742909
154
Zoom out
Zoom in
Vorherige Seite
1/177
Nächste Seite
User Guide
I
Copyright Statement
is the registered trademark of Shenzhen Tenda Technology Co., Ltd. All the products and
product names mentioned herein are the trademarks or registered trademarks of their respective holders.
Copyright of the whole product as integration, including its accessories and software, belongs to
Shenzhen Tenda Technology Co., Ltd. No part of this publication can be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language in any form or by any means
without the prior written permission of Shenzhen Tenda Technology Co., Ltd. If you would like to know
more about our product information, please visit our website at http://www.tendacn.com .
Disclaimer
Pictures, images and product specifications herein are for references only. To improve internal design,
operational function, and/or reliability, Tenda reserves the right to make changes to the products
described in this document without obligation to notify any person or organization of such revisions or
changes. Tenda does not assume any liability that may occur due to the use or application of the product
or circuit layout(s) described herein. Every effort has been made in the preparation of this document to
ensure accuracy of the contents, but all statements, information and recommendations in this document do not
constitute the warranty of any kind, express or implied.
User Guide
II
Safety Guidelines
Observe the following safety guidelines to ensure your own personal safety and to help protect your
system from potential damage.
Basic Requirements
1. Keep the device strictly dry while storing, shipping and using;
2. Keep the device from fierce collision;
3. Follow the instructions provided in this manual to install the device;
4. Please contact the specified maintenance staff rather than remove the device on your own if any fault
happens.
Environmental Requirements
1. Temperature - Install the switch in a dry area, with ambient temperature between 0 and 40ºC (32 and
104ºF). Keep the switch away from heat sources such as direct sunlight, warm air exhausts, hot-air
vents, and heaters;
2. Operating humidity - The installation location should have a maximum relative humidity of 90%,
non-condensing;
3. Ventilation - Do not restrict airflow by covering or obstructing air inlets on the sides of the switch. Keep it
at least 10cm free on all sides for cooling. Be sure there is adequate airflow in the room or wiring closet
where the switch is installed;
4. Operating conditions - Keep the switch away from nearest source of electromagnetic noise, such as
photocopy machines, microwaves, cellphones, etc.
Use Notes
1. Use the provided accessories, such as the cable, mounting kit, etc;
2. Ensure the basic supply voltage standard must be met;
3. Keep the power plug clean and dry in case of electric shock or other dangers;
4. Keep your hands dry while plugging cables;
5. Shut down the device and power it off before plugging cables;
6. Disconnect the power supply and pull out all cables, such as the power cord, fiber, Ethernet cable, etc.
in lightening days;
7. Disconnect the power supply and pull out the plug if the device is out of use for a long time;
8. Keep the device far from water or other liquids;
9. Contact the specified maintenance staff if any problem occurs;
10. Do not tread on, drag or excessively bend its cable;
11. Do not use worn or aged cables;
12. Do not look the fiber interface in your eyes in case of eye damage;
14. Prevent some matters, such as metals, from entering the device through the ventilation hole;
15. Do not scrape or fray the device’s housing shell in case of abnormal operation or human body allergic;
16. Keep the device out of children’s reaches.
Cleaning Notes
1. Shut down the device and pull out all cables before cleaning it;
2. Use soft cloth to clean the devices housing shell.
Environmental Protection
1. Throw the discarded device or batteries into the specified recycling places;
2. Observe local relevant packages, wasted batteries and discarded device processing acts and support
recycling action.
User Guide
III
Contents
Chapter 1 Product Overview ........................................................................................................................... 1
1.1 Overview .............................................................................................................................................................. 1
1.2 Physical Description ........................................................................................................................................... 1
1.2.1 Front Panel ................................................................................................................................................... 1
1.2.2 Back Panel ................................................................................................................................................... 1
1.3 Specifications ...................................................................................................................................................... 1
1.3.1 Hardware Specifications ............................................................................................................................. 1
1.3.2 Software Specifications .............................................................................................................................. 2
1.3.3 Package Contents ....................................................................................................................................... 4
1.4 Device Hardware Interfaces .............................................................................................................................. 4
1.4.1 LEDs .............................................................................................................................................................. 4
1.4.2 Interfaces ...................................................................................................................................................... 4
1.4.3 Fan ................................................................................................................................................................. 6
1.5 Interface Serial Number ..................................................................................................................................... 6
Chapter 2 Installation ....................................................................................................................................... 7
2.1 Installing the Switch in a Rack .......................................................................................................................... 7
2.2 Installing the Switch on a Flat Workbench ...................................................................................................... 7
2.3 Connecting to Protective Grounding Line........................................................................................................ 8
2.3.1 With Grounding Bar ..................................................................................................................................... 8
2.3.2 Without Grounding Bar ............................................................................................................................... 8
2.4 Connecting the power cord ................................................................................................................................ 9
2.5 Connecting to Interface Cable .......................................................................................................................... 9
2.5.1 Connecting to Console Port ....................................................................................................................... 9
2.5.2 Connecting to RJ45 ports ........................................................................................................................... 9
2.5.3 Connecting to SFP fiber combo ports .................................................................................................... 10
2.5.4 Connecting to PDs .................................................................................................................................... 10
2.6 Checking the Installation .................................................................................................................................. 10
Chapter 3 Login ............................................................................................................................................... 11
3.1 Web Login .......................................................................................................................................................... 11
3.1.1 Preparation ................................................................................................................................................. 11
3.1.2 Configuration Preparation ........................................................................................................................ 11
3.2 Login through Console Port ............................................................................................................................. 12
3.2.1 Preparation ................................................................................................................................................. 12
3.2.2 Configuration Preparation ........................................................................................................................ 12
3.3 Telnet Login ....................................................................................................................................................... 14
Chapter 4 Web Configuration ........................................................................................................................ 15
4.1 Administration .................................................................................................................................................... 19
4.1.1 System Configuration ................................................................................................................................ 19
4.1.2 System Security ......................................................................................................................................... 23
User Guide
IV
4.2 Port Management ............................................................................................................................................. 27
4.2.1 Port Configuration ...................................................................................................................................... 27
4.2.2 Link Aggregation ........................................................................................................................................ 32
4.3 VLAN Management .......................................................................................................................................... 38
4.3.1 VLAN ........................................................................................................................................................... 39
4.3.2 MAC VLAN ................................................................................................................................................. 49
4.3.3 Protocol VLAN ........................................................................................................................................... 51
4.3.4 Voice VLAN ................................................................................................................................................ 54
4.4 PoE Management ............................................................................................................................................. 59
4.4.1 Global Setup ............................................................................................................................................... 59
4.4.2 Port Setup ................................................................................................................................................... 60
4.5 Time Range Management ............................................................................................................................... 62
4.5.1 Time Range ................................................................................................................................................ 62
4.6 Device Management ....................................................................................................................................... 122
4.6.1 MAC ........................................................................................................................................................... 122
4.6.2 STP ............................................................................................................................................................ 125
4.6.3 LLDP .......................................................................................................................................................... 134
4.6.4 IGSP .......................................................................................................................................................... 137
4.6.5 SNMP ........................................................................................................................................................ 140
4.6.6 DHCP Relay ............................................................................................................................................. 146
4.6.7 DHCP Snooping ...................................................................................................................................... 153
4.7 QoS ................................................................................................................................................................... 156
4.7.1 QoS Configuration ................................................................................................................................... 156
4.7.2 Traffic Control ........................................................................................................................................... 161
4.7.3 ACL ............................................................................................................................................................ 163
4.8 Security ............................................................................................................................................................. 169
4.8.1 Attack Defense ......................................................................................................................................... 169
4.8.2 IP Filter ...................................................................................................................................................... 175
4.8.3 MAC Filter ................................................................................................................................................. 178
4.8.4 802.1X ....................................................................................................................................................... 179
4.9 Smart Configuration ........................................................................................................................................ 183
4.9.1 For Hotel ................................................................................................................................................... 183
4.9.2 For Business ............................................................................................................................................ 186
4.10 Maintenance .................................................................................................................................................. 187
4.10.1 Syslog ..................................................................................................................................................... 187
4.10.2 Network Diagnostics ............................................................................................................................. 188
4.11 Logout ............................................................................................................................................................. 191
4.12 Save Configurations ..................................................................................................................................... 192
Chapter 5 CLI Configuration ........................................................................................................................ 193
5.1 Login ................................................................................................................................................................. 193
5.2 Features of Command Interface ................................................................................................................... 193
5.3 Command Line Configuration Guide ............................................................................................................ 193
User Guide
V
5.3.1 Commands for entering common views ............................................................................................... 193
5.3.2 Config system info ................................................................................................................................... 193
5.3.3 Config IP address manually ................................................................................................................... 194
5.3.4 Enable DHCP client to obtain an IP address ....................................................................................... 194
5.3.5 User configuration ................................................................................................................................... 194
5.3.6 System Time Configuration .................................................................................................................... 195
5.3.7 Reset and reboot ..................................................................................................................................... 195
5.3.8 Firmware Update ..................................................................................................................................... 195
5.3.9 Web login timeout configuration ............................................................................................................ 196
5.3.10 Config port settings ............................................................................................................................... 196
5.3.11 Port mirroring configuration ................................................................................................................. 196
5.3.12 View RX/TX packet statistics ............................................................................................................... 197
5.3.13 Config Port Rate Limit........................................................................................................................... 197
5.3.14 Config Link Aggregation ....................................................................................................................... 197
5.3.15 VLAN configuration ............................................................................................................................... 199
5.3.16 MAC VLAN ............................................................................................................................................. 202
5.3.17 Protocol VLAN ....................................................................................................................................... 202
5.3.18 Voice VLAN ............................................................................................................................................ 202
5.3.19 MAC Configuration ................................................................................................................................ 203
5.3.20 QoS Configuration ................................................................................................................................. 204
5.3.21 STP Configuration ................................................................................................................................. 205
5.3.22 IGMP configuration ............................................................................................................................... 208
5.3.23 Time Range Management ................................................................................................................... 209
5.3.24 POE management ................................................................................................................................. 210
5.3.25 ACL Configuration ................................................................................................................................. 210
5.3.26 DoS Attack Defense Configuration ..................................................................................................... 212
5.3.27 Worm Attack Defense Configuration .................................................................................................. 213
5.3.28 ARP Attack Defense Configuration .................................................................................................... 214
5.3.29 Config MAC Attack Defense ................................................................................................................ 214
5.3.30 IP Filter Configuration ........................................................................................................................... 215
5.3.31 DHCP Relay ........................................................................................................................................... 216
5.3.32 DHCP Snooping .................................................................................................................................... 217
5.3.33 SNMP Agent Configuration .................................................................................................................. 218
5.3.34 Log configuration ................................................................................................................................... 220
5.3.35 802.1X Configuration ............................................................................................................................ 221
5.3.36 Save Configurations .............................................................................................................................. 222
Chapter 6 Appendix ....................................................................................................................................... 224
6.1 Glossary ........................................................................................................................................................... 224
6.2 Technical Support ........................................................................................................................................... 228
Appendix Safety and Emission Statement ................................................................................................. 229
User Guide
1
Chapter 1 Product Overview
1.1 Overview
Thank you for purchasing this product. This 24-port Smart Gigabit PoE Switch provides 24
10/100/1000Mbps auto-sensing RJ45 ports, 4 1000Mbps Combo (copper/fiber) ports and one Console
port. All its RJ45 ports are PoE-capable and it can connect up to 24 IEEE 802.3af-compliant PDs (15.4W)
or up to 12 IEEE 802.3at-compliant PDs (30W). In addition, it supports VLAN, QoS, DHCP, IGMP
snooping, ACL, STP, RSTP, MSTP, port mirroring, link aggregation and other features. Aiming at solving
the safety problems in LAN, it provides user management classification, management VLAN, ARP attack
defense, worm attack defense, DoS attack defense, MAC attack defense, IP+MAC+PORT+VLAN Bind,
MAC filter and other safety settings through visual WEB interface operations. With high performance and
low cost, it is ideal for hotels and enterprises.
1.2 Physical Description
Figure 1-1 Outside View
1.2.1 Front Panel
The front panel contains the following:
• 24 10/100/1000Mbps RJ45 ports
• Four SFP ports
One Console port
• Reset button
Port LEDs
• System LEDs
• PoE-MAX LED
Figure 1-2 Front Panel
1.2.2 Back Panel
Figure 1-3 Back Panel
A grounding stud for lightning protection;
A 176-264VAC 50/60 Hz 6A power receptacle for accommodating the supplied power cord;
A power switch for turning on/off power supply;
1.3 Specifications
1.3.1 Hardware Specifications
User Guide
2
Item
Specification
Input Voltage
100 - 240VAC 50/60Hz 6A
Power Consumption
About 15W(no load);
About 390W(full load);
PoE
24 10/100/1000Mbps auto-sensing, PoE-capable RJ45 ports
with up to 30W on each;
It supports static or dynamic power allocation and can
connect up to 24 IEEE 802.3af-compliant PDs (15.4W) or
up to 12 IEEE 802.3at-compliant PDs (30W);
Interface
24 RJ45 10/100/1000 auto-sensing Giga switching ports;
4 1000Mbps SFP ports;
Management Interface
One Console port
Operating Temperature
0 - 40
Storage Temperature
-40 - 70
Operating Humidity
10% - 90% RH, non-condensing
Storage Humidity
5% - 90% RH, non-condensing
Safety
UL 60950-1
CAN/CSAC22.2 No 60950-1
IEC 60950-1
EN 60950-1/A11
AS/NZS 60950-1
EN 60825-1
EN 60825-2
EMC
EN 55024;1998+A1:2001+A2:2003
EN 55022:2006
ICES-003:2004
EN 61000-3-2:2000+A1:2001+A2:2005
EN 61000-3-3:1995+A1:2001+A2:2005
AS/NZS CISPR 22:2004
FCC PART 15:2005
ETSI EN 300 386 V1.3.3:2005
MTBF
> 100,000h
Dimension
440mm * 284mm * 44mm
Weight
< 7.5kg
1.3.2 Software Specifications
Features
Specification
Switch Volume
(Full-duplex)
56Gbps
Packet Forwarding
Rate(full load)
35.7Mpps
User Guide
3
MAC Address Table
8K
VLAN
1. VLAN distribution based on ports. Up to 24 can be configured;
2. IEEE 802.1Q VLAN. Up to 128 can be configured;
3. Protocol VLAN. Up to 16 can be configured;
4. MAC VLAN. Up to 64 can be configured;
5. Voice VLAN;
DHCP
DHCP Snooping, DHCP Relay, and DHCP Client
Multicast
1. IGMP Snooping V1/V2;
2. Up to 128 can be configured;
3. Fast leave;
Broadcast Storm
Constrain
1. Broadcast storm constrain based on ports;
2. Multicast storm constrain based on ports;
3. Unknown unicast storm constrain based on ports;
STP
1. IEEE 802.1d STP;
2. IEEE 802.1w FSTP;
3. IEEE 802.1s MSTP protocol. In MSTP mode, up to 16 STP instances
can be configured;
4. Edge port;
5. P2P port;
6. STP BPDU packets statistics;
ACL
1. MAC ACL. Up to 100 entries can be configured;
2. IPv4 ACL. Up to 100 entries can be configured;
3. Time range limit;
Safety
1. ARP attack defense, worm attack defense, DoS attack defense and
MAC attack defense;
2.User grading management and SSL certification;
3. Management VLAN;
4. IP+MAC+PORT+VLAN Bind. Up to 200 entries can be configured;
5. Interface isolation;
MAC Filter
1. Unicast MAC filter;
2. Up to 1000 entries can be configured;
QoS
1. 802.1P port trust mode;
2. IP DSCP port trust mode;
3. Bandwidth control;
4. Up to 4-queue QoS mapping;
Certification
1. IEEE 802.1X based on ports;
2. IEEE 802.1X based on MAC;
3. Up to 256 MAC can be certificated;
Upgrade
TFTP (Trivial File Transfer Protocol)
Management
1. Telnet configuration;
2. Console interface configuration;
3. SNMP (Simple Network Management Protocol);
4. WEB;
User Guide
4
PoE
1. IEEE 802.3at and IEEE 802.3af;
2. Maximum power consumption: 385W;
Maintenance
Ping\Tracert\Cable check-up;
1.3.3 Package Contents
Please verify that the package contains the following items:
Smart PoE Switch
• Power cord
Install guide
• Console cable
• L-shaped Mounting Kit (2 brackets, screws)
• Four footpads
1.4 Device Hardware Interfaces
1.4.1 LEDs
The following table explains LED designations.
LED
Color
Status
Description
POWER
Green
Off
Improper connection to power supply.
Solid
Proper connection to power supply.
SYS
Green
Off
System is functioning improperly.
Solid
System is functioning improperly.
Blinking
System is functioning properly.
PoE-MAX
Green
Off
Power available for additional PDs.
Solid
Reaching max power budget (354.2W)
and no more power available for another
new PD.
Link/Act 1-24
Orange
Off
An invalid link is established.
Solid
A valid link is established.
Blinking
Transmitting packets.
PoE 1-24
Green
Off
The PoE powered device (PD) is connected
and the port is supplying power
successfully.
Solid
No PoE-powered device (PD) connected.
SFP1 - SFP4
Green
Solid
Packet transmission or a valid link is
established on the port.
Off
An invalid link is established on the port.
1.4.2 Interfaces
1.4.2.1 Console Port
This switch, with an RS232 asynchronous console port, can be used for connecting PCs to test, configure,
User Guide
5
maintain and manage the system. The console cable is an 8-conductor cable. One end of the console
cable, RJ45 plug, is connected to the Console port on the switch; while the other end, DB9 plug, is
connected to 9-conductor console outlet.
Figure 1-4 Console Port Connection
1.4.2.2 Ethernet Interface
(1) Ethernet interface overview
This device has 24 RJ45 10/100/1000M auto-negotiation Gigabit Ethernet switching ports and 4 1000M
SFP fiber ports.
Speed rate and working mode in RJ45 port mode:
Speed Rate
Working Mode
10Mbps (auto-sensing)
Half/Full duplex auto-negotiation
100Mbps (auto-sensing)
Half/Full duplex auto-negotiation
1000Mbps (auto-sensing)
Full duplex auto-negotiation
Note-------------------------------------------------------------------------------------------------------------------------------
SFP fiber ports can only work in full-duplex auto-negotiation mode.
-------------------------------------------------------------------------------------------------------------------------------------------
(2) RJ45 Connector
The RJ45 physical connector, adopting CAT5 twisted-pair cable, is used for connecting
10/100/1000Mbps auto-negotiation RJ45 ports as shown below:
Figure 1-5 RJ45 Connector
(3) SFP Connector
SFP connector, mainly for detachable connection between optical channels, is very convenient for the test
and maintenance of the optical system. This device, with its 1000Mbps Combo (copper/fiber) ports,
supports gigabit SFP connector.
Figure 1-6 SFP Connector
User Guide
6
1.4.2.3 RESET Button
To restore factory defaults, press and hold the button for more than 5 seconds when the switch functions
correctly. When pressing it for a while, SYS LED will be off and POWER LED is solid. The device will
restart and all LEDs will be on. When the rebooting finished, SYS LED will be blinking, indicating restoring
to default factory settings.
1.4.3 Fan
This device has three fans for heat dissipation, one for mainboard and two for power supply to ensure
stable power supply.
1.5 Interface Serial Number
1-24: 24 10/100/1000Mbps auto-negotiation RJ45 ports
21-24/SFP1-SFP4: 1000Mbps combo (copper/fiber)ports
Console: RS232 asynchronous serial port
User Guide
7
Chapter 2 Installation
The smart switch can be installed on a flat surface or in a standard 19-inch rack.
2.1 Installing the Switch in a Rack
To install the switch in a rack, observe the following procedures. To perform this procedure, you need the
19-inch rack-mount kit supplied with switch.
1. Keep the kit well-earthed and stable;
2. Insert the screws provided into the bracket mounting holes to fix brackets onto the switch as shown
below.
Figure 2-1 Attach L-shaped brackets to the switch
3. Tighten the screws with the Phillips screwdriver to secure the switch in the rack.
Figure 2-2 Install the switch in the rack
2.2 Installing the Switch on a Flat Workbench
If a standard 19-inch rack is not available, place the switch on a clean, flat workbench. Attach the 4
footpads to corresponding position of the switch bottom to avoid potential sliding and vibration, and
ensure good ventilation and proper clearance around the switch for heat dissipation. See figure below:
Figure 2-3 Paste footpads to the bottom of the switch
Note-------------------------------------------------------------------------------------------------------------------------------
1. Please keep the switch in a dry and well ventilated environment.
2. Keep the workbench stable and well-earthed.
3. Do not restrict airflow by covering or obstructing air inlets of the switch. Keep more than 10 centimeters
free on all sides for cooling. Be sure there is adequate airflow in the room or wiring closet where the
switch is installed.
4. Don’t put heavy articles on the Switch.
5. Make sure there is more than 1.5 centimeters vertical distance free between devices that stack each
other.
-------------------------------------------------------------------------------------------------------------------------------------------
User Guide
8
2.3 Connecting to Protective Grounding Line
Proper connection of protective grounding line is important for lightning protection and anti-interference.
Proper connection is as follows:
2.3.1 With Grounding Bar
Connect the yellow-green color protective grounding cable to binding post on the grounding bar and fix
the screws.
Figure 2-4 Installation with grounding bar
(1) AC power input
(2) Grounding terminal connection
(3) Grounding cable protection
Note-------------------------------------------------------------------------------------------------------------------------------
Firefighting hoses and building lightning rods are not proper options for grounding bar. The grounding
cable on the switch should be connected to the grounding bar in the IT room.
-------------------------------------------------------------------------------------------------------------------------------------------
2.3.2 Without Grounding Bar
A. With mud land nearby and allowed to bury grounding bar.
Bury an angle iron or steel pipe (≥0.5m) into the mud land. The yellow-green color protective grounding
cable should be welded to the angle iron or steel pipe and the welding point should be embalmed.
Figure 2-5 Installation with buried grounding bar
(1) AC power input
(2) Grounding terminal connection
(3) Grounding cable protection
(4) Earth
(5) Grounding bar
B. Not allowed to bury grounding bar.
User Guide
9
If the device supports AC power supply, you can connect it to the grounding bar through the PE line of the
AC power and ensure the PE line in the switchgear room or beside the AC power supply transformer is
well-grounded.
Figure 2-6 Connect to ground through the PE cable of the AC power socket
2.4 Connecting the power cord
Step1: Connecting one end of the included power cord to the switch and the other end to a nearby AC
power outlet.
Step2: Verify the power LED on switch's front panel. An illuminated light indicates a proper power
connection.
Note-------------------------------------------------------------------------------------------------------------------------------
As for the power cord, different countries have different standards. Please determine whether to install the
card slot to fix the power cord according to the actual situation.
-------------------------------------------------------------------------------------------------------------------------------------------
2.5 Connecting to Interface Cable
2.5.1 Connecting to Console Port
Follow below steps to connect the PC or terminal to the switch (The terminal can be the emulation
program with RS232 console or a PC. Here take the PC for example):
1. Connect the DB9 plug on the console cable to the PC;
2. Connect the RJ45 connector to the console port on the switch.
Figure 2-7 Console port connection
2.5.2 Connecting to RJ45 ports
The switch provides auto MDI/MDIX feature on each RJ45 port. PCs or other terminals can simply
connect to any such ports of the switch via CAT.5, CAT.5e, UTP or STP cables.
1. Connect one end of the Ethernet cable to the Ethernet interface on the switch and the other end to
User Guide
10
the remote device;
2. Check PoE LED status. For LED status, please refer to 1.4.1 LEDs.
2.5.3 Connecting to SFP fiber combo ports
The small form-factor pluggable (SFP) module is a compact, hot-pluggable transceiver used for optical
signal transmission. The module bay is a combo port, sharing a connection with an RJ45 port. Being a
combo port, only one type of connection can be active at any given time. For example, both copper and
fiber port cannot be used at the same time. If both connectors are plugged in at the same time, the fiber
port becomes active.
The SFP module accommodates a standard SFP module with an LC connector.
2.5.4 Connecting to PDs
Connect PDs (PoE powered devices, for example, 802.3at-/802.3af-compliant AP, IP telephone or IP
camera) to switch. By default, the power supply mode is dynamic, PoE power supply is enabled and the
power supply standard is 802.3at.
Figure 2-8 PD devices connection
2.6 Checking the Installation
Before applying power perform the following:
• Inspect the equipment thoroughly.
• Verify that all cables are installed correctly.
• Check cable routing to make sure cables are not damaged or creating a safety hazard.
• Ensure all equipment is mounted properly and securely.
User Guide
11
Chapter 3 Login
3.1 Web Login
3.1.1 Preparation
Item
Caption
PC
Network Interface Card installed
IP and Subnet Mask
PC’s IP and the switch’s IP should be in the same network segment (It
can’t be 192.168.0.1).
WEB Browser
Microsoft IE 8.0 or higher
Ethernet Cable
One CAT.5 RJ45 cable
3.1.2 Configuration Preparation
1) Launch the browser, such as IE8, enter http://192.168.0.1 and then press Enter. The login page of
the switch would appear as shown below.
1) Enter the user name and password (the default values are admin), and then click Login to log in to
the switch’s configuration interface.
User Guide
12
3.2 Login through Console Port
3.2.1 Preparation
Item
Caption
PC
With the Console port
Ethernet Cable
DB9-RJ45 Console Cable
3.2.2 Configuration Preparation
Step 1: Connect the console port from your PC (or other terminals) to the console port on the switch.
Step 2: Run terminal program (for example, terminal in Windows 3.X, Hyper Terminal in Windows
9X/Windows 2000/Windows XP, an example of Windows XP is described below) on PC and select the
console port that is connected to the switch and configure as below (Note: For win7 and win8 OS, you
need to download the Hyper Terminal programme first):
Bits per second: 115200; Data bits: 8; Parity: None; Stop bits: 1; Flow control: None.
User Guide
13
Figure 3-1: New Connection
Figure 3-2: Connect To
User Guide
15
Then press OK, input the username and password “admin/admin” and the following window will appear:
Chapter 4 Web Configuration
This chapter instructs how to configure switch's functionalities and features on the Web manager.
It includes below sections:
Menu
Submenu
Description
System
Configuration
System Info
This section displays the device’s system
parameters.
System Time
This section allows you to configure system time
either by synchronizing with SNTP server or
specifying it manually.
Reset
Resets all settings to factory defaults.
Reboot
Reboots the device. Configurations will be lost if you
don’t save them before rebooting.
User Guide
16
Firmware Update
Updates firmware.
SSL Setup
Allows you to encrypt information.
User
This section allows you to add new users and
change old password.
Port Management
Port Setup
Displays and allows users to config port rate, flow
control and jumbo size.
Port Mirroring
Displays and allows users to config port mirroring
settings.
Port Statistics
Displays the number of packets transmitted and
received on corresponding ports.
Link Aggregation
Displays and allows users to config static and LACP
link aggregation settings.
VLAN Management
VLAN
Allows users to config port VLAN and 802.1Q VLAN
settings.
MAC VLAN
Allows users to configure MAC VLAN. Up to 64
MAC VLANs can be configured.
Protocol VLAN
Three forms: Ethernet, LLC, SNAP. Up to 16
protocol VLANs can be configured.
User Guide
17
Voice VLAN
Allows users to configure voice VLAN (manual or
auto).
PoE Management
Global Setup
Static and dynamic allocations are supported. The
default is dynamic allocation.
Port Setup
Two power supply standards: 802.3at and 802.3af.
By default, it is 802.3at.
Time Range
Management
Time Range
Allows users to configure absolute time, periodic
time, time slices, etc.
Device Management
MAC
Displays MAC table and allows users to manually
add static MAC addresses and fast binding.
STP
Allows users to configure STP, RSTP and MSTP
settings. Up to 16 instances can be configured.
LLDP
Allows users to configure LLDPBU settings and
displays neighbor info.
IGSP
Allows users to configure V1/V2 IGSP settings.
SNMP
Allows users to configure V1/V2c/V3 SNMP
settings.
User Guide
18
DHCP Relay
Allows users to implement DHCP among multiple
VLANs.
DHCP Snooping
Allows users to configure DHCP snooping settings,
DHCP server trust settings and client access
settings.
QoS
CoS
CoS priority 0-7 is supported. Default 0 and 3
correspond to queue 1; 1 and 2 correspond to 2; 4
and 5 correspond to queue 3; 6 and 7 correspond to
queue 4.
DSCP
DSCP priority 0-63 is supported.
Scheduling
Scheme
SP and WRR are supported. By default, it is SP.
Port Priority
Port priority 0-7. The default is 0.
Rate Limit
Allows users to configure ingress and egress rate
limit.
Storm Constrain
Allows users to configure broadcast, multicast, and
unknown unicast constrain settings.
ACL
Allows users to configure MAC/IP ACL settings. Up
to 100 entries can be configured.
Security
ARP Attack
Defense
Allows users to configure ARP attack defense
settings.
Worm Attack
Defense
Allows users to configure TCP and UDP settings to
filter packets.
User Guide
19
DoS Attack
Defense
Allows users to configure DoS attack defense
settings.
MAC Attack
Defense
Allows users to configure MAC attack defense
settings.
IP Filter
Configure IP+MAC+Port+VLAN Binding, ARP filter
and IP filter settings.
802.1X
Displays and allows you to configure 802.1X
settings.
Smart Configuration
Corporate and hotel network administrators can use
this section to easily configure file server port and
router port. For details, please refer to 4.9.
Maintenance
Allows users to configure syslog settings and
network diagnose settings.
Save Configurations
Save/backup/restore settings.
4.1 Administration
4.1.1 System Configuration
System Info
Click System Configuration -> System Info to enter interface below:
Fields on the screen are described below:
User Guide
20
Field
Description
Firmware Version
Displays switch's current firmware version
and release date.
Hardware Version
Displays switch's current hardware version.
MAC Address
Displays switch’s physical address.
Management
VLAN
Displays switch’s management VLAN ID.
VLAN1 is preset to management VLAN by
default.
System Name
Customize a system name for locating the
device quickly.
DHCP
Enable/disable the DHCP feature. When
enabled, the switch can obtain an IP address
automatically (provided that there is an active
DHCP server on the network and switch is
successfully connected to the network); when
disabled, you must config an IP address
manually.
IP Address
Config a static IP address, which will be used
to access the switch's web manager. The
default is 192.168.0.1.
Subnet Mask
Config the corresponding subnet mask of the
IP address specified above. The default is
255.255.255.0.
Gateway
Specify a gateway address for the switch.
MAC Age
This field specifies the length of time a
learned dynamic MAC Address will remain in
the forwarding table without being accessed
(that is, how long a learned MAC Address is
allowed to remain idle). The MAC Address
Aging Time can be set to any value between
10 and 1000000 seconds. The default setting
is 300 seconds.
Note-------------------------------------------------------------------------------------------------------------------------------
To view the IP address obtained from a DHCP server on the network, access the DHCP server or type the
"show ip" command on telnet interface.
-------------------------------------------------------------------------------------------------------------------------------------------
System Time
1. Overview
The switch allows you to synchronize system time with SNTP server or config time and date settings
manually.
User Guide
21
Sync with SNTP Server
The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer
systems over packet-switched, variable-latency data networks. Simple Network Time Protocol (SNTP) is
another less complex implementation of NTP. It synchronizes time between time servers and clients so
that clock-dependent devices on the network can consistently provide diverse time based applications.
Both SNTP server and client run over the User Datagram Protocol (UDP) on port number 123. When
BLAT UDP attack defense is enabled, it won’t be unable to acquire system time automatically.
Config time and date settings manually
Manually configured time will not be updated or synchronized with other devices and will be restored to
factory defaults after system reboot.
2. System Time -- Config
Click System Configuration -> System Time to enter interface below:
Steps to sync with SNTP server
1. Select a proper time zone from the Time Zone pull down list;
2. Click Server Setup and enter SNTP server IP address;
3. Specify an Update Interval value between 30 and 99999 seconds. The default is 30 seconds;
4. Click OK.
Now the switch will update system time from SNTP.
Steps to config time and date settings manually
1. Select a proper time zone from the Time Zone pull down list;
2. Click Set Time&Date Manually to configure the time and date.
3. Click OK.
Now the switch will work with the configured time.
Reset
Click System Configuration -> Reset to enter below interface.
Clicking the Restore button restores Switch’s configurations to the factory default settings.
User Guide
22
Note-------------------------------------------------------------------------------------------------------------------------------
1. Current settings will be lost after reset. So if you want to retain current settings, please click Save
Configurations.
2. Do not operate the device while reset is in process. Otherwise it may be damaged.
-------------------------------------------------------------------------------------------------------------------------------------------
Reboot
Click System Configuration -> Reboot to enter the below screen and click the Reboot button here to
restart the switch.
Firmware Update
Click System Configuration -> Firmware Update to enter interface below.
User Guide
23
This section displays current firmware version. To update the switch's firmware, click Browse to locate
and select the latest firmware and click Update. The process takes 1-2 minutes to finish.
Note-------------------------------------------------------------------------------------------------------------------------------
1. Do not disconnect power connection while upgrade is in process.
2. If power supply is disconnected, please upgrade it again; if unable to enter the management interface,
contact maintenance personnel.
-------------------------------------------------------------------------------------------------------------------------------------------
4.1.2 System Security
SSL Setup
Secure Sockets Layer (SSL) is a cryptographic protocol that is designed to provide communication
security over the Internet. It is widely applied in E-commerce and Internet banking areas.
SSL Security
Privacy: Adopting asymmetrical encryption technology and RSA (Rivest Shamir and Adleman), SSL uses
key pair to encrypt information.
Authentication: Authenticate the users and the servers based on the certificates to ensure the data are
transmitted to the correct users and servers. SSL server and clients obtain CA certificates via PKI (Public
Key Infrastructure).
Integrality: Maintain the integrality of the data based on Message Authentication Code (MAC) to prevent
data being altered in the transmission. A MAC algorithm, sometimes called a keyed (cryptographic) hash
function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs
a MAC (sometimes known as a tag). The MAC value protects both a message's data integrity as well as
its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the
message content.
SSL Protocol Structure
SSL protocol can be divided into 2 layers: The bottom layer is SSL record protocol; the top layer includes
SSL handshake protocol, SSL change cipher spec protocol and SSL alert protocol.
User Guide
24
SSL
handshake
protocol
SSL
change
cipher
spec
protocol
SSL alert
protocol
HTTP,
FTP,…
SSL record protocol
TCP
IP
SSL record protocol: Mainly applied for data partition, data calculation, MAC adding, encryption
and record block transmission.
SSL handshake protocol: It is a very important part of SSL protocol, mainly used for
cryptography negotiation and authentication. A session will be established between clients and
the server. Session ID, certificate of the other side, cryptography algorithm and primary security
key are included in the session.
SSL change cipher spec protocol: Clients and the server inform remote devices via SSL change
cipher spec protocol and packets will adopt the newly negotiated cryptography algorithm and
security key for protection and transmission.
SSL alert protocol: mainly used for reporting alert info, and severity and description are included
in messages.
SSL Setup
Click Administration -> System Security -> SSL Setup to enter interface below:
Fields on the screen are described below:
Field
Description
User Guide
25
SSL
Enable/disable SSL
SSL Certificate
Select the desired certificate to download to
the switch.
SSL Key
Select the desired SSL Key to download to
the switch for encryption.
Certificate Import
Import the downloaded certificate
Key Import
Import the downloaded key
User
Click Administration -> System Security -> User to enter interface below:
Fields on the screen are described below:
Field
Description
Login Timeout
This field specifies how long the web
manager is allowed to remain idle.When
reaching the set time, the web manager will
return to login window. The Login Timeout
can be set to any value between 30 and
3600 seconds. The default setting is 300
seconds.
User Name
Specify a user name for login authentication.
User Guide
26
Access Mode
Specify an access right for a corresponding
user:
Administrator: Has absolute rights to view
and config switch's settings and system info.
Technician: Has the right to view and config
switch's settings, except for “Firmware
Update”, “User”, “Reset”, “Reboot” settings.
User: Has the right to view switch's current
settings but no right to manage/config them.
Telnet
Enable/disable Telnet management. When
enabled, you can manage the switch via
Telnet.
To change password, do as follows:
1. On the User Management screen, click admin to enter below interface:
2. Enter the new password in the corresponding input box;
3. Enter the password again to confirm the new password;
4. Click OK.
Note-------------------------------------------------------------------------------------------------------------------------------
Use the new password to re-log into the switch once you change it. In case of losing passwords, press the
hardware Reset button. And password will be reset to factory default.
------------------------------------------------------------------------------------------------------------------------------------------
To add user, do as follows:
1. Click Add to enter interface below:
User Guide
27
2. Enter the user name in the corresponding input box;
3. Select User or Technician from the Access Mode pull-down menu ;
4. Enter the password, for example, a12345+;
5. Retype the new password;
6. Click OK;
7. Exit from the management interface and use the new user name and password to re-access the
switch.
Note-------------------------------------------------------------------------------------------------------------------------------
Apart from the default administrator, up to 5 technicians and 10 users can be added.
-------------------------------------------------------------------------------------------------------------------------------------------
4.2 Port Management
4.2.1 Port Configuration
Port Setup
Click Port Management -> Port Configuration -> Port Setup to enter interface below:
Fields on the screen are described below:
User Guide
31
as a mirroring destination port.
Sniffer Mode
Select a sniffer mode for a corresponding mirroring source port.
"None" indicates the corresponding port is not mirrored. Mirroring can
be implemented on packets of different directions (incoming/outgoing)
on different ports concurrently. When total bandwidth of the mirrored
port exceeds that of the mirroring port, packets loss will appear.
IngressOnly incoming packets are copied to the monitor port.
EgressOnly outgoing packets are copied to the monitor port.
Egress & Ingress: Both inbound and outbound packets on the
corresponding port are copied to the monitor port (mirroring
destination port).
Note-------------------------------------------------------------------------------------------------------------------------------
1. The mirroring destination port speed should be greater than that of total speed of all mirrored ports. So
we recommend you configure the mirrored port as the routing port, namely, the port connected to Internet,
to monitor all packets.
2. Only one copy is allowed for the same data flow.
-------------------------------------------------------------------------------------------------------------------------------------------
Port Statistics
Click Port Management -> Port Configuration -> Port Statistics to enter the main interface below:
To display port-specific statistic info, click the corresponding port number:
User Guide
32
Buttons on the screen are described below:
Field
Description
Clear
Clicking it removes current statistic info.
Refresh
Clicking it updates current statistic info.
Back
Clicking it goes back to the interface which displays all ports’
statistic info.
4.2.2 Link Aggregation
Link Aggregation Overview
Link aggregation groups multiple Ethernet ports together in parallel to act as a single logical link.
Aggregation-enabled devices treat all physical links (ports) in an aggregation group entirely as a single
logical link (port). Member ports in an aggregation group share egress/ingress traffic load, delivering a
bandwidth that is multiple of a single physical link. Link aggregation provides redundancy in case one of
the links fails, thus reliability could be maintained. For network diagram of link aggregation, see below:
User Guide
33
Benefits of Link Aggregation
1) Double bandwidth:
Aggregation-enabled devices treat all physical links (ports) in an aggregation group entirely as a single
logical link (port). Data transmitted to a specific host (destination address) will always be transmitted over
the same port in a trunk group. This allows packets in a data stream to arrive in the same order they were
sent. Link aggregation groups multiple Ethernet ports together in parallel to act as a single logical link.
This gives a bandwidth that is a multiple of a single link's bandwidth.
2) Backup and redundancy:
Load balancing is automatically applied to the ports in the aggregated group, and a link failure within the
group causes the network traffic to be directed to the remaining links in the group. The Spanning Tree
Protocol will treat a link aggregation group as a single link, on the switch level. On the port level, the STP
will use the port parameters of the Master Port in the calculation of port cost and in determining the state
of the link aggregation group. If two redundant link aggregation groups are configured on the Switch, STP
will block one entire group. In the same way, STP will block a single port that has a redundant link.
Link Aggregation Mode
1) Static Aggregation
For static aggregation, you must manually maintain the aggregation state of the member ports as system
does not allow adding a new port or deleting any existing member port. Down to 2 member ports must be
included in a single aggregation group. LACP is disabled on the member ports in static LACP mode.
Ports in static aggragation group must all be of the same port speed and will stay in forwarding state. In
case a certain port is set to a different speed, packets on it will be forwarded at the actual connection
speed. The rate of the aggregation group equals the total rate of its member ports.
2) LACP
User Guide
34
For LACP aggregation, you must manually maintain the aggregation state of the member ports. Whether
ports in LACP group are aggregation ports or not is deterrmined by LLDPBU frame auto-negotiation.
Down to 2 member ports must be included in a single aggregation group. LACP is enabled on the
member ports in LACP mode.
Ports in an LACP aggregation group may stay either in a forwarding status or a blocked status. Ports in
LACP aggregation group will be in a forwarding status. If all ports in the aggregation group are not
aggregated, only the first port will be in the forwarding status. Ports in forwarding status can send/receive
both service packets and LACP frames; ports in blocked status can only send/receive LACP frames.
Link Aggregation--- View & Config
Click Port Management -> Link Aggregation to enter the main link aggregation interface:
Four widely used aggregation algorithms are listed below:
Algorithm
Description
Source MAC
Member ports in a link aggregation
group share traffic load according to
source MAC addresses.
Dest MAC
Member ports in a link aggregation
group share traffic load according to
destination MAC addresses.
Source & Dest MAC
Member ports in a link aggregation
group share traffic load according to
source and destination MAC addresses.
Source & Dest IP
Member ports in a link aggregation
group share traffic load according to
source and destination IP addresses.
Static AggregationConfig
To enter the configuration screen as seen below, click New:
User Guide
35
c
1. Enter a valid aggregation group number (1-6);
2. Select static aggregation;
3. Select ports to join the aggregation group. Up to 8 ports and down to 2 ports can be added to each.
4. Click OK and the group will be created.
Note-------------------------------------------------------------------------------------------------------------------------------
Once ports in static aggregation group are linked successfully, they will be aggregated and not be
affected by port speed.
-------------------------------------------------------------------------------------------------------------------------------------------
LACP AggregationConfig
To enter the configuration screen as seen below, click New:
1. Enter a valid aggregation group number (1-6);
2. Select LACP aggregation;
3. Select ports to join the aggregation group. Up to 8 ports and down to 2 ports can be added to each.
4. Click OK and the group will be created.
User Guide
36
LACP ParametersConfig
To config LACP parameters
Click Port Management -> Link Aggregation -> LACP Protocol and below screen will be displayed:
Fields on the screen are described below:
Field
Description
System Priority
Config system priority (0-65535). The default is
32768.
LACP Status
Displays Enable when corresponding port joins
a LACP aggregation group and Disable when
the port does not join any LACP aggregation
group or joined a static aggregation group.
Priority
Config port priority (0-65535). The default is
32768.
Timeout
Select a LACP timeout: long or short. The
default is long.
Group ID
Displays the LACP aggregation group ID.
To config LACP parameters on a single port: click the corresponding port as seen below:
User Guide
37
To config LACP parameters on a group of ports as a batch task: click Config as seen below:
Application Example of LACP
Configurable range of system priority is 0-65535 and the default is 32768. When system priority is set,
ports in LACP aggregation group with higher priority will be selected. The primary device of LACP
aggregation group is determined by priority+management MAC address. The primary port of LACP
aggregation group is determined by port LACP priority+port number. Application example is interpretated
as below:
Switch A
Switch B
2
3
4
1
Switch A Switch B
1) Create LACP aggregation group 5(ports 1-4 included) on switch A and switch B, and set port rate to
100M/FULL on port 1 and port 4.
User Guide
38
2) By default, after negotiation, LACP aggregation group 5 contains port 1 and port 3. Then, on the LACP
protocol interface, group ID 5 will be only displayed on port 1 and port 3.
3) Set Switch A’s system priority (on the LACP protocol interface) to a value which is smaller than 32768
so that switch A’s priority is higher than switch B’s. At the same time, set port 2’s LACP priority on switch
A to a value which is smaller than 32768 so that port 2’s priority is higher than port 1’s. Then view the
negotiation result of LACP aggregation group 5: Group ID on port 2 and port 4 displays 5, i.e. after
negotiation, LACP aggregation group 5 will contain port 2 and port 4.
4) Set Switch A’s system priority (on the LACP protocol interface) to a value which is greater than 32768
so that switch B’s priority is higher than switch A’s. At the same time, set port 1’s LACP priority on switch
B to a value which is smaller than 32768 so that port 1’s priority is higher than port 2’s. Then view the
negotiation result of LACP aggregation group 5: Group ID on port 1 and port 3 displays 5, i.e. after
negotiation, LACP aggregation group 5 will contain port 1 and port 3.
Port configuration considerations in link aggregation
To share egress/ingress traffic load, member ports in an aggregation group must be set to the same
configurations with respect to STP, port priorities, VLAN, port management, ARP attack defense, etc.
Consistent STP Configurations: Includes STP status, P2P port, edge port, port priority, path cost,
etc.
Consistent port priorities.
Consistent VLAN Configurations: Includes interface type, PVID, allowed VLAN and Untag/Tag
VLAN.
Consistent port priorities: Includes Jumbo frame, flow control and isolation settings.
Consistent ACL configurations: Includes Binding ACL lists
Consistent ARP attack defense: Includes ARP rate limit and ARP receiving rate settings.
If parameters on any port are changed in the aggregation group, configurations on other member ports
should be kept consistent.
For ports having joined in the aggregation group, following configurations are not allowed:
Adding static MAC address
Configuring MAC learning
Enabling IP filter
Configuring mirroring destination port
Enabling voice VLAN feature
Enabling 802.1X authentication
Below ports cannot join the aggregation group:
802.1x-enabled port(s)
ACL Binding port(s)
Mirroring destination port(s)
Ports on which MAC address filter is enabled
Ports on which IP address filter is enabled
Ports on which MAC address learning limit is set
4.3 VLAN Management
User Guide
39
4.3.1 VLAN
VLAN Overview
A Virtual Local Area Network (VLAN) is a network topology which allows to logically instead of physically
segment a LAN into several net segments. A VLAN combines a group of hosts with a common set of
requirements logically instead of physically relocating devices or connections. In 1999, IEEE released
802.1Q draft as a standardized VLAN implementation solution.
VLANs allow a network to be logically segmented into different broadcast domains. All members in a
VLAN are treated as in the same broadcast domain and communicate as if they were on the same net
segment, regardless of their physical locations. Logically, a VLAN can be equated to a broadcast domain,
because broadcast packets are forwarded to only members of the VLAN on which the broadcast was
initiated. Different VLANs cannot intercommunicate directly. Inter-VLAN communication can only be
achieved using a router or other layer 3 devices that are able to perform Layer 3 forwarding.
Compared with the traditional Ethernet, VLAN enjoys the following advantages:
(1) Better management and control of broadcast activity
VLANs conserve network resources by segmenting a large broadcast domain into several smaller
broadcast domains or VLAN groups and restrict all broadcast traffic to the VLAN on which the broadcast
was initiated.
(2) Reduced cost
The use of VLANs to create broadcast domains eliminates the need for routers to handle this function,
permitting operation at lower latencies and cost compared to routers under heavy load and at high cost.
(3) Ease of network administration
Members of a VLAN group can be geographically dispersed as they are logically related instead of
physically on the same VLAN. Thus network administrators do not need to re-config the network when a
VLAN member changes its location. For example, in order to better collaborate with staffs from home or
abroad on a special project a workgroup is indispensable. Using VLAN, all workstations and servers that
a particular workgroup uses can be assigned to the same VLAN. For example, in order to better
collaborate with staffs from home or abroad on a special project, a workgroup is indispensable. Using
VLAN, all workstations and servers that a particular workgroup uses can be assigned to the same VLAN.
(4) Tighter network security
Different VLANs cannot intercommunicate directly. Inter-VLAN communication can only be achieved
using a router or other layer 3 devices that are able to perform Layer 3 forwarding.
VLAN Mode
The switch provides 2 VLAN modes as below:
802.1Q VLAN Mode:
IEEE 802.1Q is the network standard that supports Virtual LANs (VLANs) on an Ethernet network. The
standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be
used by bridges and switches in handling such frames.
Port VLAN:
Port VLANs limit traffic that flows into and out of switch ports. Thus, all devices connected to a port are
members of the VLAN(s) the port belongs to, whether there is a single computer directly connected to a
switch, or an entire department. Members of the same VLAN can intercommunicate. A user can belong to
multiple VLANs simultaneously. For example, if you want both user A and user B to communicate with
user C while user A and user B cannot intercommunicate, simply put user A and user C to a VLAN and
User Guide
40
user B and user C to the other VLAN.
802.1Q VLAN
VLAN Tag:
As defined in IEEE 802.1Q, a four-byte VLAN tag is inserted after the DA&SA field to identify frames of
different VLANs.
(1) TPID: The 16-bit TPID field with a value of 0x8100 indicates that the frame is VLAN-tagged.
(2) Priority: The 3-bit priority field indicates the 802.1P priority of the frame (0-7).
(3) CFI: CFI is a 1-bit field, indicating whether the MAC address is encapsulated in the standard
format in different transmission media. A value of 0 indicates that MAC addresses are
encapsulated in the standard format. A value of 1 indicates that MAC addresses are
encapsulated in a non-standard format. For Ethernet switches, it is advisable to set this value to
0.
(4) VID: The 12-bit VLAN ID field identifies the VLAN which the frame belongs to. The VLAN ID
range is 0 to 4095. Because 0 and 4095 are reserved, a VLAN ID actually ranges from 1 to 4094.
802.1Q VLAN Port link type:
When creating the 802.1Q VLAN, you should set the link type for the port according to its connected
device. The link types of port including the following three types:
(1) Access: An access port belongs to only one VLAN. It is usually used to connect a PC.
(2) Trunk: A trunk port can carry multiple VLANs to receive and send traffic for them. Usually, ports
that connect switches are configured as trunk ports.
(3) Hybrid: Like a trunk port, a hybrid port can carry multiple VLANs to receive and send traffic for
them. A port connected to a network device or user terminal can be configured as a hybrid port.
Different packets, tagged or untagged, will be processed in different ways, after being received by ports of
different link types, which is illustrated in the following table:
Port Type
Receiving Tagged
Packets
Receiving
Untagged
Packets
Forwarding Packets
Access
The packet will be
forwarded to other
ports in the
The packet will
be forwarded to
other ports in
The packet will be
forwarded after removing its
VLAN tag.
User Guide
41
Trunk
corresponding
VLAN according to
the VID in the Tag
the
corresponding
VLAN according
to PVID on this
port
If the VID of packet is
the same as the PVID
of the port, the packet
will be forwarded after
removing its VLAN tag; If
the VID of packet is
not the same as the
PVID of the port, the packet
will be directly forwarded.
Hybrid
If the VID value of the
packet belongs to Tagged
VLAN, the packet will be
forwarded with Tag; If the
VID value of the packet
belongs to Untagged VLAN,
the packet will be forwarded
after removing its VLAN tag.
Note-------------------------------------------------------------------------------------------------------------------------------
1. PVID indicates the ID of a default VLAN that a port belongs to. The PVID for an access port is the ID of
the VLAN it belongs to; the default PVID for a trunk/hybrid port is "1" and this value is configurable.
2. This switch does not support ingress filter feature. Only in 802.1Q VLAN, ingress Tag packets will be
forwarded according to the VID and ingress Untag packets will be forwarded according to the PVID.
3. If voice VLAN, protocol VLAN, MAC VLAN and 802.1Q VLAN are configured on this switch, ingress
packets will be matched according to the VLAN sequence mentioned above.
-------------------------------------------------------------------------------------------------------------------------------------------
VLAN Mode Toggle
You can toggle between Port VLAN and 802.1Q VLAN. Note that related settings like static MAC binding,
IP+MAC+Port+VLAN Binding settings will be cleared when you change the VLAN mode.
To enter the screen below, click VLAN Management -> VLAN Configuration -> VLAN Mode Toggle.
The default is 802.1Q VLAN.
User Guide
42
To switch to Port VLAN:
Select Port VLAN and click OK.
802.1Q VLAN--Config
To enter the screen below, click VLAN Management -> 802.1Q VLAN.
To add QVLAN/Access port:
User Guide
45
Edit trunk port
1. Click trunk port 1.
2. The PVID is configurable and must be an existing VID and between 1 and 4094.
3. If you only want the trunk port to carry some VLANs, you can delete the unwanted VLANs or add
desired VLANs.
4. Click OK.
Delete a trunk port
You can delete a trunk port in the trunk port view.
To delete a single trunk port, click the Delete button; to delete a batch of trunk ports, click and then
the Batch Delete button.
Note-------------------------------------------------------------------------------------------------------------------------------
1. An existing Hybrid port cannot be directly configured as a Trunk port. However, you can convert a
Hybrid port into a Trunk port by first deleting it from hybrid ports and then setting it to a Trunk port.
2. Deleted trunk ports will join VLAN1 as access ports.
3. A trunk port can belong to multiple VLANs.
-------------------------------------------------------------------------------------------------------------------------------------------
User Guide
47
2. The PVID is configurable and should be an existing VID and between 1 and 4094.
3. Add/delete currently configured Tagged VLAN and Untagged VLAN.
4. Click OK.
Note--------------------------------------------------------------------------------------------------------------------------------
1. Tagged VLAN and Untagged VLAN should not share the same VID.
2. Same settings should not be concurrently configured in both Add Tagged VLAN field and Delete
Untagged VLAN field.
3. Settings configured in Delete Untagged VLAN field should not be concurrently the same as those in
Add Tagged VLAN field.
-------------------------------------------------------------------------------------------------------------------------------------------
Delete a hybrid port
You can delete a hybrid port in the hybrid port view.
To delete a single hybrid port, click the Delete button; to delete a batch of hybrid ports, click and then
the Batch Delete button.
User Guide
48
Note--------------------------------------------------------------------------------------------------------------------------------
1. An existing Trunk port cannot be directly configured as a Hybrid port. However, you can convert a
Trunk port into a Hybrid port by first deleting it from Trunk ports and then setting it to a Hybrid port.
2. Deleted hybrid ports will join VLAN1 as access ports.
3. A hybrid port can belong to multiple VLANs.
-------------------------------------------------------------------------------------------------------------------------------------------
Port VLAN
Port VLAN and 802.1Q VLAN can be toggled randomly. If you toggle 802.1Q VLAN to port VLAN, related
VLAN configurations will be cleared.
Create a port based VLAN
1. Toggle to the Port VLAN mode to enter the Port VLAN interface.
2. Click Port VLAN to enter below interface:
3. Click New as seen below:
4. Enter a VLAN ID: for example 2-24, which indicates 24 VLANs, or "1, 24", which indicates 2 VLANs.
5. Select port(s) from Available Ports and click to move them to Member Ports.
6. Click OK to finish.
Delete members in a port VLAN
As seen above, ports 1-2 are still in VLAN1. To isolate them from other ports, do as follows:
1. Click VLAN1 as seen below.
User Guide
49
2. Select port1 and port2 in Member Ports and click to move it back to Available Ports.
3. Click OK.
Add members to a port VLAN
To add new ports to an existing port VLAN, click the corresponding VLAN ID to enter related interface for
configuration.
Note--------------------------------------------------------------------------------------------------------------------------------
1. Up to 24 port VLANs can be configured.
2. Port based VLAN can not achieve inter-switch communication. Ports that belong to the same VLAN on
the switch can intercommunicate.
-------------------------------------------------------------------------------------------------------------------------------------------
4.3.2 MAC VLAN
Overview
MAC VLAN technology is the way to classify VLANs according to the MAC addresses of Hosts. MAC
VLAN only takes effect on ingress untagged data. When the port receives an untagged packet, the device,
with the matching key words of the packets’ source MAC address, will search MAC VLAN entries to
obtain the terminal’s binding VLAN. In this way, packets of the designated terminal will be forwarded in
the designated VLAN. Thus, the user terminal and VLAN will be bound accurately and flexibly.
Benefits of MAC VLAN
A MAC address corresponds to a single VLAN ID. For the device in a MAC VLAN, if its MAC address is
bound to VLAN, the device can be connected to another member port in this VLAN and still takes its
member role effect without changing the configuration of VLAN members.
Implementation of MAC VLAN
The packet in MAC VLAN is processed in the following way:
1. When receiving an untagged packet, the switch will check whether the corresponding MAC VLAN has
been created. If the corresponding MAC VLAN has been created, the switch will add a corresponding
MAC VLAN tag to it. If no MAC VLAN is matched, the switch will add a tag to the packet according to the
PVID of the received port. Thus, the packet is assigned automatically to the corresponding VLAN for
transmission.
2. When receiving tagged packet, the switch will process it based on the 802.1Q VLAN. If the received
port is the member of the VLAN to which the tagged packet belongs, the packet will be forwarded
normally. Otherwise, the packet will be discarded.
User Guide
50
3. If the MAC address of a Host is classified into 802.1Q VLAN, please set its connected port of the switch
to be a member of this 802.1Q VLAN so as to ensure the packets are forwarded normally.
MAC VLAN---Config
MAC VLAN can only be valid in 802.1Q VLAN mode. Click VLAN Management -> MAC VLAN to enter
interface below:
Create MAC VLAN
1. Click New to enter interface below:
2. Enter the MAC address you wish to configure.
3. Enter the corresponding MAC address description.
4. Select this MAC VLAN's priority (0~7 available) from the drop-down list.
5. Configure the VLAN ID mapped from MAC address. This VLAN ID must already exist in 802.1Q
VLAN.
6. Click OK.
Delete MAC VLAN
As shown above, click the Delete button to delete the corresponding MAC VLAN. Up to 64 MAC VLANs
can be supported on this device.
User Guide
51
4.3.3 Protocol VLAN
Overview
Protocol VLAN, another way to classify VLANs based on network protocol, can bind ToS provided in the
network to VLAN to realize the specific service. Through protocol VLAN, the switch can analyze the
received untagged packets on the port and match the packets with the user-defined protocol template
according to different encapsulation formats and the values of the special fields.
If a packet is matched, the switch will add a corresponding VLAN tag to it automatically and thus the data
of specific protocol can be automatically assigned to the corresponding VLAN for transmission. The
network administrator can manage network clients based on their specific applications and services
through protocol VLAN.
Encapsulation Format of Ethernet Data
At present there are two encapsulation formats of Ethernet data, Ethernet II encapsulation and
802.2/802.3 encapsulation, shown as follows:
Ethernet II
Ethernet II framing (also known as DIX Ethernet, named after DEC, Intel and Xerox, the major
participants in its design), defines the two-octet EtherType field in an Ethernet frame, preceded by
destination and source MAC addresses, which identifies an upper layer protocol encapsulating the frame
data. Once Frame type on this device is set to Ethernet II, Ether Type of this protocol VLAN will match
13-14th bytes of packets for VLAN mapping.
Destination MAC
Address
Source MAC
Address
Type
Data
CRC
6
6
2
46-1500
4
802.2/802.3
802.3, same as Ethernet II (above) except Type field is replaced by Length, and an 802.2 LLC header
follows the 802.3 header. When Frame Type on this device is set to LLC, Ether Type of this protocol
VLAN will match 16-18th bytes of the packet for VLAN mapping.
Ethernet SNAP
The biggest difference between Ethernet SNAP Frame and 802.3/802.2 Frame is the addition of 5-byte
SNAP ID. The previous 3 bytes, manufacturer ID, are the same as those of the source MAC address and
sometimes can be set to 0. The last 2 bytes are the same as Type Field of Ethernet II. When Frame Type
on this device is set to SNAP, Ether Type of this protocol will match 23-24th bytes of the packet for VLAN
mapping and 16-21th bytes: AA-AA-03-00-00-00.
The Procedure for the Switch to Process Protocol VLAN Packets
VLAN packets are processed in the following way:
1. When receiving an untagged packet, the switch matches the packet with the current Protocol VLAN. If
the packet is matched, the switch will add a corresponding Protocol VLAN tag to it. If no Protocol VLAN is
User Guide
52
matched, the switch will add a tag to the packet according to the PVID of the received port and forward
packets in the corresponding VLAN. Thus, the packet is assigned automatically to the corresponding
VLAN for transmission.
2. When receiving a tagged packet, the switch will process it based on the 802.1Q VLAN. If the received
port is the member of the VLAN to which the tagged packet belongs, the packet will be forwarded
normally. Otherwise, the packet will be discarded.
Protocol Model---Config
Click VLAN Management -> Protocol VLAN -> Protocol Model to enter interface below:
Fields on the screen are described below:
Field
Description
ID
Displays protocol model ID (1-16).
Protocol Name
Displays protocol name (case-sensitive).
Ether Type
Displays protocol model's Ether Type
(0x600-0xffff) .
Frame Type
Displays protocol model's encapsulation
Frame Type (Ethernet II, LLC or SNAP) .
Add protocol model
1. Click New to enter interface below:
2. Configure protocol name in the Protocol Name Field. Up to 31 characters can be included and only
User Guide
53
letters (case-sensitive), numbers and underlines can be configured here.
3. Enter the specific protocol Ether Type (0x600-0xFFFF). The corresponding relationship between
Ether Type and protocol name is shown as below:
Ether Type
Corresponding Protocol
Name
0x0806
ARP
0x0800
IP
0x8847/0x8848
MPLS
0x8137
IPX
0x8000
IS-IS
0x8809
LACP
0x888E
802.1x
4. Configure protocol model's Frame Type. It can be configured as EthernetII, LLC and SNAP.
5. Click OK.
Note--------------------------------------------------------------------------------------------------------------------------------
1. It is not advisable to add special type into the protocol model, such as 0X8100 and 0x88a8.
2. EthernetII: Protocol VLAN matches with 13~14th bytes to map VLAN; LLC: Protocol VLAN matches
with 17~18th bytes to map VLAN; SNAP: Protocol VLAN matches with 23~24th bytes to map VLAN
and 16~21th bytes are AA-AA-03-00-00-00.
-------------------------------------------------------------------------------------------------------------------------------------------
Delete protocol model
Click the Delete button to delete the corresponding protocol model. If the protocol moel has been applied
in protocol VLAN, this protocol model can’t be deleted.
Protocol VLAN---Config
Click VLAN Management -> Protocol VLAN ->Protocol VLAN to enter interface below:
User Guide
55
of voice traffic and guaranteeing communication quality.
Voice Stream Recognition
According to the source MAC fields of the ingress packets, this device can distinguish whether the data
flow is voice data flow or not. If the source MAC address conforms to the voice device’s OUI
(Organizationally Unique Identifier) address, the packets will be regarded as voice data flow and the port
which has received the voice data flow will automatically join the voice VLAN. Thus, the
voice-VLAN-tagged voice traffic of voice devices connected to this port can be transmitted and enjoys
higher transmission priority. You can preset OUI address or use the default OUI address as the criteria.
An Organizationally Unique Identifier (OUI) is a 24-bit number that uniquely identifies a vendor,
manufacturer, or other organization globally or worldwide. This device supports OUI mask. You can
adjust MAC address’ matching depth by setting different masks.
Voice VLAN Supporting Details on Different Ports
Voice VLAN supports transmitting voice data on Access, Trunk and Hybrid ports. Trunk and Hybrid ports
of other VLANs on the switch can transmit voice and data traffic when voice VLAN feature is enabled. As
IP phone varies, different ports need different supporting conditions. As for phones which can obtain IP
address and voice VLAN ID automatically, supporting conditions on ports are described as below:
Voice VLAN
Working Mode
Voice Traffic
Type
Port Link Type
Auto
Tagged
Access: Not supported.
Trunk: Supported, but the default VLAN of the
connected port must already exist and can’t be
voice VLAN. And the default VLAN is allowed
to pass on the connected port.
Hybrid: Supported, but the default VLAN of the
connected port must already exist and can’t be
voice VLAN. And the default VLAN should be
in the allowed tagged VLAN list.
Untagged
Access, Trunk, Hybrid: Not supported.
Manual
Tagged
Access: Not supported.
Trunk: Supported, but the default VLAN of the
connected port must already exist and can’t be
voice VLAN. And the default VLAN is allowed
to pass on the connected port.
Hybrid: Supported, but the default VLAN of the
connected port must already exist and can’t be
voice VLAN. And the voice VLAN should be in
the allowed tagged VLAN list.
Untagged
Access: Supported, but the default VLAN of
the connected port must be voice VLAN.
Trunk: Supported, but the default VLAN of the
User Guide
59
Fields on the screen are described below:
Field
Description
OUI Address
Configures source MAC address (xxxx-xxxx-xxxx)
sent by voice devices.
Mask
Click to select the prompted mask. The default is
FFFF-FF00-0000, indicating the top 24 bits must
match the OUI address and the last 24 bits are
arbitrary.
Description
Description of OUI address, used for distinguishing
different voice devices.
By default, recognizable OUI addresses of this switch are described as below:
ID
OUI Address
OUI Mask
Description
1
0001-E300-0000
FFFF-FF00-0000
Siemens
2
0003-6B00-0000
FFFF-FF00-0000
Cisco
3
0004-0D00-0000
FFFF-FF00-0000
Avaya
4
0060-B900-0000
FFFF-FF00-0000
Philips/NEC
5
00D0-1E00-0000
FFFF-FF00-0000
Pingtel
6
00E0-7500-0000
FFFF-FF00-0000
Polycom
7
00E0-BB00-000
0
FFFF-FF00-0000
3com
2. To delete an OUI address, click Delete on the OUI Setup page.
4.4 PoE Management
PoE Overview
Power over Ethernet or PoE describes any of several standardized or ad-hoc systems which pass
electrical power along with data on Ethernet cabling. PoE allows cable as long as 100m. This allows a
single cable to provide both data connection and electrical power to devices such as network hubs, IP
cameras, wireless APs and closed-circuit TV cameras, etc. The IEEE standard for PoE requires category
5 cable or higher for high power levels, but can operate with category 3 cable if less power is required.
4.4.1 Global Setup
Click PoE Management -> Global Setup to enter interface below:
User Guide
62
4.5 Time Range Management
If a configured ACL is needed to be effective in a specified time-range, a time-range should be firstly
specified in the ACL. As the time-range based ACL takes effect only within the specified time-range, data
packets can be filtered by differentiating the time-ranges. On this switch, absolute time and periodic time
can be configured. Configure an absolute time section in the form of “beginning time to ending time” to
make ACLs effective; configure a periodic time section to make ACLs effective on the fixed days of the
week.
4.5.1 Time Range
Click Time Range Management -> Time Range to enter interface below:
Fields on the screen are described below:
Field
Description
Time Range ID
Displays corresponding time range ID.
Time Slices
Displays total time slices of this time range.
Up to 4 entries can be configured.
Periodic Time
Displays this time range's periodic time (from
Mon. to Sun.). If Absolute Time is selected,
this option will display--”.
Absolute Time
Displays this time range's absolute time (from
2000, January 1st to 2035, December 31th.).
If Periodic Time is selected, this option will
User Guide
63
display --”.
Delete
Click to delete the corresponding time range.
New
Click to create a new time range.
To create or modify time range, click New on the Time Range page to enter interface below:
Fields on the screen are described below:
Field
Description
Time Range ID
Displays corresponding time range ID.
Absolute Time
Configures this time range's absolute time (from
2000, January 1st to 2035, December 31th.).
Periodic Time
Configures this time range's periodic time (from
Mon. to Sun.).
Add
Click to add a new time slice.
ID
Displays time slice ID (1~4).
Beginning Time
Displays time slice's starting time (00:00~23:59).
Ending Time
Displays time slice's ending time (00:00~23:59).
Delete
Click to delete the corresponding time slice.
Back
Click to go back to the Time Range page.
User Guide
122
4.6 Device Management
4.6.1 MAC
MAC Forwarding Table Overview
An Ethernet device uses a MAC address table for forwarding frames through unicast instead of broadcast.
This table describes from which port a MAC address (or host) can be reached. When forwarding a frame,
the device first looks up the MAC address of the frame in the MAC address table for a match. If the switch
does not find an entry, it broadcasts the frame. The MAC address table maintains a map of MAC
addresses and corresponding forwarding ports for fast frame forwarding. A MAC address table entry
includes the following information: destination MAC address, VLAN ID to which the port belongs and
forwarding egress port number. MAC address length is 6 bytes. The format is XXXX-XXXX-XXXX and “X”
is hexadecimal.
When forwarding a frame, the device adopts the following forwarding modes based on the MAC address
table:
a) Unicast mode: If an entry is available for the destination MAC address, the device forwards the frame
out of the outgoing port indicated by the MAC address table entry.
b) Broadcast mode: If the device receives a frame with the destination address whose lowest bit of the
second byte is 1, or no entry is available for the destination MAC address, the device forwards the
frame to all ports except the receiving port, i.e. broadcast packets, multicast packets and unknown
unicast packets will be forwarded.
MAC Forwarding Table Aging Scheme
To adapt to network changes and prevent inactive entries from occupying limited table space, an aging
mechanism is adopted for dynamic MAC address entries. Each time a dynamic MAC address entry is
obtained or created, an aging timer starts. If the entry has not updated when the aging timer expires, the
device deletes the entry. If the entry has updated before the aging timer expires, the aging timer restarts.
This aging mechanism ensures that the MAC address table can quickly update to accommodate the latest
network changes. (To config MAC age, click Administration -> System Info -> MAC Age).
Note-------------------------------------------------------------------------------------------------------------------------------
The MAC aging mechanism takes effect on dynamic MAC address entries only.
-------------------------------------------------------------------------------------------------------------------------------------------
Types of MAC address table entries
A MAC address table can contain the following types of MAC entries:
• Static MAC entries, also known as "Permanent Address", which are manually added and never age out.
For a small network with little change, static MAC address entry added manually may effectively reduce
broadcast traffic.
• Dynamic MAC entries, which can be manually added or dynamically learned and might age out.
Configure MAC address table entries
To display MAC address entries globally
Click Device Management -> MAC -> MAC Address Display to enter interface below:
User Guide
123
Note--------------------------------------------------------------------------------------------------------------------------------
The VLAN field displays "--" for port VLANs.
-------------------------------------------------------------------------------------------------------------------------------------------
To display MAC address entries on a single port
Click the corresponding port number, and all MAC address entries on it will be displayed.
Bind
Click this button to bind corresponding MAC address to a specific port. And the same button changes to
Bound after being clicked.
To view MAC address entry:
Click View and specify a MAC and a VLAN ID. (Note: To view MAC address entry, you must enter the
MAC address while the VLAN ID is optional.)
User Guide
124
To delete a single MAC address
Click the Delete button next to the corresponding MAC address.
To delete a batch of MAC address concurrently
Check corresponding check boxes and click Batch Delete.
To delete all MAC address entries, click Delete All.
Note--------------------------------------------------------------------------------------------------------------------------------
The Delete All and Batch Delete options do not take effect on bound MAC address entries.
-------------------------------------------------------------------------------------------------------------------------------------------
Static MAC Address
Click Device Management -> MAC -> Static MAC Address to enter interface below:
To add a static MAC address entry, click Add, enter a MAC address and click OK. There is no VLAN
field for you to specify in port VLAN mode.
User Guide
125
To delete a single MAC address, click the Delete button next to the corresponding MAC address.
To delete a batch of MAC address concurrently, check corresponding check boxes and click Batch
Delete.
Note--------------------------------------------------------------------------------------------------------------------------------
1. A certain interface’s MAC address and VLAN ID can be bound to another interface.
2. The MAC address in the Static Address Table can not be added to the Filtering Address Table.
3. Once VLAN mode is toggled, all current settings will be cleared.
4. A certain interface in the static MAC address table can receive packets whose source MAC address
matches its corresponding VID; Packets whose destination MAC address matches the corresponding VID
can only be forwarded to the corresponding interface.
-------------------------------------------------------------------------------------------------------------------------------------------
4.6.2 STP
STP Overview
The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged
Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast
radiation that results from them. On Ethernet, only a single active path at a time can be maintained
between any two network nodes to avoid broadcast storm. However, spare (redundant) links are
indispensable to ensure reliability. Spanning tree allows a network design to include spare (redundant)
links to provide automatic backup paths if an active link fails, without the danger of bridge loops, and
disable those that are not part of the spanning tree, leaving a single active path between any two network
nodes. This is accomplished in the STP. A STP-enabled switch can perform the following tasks:
1. Discover and generate an optimum STP topology.
2. Discover and repair failures on the network; automatically update the network topology for future use.
Local topology is generated by computing bridge configurations made by a network administrator. Thus, if
configured properly, an optimum topology tree can be generated.
RSTP Overview
RSTP (Rapid Spanning Tree Protocol) provides significantly faster spanning tree convergence after a
topology changes, introducing new convergence behaviors and bridge port roles to do this. RSTP is
designed to be backwards-compatible with standard STP. RSTP is typically able to respond to changes
within one second while STP can take 30 to 50 seconds to respond to a topology change.
RSTP delivers fast transition to forwarding status without relying on timer settings. A RSTP bridge is
User Guide
127
Octet 39-89 for MST Configuration Identifier
Global Setup
Click Device Management -> STP -> Global Setup to enter interface below:
Fields on the screen are described below:
Field
Description
STP Status
Enable/Disable STP globally.
By default, the STP feature is disabled.
STP Version
Select the desired version of STP version:
MSTP/RSTP/STP compatible to eliminate loops on
data link layer. The default is RSTP mode.
User Guide
128
BPDU
Processing
Select a BPDU processing method:
Broadcast/Filter.
This option takes effect only if STP is disabled
globally. By default, BPDU packets are
broadcasted.
Max Age
Config a max aging time for messages. You may
choose a time between 6 and 40 seconds. The
default value is 20s.
Hello Time
Config the Hello Time. You may choose a time
between 1 and 10 seconds. The default value is 2s.
Forward Delay
The latency time for a bridge port to switch from a
Listening state to a Learning state or from a
Learning state to a Forwarding state. Valid values
range from 4 to 30 seconds. The default is 15s.
Max Hop-count
Config max hop-count. In MSTP mode, it
decreases by 1 upon every switch. If the received
BPDU hop value is 1, this packet will be discarded.
Note--------------------------------------------------------------------------------------------------------------------------------
Max Age should meet below requirements:
Max Age >= 2 x (Hello Time + 1);
Max Age <= 2 x (Forward Delay - 1).
-------------------------------------------------------------------------------------------------------------------------------------------
MSTP Domain Setup
Click Device Management -> STP -> MSTP Domain Setup to enter interface below:
Fields on the screen are described below:
Field
Description
Domain Name
Config switch domain name (32 characters
allowed). The default is the device's MAC
address.
User Guide
129
Modification Level
Config MSTP modification level. Valid range is
0-65535. The default is 0.
Format Selector
Display 0.
Configuration
Abstract
A value worked out by VLAN mapping,
belonging to an important parameter of the
inter-domain calculation.
MSTP Instance
Click Device Management -> STP -> MSTP Instance to enter interface below:
Fields on the screen are described below:
Field
Description
Instance ID
Instance ID: 0-15. 0: the inter-domain spanning
tree.
Status
Enable/Disable the corresponding selected
instance. Only instance 0 is enabled by default
and can’t be disabled.
VLAN Mapping
List
Display instance's current mapping VLANs.
Bridge Priority
Display instance's current bridge priority.
To configure a single instance, click the corresponding instance to enter interface below:
User Guide
131
Field
Description
STP Status
Select to enable/disable the STP feature or make
no change. By default, the STP feature is
disabled. To activate the STP feature, you must
enable STP both globally on the entire device
and specifically on desired port(s).
Edge Port
An edge port is a port that is connected to the
terminal directly. Ports that are designated as
edge ports transit rapidly from the blocked state
to the forwarding state without delay. An edge
port loses its status if it receives a BPDU packet,
immediately becoming a normal spanning tree
port. By default, all ports are edge ports.
P2P Port
A P2P port is also capable of rapid transition.
Under RSTP/MSTP, all ports operating in
full-duplex mode are considered to be P2P ports.
By default, port establishes a link automatically.
Instance ID
Configure port parameters under different
instances.
Priority
By default, the port priority is set to 128.
Default Path
Cost
Enable/disable port default path cost. You can
specify a custom port path cost between 1 and
200,000,000 if you disable the default port path
cost. When enabled, port path cost can be
configured automatically and 802.1at is
supported.
Port Path Cost
The default path cost is 200,000,000. Only if you
disable the default path cost option, can path
cost be configurable.
To config STP settings on a batch of ports concurrently, click Config as seen below:
User Guide
133
MSTP
Create instances
1-4, add instance
mapping and
configure
instance priority
32 instances can be
configured on this switch and
instance ID range is 1-4094
Configuration Procedure
Start VLAN Configuration MSTP Configuration Save configurations
Steps:
1. Add vlan10, 20, 30, 40, 100, 200;
2. Set ports on Device 1 and Device 2 to Hybrid and Tagged;
3. Set Device 1 and Device 2’s domain name to TEG3224P, set modification level to the default 0
and configure mapping between instances and VLANs: instance 1 maps VLAN 10, 30, 100;
instance 2 maps VLAN 20, 40, 200;
4. Set Device 1’s Bridge Priority to 0 and Device 2’s Bridge Priority to 0, and then click OK to save
User Guide
135
Fields on the screen are described below:
Field
Description
LLDP
Enable/ Disable LLDP feature.
Sending
Interval
The interval among each LLDP message (5~32768s).
TTL
Multiplier
TTL value is used to configure neighbor info’s age time on local devices. TTL =
Min (65535, (TTL multiplier × LLDP packet sending time interval)). Through
adjusting TTL multiplier, you can control this device info's age time on the
neighboring device (2~10s).
Sending
Delay
When local configurations change, each LLDP packet will be sent after one
sending delay time (1~8192s and <= sending time interval/4).
Initialization
Delay
To avoid constant port initialization caused by frequent changes of working
mode, you can configure port initialization delay time. When port's working mode
changes, the initialization will be delayed for some time (1~10s).
Port Setup
Click Device Management -> LLDP -> Port Setup to enter interface below:
Fields on the screen are described below:
User Guide
137
Neighbor Info
To display neighbor info, click Device Management -> LLDP -> Neighbor Info.
Fields on the screen are described below:
Field
Description
Local Port
Display the port which receives LLDP packet.
System
Name
Display the neighboring device's system name.
Neighbor
Port
Display the port which sends LLDP packets on the
neighboring device.
Chassis ID
Display the MAC address of the neighboring device.
Address
Management
Display the management IP address of the neighboring
device.
Port Statistics
Click Device Management -> LLDP -> Port Statistics to enter interface below:
4.6.4 IGSP
Overview
IGMP snooping is the process of listening to Internet Group Management Protocol (IGMP) network traffic.
IGMP snooping, as implied by the name, is a feature that allows a network switch to listen to on the IGMP
User Guide
138
conversation between hosts and routers.
Principle of IGMP snooping
By listening to the conversations between hosts and routers, the switch maintains a map of links which
need IP multicast streams. Multicast streams may be filtered from the links which do not solicit them. An
IGMP-Snooping-disabled layer-2 device will flood multicast traffic to all the ports in a broadcast domain
(or the VLAN equivalent). With IGMP snooping enabled, known multicast traffic will be forwarded to hosts
that have explicitly joined the group. It provides switches with a mechanism to prune multicast traffic from
links that do not contain a multicast listener (an IGMP client). Multicast packet transmission with IGMP
Snooping enabled/disabled:
How IGMP Snooping Works
A switch that runs IGMP snooping performs different actions when receiving different IGMP messages.
When receiving a general query
The IGMP querier periodically sends IGMP general queries to all hosts and routers on the local subnet to
determine which active multicast group members exist on the subnet. After receiving an IGMP general
query, the switch forwards it through all ports in the VLAN (except the port that receives the query) and
performs corresponding actions on the receiving port (resets/enables the age timer).
When receiving a membership report
A host sends an IGMP membership report to the multicast router in the following circumstances:
After receiving an IGMP query, a multicast group member host responds with an IGMP membership
report.
When intended to join a multicast group, a host sends an IGMP membership report to the multicast router
to announce that it wants to join the multicast group. After receiving an IGMP membership report, the
switch forwards it through all the router ports in the VLAN, resolves the address of the reported multicast
group and performs corresponding actions on the receiving port (resets/enables the age timer). A switch
does not forward an IGMP membership report through a non-router port.
When receiving a leave message
When an IGMPv1 host leaves a multicast group, the host does not send an IGMP leave message, so the
switch cannot know immediately that the host has left the multicast group. However, as the aging timer on
User Guide
139
the member port that corresponds to the host expires, the switch immediately deletes its forwarding entry
from the forwarding table.
When an IGMPv2 or IGMPv3 host leaves a multicast group, it sends an IGMP leave message to the
multicast router to inform of such leave.
When receiving an IGMP leave message from the last member port, the switch forwards it through all
router ports in the VLAN and resets the aging timer on the receiving port (the port that received the IGMP
leave message) instead of immediately deleting its corresponding forwarding entry from the forwarding
table as it cannot know whether there are still other members of that multicast group attached to such
port.
After receiving the IGMP leave message from a host, the IGMP querier resolves the multicast group
address in the message and sends an IGMP group-specific query to that multicast group through the port
that received the leave message. After receiving the IGMP group-specific query, the switch forwards it
through all its router ports in the VLAN and all member ports for that multicast group.
The switch also performs the following actions on the port that received the IGMP leave message: If the
port receives any IGMP membership report in response to the group-specific query before the aging timer
expires, the switch considers that some host attached to the port is receiving or expecting to receive
multicast data from that multicast group and will reset the aging timer on the port.
If the port receives no IGMP membership report in response to the group-specific query before its aging
timer expires, the switch considers that no hosts attached to the port are still members of that multicast
group address and thus removes the multicast forwarding entry that the port corresponds to from the
forwarding table when the aging timer expires.
IGMP Snooping
To config IGMP Snooping settings, click Device Management -> IGSP -> IGMP Snooping.
Fields on the screen are described below:
Field
Description
IGSP Status
Enable/disable the IGMP Snooping feature.
Routing Port Age
Config routing port aging time (1-1000 sec). The
default is 105s.
User Guide
140
Group-general
Query Max
Response Time
Config max amount of time in response to
group-general query messages (1-25 sec). The
default is 10s.
Group-specific
Query Max
Response Time
Config max amount of time in response to
group-specific query messages (1-5 sec). The
default is 2s.
Host Port Age
Config host port aging time (200-1000 sec). The
default is 260s.
Unknown Multicast
Drop
Enable/disable the unregistered multicast discard
feature. This feature takes effect only if the IGSP
feature has been enabled globally on the device.
Multicast VLAN
Status
Enable/Disable multicast VLAN. When multicast
VLAN is enabled, multicast VLAN ID becomes
configurable and multicast packets can only be
forwarded in this VLAN.
Multicast VLAN ID
This option becomes visible when multicast VLAN
is enabled. This VLAN ID must already exist in
802.1Q VLAN and only ports in this VLAN can
forward multicast packets. Valid range is 1-4094.
Fast Leave
To config Fast Leave settings, click Device Management -> IGSP -> Fast Leave.
To config a single port: click it, select Enable/Disable and click OK.
To config a batch of ports concurrently: click Config, specify required parameters and click OK.
4.6.5 SNMP
SNMP Overview
Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed
specifically for managing and monitoring network devices. SNMP enables network management stations
to read and modify the settings of gateways, routers, switches, and other network devices. Use SNMP to
configure system features for proper operation, monitor performance and detect potential problems in the
Switch, switch group or network.
User Guide
141
SNMP, using polling scheme, is suitable for use in small-sized network environment demanding high
speed and low cost. SNMP, implemented through the connectionless UDP, can seamlessly interoperate
with multiple devices.
SNMP Work Mechanism
The SNMP framework comprises NMS and Agent:
NMSNetwork Management Station NMS, is a station that runs the SNMP client software to monitor and
manage the SNMP-capable devices in the network.
SNMP agentWorks on a managed network device (such a switch) to receive and handle requests from
the NMS, and send traps to the NMS when some events occur.
Upon receiving GetRequest, GetNextRequest and SetRequest packets from NMS, the SNMP agent will
perform Read or Write operation on managed objects depending on the type of packets received and
generate Response packets to return to NMS.
SNMP Version
The device supports SNMPv3 and is compatible with SNMPv1 and SNMPv2c.
SNMPv3 adopts user name and password authentication mode.
The switch supports SNMPv1 and SNMPv2c, both of which use community names for authentication.
SNMP packets with community names that did not pass the authentication on the device will simply be
discarded. The SNMP community name defines the relationship between an SNMP NMS and an SNMP
Agent. A community name plays a similar role as a key/password and can be used to regulate access
from NMS to Agent.
Trap
Traps are messages that alert network personnel of events that occur on the switch. The events can be
as serious as a reboot (someone accidentally turns off the Switch), or less serious like a port status
change. The switch generates traps and sends them to the trap recipient (or network manager).
Agent Setup
To enter below screen, click Device Management -> SNMP -> Agent Setup.
To enable SNMP
1. Select Enable from the SNMP Status drop-down list.
2. You will see the Local Engine ID after enabling SNMP. This field is not configurable.
User Guide
143
Note: You must create a group before you can add a user.
1. Specify a user name, say, zhangsan.
2. Specify a group name. All existing groups are displayed in the drop-down list.
3. Select a Security Level from the drop-down list.
4. Select an Authentication Mode from the drop-down list and enter a password and confirm the
password (at least 8 characters). If noauth/nopriv is selected, this field will be greyed out.
5. Select an Encryption Mode from the drop-down list and enter a password and confirm password
(at least 8 characters). If noauth/nopriv or auth/noprivv is selected, this field will be greyed out.
To edit users, click the corresponding user name to enter interface for modification.
Group
To enter the screen below, click Device Management -> SNMP -> Group.
Here you can see at a glance all existing groups.
Click Add to enter below interface:
User Guide
145
1. Specify a view name, say, qq.
2. Specify a MIB subtree OID, say, 1.2.1.
3. Specify a view rule from the drop-down list.
Enable Trap
To config SNMP Trap settings, click Device Management -> SNMP -> Enable Trap as below:
By default, the SNMP Trap feature is enabled on each port. Available generic Traps include:
Coldstart-Trap: Send Coldstart Trap to designated host when device is undergoing a coldstart (power
disconnection or reboot).
Warmstart-Trap: Send Warmstart Trap to designated host when the SNMP is disabled on the switch.
Linkdown-Trap: Send Linkdown Trap to designated host when an up link becomes down.
Linkup-Trap: Send Linkup Trap to designated host when a down link becomes up.
Authentication-Trap: Send Authentication failure Trap to designated host when SNMP module encounters
an authentication failure.
This section is only for enabling the SNMP Trap feature. See the following for configuring the Trap Host to
which Traps are to be sent.
Trap Setup
To enter the interface for configuring the host to which Traps are to be sent, click Device Management ->
SNMP -> Trap Setup as seen below.
User Guide
146
To config the host, do as follows:
1. Click Add to enter the following screen:
2. Enter an IP address in the Target Host IP field. Note that the host IP must be a legal unicast address
and should be on the same IP net segment as the switch, say "192.168.0.77".
3. Enter a UDP port number to which Traps are to be sent in the Port NO. field. The default is 162.
4. Enter a custom community name of up to 31 characters, such as "public" in the Community Name
field. The community name is used to achieve successful interaction between NMS and SNMP Agent.
5. Trap Version: Select v1, v2c or V3. By default, the switch interacts with NMS using the SNMP v1.
6. Click OK.
With above settings applied successfully, NMS on the host can receive Traps sent by the SNMP agent on
the switch.
4.6.6 DHCP Relay
DHCP Relay Agent Overview
The DHCP Relay Agent makes it possible for DHCP broadcast messages to be sent over routers that do
not support forwarding of these types of messages. The DHCP Relay Agent is therefore the routing
protocol that enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet, or
which is not located on the local subnet. To enable clients to obtain IP addresses from a DHCP server on
a remote subnet, you have to configure the DHCP Relay Agent on the subnet that contains the remote
User Guide
147
clients, so that it can relay DHCP broadcast messages to your DHCP server.
Data forwarding of DHCP relay agent is different from general routing forwarding. General routing
forwarding is relatively transparent and usually the transmitted IP packets won’t be modified. However, if
DHCP relay agent receives a DHCP packet, it will generate a new one and forward it out.
To the DHCP client, DHCP relay agent is DHCP server; to DHCP server, DHCP relay agent is the DHCP
client.
DHCP relay forwarding process:
DHCP relay working process:
When network devices with DHCP relay feature receive DHCP-DISCOVER or DHCP-REQUEST
packets broadcast transmitted by DHCP clients, the giaddr field will be filled with DHCP relay IP
and packets will be forwarded, using unicast, to the designated DHCP server according to
configurations.
According to the giaddr field, the DHCP server assigns IPs to clients and forwards configuration
info to clients via DHCP relay, and thus clients are dynamically configured.
Option 82
Option 82 records the location of the DHCP Client. Administrator can be acquainted with the location of
the DHCP Client via Option 82 so as to locate the DHCP Client for fulfilling the security control and
account management of Client.
When the DHCP relay receives DHCP request packets, the device will process them according to
process strategies of user configuration and whether option 82 is included or not.
This switch supports two sub-options: Circuit ID and Remote ID:
Sub-option 1(Circuit ID): the number of the port which receives the DHCP Request packets and
its VLAN number.
Sub-option 2(Remote ID): the MAC address of DHCP Snooping device which receives the DHCP
Request packets from DHCP Clients.
Operations supported for the Option 82:
Received DHCP
Request
Packets
Processing
Strategy
DHCP Relay Processing
Packets with
Option82
Replace
Replace the Option82 field of the
packets with the switch-defined one
and forward them.
Keep
Keep the Option82 field of the packets
and forward them.
User Guide
148
Drop
Discard the packets including the
Option82 field.
Packets without
Option82
Any
Add the switch-defined one into
Option82 field.
DHCP Relay Global Setup
Click Device Management -> DHCP Relay -> Global Setup to enter interface below:
Fields on the screen are described below:
Field
Description
DHCP Relay
Enable/Disable DHCP relay feature. DHCP
relay will only take effect when DHCP relay
is enabled globally. By default, it is
disabled.
Option82 Status
Enable/Disable Option82 feature. Option
82 strategy will only take effect when
Option 82 is enabled.
Option82 Strategy
Three strategies are available: replace,
keep, drop.
VLAN Virtual Interface
Click Device Management -> DHCP Relay -> VLAN Virtual Interface to enter interface below:
User Guide
149
To create a new VLAN virtual interface, click New as below:
1. Specify the VLAN ID ranging from 2 to 4094 and the VLAN ID must be existing 802.1Q VLAN ID.
2. Enable the IPV4 setup status.
3. Enter the valid IPV4 address, say, 1.1.1.1.
4. Enter the valid subnet mask, say 255.0.0.0.
5. Click OK.
Then create VLAN virtual interface 3 as the same steps mentioned above.
User Guide
150
To modify the VLAN virtual interface, click the corresponding VLAN ID as below:
Remote DHCP Server
Click Device Management -> DHCP Relay -> Remote DHCP Server to enter interface below:
1. To create a remote DHCP server, click New as below:
User Guide
151
2. Specify the server ID (1-4).
3. Specify the IP address, say 1.1.1.10.
4. Click OK.
Then continue to create remote DHCP server 2 as the same steps listed above.
Note--------------------------------------------------------------------------------------------------------------------------------
1. The remote server must be in the same network segment with one of the virtual interfaces.
2. Virtual interfaces on which DHCP relay has been enabled can’t select remote servers which are in
the same network segment with virtual interfaces themselves.
3. Remote servers applied for DHCP relay can’t be deleted.
-------------------------------------------------------------------------------------------------------------------------------------------
DHCP Relay Setup
1. Click Device Management -> DHCP Relay -> DHCP Relay Setup to enter interface below:
User Guide
152
2. Click the corresponding interface ID, say 2, and the interface ID corresponds to the existing VLAN
virtual interface ID.
3. Select Enable from the DHCP Relay Setup drop-down list.
4. Select Server ID, say 2, and click OK. DHCP relay on VLAN virtual interface 2 is enabled.
When all DHCH relay settings are finished, clients connected to all servers in VLAN 2 can obtain IP from
the DHCP IP pool in VLAN 3.
For more details, see below:
Each VLAN virtual interface has a corresponding VLAN ID. When Client sends out DHCP REQUEST
packets, for switches without DHCP relay settings, these packets will be forwarded to other ports in VLAN
2.
User Guide
153
When DHCP relay is enabled and Client sends out DHCP REQUEST packets, follow below steps to
configure the switch:
1. View corresponding server ID of VLAN virtual interface 2 from the DHCP Relay Setup interface, say
2.
2. View corresponding IP of this server ID, say 2.2.2.20.
3. View the corresponding VLAN virtual interface which is in the same network segment as the IP in step
2, say VLAN virtual interface 3.
4. View corresponding VLAN ID of the VLAN virtual interface, say VLAN 3.
5. Packets will be forwarded to ports in VLAN 3 as step 4 describes.
Note-------------------------------------------------------------------------------------------------------------------------------
As for servers in VLAN 3, you need to set its DHCP server’s DHCP relay IP to 1.1.1.1 so that clients in
VLAN 2 can obtain IP automatically from the DHCP server in VLAN 3.
-------------------------------------------------------------------------------------------------------------------------------------------
4.6.7 DHCP Snooping
DHCP Snooping Functions
In computer networking, DHCP snooping is a series of techniques applied to ensure the security of an
existing DHCP infrastructure. Its functions are as below:
Ensure that clients only obtain IP addresses legal servers assign to them.
If illegal DHCP servers exist in computer networking, DHCP clients might obtain incorrect IP addresses
and parameters, thus leading to abnormal communication. In order that DHCP clients obtain IP
addresses via legal DHCP servers, trusted ports and untrusted ports are allowed:
Trusted ports can forward DHCP packets they’ve received.
After receiving DHCP-ACK and DHCP-OFFER packets, untrusted ports will discard these packets.
Ports which are connected to DHCP servers and other DHCP Snooping devices need to be configured as
trusted ports and other ports need to be configured as untrusted ports, so that DHCP clients can only
obtain IP addresses from legal DHCP clients.
Record the corresponding relation between DHCP client’s IP address and MAC address.
By snooping DHCP-REQUEST and DHCP-ACK broadcast packets trust ports have received, it records
DHCP Snooping entries, including clients’ MAC addresses, obtained IP addresses, ports connected to
DHCP clients, ports’ belonging VLAN info, etc.
Global Setup
To configure DHCP snooping global settings, click Device Management -> DHCP Snooping -> Global
Setup as below:
User Guide
155
Option82 Status
Enable/Disable option 82. Option 82
records DHCP clients' location info.
Option82 Strategy
When DHCP snooping receives DHCP
packets, it will process these packets
according to whether Option 82 included,
processing strategy of user configuration
and fill pattern, and then forward them to
DHCP server. Three strategies are
available: replace, keep and drop.
Circuit ID Sub-option
Configure the current port's circuit ID
sub-option.
Remote ID
Sub-option
Configure the current port's remote ID
sub-option.
Back
Click it to go back to port setup page.
Three strategies are available for this device:
Replace: When DHCP relay receives DHCP packets with Option 82, the previous Option 82 information
will be replaced by the default contents on this device and forwarded. When DHCP relay receives DHCP
packets without Option 82, the default contents on this device will be added into Option 82.
Keep: When DHCP relay receives DHCP packets with Option 82, the previous Option 82 information will
be kept and forwarded. When DHCP relay receives DHCP packets without Option 82, the default
contents on this device will be added into Option 82.
Drop: When DHCP relay receives DHCP packets with Option 82, the previous Option 82 information will
be discarded. When DHCP relay receives DHCP packets without Option 82, the default contents in this
device will be added into Option 82.
User Binding
Click Device Management -> DHCP Snooping -> User Binding to enter interface below:
Fields on the screen are described below:
Field
Description
ID
Displays user binding digits in the list.
User Guide
157
contained in the priority field of the TCI. It is made up of 3 bits and with available values ranging from 0 to
7.
802.1QTag
The 802.1P priority tags are mapped to the Switch’s priority queues as follows:
802.1P Priority
Queue
1, 2
1
0, 3
2
4, 5
3
6, 7
4
3 DSCP Priority
The DSCP priority resides in the IP header. The ToS field includes 8 bits, among which:
The first 3 bits denote the IP priority, with available values ranging from 0 to 7.
Bits 3-6 denote the ToS priority, with available values ranging from 0 to 15.
The RFC 2474 redefined the IPv4 ToS field as the DS field. The DSCP priority is denoted by the first 6
bits (bits 05), with available values ranging from 0 to 63, while the last 2 bits (bits 6-7) are reserved.
The DSCP priority tags are mapped to the Switch’s CoS priority queues as follows:
DSCP Priority
CoS Priority
015
1
16~31
3
32~47
5
48~63
7
Scheduling Scheme Overview
QoS provides a queue scheduling policy to determine the packet forwarding sequence when congestion
occurs. The switch provides two common scheduling techniques to achieve Quality-of-Service (QoS)
while using shared resources: SP(Strict-Priorityand WRR (Weighted Round Robin).
1 Strict Priority Queueing
User Guide
158
Strict Priority Queueing is specially designed to meet the demands of critical services or applications.
Critical services or applications such as voice are delay-sensitive and thus require to be dequeued and
sent first before packets in other queues are dequeued on a congested network. For example, 4 egress
queues 3, 2, 1 and 0 with descending priority are configured on a port.
Then under SP algorithm, the port strictly prioritizes packets from higher priority queue over those from
lower priority queue. Namely, only after packets in highest priority queue are emptied, can packets in
lower priority queue be forwarded. Thus High-priority packets are always processed before those of less
priority. Medium-priority packets are always processed before low-priority packets. The lowest priority
queue would be serviced only when highest priority queues had no packets buffered.
Disadvantages of SP: The SP queueing gives absolute priority to high-priority packets over low-priority
traffic; it should be used with care. The moment a higher priority packet arrived in its queue, however,
servicing of the lower priority packets would be interrupted in favor of the higher priority queue or packets
will be dropped if the amount of high-priority traffic is too great to be emptied within a short time.
2 WRR
WRR queue scheduling algorithm ensures every queue a guaranteed service time by taking turns to
schedule all queues. Assume there are 4 egress queues on the port. The four weight values (namely, w3,
w2, w1, and w0) indicate the proportion of resources assigned to the four queues respectively. On a 100M
port, if you set the weight values of WRR queue-scheduling algorithm to 25, 15, 5 and 5(corresponding to
w3, w2, w1, and w0 respectively). Then the queue with the lowest priority can be ensured of, at least, 10
Mbps bandwidth, thus avoiding the disadvantage of SP queue-scheduling algorithm that packets in
low-priority queues may not be served during a long time. Another advantage of WRR queue-scheduling
algorithm is that though the queues are scheduled in turn, the service time for each queue is not fixed,
that is to say, when a queue is emptied, the next queue will be scheduled immediately. Thus, bandwidth
resources are fully utilized.
User Guide
159
Scheduling Scheme
Click QoS -> QoS Configuration -> Scheduling Scheme to enter interface below:
To configure scheduling scheme, select SP or WRR from the pull-down list and then click OK.
To configure queue settings, select WRR scheduling scheme first, and then configure the queue
weight values accordingly.
802.1P
To configure CoS priority settings, click QoS -> QoS Configuration -> 802.1P as below:
Then select the queue values for CoS priority 0-7 and click OK.
Note--------------------------------------------------------------------------------------------------------------------------------
When congestions occur, according to the mapping relationships you’ve configured, the device will assign
packets with CoS priority to queues.
-------------------------------------------------------------------------------------------------------------------------------------------
DSCP
To configure DSCP priority settings, click QoS -> QoS Configuration-> DSCP as below:
User Guide
160
Note-------------------------------------------------------------------------------------------------------------------------------
When congestions occur, the device will first map DSCP values to CoS values according to the
configured mapping relationships. Then according to the CoS-queue mapping table, it assigns packets
with DSCP priority to queues which CoS priority corresponds to.
-------------------------------------------------------------------------------------------------------------------------------------------
Port Priority
To configure port priority settings, click QoS -> QoS Configuration -> Port Priority as below:
To configure port priority settings on a single port, click the corresponding port, select CoS priority
value and click OK.
User Guide
161
To configure port priority settings on multiple ports, click Config.
Note-------------------------------------------------------------------------------------------------------------------------------
For packets with CoS and DSCP enabled, DSCP takes effect. For packets with only CoS enabled, CoS
takes effect. For packets without CoS and DSCP, port priority takes effect.
-------------------------------------------------------------------------------------------------------------------------------------------
4.7.2 Traffic Control
Bandwidth Control
Rate limit functions to control the ingress/egress traffic rate on each port via configuring the available
bandwidth of each port. In this way, the network bandwidth can be reasonably distributed and utilized.
Rate limit adopts token bucket for flow control. If rate limit is configured on a certain port, all packets
transmitted or received by this port will be processed first by token bucket. If there are enough tokens,
packets can be received or transmitted, otherwise discarded.
Click QoS -> Traffic Control -> Bandwidth Control to enter interface below ("--" means no limit.):
To configure rate limit on a specified port, click the corresponding port.
User Guide
162
To configure rate limit on multiple ports, click Config.
Storm Constrain
Storm Constrain function allows the switch to filter broadcast, multicast and unknown unicast frames in
the network. If the transmission rate of the three kind packets exceeds the set bandwidth, the packets will
be automatically discarded to avoid network broadcast storm.
Click QoS -> Traffic Control -> Storm Constrain to enter interface below (“—“means no constrain is set
to it.):
User Guide
163
To configure storm constrain settings on a specified port, click the corresponding port.
To configure storm constrain settings on multiple ports, click Config.
4.7.3 ACL
ACL Overview
As traffic increases and network grows, network security appears more and more important. Pack filter
can effectively block unauthorized users from accessing network and control traffic volume on the
network for the purpose of conserving network resources. An access control list (ACL) implements packet
filter via configured rules and operations attached to a packet.
When the switch receives a packet, it analyzes the packet using currently applied ACL rules and then
handles the packet by preset operations (permit, prohibit or limit rate, mirroring, etc).
ACL Type
The following 2 ACLs are supported:
MAC Based ACL: Specify operation rules based on source MAC, destination MAC, 802.1P priority, L2
protocol type and other L2 information of the packet.
IP Based ACL: Specify operation rules based on protocol type, source IP, destination IP and protocol
feature (source/destination TCP/UDP ports) of the packet.
User Guide
164
MAC Based ACL
Click QoS -> ACL -> MAC Based ACL to enter interface below:
This page displays all existing MAC based ACLs and rules thereof.
To delete an existing MAC based ACL
Select the ACL you wish to delete from the ACL drop-down list and click on the Delete ACL button.
To create MAC based ACL
Click Create ACL, enter required settings and then click OK.
To add rules to a specified ACL
User Guide
165
1. Select an ACL
2. Click Add Rule. Configure required settings and click OK.
Fields on the screen are described below:
Field
Description
Select ACL
Select an existing ACL and specify rules for it.
Priority
Specify a priority for a given rule, which determines
match scheduling order.
If an ACL has multiple rules, the rule with smallest
priority value will be first scheduled for match
purpose.
VLAN ID
Specify the VLAN ID of the messages for ACL rules
to apply.
Source/Destination
MAC
Specify source MAC and destination MAC of
packets for a rule to match.
Note: If Any is selected, the rule will match and
apply to all packets with whatever source
MAC/destination MAC.
Message Type
Specify the message type in Hex.
Action
Permit: Allow messages that match existing rules
to pass.
Prohibit: Discard messages that match existing
rules.
Rate Limit: Limit forwarding rate of messages
that match existing rules (64-1048576kbps).
The default action is Prohibit.
Time Range ID
Select time range ID for rule application. Within the
set time range, rules will take effect. By default, no
time range is specified and ACL rules take effect at
any time.
To modify ACL rules
User Guide
166
Click the corresponding rule you wish to modify, configure required modifications and click OK.
To delete a rule
Check the rule you wish to remove and click Delete Rule.
IP Based ACL
Click QoS -> ACL -> IP Based ACL to enter interface below:
This page displays all existing IP based ACLs and rules thereof.
To delete an existing IP based ACL
Select the ACL you wish to delete from the ACL drop-down list and click on the Delete ACL button.
To batch delete rules in an ACL
Select the ACL and rules thereof you wish to delete, and click on the Delete Rule button.
To create a new IP based ACL
Click Create ACL to enter corresponding page for configuration. Configure requied ACL settings and click
OK.
ACL ID: Specify an ACL ID between 1 and 100.
Description: Specify an ACL description.
To add rules to a specified ACL
User Guide
168
match existing rules (64~1048576kbps).
The default action is Prohibit.
Time Range ID
Select time range ID for rule application. Within the
set time range, rules will take effect. By default, no
time range is specified and ACL rules take effect at
any time.
To modify ACL rules
Click the corresponding rule you wish to modify, configure required modifications and click OK.
Port ACL Binding
Click QoS -> ACL -> Port ACL Binding to enter interface below:
To display port binding rules, select a port and MAC based ACL and IP based ACL (if any) will appear
in corresponding lists.
To create port ACL binding, click New, specify a port that you wish to apply a given ACL, configure
required settings and click OK.
To delete a specific Port ACL binding, click Delete on the port ACL binding page as below:
User Guide
170
Limit
disabled.
Note: ARP rate limit enabled ports will check
current ARP rate every 60s and discard ARP
messages received if current ARP RX rate
exceeds the set ARP RX rate threshold.
Port ARP RX
Rate
The default is 100PPS.
Note: PPS refers to the number of packets per
second. It has nothing to do with the size of a
packet.
Status
Displays the status how a corresponding port
deals with received ARP messages.
--” means port ARP rate limit feature is not
enabled.
Normal: System does not detect ARP attacks and
then forwards these ARP messages normally.
Drop ARP: System detects ARP attacks and
drops these malicious ARP messages.
Action
Displays ARP packets’ receiving status.
--” means no ARP attack or ARP attack defense
feature is not enabled.
Normal: ARP packets are forwarded normally.
To configure ARP rate limit status and ARP RX rate for a single port
Click the corresponding port to enter the configuration page.
To configure ARP rate limit status and ARP RX rate for a batch of ports simultaneously
Click Config to enter corresponding page for configuration.
User Guide
171
Worm Attack Defense
Worm Attack Defense prevents virus/worm infected PCs being spread to targeted healthy PCs and the
whole network by scanning for security failures.
Once Worm Attack Defense feature is enabled, the switch directly discards messages that match features
of predefined virus so that PC and other network devices will not be infected.
Click Security -> Attack Defense -> Worm Attack Defense to enter interface below:
To defend against known viruses, you need to add them to the device and enable the worm attack
defense feature.
1. Click New to enter screen below
User Guide
172
2. Enter the virus name, say, SQLSlammer.
3. Specify a protocol, say, TCP or UDP.
4. Specify the TCP destination port number, say, 1434.
5. Click OK and defense against this virus attack is automatically enabled. What you just added will
appear on the page.
To undo defense against this virus attack, simply uncheck it or directly click Delete. To delete a batch
of items simultaneously, simply click Delete All.
To edit an existing virus attack defense entry, simply click it to enter the corresponding interface.
Re-configure it and then click OK.
User Guide
173
Note-------------------------------------------------------------------------------------------------------------------------------
The device supports up to 20 virus types.
-------------------------------------------------------------------------------------------------------------------------------------------
DoS Attack Defense
DoS Attack Defense prevents potential attackers from making a machine or network resource unavailable
to its intended users by saturating the target machine with large amount of malicious communication
requests.
Click Security -> Attack Defense -> DoS Attack Defense to enter interface below:
This section displays and allows you to config the DoS Attack Defense settings. By default all DoS
Attacks are disabled. For detailed description of each DoS attack, click the Help button on the web page.
MAC Attack Defense
MAC Attack Defense prevents the device from learning large amount of unnecessary source MAC
addresses so that forwarding capability will not be degraded due to an oversized MAC address table.
The MAC Attack Defense is implemented on the device by limiting the number of MAC addresses that
can be learned on each port.
Click Security -> Attack Defense -> MAC Attack Defense to enter interface below:
User Guide
174
This section displays the current number of MAC addresses that can be learned on corresponding ports
and drop status of unknown MAC address. By default, the number of MAC addresses that a port can
learn is not limited.
To set a MAC address learning limit on a single port
Click the corresponding port to enter the configuration page.
To set a MAC address learning limit on a batch of ports concurrently
Click Config to enter corresponding page for configuration.
User Guide
175
Address Limit: Config it according to the actual network environment.
By default, the number of MAC addresses that each port can learn is not limited.
Unknown MAC Address Drop: If enabled, corresponding port(s) will discard packets where source MAC
addresses are not in the MAC address table when reaching the set address limit, otherwise, continue
forwarding. By default, this option is disabled on all ports.
Note-------------------------------------------------------------------------------------------------------------------------------
If MAC addresses the port learned are bound as static MAC addresses manually, this port will continue to
learn MAC addresses until the maximum MAC number is reached.
-------------------------------------------------------------------------------------------------------------------------------------------
4.8.2 IP Filter
After you have configured and activated the IP+MAC+Port+VLAN Binding settings, the device will
perform strict packet filter to further secure the network.
To search for IP+MAC+Port+VLAN Binding entries, smart binding.
Click Security -> IP Filter -> Add Binding Entry to enter interface below:
1. Click Search hosts.
2. Enter an IP address in the Start IP field, for example "192.168.100.1".
3. Enter an IP address in the End IP field, for example "192.168.100.254".
4. Enter a number in VLAN ID field, for example "1", and this field is optional.
5. Click OK to start searching.
Searched IP addresses will be displayed on pages after search.
User Guide
176
6. Click Bind and system will automatically bind the IP addresses on the current page, namely 10 items.
To re-search for host, click the Search Hosts button to return to the search page.
To delete a single host just searched, click the corresponding Delete button. To delete all searched host,
click Delete All.
To add IP+MAC+Port+VLAN Binding entries manually
1. Click Security -> IP Filter -> Add Binding Entry and on the appearing interface, select Add
IP+MAC+Port VLAN Binding entry manually.
2. Enter an IP address, for example "192.168.10.1".
3. Enter a MAC address, for example "aaaa-bbbb-cccc".
4. Enter a port number, for example "24". This item is optional.
5. Enter a number in VLAN ID field, for example "1". This item is optional.
6. Click OK. The IP+MAC+Port+VLAN Binding screen will display added binding entries.
Port Filter Setup
The IP+MAC+Port+VLAN Binding entries take effect only after the IP filter feature is enabled.
To config Port Filter settings on a single port: click Security -> IP Filter -> Port Filter Setup, select a port
NO, select Yes from the IP Filter drop-down list and click OK to enable the IP filter feature.
User Guide
188
Log Setup
To configure log settings, click Maintenance -> Syslog -> Log Setup as below:
Fields on the screen are described below:
Field
Description
Enable Logging
Enable/disable Log feature. By default, it is
enabled.
Enable Server
Check to enable log server.
Log Severity
Level
Only logs of severity level equal to or lower than
the specified one can be sent to the log host.
Server IP
Config log server IP address.
Port
By default, it is 514 and can’t be configurable.
4.10.2 Network Diagnostics
This device provides Cable check-up, Ping check-up and Tracert check-up functions for network
diagnose.
User Guide
191
(2) Device B (the first L3 device packets have reached) replies with an ICMP error of TTL timeout (Device
B’s IP 1.1.1.2 included), thus Device A obtains the first L3 device’s IP (1.1.1.2);
(3) Device A re-transmits an IP packet to Device D and TTL value is 2.
(4) Device C replies with an ICMP error of TTL timeout, thus Device A obtains the second L3 device’s IP
(1.1.2.2);
(5) The process mentioned above is performed continually until packets reach Device D. As no
application program on Device D uses this UDP port, Device D replies with an unreachable ICMP error
(Device D’s IP 1.1.3.2 included).
(6) When Device A receives this unreachable ICMP error, it knows packets have reached Device D and
the route packets have passed from Device A to Device D is obtained (1.1.1.2; 1.1.2.2; 1.1.3.2).
To implement tracert check-up, click Maintenance -> Network Diagnostics -> Tracert Check-up, finish
required settings and click OK. Then tracert check-up begins and the tracert info will be displayed in the
tracert result box.
Fields on the screen are described below:
Field
Description
Destination IP
Address
Enter the IP address of the destination
device.
Max Hop-count
Specify the maximum number of the L3
devices the test data can pass through.
Valid range is 1-30 and the default is 3.
Tracert Result
Display the tracert info.
4.11 Logout
This section allows you to exit from the switch’s web manager safely.
User Guide
192
4.12 Save Configurations
Configurations on switch will be lost if they are not saved before switch reboots. So do save them on this
screen before you reboot the switch.
1. Save Current Settings
Use this feature to save device current configurations to ensure you will still have them on the switch even
after the device restarts.
Note: It takes about 10 seconds to save device current configurations. Do not operate or interrupt the
switch during this period. Otherwise parts of the configurations may be lost. When the page refreshes, the
action of saving configurations is completed.
2. Backup Settings
Once you have configured the device the way you want, you can save all settings to your local hard drive,
which can later be imported to the device in case that it is restored to factory default settings.
To back up current settings, click the Backup button.
Note: To backup current settings, you must first click Save to save them. Do not disconnect the device
from power supply and the management PC during this process.
3. Restore Previous Settings
To restore settings that are previously saved on your local hard drive, click the Browse button to locate
and select the file and then click the Restore button.
User Guide
193
Chapter 5 CLI Configuration
5.1 Login
For login method, please see sections 3.2-3.3, which describe available Telnet commands that can be
used to config and manage the switch as well as how to manage the switch via the console port.
5.2 Features of Command Interface
Below lists and explains available commands for your references. The command line interface has the
following features:
Entering a question mark "?" displays online help.
The Tab key on your keyboard serves as a functional key to supplement a command. For
example, you can only enter a command string of "con" and press the Tab key to populate the
rest automatically: if multiple matches are found, they will all be displayed for your selection; if
only one match is found, then it will be populated to the "con" field automatically.
To go back to previous directory, press the "/" key. "/" is invalid in "Tenda #".
To activate a command, press Enter after you finish entering it.
Three access rights are available for the command line interface:
adminThe administrator has absolute rights to manage the switch except debugging.
operator The operator has all the same rights as administrator except rights to "Firmware
Update", "User", "Reset" and "Reboot' features.
user The user has only the right to read/view switch's current settings but no right to
manage/config the switch.
5.3 Command Line Configuration Guide
5.3.1 Commands for entering common views
TENDA# configure terminal
TENDA (config)#
Note: Enter configuration view
TENDA (config)# interface gigabitethernet 0/1
TENDA (config-if)#
Note: Enter single-port view
TENDA (config)# interface range gigabitethernet 0/1-24
TENDA (config-if)#
Note: Enter multiple-port view
5.3.2 Config system info
TENDA (config)# snmp-server chassis-id TEG3224P
Note: Config device name as TEG3224P
TENDA (config)# snmp-server contact Tenda
User Guide
194
Note: Config contact as Tenda
TENDA (config)# snmp-server location Shenzhen
Note: Config location as Shenzhen
5.3.3 Config IP address manually
TENDA (config)# ip address 192.168.111.217 255.255.255.0
Note: Config a static IP address
TENDA (config)#ip route 192.168.111.1
Note: Config a gateway IP address
TENDA # show ip
Note: View configured IP address (es)
5.3.4 Enable DHCP client to obtain an IP address
TENDA(config)# ip dhcp
Note: Enable DHCP client and switch will obtain an IP address automatically from a DHCP server
on the network
TENDA(config)# show ip
Note: View the IP address obtained automatically
5.3.5 User configuration
TENDA(config)# local-user 123456 admin admin
Note: Change default password to 123456
TENDA(config)# local-user abc abc admin
Note: Add a user name of "abc" with the password of "abc" and access mode of "Administrator"
TENDA(config)# local-user admin admin user
Note: Change the access mode of "Administrator" to "User"
TENDA(config)# local-user 1a 1a user
Note: Add a user name of "la" with the password of "la" and access mode of "User"
TENDA(config)# local-user 123 123 opt
Note: Add a user name of "123" with the password of "123" and access mode of "Operator"
TENDA(config)# no local-user user
Note: Delete the user
TENDA# service telnet start
Note: Start Telnet service
User Guide
195
TENDA# no service telnet
Note: Disable Telnet service
5.3.6 System Time Configuration
TENDA# clock set 14:09:30 4 11 2012
Note: Manually set system date and time to Apr 11 2012 and 140930 respectively
TENDA(config)# sntp enable
Note: Enable SNTP server
TENDA(config)# no sntp
Note: Disable SNTP server
TENDA(config)# sntp preferred-server 192.168.111.79
Note: Set Primary SNTP Server IP address to 192.168.111.79
TENDA(config)# sntp alternate-server 192.168.111.78
Note: Set Secondary SNTP Server IP address to 192.168.111.78
TENDA(config)# sntp broadcastdelay 100
Note: Set Sync Interval to 100s
TENDA(config)# clock timezone GMT-0800
Note: Set Time Zone to (GMT-0800)Beijing
5.3.7 Reset and reboot
TENDA# erase startup-config
Note: Delete all current settings and restore device to factory default settings
TENDA# reload
Note: Reboot switch (To restore factory defaults, system first deletes current settings and then
restarts)
5.3.8 Firmware Update
TENDA# archive download-sw 192.168.111.79G3224_V100R004.bin
Note: Load firmware from a TFTP server for upgrade
TENDA#archive startup-config 192.168.111.79mib.conf
Note: Save firmware to local hard drive via a TFTP server
User Guide
197
TENDA(config)# monitor source interface range gigabitethernet 0/1-3 rx
Note: Config ports 1-3 as mirroring source ports and sniffer mode as Ingress.
TENDA(config)# monitor source interface range gigabitethernet 0/4-5 tx
Note: Config ports 4-5 as mirroring source ports and sniffer mode as Egress.
TENDA(config)# monitor source interface gigabitethernet 0/6 both
Note: Config port 6 as mirroring source port and sniffer mode as Egress & Ingress.
TENDA(config)# no monitor
Note: Clear mirroring settings
5.3.12 View RX/TX packet statistics
TENDA# show interface gigabitethernet 0/2 counter
Note: View RX packet statistics on port 2
TENDA# show interfaces counter
Note: View statistics on all ports
5.3.13 Config Port Rate Limit
TENDA(config)# interface range gigabitethernet 0/1
TENDA(config-if)# rate-limit input 100
Note: Set ingress rate limit to 100M on port 1
TENDA(config-if)# rate-limit output 10
Note: Set egress rate limit to 10M on port 1
TENDA(config-if)# no rate-limit input
Note: Clear ingress rate limit on the port
TENDA(config-if)# no rate-limit output
Note: Clear egress rate limit on the port
5.3.14 Config Link Aggregation
Create aggregation group
TENDA(config)# interface range gigabitethernet 0/1-4
Note: Set ports 1-4 as link aggregation member ports
TENDA(config-if)# trunk-group 1 type static
Note: Set aggregation group ID to 1 and type to static
TENDA(config-if)# trunk-group 2 type lacp
Note: Create a LACP static aggregation group: 2
Delete aggregation group
User Guide
201
Note: Set port 10 to carry untagged VLAN4094
TENDA(config-if)# switchport hybrid allowed vlan untagged except 30
Note: Set port 10 to carry all untagged VLANs except VLAN30
TENDA(config-if)# switchport hybrid allowed vlan untagged remove 4094
Note: Delete VLAN4094 from untagged VLANs; VLAN4094 then cannot be carried on the port
Delete hybrid port
TENDA(config)# interface gigabitethernet 0/10
TENDA(config-if)# switchport mode access
Note: Delete existing Hybrid port 10
TENDA(config)# interface range gigabitethernet 0/1-24
TENDA(config-if)# switchport mode access
Note: Delete all hybrid ports
VLAN mode toggle
TENDA(config)# private-vlan on
Note: Switch VLAN mode from QVLAN to Port VLAN
TENDA(config)# private-vlan off
Note: Switch VLAN mode from Port VLAN to QVLAN
Create port based VLAN
TENDA(config)# private-vlan on
TENDA(config)# private-vlan VID 24
Note: Create port VLAN24
TENDA(config-pvlan)# add 1-20
Note: Add ports 1-20 to VLAN24
TENDA(config-pvlan)# remove 10-20
Note: Delete ports 10-20 from VLAN24
TENDA(config-pvlan)# add 22,23
Note: Add port 22 and port 23 to VLAN24
TENDA(config-pvlan)# remove 8
Note: Remove port 8 from VLAN24
Delete port based VLAN
TENDA(config)# no private-vlan 24
Note: Delete port VLAN 24
User Guide
204
Note: Set MAC address never to age out
TENDA(config)# mac-address-table aging-time 100
Note: Config MAC age time
TENDA(config)# no mac-address-table aging-time
Note: Restore default MAC age settings
TENDA# show mac-address-table age-time
Note: Display MAC age time
Config static MAC address
TENDA(config)# mac-address-table static 0000.0000.0002 interface gigabitethernet 0/1 vlan 1
Note: Add static MAC address of 0000.0000.0002 to port 1 of VLAN1
TENDA(config)# no mac-address-table static
Note: Delete all static MAC addresses
TENDA(config)# no mac-address-table static 0000.0000.0002 interface gigabitethernet 0/1 vlan 1
Note: Delete a single static MAC address
Display MAC address
TENDA# show mac-address-table
Note: Display all MAC addresses
TENDA# show mac-address-table address 0000.0000.0002
Note: Display a single MAC address (similar to View)
TENDA# show mac-address-table dynamic
Note: Display all dynamic MAC addresses
TENDA# show mac-address-table static
Note: Display all static MAC addresses
TENDA# show mac-address-table vlan 1
Note: Display all MAC addresses in VLAN1
TENDA# show mac-address-table interface gigabitethernet 0/5
Note: Display MAC address (es) on a certain port
Clear MAC address table
TENDA# clear mac-address-table
Note: Delete all dynamic MAC addresses
5.3.20 QoS Configuration
QoS Priority type select
TENDA(config)# QoS trust cos
Note: Set Priority Type to CoS
User Guide
205
TENDA(config)# QoS trust dscp
Note: Set Priority Type to DSCP
QoS Scheduling scheme select
TENDA(config)# QoS scheduler sp
Note: Set Scheduling Scheme to SP
TENDA(config)# QoS scheduler wrr
Note: Set Scheduling Scheme to WRR
TENDA(config)# wrr-queue bind-width 1 6 10 31
Note: Assign QoS weights: 1610 and 31 to queues: 123 and 4 respectively
5.3.21 STP Configuration
Enable/disable STP
TENDA(config)# spanning-tree
Note: Enable STP
TENDA(config)# no spanning-tree
Note: Disable STP
Config STP system settings
TENDA(config)# spanning-tree mode stp
Note: Set STP version to stp
TENDA(config)# spanning-tree mode rstp
Note: Set STP version to rstp
TENDA(config)# spanning-tree mode mstp
Note: Set STP version to mstp
TENDA(config)# spanning-tree bpdu-forward broadcast
Note: Broadcast BPDU packets
TENDA(config)# spanning-tree bpdu-forward filter
Note: Filter BPDU packets
TENDA(config)# spanning-tree max-age 6
Note: Set max age to 6s
TENDA(config)# spanning-tree hello-time 1
Note: Set Hello Time to 1s
User Guide
206
TENDA(config)# spanning-tree forward-time 4
Note: Set Forward Delay to 4s
TENDA(config)# spanning-tree mstp max-hops 30
Note: Set max hops to 30
TENDA(config)# spanning-tree mstp 0 priority 32768
Note: Set instance priority
Note-------------------------------------------------------------------------------------------------------------------------
BPDU message broadcast and filter take effect when STP is disabled.
-------------------------------------------------------------------------------------------------------------------------------------
Reset STP system settings
TENDA(config)# no spanning-tree mode
Note: Delete current STP version setting and restore it to the default mstp
TENDA(config)# no spanning-tree max-age
Note: Delete current max age setting and restore it to the default 20
TENDA(config)# no spanning-tree hello-time
Note: Delete current Hello Time setting and restore it to the default 2
TENDA(config)# no spanning-tree forward-time
Note: Delete current forward delay setting and restore it to the default 15
TENDA(config)# no spanning-tree mstp max-hops
Note: Delete max hop setting and restore it to the default 20
TENDA(config)# no spanning-tree mstp 0 priority
Note: Delete instance bridge priority setting and restore it to the default 30768
Configure MSTP domain
TENDA(config)# spanning-tree mstp configuration
Note: Enter MSTP configuration interface
TENDA(config-mst)# name 2222
Note: Configure domain name
TENDA(config-mst)# revision 52
Note: Configure revision level
TENDA(config-mst)# instance 2 vlan 52
Note: Configure vlan mapping and enable this instance
TENDA(config-mst)# no name
154

Brauchen Sie Hilfe? Stellen Sie Ihre Frage.

Forenregeln

Missbrauch melden von Frage und/oder Antwort

Libble nimmt den Missbrauch seiner Dienste sehr ernst. Wir setzen uns dafür ein, derartige Missbrauchsfälle gemäß den Gesetzen Ihres Heimatlandes zu behandeln. Wenn Sie eine Meldung übermitteln, überprüfen wir Ihre Informationen und ergreifen entsprechende Maßnahmen. Wir melden uns nur dann wieder bei Ihnen, wenn wir weitere Einzelheiten wissen müssen oder weitere Informationen für Sie haben.

Art des Missbrauchs:

Zum Beispiel antisemitische Inhalte, rassistische Inhalte oder Material, das zu einer Gewalttat führen könnte.

Beispielsweise eine Kreditkartennummer, persönliche Identifikationsnummer oder unveröffentlichte Privatadresse. Beachten Sie, dass E-Mail-Adressen und der vollständige Name nicht als private Informationen angesehen werden.

Forenregeln

Um zu sinnvolle Fragen zu kommen halten Sie sich bitte an folgende Spielregeln:

Neu registrieren

Registrieren auf E - Mails für Tenda TEG3224P wenn:


Sie erhalten eine E-Mail, um sich für eine oder beide Optionen anzumelden.


Das Handbuch wird per E-Mail gesendet. Überprüfen Sie ihre E-Mail.

Wenn Sie innerhalb von 15 Minuten keine E-Mail mit dem Handbuch erhalten haben, kann es sein, dass Sie eine falsche E-Mail-Adresse eingegeben haben oder dass Ihr ISP eine maximale Größe eingestellt hat, um E-Mails zu erhalten, die kleiner als die Größe des Handbuchs sind.

Ihre Frage wurde zu diesem Forum hinzugefügt

Möchten Sie eine E-Mail erhalten, wenn neue Antworten und Fragen veröffentlicht werden? Geben Sie bitte Ihre Email-Adresse ein.



Info