on SNMP (Simple Network Management Protocol) architecture, functions to monitor the network. RMON is curren

Figure 13-10 History Control The following entries are displayed on this screen:  History Control Table Select: Select the desired entry for conf

 Event Table Select: Select the desired entry for configuration. Index: Displays the index number of the entry. User: Enter the name of the User

at the end of the sampling interval.  Delta: Subtracts the last sampled value from the current value. The difference in the values is compared to t

Chapter 14 LLDP LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used for network devices to advertise their own device informatio

 Disable: the port cannot transmit or receive LLDPDUs. 2) LLDPDU transmission mechanism  If the ports are working in TxRx or Tx mode, they will a

TLV Type TLV Name Description Usage in LLDPDU 3 Time To Live Indicates the number of seconds that the neighbor device is to regard the local infor

Indicates the 1000Mbps port is at the speed of 10Mbps or 100Mbps. Indicates the SFP port is not connected to a device. Indicates the SFP port is a

TLV Description System Name TLV The System Name TLV allows network management to advertise the system's assigned name, which should be the sys

Figure 14-1 Global Configuration The following entries are displayed on this screen:  Global Config LLDP: Enable/disable LLDP function globally.

Figure 14-2 Port Configuration The following entries are displayed on this screen:  LLDP Port Config Port Select: Select the desired port to conf

Figure 14-3 Local Information The following entries are displayed on this screen:  Auto Refresh Auto Refresh: Enable/Disable the auto refresh fu

The following entries are displayed on this screen:  Auto Refresh Auto Refresh: Enable/Disable the auto refresh function. Refresh Rate: Specify t

Figure 14-5 Device Statistics The following entries are displayed on this screen:  Auto Refresh Auto Refresh: Enable/Disable the auto refresh fun

Receive Total: Displays the number of LLDPDUs received by this port. Discards: Displays the number of LLDPDUs discarded by this port. Errors: Di

Chapter 15 Cluster With the development of network technology, the network scale is getting larger and more network devices are required, which may

 The commander switch discovers and determines candidate switches by collecting related information.  After being added to the cluster, the candi

The following entries are displayed on this screen:  Neighbor Search Option: Select the information the desired entry should contain and then clic

4.1.2 Device Description On this page you can configure the description of the switch, including device name, device location and system contact. Cho

The following entries are displayed on this screen:  Global Config NDP: Displays the global NDP status (enabled or disabled) for the switch. Aging

Figure 15-4 NDP Config The following entries are displayed on this screen:  Global Config NDP: Enable/Disable NDP function globally. Aging Time:

15.2 NTDP NTDP (Neighbor Topology Discovery Protocol）is used for the commander switch to collect NDP information. NTDP transmits and forwards NTDP to

Neighbor Info: Click the Detail button to view the complete information of this device and its neighbors. Collect Topology: Click the Collect Topol

Figure 15-7 NTDP Summary The following entries are displayed on this screen:  Global Config NTDP: Displays the NTDP status (enabled or disabled)

Figure 15-8 NTDP Config The following entries are displayed on this screen:  Global Config NTDP: Enable/Disable NTDP for the switch globally. NT

Enable: Click the Enable button to enable NTDP feature for the port you select. Disable: Click the Disable button to disable NTDP feature for the p

 For a commander switch，the following page is displayed: Figure 15-10 Cluster Summary for Commander Switch The following entries are displayed on

Hops: Displays the hop count from the member switch to the commander switch.  For a member switch, the following page is displayed: Figure 15-11

 For a candidate switch, the following page is displayed. Figure 15-13 Cluster Configuration for Candidate Switch The following entries are displa

The following entries are displayed on this screen:  Time Info Current System Date: Displays the current date and time of the switch. Current Time

The following entries are displayed on this screen:  Current Role Role: Displays the role the current switch plays in the cluster.  Role Change

The following entries are displayed on this screen:  Current Role Role: Displays the role the current switch plays in the cluster.  Role Change

15.3.4 Cluster Topology On this page you can see the whole cluster topology. Click the node switch to directly log on to the corresponding Web manag

 If the switch is a commander switch in the cluster, please take the following steps. Step Operation Description 1 Enable the NDP function globa

Chapter 16 Maintenance Maintenance module, assembling the commonly used system tools to manage the switch, provides the convenient method to locate

16.1.2 Memory Monitor Choose the menu Maintenance→System Monitor→Memory Monitor to load the following page. Figure 16-2 Memory Monitor Click the Mo

The Log function is implemented on the Log Table, Local Log, Remote Log and Backup Log pages. 16.2.1 Log Table The switch supports logs output to t

16.2.2 Local Log Local Log is the log information saved in switch. By default, all system logs are saved in log buffer and the logs with severities

Figure 16-5 Log Host The following entries are displayed on this screen:  Log Host Index: Displays the index of the log host. The switch supports

Backup Log: Click the Backup Log button to save the log as a file to your computer. Note: It will take a few minutes to backup the log file. Please

The following entries are displayed on this screen:  DST Config DST Status: Enable or Disable DST. Predefined Mode: Select a predefined DST confi

16.4 Network Diagnostics This switch provides Ping test and Tracert test functions for network diagnostics. 16.4.1 Ping Ping test function, testing

16.4.2 Tracert Tracert test function is used to test the connectivity of the gateways during its journey from the source to destination of the test

Chapter 17 System Maintenance via FTP The firmware can be downloaded to the switch via FTP function. FTP (File Transfer Protocol), a protocol in the

2） The Connection Description Window will prompt shown as Figure 17-3. Enter a name into the Name field and click OK. Figure 17-3 Connection Descrip

Figure 17-5 Port Settings 3. Download Firmware via bootUtil menu To download firmware to the switch via FTP function, you need to enter into the bo

4） Configure the parameters of the FTP server which keeps the upgrade firmware. Later you can download the firmware to the switch from the FTP server

Appendix A: Specifications IEEE802.3 10Base-T Ethernet IEEE802.3u 100Base-TX/100Base-FX Fast Ethernet IEEE802.3ab 1000Base-T Gigabit Ethernet IEEE802

Appendix B: Configuring the PCs In this section, we’ll introduce how to install and configure the TCP/IP correctly in Windows 2000 and TCP/IPv6 in WI

Figure B-2 5) The following Internet Protocol (TCP/IP) Properties window will display and the IP Address tab is open on this window by default. Fig

6) Select Use the following IP address. And the following items will be available. If the switch's IP address is 192.168.0.1, specify IP address

Figure 4-7 System IP The following entries are displayed on this screen:  IP Config MAC Address: Displays MAC Address of the switch. IP Address M

Figure B-6 5) The following TCP/IPv6 Properties window will display and the IP Address tab is open on this window by default. 280

281 Figure B-7 6) Select Use the following IPv6 address. And the following items will be available. If the switch's global IPv6 address is 3001

Appendix C: 802.1X Client Software In 802.1X mechanism, the supplicant Client should be equipped with the corresponding client software complied with

Figure C-3 Welcome to the InstallShield Wizard 4. To continue, choose the destination location for the installation files and click Next on the fol

Figure C-5 Install the Program 6. The InstallShield Wizard is installing TpSupplicant shown as the following screen. Please wait. Figure C-6 Setup

Figure C-7 InstallShield Wizard Complete Note: Please pay attention to the tips on the above screen. If you have not installed WinPcap 4.0.2 or the

2. Then the following screen will appear. If you want to stop the remove process, click Cancel. Figure C-9 Preparing Setup 3. On the continued scre

Figure C-12 TP-LINK 802.1X Client Enter the Name and the Password specified in the Authentication Server. The length of Name and Password should be

3. To continue, click Connect button after entering the Name and Password on Figure C-12. Then the following screen will appear to prompt that the Ra

289 A1: It’s because the supported DLL file is missing. You are suggested to go to http://www.winpcap.org to download WinPcap 4.0.2 or the higher ve

II Safety Information  When product has power button, the power button is one of the way to shut off the product; When there is no power button,

4.1.6 System IPv6 IPv6 (Internet Protocol version 6), also called IPng (IP next generation), was developed by the IETF (Internet Engineering Task For

Appendix D: Glossary Access Control List (ACL) ACLs can limit network traffic and restrict access to certain users or devices by checking each packet

Generic Multicast Registration Protocol (GMRP) GMRP allows network devices to register end stations with multicast groups. GMRP requires that any par

Layer 2 Data Link layer in the ISO 7-Layer Data Communications Protocol. This is related directly to the hardware interface for network devices and p

293 Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and e

 Introduction to IPv6 address 1. IPv6 address format An IPv6 address is represented as a series of 16-bit hexadecimals, separated by colons (:). An

The type of an IPv6 address is designated by the first several bits called format prefix. The following table lists the mappings between address type

An interface ID is used to identify interfaces on a link. The interface ID must be unique to the link. It may also be unique over a broader scope. In

1. IPv6 Neighbor Solicitation Message A value of 135 in the Type field of the ICMP packet header identifies a neighbor solicitation (NS) message. Nei

 Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be completed  Default router information (whether the

Choose the menu System →System Info →System IPv6 to load the following page. Figure 4-10 System IPv6 The following entries are displayed on this scr

Status: Displays the status of the link-local address.  Normal: Indicates that the link-local address is normal.  Try: Indicates that the link-l

Status: Displays the status of the global address.  Normal: Indicates that the global address is normal.  Try: Indicates that the global address

Figure 4-12 User Config The following entries are displayed on this screen:  User Info User Name: Create a name for users’ login. Access Level:

CONTENTS Package Contents...1

4.3 System Tools The System Tools function, allowing you to manage the configuration file of the switch, can be implemented on Config Restore, Confi

Figure 4-14 Config Backup The following entries are displayed on this screen:  Config Backup Backup Config: Click the Backup Config button to sav

4.3.4 System Reboot On this page you can reboot the switch and return to the login page. Please save the current configuration before rebooting to av

Figure 4-18 Access Control The following entries are displayed on this screen:  Access Control Config Control Mode: Select the control mode for u

 Access User Number Number Control； Enable/Disable the Number Control function. Admin Number: Enter the maximum number of the users logging on to

Figure 4-19 SSL Config The following entries are displayed on this screen:  Global Config SSL: Enable/Disable the SSL function on the switch. 

Comprising server and client, SSH has two versions, V1 and V2 which are not compatible with each other. In the communication, SSH server and client c

Download: Click the Download button to down the desired key file to the switch. Note: 1. Please ensure the key length of the downloaded file is in

 Network Requirements 1. Log on to the switch via key authentication using SSH and the SSH function is enabled on the mmended. 1. Select the key

3. On the Web management page of the switch, download the public key file saved in the computer to the switch. Note: 1. The key type should acc

5.1 Port ...42 5.1.1 Port

5. Click Browse to download the private key file to SSH client software and click Open. After successful authentication, please enter the login use

41 Note: Following the steps above, you have already entered the User EXEC Mode of the switch. However, to configure the switch, you need a password

Chapter 5 Switching Switching module is used to configure the basic functions of the switch, including four submenus: Port, LAG, Traffic Monitor and

Status: Allows you to Enable/Disable the port. When Enable is selected, the port can forward the packets normally. Speed and Duplex: Select the S

The following entries are displayed on this screen.  Mirroring Port Mirroring Port: Select a port from the pull-down list as the mirroring port. W

Figure 5-3 Port Security The following entries are displayed on this screen:  Port Security Select: Select the desired port for Port Security con

5.1.4 Port Isolation Port Isolation provides a method of restricting traffic flow to improve the network security by forbidding the port to forward p

Choose the menu Switching→Port→LoopbackDetection to load the following page. Figure 5-5 Loopback Detection Config The following entries are displaye

Operation Mode: Select the mode how the switch processes the detected loops.  Alert: When a loop is detected, display an alert.  Port based: Wh

2. The traffic load of the LAG will be balanced among the ports according to the Aggregate Arithmetic. If the connections of one or several ports ar

6.8.1 PVLAN Config...85 6.8.2 Port Config ...

Figure 5-7 Detail Information 5.2.2 Static LAG On this page, you can manually configure the LAG. The LACP feature is disabled for the member ports

Tips: 1. The LAG can be deleted by clearing its all member ports. 2. A port can only be added to a LAG. If a port is the member of a LAG or is dyn

Figure 5-9 LACP Config The following entries are displayed on this screen:  Global Config System Priority: Specify the system priority for the sw

Status: Enable/Disable the LACP feature for your selected port. LAG: Displays the LAG number which the port belongs to. 5.3 Traffic Monitor The Tr

Packets Tx: Displays the number of packets transmitted on the port. Octets Rx: Displays the number of octets received on the port. The error octe

Sent: Displays the details of the packets transmitted on the port. Broadcast: Displays the number of good broadcast packets received or transmitted

Type Configuration Way Aging outBeing kept after reboot (if the configuration is saved) Relationship between the bound MAC address and the port Sta

Type: Select the type of your desired entry.  All: This option allows the address table to display all theaddress entries.  Static: This option

The following entries are displayed on this screen:  Create Static Address MAC Address: Enter the static MAC Address to be bound. VLAN ID: En

On this page, you can configure the dynamic MAC address entry. Choose the menu Switching→MAC Address→Dynamic Address to load the following page. Fig

9.1.7 Packet Statistics...144 9.1.8 Querier Config...

Bind: Click the Bind button to bind the MAC address of your selected entryto the corresponding port statically. Tips: Setting aging time properly h

61  Filtering Address Table Select: Select the entry to delete the corresponding filtering address. It ismulti-optional. MAC Address: Displays

Chapter 6 VLAN The traditional Ethernet is a data network communication technology basing on CSMA/CD (Carrier Sense Multiple Access/Collision Detect

6.1 802.1Q VLAN VLAN tags in the packets are necessary for the switch to identify packets of different VLANs. The switch works at the data link laye

 PVID PVID (Port Vlan ID) is the default VID of the port. When the switch receives an un-VLAN-tagged packet, it will add a VLAN tag to the packet a

To ensure the normal communication of the factory switch, the default VLAN of all ports is set to VLAN1. The following entries are displayed on this

The following entries are displayed on this screen:  VLAN Config VLAN ID: Enter the ID number of VLAN. Description: Give a description to the VLA

Figure 6-5 802.1Q VLAN – Port Config The following entries are displayed on this screen:  VLAN Port Config Port Select: Click the Select button

Click the Detail button to view the information of the corresponding VLAN. Figure 6-6 View the Current VLAN of Port The following entries are displa

received port. Thus, the packet is assigned automatically to the corresponding VLAN for transmission. 2. When receiving tagged packet, the switch w

11.3 Policy Config...182 11.3.1 Policy Su

6.2.2 Port Enable On this page, you can enable the port for the MAC VLAN feature. Only the port is enabled, can the configured MAC VLAN take effect.

Protocol Type Type value IPX 0x8137 IS-IS 0x8000 LACP 0x8809 802.1X 0x888E Table 6-2 Protocol types in common use The packet in Protocol VLAN is pro

 Protocol VLAN Table Select: Select the desired entry. It is multi-optional. Protocol: Displays the protocol template of the VLAN. Ether Type: D

6.3.3 Port Enable On this page, you can enable the port for the Protocol VLAN feature. Only the port is enabled, can the configured Protocol VLAN tak

 Switch B is connecting to PC B and Server A;  PC A and Server A is in the same VLAN;  PC B and Server B is in the same VLAN;  PCs in the two

6.5 Application Example for MAC VLAN  Network Requirements  Switch A and switch B are connected to meeting room A and meeting room B respectivel

Step Operation Description 4 Configure MAC VLAN 10 On VLAN→MAC VLAN→MAC VLAN page, create MAC VLAN10 with the MAC address as 00-19-56-8A-4C-71. 5

 IP host, in VLAN10, is served by IP server while AppleTalk host is served by AppleTalk server;  Switch B is connected to IP server and AppleTalk

Step Operation Description 4 Create Protocol Temp l ate Required. On VLAN→Protocol VLAN→Protocol Template page, configure the protocol template pr

Protocol type Value LACP 0x8809 802.1X 0x888E Table 6-3 Values of Ethernet frame protocol type in common use This VLAN VPN function is implemented o

13.2.2 Traps Config...230 13.3 RMON...

Choose the menu VLAN→VLAN VPN→VLAN Mapping to load the following page. Figure 6-13 Create VLAN Mapping Entry The following entries are displayed on

Figure 6-14 Enable VLAN Mapping for Port Select your desired port for VLAN Mapping function. All the ports are disabled for VLAN Mapping function by

6.8 Private VLAN Private VLANs, designed to save VLAN resources of uplink devices and decrease broadcast, are sets of VLAN pairs that share a common

 Packets from different Secondary VLANs can be forwarded to the uplink device via promiscuous port and carry no corresponding Secondary VLAN informa

Port5 5 VLAN5 Port2 2 VLAN2 Port3 3 VLAN3 Table 6-4 Port settings before configuration synchronization Port PVID Allowed VLANs Port5 5 VLAN2,

The Private VLAN packet forwarding process (here we take traffic transmission for PC2) based on the figure above is illustrated as follows: 1) PC2

Choose the menu VLAN→Private VLAN→PVLAN Config to load the following page. Figure 6-16 Create Private VLAN The following entries are displayed on th

Figure 6-17 Create and View Protocol Template The following entries are displayed on this screen:  Port Config Port: Select the desired port for

Step Operation Description 4 Delete VLAN. Optional. On the VLAN→Private VLAN→PVLAN Config page, select the desired entry to delete the correspond

 LeaveAll Timer: Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveAll message after the timer times out, so that ot