TP-LINK 24-Port 10/100Mbps + 4-Port Gigabit L2 Managed Switch
Contents
1. re Enable 5 Click Submit The authentication profile is defined RADIUS and the device is updated submit To modify an authentication profile 1 Click System gt Management Security gt Authentication gt Authentication Profiles The Authentication Profiles Page opens 2 Click 4 The Authentication Profile Settings Page opens Figure 31 Authentication Profile Settings Page Authentication Profile Settings 3 Select the Authentication Method using the move arrow Profile Name Profile1 xl j S Authentication Method Optional Methods Selected Methods 4 Click Submit The authentication method is selected ine E m and the device is updated RADIUS TACACS 7 Submit 5 1 1 4 Mapping Authentication Profiles After authentication profiles are defined they can be applied to management access methods For example console users can be authenticated by Authentication Profile List 1 while Telnet users are authenticated by Authentication Method List 2 Authentication methods are selected using arrows The order in which the methods are selected is the order by which the authentication methods are used To map authentication methods 1 Click System gt Management Security gt Authentication gt Authentication Mapping The Authentication Mapping Page opens Figure 32 Authentication Mapping Page va TL SL3428 L2 Management Switch The Aut2. gt Interface Displays the interface type for ARP parameters The possible field values are Port Indicates the port for which ARP parameters are defined LAG Indicates the LAG for which ARP parameters are defined VLAN Indicates the VLAN for which ARP parameters are defined gt IP Address Indicates the station IP address which is associated with the MAC address filled in below MAC Address Displays the station MAC address which is associated in the ARP table with the IP address gt Status Displays the ARP table entry type Possible field values are Vv Dynamic Indicates the ARP entry is learned dynamically Static Indicates the ARP entry is a static entry gt Remove Removes a specific ARP entry The possible field values are Checked Removes the selected ARP entries Unchecked Maintains the current ARP entries 2 Define the ARP Entry Age Out parameter 3 Define the Clear ARP Table Entries parameter 4 Click treate The Add ARP Entry Page opens Figure 60 Add ARP Entry Page ARP Settings 5 Select the nterface Port LAG or VLAN Interface ponje e ach E vap A 6 Define the IP Address and the MAC Address IP Address 0 0 0 0 MAC Address 7 Click Submit The new entry is added to ARP and the device is updated Submit 6 2 Defining Domain Name System Domain Name System DNS converts user defined domain names into IP addres
3. Statistics gt Port Based Authentication State Indicates if Port Authentication is enabled on the device The possible field values are Enable Enables port based authentication on the device Disable Disables port based authentication on the device Authentication Method Specifies the authentication method used for port authentication The possible field values are None Indicates that no authentication method is used to authenticate the port RADIUS Provides port authentication using the RADIUS server RADIUS None Provides port authentication first using the RADIUS server If the port is not authenticated then no authentication method is used and the session is permitted Guest VLAN Specifies whether the Guest VLAN is enabled on the device The possible field values are Enable Enables using a Guest VLAN for unauthorized ports If a Guest VLAN is enabled the unauthorized port automatically joins the VLAN selected in the VLAN List field Disable Disables port based authentication on the device This is the default Guest VLAN ID Contains a list of VLANs The Guest VLAN is selected from the VLAN list Enable the Port Based Authentication and define the Authentication Method enable Guest VLAN and select the Guest VLAN ID Click Submit The network security authentication properties are saved and the device is updated 5 2 2 1 Defining P
4. 192 168 1 1 err fC System Info Authentication Profiles J Bridging Config H Quality of Service Create Security Management Security Authentication Login Authentication Profiles Enable Authentication Profiles 24 Each of the tables contains the following fields gt Profile Name Contains a list of user defined authentication profile lists to which user defined authentication profiles are added gt Methods Defines the user authentication methods The possible field values are None Assigns no authentication method to the authentication profile Local Authenticates the user at the device level The device checks the user name and password for authentication RADIUS Authenticates the user at the RADIUS server For more information see Defining RADIUS Server Settings Line Authenticates the user using a line password Enable Authenticates the user using an enable password gt Remove Removes the selected authentication profile The possible field values are Checked Removes the selected authentication profile Unchecked Maintains the authentication profiles 2 Click Hreate The Add Authentication Profile Page opens Figure 30 Add Authentication Profile Page Add Authentication Profile 3 Define the Profile Method and enter the Profile Name ee Login Enable fields eid 4 Select the Authentication Method using the move arrow
5. Down Indicates that a SNTP server is currently not available For example the SNTP server is currently not connected or is currently down In progress Indicates the SNTP server is currently sending or receiving SNTP information Unknown Indicates the progress of the SNTP information currently being sent is unknown For example the device is currently looking for an interface Last Response Displays the last time a response was received from the SNTP server Offset Indicates the time difference between the device local clock and the acquired time from the SNTP server Delay Indicates the amount of time it takes for a device request to reach the SNTP server Remove Removes SNTP servers from the SNTP server list The possible field values are Checked Removes the SNTP server Unchecked Maintains the SNTP server This is the default value Click treate The Add SNTP Server Page opens Add SNTP Server Define the SNTP Server Enable Poll Interval and SNTP Server 0 231122 Encryption Key ID fields Enable Poll Interval V Encryption Key ID 34238 v Click Submit The SNTP Server is added and the device is updated Submit 3 2 5 Defining SNTP Interface Settings The SNTP Interface Settings Page contains fields for setting SNTP on different interfaces To define SNTP interface settings 1 Click System gt System Info gt SNTP gt Interface The SNTP Interface Settin
6. Boundary Port Indicates that the port is a Boundary port A Boundary port attaches MST bridges to LANs in an outlying region If the port is a Boundary port this field also indicates whether the device on the other side of the link is working in RSTP or STP mode Master Port Indicates the port is a master port A Master port provides connectivity from a MSTP region to the outlying CIST root Interface Priority Defines the Interface priority for the specified instance The default value is 128 Path Cost Indicates the port contribution to the Spanning Tree instance The range should always be 1 200 000 000 Port State Indicates whether the port is enabled for the specific instance The possible field values are Enabled Enables the port for the specific instance Disabled Disables the port for the specific instance Designated Cost Indicates that the default path cost is assigned according to the method selected on the Spanning Tree Global Settings page Designated Bridge ID Displays the ID of the bridge that connects the link or shared LAN to the root Designated Port ID Displays the ID of the port on the designated bridge that connects the link or the shared LAN to the root Remain Hops Indicates the hops remaining to the next destination Select the Instance Modify the Port Priority and Path Cost Click Submit The device information is updated TP LINK Figure 93 MSTP
7. Sy Soe BEBE rull o voll Ge Fre EG res e o Refresh Port Defines the specific port for which interface pE eau tenne vi g i CI Statistics 7 statistics are displayed PE an apr Total Bytes Octets 0 LAG Defines the specific LAG for which interface pr Broadcast Packets 0 statistics are displayed Packets with Errors 0 gt Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed The possible field values are 15 Sec Indicates that the Interface statistics are refreshed every 15 seconds 30 Sec Indicates that the Interface statistics are refreshed every 30 seconds 60 Sec Indicates that the Interface statistics are refreshed every 60 seconds No Refresh lndicates that the Interface statistics are not refreshed Receive Statistics gt Total Bytes Octets Displays the number of octets received on the selected interface Transmit Statistics Total Bytes Octets 0 Unicast Packets 0 Multicast Packets 0 Broadcast Packets 0 Clear All Counters gt Unicast Packets Displays the number of Unicast packets received on the selected interface gt Multicast Packets Displays the number of Multicast packets received on the selected interface gt Broadcast Packets Displays the number of Broadcast packets received on the selected interface gt Packets with Errors Displays the number of e
8. TP UNK Tar TL SL3428 L2 Management Switch The RMON Alarm Page contains the following fields A an gt Alarm Entry Indicates a specific alarm Ei sr i gt Counter Name Displays the selected MIB variable Ken Vern me ka am gt Interface Displays interface for which RMON statistics are displayed The possible field values are Port Displays the RMON statistics for the selected port LAG Displays the RMON statistics for the selected LAG gt Counter Value Displays the selected MIB variable value gt Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Absolute Compares the values directly with the thresholds at the end of the sampling interval gt Rising Threshold Displays the rising counter value that triggers the rising threshold alarm The rising threshold is presented on top of the graph bars Each monitored variable is designated a color gt Rising Event Displays the mechanism in which the alarms are reported The possible field values are LOG Indicates there is not a saving mechanism for either the device or in the management system If the device is not reset the entry remains in the Log Table TRAP Indicates that an SNMP trap is
9. TP LINK TECHNOLOGIES CO LTD E mail support tp link com Website http www tp link com Add 3 F Building R1 B Hi tech Industrial Park Shennan Rd Shenzhen P R China
10. gt Priority 0 65535 Specifies the bridge priority value When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the device with the lowest priority value becomes the Root Bridge The default value is 32768 The port priority value is provided in increments of 4096 Hello Time 1 10 Specifies the device Hello Time The Hello Time indicates the amount of time in seconds a Root Bridge waits between configuration messages The default is 2 seconds Max Age 6 40 Specifies the device Maximum Age Time The Maximum Age Time is the amount of time in seconds a bridge waits before sending configuration messages The default Maximum Age Time is 20 seconds Forward Delay 4 30 Specifies the device Forward Delay Time The Forward Delay Time is the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets The default is 15 seconds The Designated Port section contains the following fields gt gt gt Vv Bridge ID Identifies the Bridge priority and MAC address Root Bridge ID Identifies the Root Bridge priority and MAC address Root Port Indicates the port number that offers the lowest cost path from this bridge to the Root Bridge This field is significant when the bridge is not the Root Bridge The default is zero Root Path Cost The cost of the path from this bridge to the Root Bridge Topology Changes Counts Specifie
11. Defines the line password for accessing the device via a secure Telnet session Passwords can contain a maximum of 159 characters Confirm Password Confirms the new line password The password appears in the format Define the Console Line Password Telnet Line Password and Secure Telnet Line Password fields Redefine the Confirm Password field for each of the passwords defined in the previous steps to verify the passwords Click Submit Line password is configured and device is updated 5 1 2 3 Defining Enable Passwords The Enable Password Page sets a local password for a particular access level To enable passwords k Click System gt Management Security gt Passwords gt Enable Password The Enable Password Page opens Figure 42 Enable Password Page The Enable Password Page contains the following fields gt v 5 2 Configuring Network Security Enable Access Level Defines the access level associated with the enable password Possible field val ues are 1 15 Password Defines the enable password Confirm Password Confirms the new enable password The password appears in the format TP LINK ig E B 192 168 1 1 System Info Bridging Config Quality of Service L Security 1 Management Security Authentication Passwords Network Security SNMP Management Maintenance Statistics TL SL3428 L2 Mana
12. Specifies the port on which the access profile is defined LAG Specifies the LAG on which the access profile is defined VLAN Specifies the VLAN on which the access profile is defined Source IP Address Defines the interface source IP address to which the access profile applies The Source IP Address field is valid for a subnetwork Network Mask Defines the network mask of the source IP address 22 23 Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address gt Action Defines the action attached to the access rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default 3 Click Submit The access profile is saved and the device is updated 5 1 1 2 Defining Profile Rules Access profiles can contain up to 128 rules that determine which users can manage the switch module and by which methods Users can also be blocked from accessing the device Rules are composed of filters including Rule Priority Interface Management Method IP Address Prefix Length VV VV v WV Forwarding Action To define profile rules 1 Click System gt Management Security gt Authentication gt Profile Rules The Profile Rules Page opens Figure 26 Profile Rules Page TP LINK Authentication eae ie The Profile Rules Page
13. The Edit RMON Alarm User Page opens 102 Figure 147 Edit RMON Alarm User Page RMON Alarm Settings Alarm Entry 13 2 Modify the fields zaa potle E Ouchi 3 Click Submit The entry is updated in the RMON eden Bytes Octets Receive Alarm Page and the device is updated Sense Absolute il Rising Threshold 100 Rising Event 1 Default Description v Falling Threshold 20 Falling Event 1 Default Description Startup Alarm Rising and Falling gt nterval sec finn gt Owner MP 103 This glossary contains terms commonly used in Embedded Web System documentation Term Definition Specifies the method by which user access is granted to the system Allows network managers to define profiles and rules for accessing the device Access to management functions can be limited to user groups which are defined by the following criteria e Ingress interfaces Access Profile e Source IP address and or Source IP subnets Filters in Access Control Lists ACL that determine which network traffic is forwarded ACE are based on the following criteria e Protocol e Protocol ID e Source Port e Destination Port e Wildcard Mask e Source IP Address e Destination IP Address Access Control List Access Control Lists are used to grant deny or limit access to devices features or applications Groups several VLANs into a single aggregated VLAN Aggregating VLANs enables Aggregated VLAN rou
14. gt SNMP version 2c gt SNMP version 3 11 1 SNMP v1 and v2c The SNMP agents maintain a list of variables which are used to manage the device The variables are defined in the Management Information Base MIB The SNMP agent defines the MIB specification format as well as the format used to access the information over the network Access rights to the SNMP agents are controlled by access strings 11 2 SNMP v3 SNMP v3 applies access control and a new traps mechanism In addition User Security Model USM parameters are defined for SNMPv3 including gt Authentication Provides data integrity and data origin authentication gt Privacy Protects against the disclosure of message content Cipher Block Chaining CBC is used for encryption Either authentication is enabled on a SNMP message or both authentication and privacy are enabled on a SNMP message However privacy cannot be enabled without authentication gt Timeliness Protects against message delay or message redundancy The SNMP agent compares incoming message to the message time information gt Key Management Defines key generation key updates and key use The device supports SNMP notification filters based on Object IDs OIDs OIDs are used by the system to manage device features SNMP v3 supports the following features gt Security gt Feature Access Control gt Traps The device generates the following traps gt Copy trap This secti
15. Combining VLANs and GARP Generic Attribute Registration Protocol allows network managers to define network nodes into Broadcast domains This section contains the following topics Adding VLAN Defining VLAN Properties Defining VLAN Membership Defining VLAN Interface Settings Configuring GARP Defining GVRP VV VV V WV 7 3 1 Defining VLAN Properties The VLAN Member Properties Page provides information and global parameters for configuring and working with VLANs To add a new VLAN 1 Click System gt Bridging Config gt VLAN gt Membership The VLAN Member Properties Page opens Figure 71 VLAN Member Properties Page The VLAN Member Properties Page contains the following fields gt Select VLAN ID Displays the properties of the selected VLAN in the VLANs table below gt Show All Displays the properties of all defined VLANS in the VLANs table below gt VLAN ID Displays the VLAN ID gt Name Displays the user defined VLAN name gt Type Displays the VLAN type The possible field values are TP LINK TL SL3428 L2 Management Switch 192 168 1 1 i System Info VLAN Properties i Bridging Config Interface _Create Forwarding Database a Spanning Tree Single VLAN Mode JL VLAN L Membership T GARP VLAN Type Authentication Edit Remove y Multicast Support ID Name Quality of Service 1 Default E
16. Defines the minimum severity level from which logs are sent to the log file kept in FLASH memory 2 Check the Enable Logging option 3 Check the options for each severity level 4 2 Viewing Memory Logs The Syslog Memory Page contains all system logs in a chronological order that are saved in RAM Cache To view memory logs 1 Click System gt System Info gt Syslog gt Memory The Syslog Memory Page opens Figure 20 Syslog Memory Page The Syslog Memory Page contains the following fields gt Log Index Lists the log number gt Log Time Lists the date and time that the log was entered gt Severity Lists the severity of the event for which the log was entered gt Description Lists the event description 2 To dlear all logs click lear Legs TP UNK TL 5L3428 L2 Management Switch 192 168 1 1 System Info Memory General a O SNTP Log Index Log Time Severity Description B Syslog 1 2147483562 01 Jan 2000 05 30 38 Info LINK I Up e20 IP Configuration 2 2147483647 01 Jan 2000 05 30 36 Warning LINK W Down e20 Bridging Config AQuality of Service Clear Logs Security SNMP Management Maintenance Statistics 3 Click S All log items are removed from the table and the device is updated 4 3 Viewing Flash Logs The Syslog Flash Page contains information about log entries saved to the log f
17. Maintains the LAGs To modify LAG Membership 1 Click amp The LAG Membership Settings Page opens Figure 68 LAG Membership Settings Page i Modify LAG Membership The LAG Membership Settings Page contains the following ae 2 fields LAG Name LACP F gt LAG Contains a user defined drop down LAG list gt Lag Name Displays the user defined LAG name gt LACP Indicates if LACP is defined on the LAG The possible field values are LAG Members Enable Enables LACP on the LAG oo Disable Disables LACP on the LAG This is the default value gt Port List Displays a list of ports Ports in the Port List can be added to the LAG Submit gt LAG Members Displays the list of the ports included in the LAG 2 Define the LAG fields for the LAG port 3 Click ports in the Port List and add the ports to the LAG Members list using 4 Click Submit The interface LAG membership properties are modified and the device is updated 7 2 2 Configuring LACP LAG ports can contain different media types if the ports are operating at the same speed Aggregated links can be set up manually or automatically established by enabling LACP on the relevant links Aggregate ports can be linked into link aggregation port groups Each group is comprised of ports with the same speed The LACP Parameters Page contains fields for configuring LACP LAGS To view and configure LACP 1 Click
18. Make Guest VLAN Disable gt 7 Enable Periodic Reauthentication 5 Click Submit The port authentication settings are BEE ser Fr saved and the device is updated PEER F Authenticator State Force Authorized Quiet Period eo i Resending EAP 30 5 2 2 2 Configuring Multiple Hosts es re EE The Multiple Hosts Page allows network managers to EE BB configure advanced port based authentication settings Server Timeout 30 for specific ports and VLANs For more information on Termination Cause ER at advanced port based authentication see Advanced Port Submit Based Authentication Current Port Control Displays the current port authorization state The possible field values are Auto Enables port based authentication on the device The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client Authorized Indicates the interface is in an authorized state without being authenticated The interface re sends and receives normal traffic without client port based authentication Unauthorized Denies the selected interface system access by moving the interface into unauthorized state The device cannot provide authentication services to the client through the interface Enable Periodic Reauthentication Permits immediate port reauthentication The possible field values are Enable Enables immediate port reauthentication This is
19. Multiple Hosts The Multiple Hosts Page opens 34 Figure 46 Multiple Hosts Page TP LUINK Authentication The Multiple Hosts Page contains the following fields gt Port Displays the port number for which advanced Satomi la gt Multiple Hosts Indicates whether multiple hosts d gt ER mS in i are enabled Multiple hosts must be enabled in order sae r io pecan faze 1 na mdr i to either disable the ingress filter or to use port lock 100 so pecar re 1o tn auto m r i security on the selected port The possible field values SONEN are Multiple Multiple hosts are enabled Disable Multiple hosts are disabled gt Action on Violation Defines the action to be applied to packets arriving in single host mode from a host whose MAC address is not the supplicant MAC address The possible field values are Forward Forwards the packet Discard Discards the packets This is the default value Shutdown Discards the packets and shuts down the port The port remains shut down until reactivated or until the device is reset gt Traps Indicates if traps are enabled for Multiple Hosts The possible field values are True Indicates that traps are enabled for Multiple hosts False Indicates that traps are disabled for Multiple hosts gt Trap Frequency Defines the time period by which traps are sent to the host The Trap Fre
20. Providing various mechanisms for determining the allocation of network resources to different handling classes including The assignment of network traffic to a particular hardware queue The assignment of internal resources Traffic shaping In this document the terms Class of Service CoS and QoS are used in the following context gt v CoS provides varying Layer 2 traffic services CoS refers to classification of traffic to traffic classes which are handled as an aggregate whole with no per flow settings CoS is usually related to the 802 1p service that classifies flows according to their Layer 2 priority as set in the VLAN header QOS refers to Layer 2 traffic and above QoS handles per flow settings even within a single traffic class The QoS facility involves the following elements Traffic Classification Classifies each incoming packet as belonging to a given traffic class based on the packet contents and or the context Assignment to Hardware Queues Assigns incoming packets to forwarding queues Packets are sent to a particular queue for handling as a function of the traffic class to which they belong as defined by the classification mechanism Traffic Class Handling Attributes Applies QoS CoS mechanisms to different classes including Bandwidth Management Shaping Rate Limiting Policing 12 1 1 Mapping to Queues Queues are used in both Basic and Advanced QoS modes Default setting
21. Read Only v IV view Name Default gt String and Basic or Advanced fields 3 Click Submit The SNMP community is modified C advanced Group Name 31007 and the device is updated Submit 11 4 Configuring SNMP Notification Settings This section describes configuring of SNMP Notifications and contains the following topics gt Defining SNMP Notification Properties gt Defining Notification Filters gt Defining Notification Receivers 11 4 1 Defining SNMP Notification Properties The SNMP Notification Properties Page contains parameters for defining SNMP notification parameters To define SNMP notification global parameters 1 Click System gt SNMP Management gt Notification gt Properties The SNMP Notification Properties Page opens Figure 112 SNMP Notification Properties Page P LINK The SNMP Notification Properties Page contains the ee ae following fields Not ug n e Fe Global Trap Settings gt Enable SNMP Notifications Specifies whether the er a a om H Quality of Serice Enable SNMP Notifications VW device can send SNMP notifications The possible field Meer een Enable Authentication Notifications 7 Security values are Sinan Submit Enable Enables SNMP notifications peke Disable Disables SNMP notifications gt Enable Authentication Notifications Specifies whether SNMP authentication failure notification is enabled on the device The possible field value
22. Submit 1 5 Deleting Configuration Information User defined information can be deleted in specific TP Link Web Interface pages using the Remove function To delete information in tables or TP Link Web Interface pages 1 Open the TP Link Embedded Web Interface page for example IP Addressing Page Figure 6 IP Addressing Page 2 Select the Remove checkbox in the row of the item to delete 3 Click Submit The information is deleted and the device is updated 1 6 Resetting the Device TP LINK 192 168 1 1 System Info General I SNTP EA syslog HIP Configuration C IP Addressing i Domain Name System Bridging Config Quality of Service TL SL3428 L2 Management Switch IP Interface Create IP Address Mask Interface Type Edit Remove 1 192 168 1 1 255 255 255 0 VLAN1 Static NW Submit Security SNMP Management Maintenance Statistics The Reset page enables resetting the device from a remote location AN Note To prevent the current configuration from being lost save all changes from the running configuration file to the startup configuration file before resetting the device For instructions see Managing System Files Copying System Files on page 171 To reset the device 1 Click System gt General gt Reset The Reset Page opens Figure 7 Reset Page 2 Click Peset I Acontinmation messa
23. The SNMP notification recipients are defined and the device is updated Add SNMP Notification Recipient RecipientiP Notification Type Traps SNMPv1 2 Community String Notification Version SNMPY1 v C SNMPv3 User Name Security Level NoAuthentication UDP Port i o Filter Name IPFilter z Timeout sec Retries ai SNMP Notification Recipient Settings Recipient IP 10 5 1 36 v Notification Type Traps SNMPv1 2 Community String TPL Notification Version SNMPv1 v C SNMPv3 User Name Security Level NoAuthentication v upPPot 12 Filter Name IPFilter Timeout 15 Retries E Submit This section contains the following topics gt Quality of Service Overview gt Enabling Quality of Service gt Mapping Queues 12 1 Quality of Service Overview Network traffic is usually unpredictable and the only basic assurance that can be offered is best effort traffic delivery To overcome this challenge Quality of Service QoS is applied throughout the network This ensures that network traffic is prioritized according to specified criteria and that specific traffic receives preferential treatment QoS in the network optimizes network performance and entails two basic facilities gt Classifying incoming traffic into handling classes based on an attribute including The ingress interface Packet content combination of these attributes
24. gt gt The RSTP Page contains the following fields 5 3 i 192 168 1 RSTP Interface Displays the port or LAG on which Rapid Setem it ner Database CA LEVERS BEE EEE ar add m mete ME EN STP IS enabled Spanning Tree 1 et Disable STP Disable Disabled Auto Enable Pr P stp 2 e2 Disable STP Disable Disabled Au to Enable m P i R pr 3 e3 Disable STP Disable Disabled Auto Enable PM P Role Displays the port role assigned by the STP VLAN 4 e4 Disable STP Disable Disabled Auto Enable m P EG Eee Support 5 05 Disable STP Disable Disabled Auto Enable Oo P i H Ee Gualtyot Service 6 e6 Disable STP Disable Disabled Auto Enable o P algorithm to provide to STP paths tae ween 7 e7 Disable STP Disable Disabled Auto Enable PM P Maintenance 8 eg Disable STP Disable Disabled Auto Enable mj P The possible field values are SE RIESE 9 e9 Disable STP Disable Disabled Auto Enable mi 2 10 e10 Disable STP Disable Disabled Auto Enable PM P z 11 e11 Disable STP Disable Disabled Auto Enable E P Root Provides the lowest cost path to forward 12 e12 Disable STP Disable Disabled Auo Enable rc 4 13 e13 Disable STP Disable Disabled Aut Enable mj P 14 e14 Disable STP Disable Disabled Auto Enable m P packets to the root switch PP 16 e16 Disable STP Disable Disabled Auto Enable m P a ka 17 e17 Disable STP Disable Disabled Auto Enable mi P Designated Indicates the port or LAG through
25. gt Host Names Displays a user defined default domain name When defined the default domain name is applied to all unqualified host names The Host Name field can contain up to 158 characters gt IP Address Displays the DNS host IP address gt Remove Removes default domain names The possible field values are Checked Removes the selected DNS host TP LINK TL SL3428 L2 Management tem Switch DNS Server Host Mapping 192 168 1 1 System Info Host Mapping B General C SNTP Create Syslog oe Configuration HostNames IPAddress Remove Ae System 1 www example com 10 53 34 168 D Bridging Config Quality of Service Submit Security SNMP Management Maintenance Hy Statistics Unchecked Maintains the current DNS host mapping list 2 Click treate The Add DNS Host Page opens Figure 64 Add DNS Host Page 3 Enter the Host Name and IP Address 4 Click Submit The new DNS host is added to the hosts list in the Host Mapping Page Add DNS Host Host Name IP Address Submit 44 This section contains the following topics gt Configuring Ports gt Configuring LAGs gt Configuring VLANs 7 1 Configuring Ports The Interface Configuration Page contains fields for defining port parameters To define port parameters 1 Click System gt Bridging Config
26. gt Remove Removes a community The possible field values are Checked Removes the selected SNMP community Unchecked Maintains the SNMP communities 11 3 5 2 SNMP Communities Advanced Table The SNMP Communities Advanced Table contains the following fields gt Management Station Displays the management station IP address for which the advanced SNMP community is defined gt Community String Defines the password used to authenticate the management station to the device gt Group Name Defines advanced SNMP community group names gt Remove Removes a community The possible field values are Checked Removes the selected SNMP communities Unchecked Maintains the SNMP communities 2 Click Create The Add SNMP Community Page opens Add SNMP Community 1 H O Su Figure 110 Add SNMP Community Page NM 4o on Community String 3 Define the SNMP Management Station Community EESE ol mose Road Ony TC view name Dean W String and Basic or Advanced fields C Advanced Group Name group 4 Click Submit The SNMP community is added and Submit the device is updated To modify SNMP Group Membership settings 1 Click System gt SNMP Management gt Security gt Communities The SNMP Community Settings Page opens Figure 111 SNMP Community Settings Page i SNMP Community Settings 2 Modify the SNMP Management Station Community EG a Basic Access Mode
27. 3 Polling for Broadcast Time INformation cccccccccccessssseeeeeeeeessseeeeeeeeessssseeeeeeeeeeeses 12 3 2 2 Defining SNIP Global Settings ane ademmsudd 13 3 2 3 Configuring SNTP Authentication ua 13 3 2 4 Defining SNTP Servers vaser abre dpeeet miin 14 3 2 5 Defining SNTP Interface Settings rnrrrrrrnnnnnnnnnrrrvernnnnnnnrrrvvrrrnnnnnnnrrvnnsrsrnnnnnnnnnessnsnnnnnn 15 Section 4 Configuring System LOGsS nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 17 4 1 Defining General Log Properties ccccccsssssseeceeeesssseeeeeeeeesssseeceeeeesesssseaeeeeesecsssseaneeeess 17 4 2 Viewing Memory LOOS scsi tecese eee aesrec oer netic n aaa aE 18 43 Viewing Fl sh eee 18 4 4 Defining System Log SErvels s cccccccssssssescecesessssseeeseeeeessseseeeeeeesanssssanseeeeessessaeeeaeeess 19 Section 5 Configuring Device Security rrnnnnnnnnnnnnnnnnnnnvnvnnnnneneneenenennnnnnn 21 5 1 Configuring Management Security rrrrnnnrrrnrnnnnnnnnnvvvvvrnnnrnnnnnvnnrnrnnnnnnnnnvensennnnnnnnnnnnnsnnnnnnn 21 5 1 1 Configuring Authentication Methods rrrrnnnnnnnnvvrrvrnnnrnnnnnvvvrrrnnnnnnnnnnnnennnnnnnnnnnnnesnnnnnnnn 21 5 1 1 1 Defining Access Profiles ua persere eee mndesadsane munne 21 91 12 Defining Profle RUE ss S E EiS 23 5 1 1 3 Defining Authentication Profiles arrrnrrrnnnnnnnnvvrrvrnnnrnnnnnrnvrrrnnnnnnnnnnnnrnnnnnnnnnnnnnennnnnnnnn 24 5 1 1 4 Mapping Authentication ProNl S Luvuvammimun
28. Anycast server to return a response is used to set the time value Time levels T3 and T4 are used to determine the server time Using Anycast time information for synchronizing device time is preferred to using Broadcast time information 3 2 1 3 Polling for Broadcast Time Information Broadcast information is used when the server IP address is unknown When a broadcast message is sent from an SNTP 12 13 server the SNTP client listens for the response The SNTP client neither sends time information requests nor receives responses from the Broadcast server Message Digest 5 MD5 Authentication safeguards device synchronization paths to SNTP servers MD5 is an algorithm that produces a 128 bit hash MD5 is a variation of MD4 and increases MD4 security MD5 verifies the integrity of the communication authenticates the origin of the communication 3 2 2 Defining SNTP Global Settings The SNTP Properties Page provides information for defining SNTP parameters globally To define the SNTP global parameters iP Figure 12 SNTP Properties Page gt The SNTP Properties Page contains the following fields g F Ty T1 513428 L2 Management Click System gt System Info gt SNTP gt Properties The SNTP Properties Page opens TP LINK SNTP Switch Properties Poll Interval Defines the interval in seconds at 192 168 1 1 f System Info SNTP Configuration General SNTP Poll Interval
29. Heras L2 Lancet Snitch kis The Default Parameters section of the Radius Page 9 TENG contains the following fields i E oe z Hede ar FO Default imeout for Rep hy Be gt Retries Defines the number of transmitted requests Gre osamDetme f om Fv ate dead Default Key String sent to the RADIUS server before a failure occurs 0 PAs puna Possible field values are 1 10 The default value is 3 mu gt Timeout for Reply Defines the amount of time Fase O Po as fr Ron Tw Sm Aes Te a feman in seconds the device waits for an answer from the si gt gt RADIUS server before retrying the query or switching to the next server Possible field values are 1 30 The default value is 3 Dead Time Defines the default amount of time in minutes that a RADIUS server is bypassed for service requests The range is 0 2000 The default value is 0 Key String Defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match the RADIUS encryption Source IP Address Defines the default IP address of a device accessing the RADIUS server The Radius Page also contains the following fields gt gt gt 2 Add RADIUS Server Figure 37 Add Radius Server Page A Priority p rt lt i C COC C CO Authentication Port 812 3 Define the fields Number of Retries IT Use Default Timeout for Reply Sec I Use Defaul
30. Indicates that SNMP Version 1 traps are sent SNMP V2c Indicates that SNMP Version 2 traps are sent UDP Port Displays the UDP port used to send notifications The field range is 1 65535 The default is 162 Filter Name Indicates if the SNMP filter for which the SNMP Notification filter is defined Timeout Indicates the amount of time in seconds the device waits before resending informs The field range is 1 300 The default is 15 seconds Retries Indicates the number of times the device resends an inform request The field range is 1 255 The default is 3 Remove Deletes the currently selected recipient The possible field values are Checked Removes the selected recipient from the list of recipients Unchecked Maintains the list of recipients 11 4 3 2 SNMPv3 Notification Recipient The SNMPv3 Notification Recipient table contains the following fields gt gt Recipient IP Displays the IP address to which the traps are sent Notification Type Displays the type of notification sent The possible field values are Trap Indicates that traps are sent Inform Indicates that informs are sent User Name Displays the user to which SNMP notifications are sent Security Level Displays the means by which the packet is authenticated The possible field values are No Authentication Indicates that the packet is neither authenticated nor encrypted Authenti
31. Interface Settings Page 7L 813428 L2 Management a H System Info Define the instance properties fields ker mes Forwarding Database f i i C Spanning Tree nem MA Click Submit The interface settings are added to the a ataca ponle Tl oE r i I MSTP 0 e list in the MSTP Interface Settings Page The device A su me NA ulticast Suppo Role NIA i Quality of Service ode N information is updated EN le erd Path Cost ho I Use Default MSTP Switch Properties 192 168 1 1 Modify Interface Designated Bridge ID N A Designated Port ID N A Designated Cost NIA Forwar d Transitions N A Remain Hops NIA Submit Multicast forwarding enables transmitting packets from either a specific multicast group to a source or from a nonspecific source to a multicast group This section contains the following topics gt Enabling IGMP Snooping gt Defining Multicast Bridging Groups gt Defining Multicast Forward All Parameters 10 1 Configuring Multicast Forwarding When IGMP Snooping is enabled globally all IGMP packets are forwarded to the CPU The CPU analyzes the incoming packets and determines gt Which ports want to join which Multicast groups gt Which ports have Multicast routers generating IGMP queries gt Which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Mu
32. Page opens Figure 109 SNMP Security Communities Page iva TP LINK i TL SL3428 L2 Management Switch ini eo Global Parame The SNMP Security Communities Page is divided into the 192 168 1 1 Communities H System Info following tables H Bridging Config Quality of Service Create J Security gt Basic Table EI SNMP Management Basic Table 5 ee Management Station Community String Access Mode View Name Edit Remove gt Advanced Table 2 1 10 1 2 233 TPL ReadOnly Default r Advanced Table Management Station Community String Group Name Edit Remove Submit 11 3 5 1 SNMP Communities Basic Table The SNMP Communities Basic Table contains the following fields gt Management Station Displays the management station IP address for which the basic SNMP community is defined gt Community String Defines the password used to authenticate the management station to the device gt Access Mode Defines the access rights of the community The possible field values are Read Only Management access is restricted to read only and changes cannot be made to the community Read Write Management access is read write and changes can be made to the device configuration but not to the community SNMP Admin User has access to all device configuration options as well as permissions to modify the community gt View Name Contains a list of user defined SNMP views
33. Static Addresses EE 55 8 2 Configuring Dynamic Forwarding ACCreSS6S ccccccccssssssceeeeeeecessseeeeeeesesssseeeeeeeeeeeees 56 Section 9 Configuring the Spanning Tree Protocol rnnnnnnnnnnnnnnnnnnnnnn 58 91 Configuring the Glassie STP vere See 58 9 1 1 Defining STP Properties xccc cece cciocecdenesnceds cneeedecnesnioaccdedaeswasbedoeuiotcaansleinsteetoevenaicososeccencenaee 58 9 1 2 Defining STP Interface Settings esccscsiccceninssedesieniccvoduaccvauaegapieuisntaceteanadlaboubeseeliewesseietiensssesle 59 9 2 Configunng the Rapid STP ves 61 9 3 Configuring the Multiple STP Ledere 62 93 1 Deming MS TP FO PE screptra teen reker 62 932 TN NETTENE eee 63 9 3 3 Configuring MSTP VLAN Instances rernnnnnnnnnnnnevnnnnnnnnnnnnvennnnnnnnnnnnnvnnnnnnnnnnnnnnnnnnnnnnnnnn 64 9 3 4 Configuring MSTP Interface Settings arrrrnnnnnnvrnennnnnnnnnnnvennnnnnnnnnnnnvnnnnnnnnnnnnnnrnnnnnnnnnnn 64 Section 10 Configuring Multicast Forwarding nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 66 10 1 Configuring Multicast Forwarding ccicccccccwiessesedienecoossausandedeennhedeccacetderauedtocesecucedeuaescsecebexes 66 10 2 Defining Multicast Bridging GPU NS sassanidene 67 10 3 Defining Multicast Forward All Parameters rrrrrnnrorvrrrnnrnnnnrrrvvrrnonnnnnnrvvnvernnnnnnnnrnvenesnnnn 69 Section 11 Configuring SNMP Management nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 70 TT SNMP EE EEE EE ERO 70 PEST age EE EEE EN 70 TE DEMME SNMP
34. System gt Bridging Config gt Interface gt LACP Parameters The LACP Parameters Page opens Figure 69 LACP Parameters Page e TP LINK TL 5L3428 L2 Management Switch nterface Configuration LACP Parameters LAG Mer The LACP Parameters Page contains the following fields Interface LACP Membership gt LACP System Priority Specifies system priority Seta Global Parameter P P i i Br Database LACP System Priory gt value The field range is 1 65535 The field default is 1 Ea Multicast Support gt Port Displays the port number to which timeout and Er Pan Pa LAP eo ee amp Maintenance e2 Long priority values are assigned Saisies gt Port Priority Displays the LACP priority value for the port The field range is 1 65535 nai gt LACP Timeout Displays the administrative LACP timeout NNNNNNNNNNNNSNS 1 1 1 1 1 1 1 1 1 1 1 1 1 1 3 3 eeeegeuaegeccaeen amp 2 Lon Lon Lon Lon Lon Lon Lon Lon Lon Lon Lon 2 Define the LACP System Priority and click _ Submit The system priority for LACP is saved and the device is updated To modify LACP parameters 1 Click System gt Bridging Config gt Interface gt LACP Parameters The LACP Parameters Page opens 2 Click amp The LACP Parameters Settings Page opens 48 49 Figure 70 LACP Parameters Settings Page LACP Parameters Settings 3 Define the Port Prority and LACP Timeout
35. The VLAN LAG Interface Settings Page opens Figure 76 VLAN LAG Interface Settings Page VLAN Interface Settings 2 Modify the Port VLAN Mode Dynamic Frame Type Port Interface el v Ingress Flltering and Reserve VLAN fields eh ellis Access z PVID fi 3 Click _Submit The VLAN or LAG interface is Frame Type Admit All configured and device information is updated Ingress Filtering Enable E Current Reserved VLAN Reserve VLAN for Internal Use Submit 7 3 4 Configuring GARP This section contains information for configuring Generic Attribute Registration Protocol GARP This section includes the following topics gt Defining GARP gt Defining GVRP 7 3 4 1 Defining GARP Generic Attribute Registration Protocol GARP protocol is a general purpose protocol that registers any network connectivity or membership style information GARP defines a set of devices interested in a given network attribute such as VLAN or multicast address When configuring GARP ensure the following gt The leave time must be greater than or equal to three times the join time gt The leave all time must be greater than the leave time gt Set the same GARP timer values on all Layer 2 connected devices If the GARP timers are set differently on the Layer 2 connected devices the GARP application does not operate successfully To define GARP 92 1 Click System gt Bridging Config gt VLAN gt GARP The GARP Parameter
36. a 1000 Mbps speed port and full duplex mode setting 1000 Half Indicates that the port advertises for a 1000 Mbps speed port and half duplex mode setting gt Back Pressure Displays the back pressure mode on the port Back pressure mode is used with half duplex mode to disable ports from receiving messages gt Flow Control Displays the flow control status on the port Operates when the port is in full duplex mode gt MDI MDIX Displays the MDI MDIX status on the port Hubs and switches are deliberately wired opposite the way end stations are wired so that when a hub or switch is connected to an end station a straight through Ethernet cable can be used and the pairs are matched up properly When two hubs or switches are connected to each other or two end stations are connected to each other a crossover cable is used to ensure that the correct pairs are connected The possible field values are Auto Use to automatically detect the cable type MDI Media Dependent Interface Use for end stations MDIX Media Dependent Interface with Crossover Use for hubs and switches gt LAG Indicates whether the port is part of a Link Aggregation Group LAG The Interface Configuration LAG table contains the following fields gt LAG Indicates whether the port is part of a Link Aggregation Group LAG gt LAG Type Indicates the type of LAG defined by the first port assigned to the LAG For exampl
37. a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in large networks gt Root Guard Prevents devices outside the network core from being assigned the spanning tree root gt Port State Displays the current STP state of a port If enabled the port state determines what forwarding action is taken on traffic Possible port states are Disabled Indicates that STP is currently disabled on the port The port forwards traffic while learning MAC addresses Blocking Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Blocking is displayed when Classic STP is enabled gt Speed Indicates the speed at which the port is operating gt Path Cost Indicates the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path is re routed gt Priority Indicates the priority value of the port The priority value influences the port choice when a bridge has two ports connected in a loop The priority value is between 0 240 The priority value is determined in increments of 16 gt Designated Bridge ID Indicates the bridge priority and the MAC Address of the designated bridge gt Designated Port ID Indicates the selected port priority and interface gt Designated Cost
38. clock The higher the stratum where zero Is the highest the more accurate the clock The device receives time from stratum 1 and above The following is an example of stratums gt Stratum 0 Areal time clock such as a GPS system is used as the time source gt Stratum 1 A server that is directly linked to a Stratum 0 time source is used Stratum 1 time servers provide primary network time standards gt Stratum 2 The time source is distanced from the Stratum 1 server over a network path For example a Stratum 2 server receives the time over a network link via NTP from a Stratum 1 server Information received from SNTP servers is evaluated based on the Time level and server type SNTP time definitions are assessed and determined by the following time levels gt T1 The time at which the original request was sent by the client gt T2 The time at which the original request was received by the server gt T3 The time at which the server sent the client a reply gt T4 The time at which the client received the server s reply 3 2 1 1 Polling for Unicast Time Information Polling for Unicast information is used for polling a server for which the IP address is known T1 T4 are used to determine the server time This is the preferred method for synchronizing device time 3 2 1 2 Polling for Anycast Time Information Polling for Anycast information is used when the SNTP server IP address is unknown The first
39. configuring the WRR scheduling scheme and choosing the right weights 12 1 2 2 Advanced QoS Mode Advanced QoS mode provides rules for specifying flow classification and assigning rule actions that relate to bandwidth management After assigning packets to a specific queue services such as configuring output queues for the scheduling scheme or configuring output shaping for burst size CIR or CBS per interface or per queue can be applied In Advanced Mode packets may egress with a different VPT tag than expected 12 2 Enabling Quality of Service This section contains the following topics gt Enabling Quality of Service gt Mapping Queues 12 2 1 Enabling Quality of Service The CoS Settings Page contains fields for enabling or disabling QoS In addition the Trust mode can be selected The Trust mode relies on predefined fields within the packet to determine the egress queue settings To enable QoS and define basic settings 1 Click System gt Quality of Service gt General Settings gt CoS Settings The CoS Settings Page opens 82 Figure 118 CoS Settings Page TP LINK The CoS Settings Page contains the following fields TL SL3428 2 gt Quality of Service Indicates if QoS is enabled on re Eik the interface The possible values are ge si Enable Enables QoS on the interface Sou Se cuanto Sec Eras E Disable Disables QoS on the interface Feen mani
40. contains fields for classifying DSCP settings to traffic queues For example a packet with a DSCP tag value of 3 can be assigned to queue 2 To set DSCP to queues 1 Click System gt Quality of Service gt Queue Mapping gt DSCP to Queue The DSCP fo Queue Page opens Figure 122 DSCP to Queue Page TP LINK The CoS Settings Page page contains the following fields TL SL3428 L2 Management Switch gt DSCP In Displays the incoming packets DSCP Costo Queue DSCP to Queue value sn DSCP Priority i i Bridging Config gt Queue Defines the traffic forwarding queue to res en i diger i i Mr gt Queue Mappin which the DSCP priority is mapped Four traffic priority 50 Sv pis 4 anagement queues are supported her 2 Modify the Queue values Mmm Ns O A A Q N oO 3 Click Submit The DSCP to Queue mapping is updated ab h mk wo NM Oo h gt on 4 Le File maintenance on the device includes configuration file management and device access The configuration file structure consists of the following configuration files gt Startup configuration file Contains the commands required to reconfigure the device to the same settings as when the device is powered down or rebooted The Startup file is created by copying the configuration commands from the Running Configuration file or the Backup Configuration file gt Running configuration file Contains all configur
41. criteria are permitted or denied access to the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device gt Source IP Address Defines the interface source IP address to which the rule applies gt Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address gt Action Defines the action attached to the rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default gt Remove Removes rules from the selected access profiles The possible field values are Checked Removes the selected rule from the access profile Unchecked Maintains the rules attached to the access profile 2 Click treate The Add Profile Rule Page opens Figure 27 Add Profile Rule Page 3 Define the fields 4 Click Submit The profile rule is added to the access profile and the device is updated To modify a Profile Rule 1 Click Security gt Management Security gt Authentication gt Access Profile The Access Profile Page opens 2 Click amp The
42. define DHCP addressing 1 Click System gt System Info gt IP Configuration gt IP Addressing gt DHCP The DHCP Page opens Figure 57 DHCP Page The DHCP Page contains the following fields gt Interface Displays the IP address of the interface which is connected to the DHCP server gt Host Name Displays the system name gt Remove Removes DHCP interfaces The possible field values are Checked Removes the selected DHCP interface Unchecked Maintains the DHCP interfaces 2 Click treate The Add IP Interface Page page opens Figure 58 Add IP Interface Page 3 Select the Interface Port LAG or VLAN 4 Enter the Host Name 5 Click Submit The new interface is added to DHCP and the device is updated To remove the DHCP definition TP LINK TL 5L3428 L2 Management Switch 192 168 1 1 1 System Info DHCP General SNTP Create Syslog 30 NE Interface Host Name Remove Addressing 1 HOP Domain Name System er ad z J Bridging Config Quality of Service Submit Security 1 SNMP Management Maintenance Statistics Add DHCP IP Interface Interface di Port e1 C Lae 1 C vani 2 Host Name CHCF 1 Submit gt Click the Remove checkbox The current DHCP definition is removed and system information is updated 6 1 4 Defining ARP T
43. defined VLAN ID MAC Address and Interface 2 To browse the addresses click P ck Next To query the Dynamic MAC Address Table 97 Click System gt Bridging Config gt Forwarding Database gt Dynamic Addresses The Dynamic Addresses Page opens Select the Interface the MAC Address and the VLAN ID Select an Address Table Sort Key Click Huery The Dynamic MAC Address Table is queried and the results are displayed in the Current Address Table The Spanning Tree Protocol STP provides tree topography for any arrangement of bridges STP also provides a single path between end stations on a network eliminating loops Loops occur when alternate routes exist between hosts Loops in an extended network can cause bridges to forward traffic indefinitely resulting in increased traffic and reducing network efficiency The TP Link device supports the following STP versions gt gt Classic STP Provides a single path between end stations avoiding and eliminating loops For more information on configuring Classic STP see Configuring the Classic STP Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree without creating forwarding loops For more information on configuring Rapid STP see Configuring the Rapid STP Multiple STP Provides various load balancing scenarios For example if port A is blocked in one STP instance the same port c
44. filtering cannot be enabled or disabled on an access port Trunk Indicates the port belongs to VLANs in which all ports are tagged except for one port that can be untagged PVE Promiscuous Indicates the port is part of a PV Promiscuous VLAN PVE Isolated Indicates the port is part of a PV Isolated VLAN PVE Community Indicates the port is part of a PV Community VLAN gt Dynamic Assigns a port to a VLAN based on the host source MAC address connected to the port gt PVID Assigns a VLAN ID to untagged packets The possible values are 1 4094 VLAN 4095 is defined as per standard and industry practice as the Discard VLAN Packets classified to the Discard VLAN are dropped gt Frame Type Specifies the packet type accepted on the port The possible field values are Admit Tag Only Only tagged packets are accepted on the port Admit All Both tagged and untagged packets are accepted on the port gt Ingress Filtering Indicates whether ingress filtering is enabled on the port The possible field values are Enable Enables ingress filtering on the device Ingress filtering discards packets that are defined to VLANs of which the specific port is not a member Disable Disables ingress filtering on the device gt Reserve VLAN Indicates that the VLAN selected by the user is reserved if not in use by the system To modify VLAN interface or LAG settings 1 Click amp
45. generated and sent via the Trap mechanism The Trap can also be saved using the Trap mechanism Both Indicates that both the Log and Trap mechanism are used to report alarms gt Falling Threshold Displays the falling counter value that triggers the falling threshold alarm The falling threshold is graphically presented on top of the graph bars Each monitored variable is designated a color gt Falling Event Displays the mechanism in which the alarms are reported gt Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold gt Interval Defines the alarm interval time in seconds gt Owner Displays the device or user that defined the alarm gt Remove Removes the RMON Alarms Table entry 2 Click treate The Add RMON Alarm User Page opens Figure 146 Add RMON Alarm User Page Add Alarm Entry Alarm Entry 2 3 Define the fields Interface G Portfe1 v C ach x l ounter Name Total Bytes Octets Receive gt 4 Click Semi The RMON alarm user is added to the eae ae i Sample Type Absolute v list in RMON Alarm Page and the device is updated Rising Threshold 00 Rising Event 1 Default Description v To modify an RMON alarm user Falling Threshold 20 Falling Event 1 Default Description v Startup Alarm Rising and Falling v Interval 100 Owner Submit 1 Click amp
46. in Indicates the RADIUS server is used for authenticating user name and passwords 802 1X Indicates the RADIUS server is used for 802 1X authentication All Indicates the RADIUS server is used for authenticating user names and passwords and 802 1X port authentication Remove Removes a RADIUS server The possible field values are Checked Removes the selected RADIUS server Unchecked Maintains the RADIUS servers This is the default value Click treate The Add Radius Server Page opens 1 Click amp The RADIUS Server Settings Page opens Figure 38 RADIUS Server Settings Page 2 Modify the fields 3 Click Submit The RADIUS server settings are saved and the device is updated 5 1 2 Configuring Passwords RADIUS Server Settings IP Address 10 1 3 12 v Priority fo Authentication Port 1812 Number ofRetries ss Use Default Timeout for Reply ad Sec I Use Default Dead Time finn Min I Use Default Key String pha Numeric I Use Default Source IP Address xxx Use Default Usage Type fall This section contains information for defining device passwords and includes the following topics gt Defining Local Users gt Defining Line Passwords gt Defining Enable Passwords 5 1 2 1 Defining Local Users Network administrators can define users passwords and access levels for users using the Local Users Page To define local users 1 Click System gt Ma
47. name of the Configuration file that is uploaded The possible field values are Running Configuration Uploads the Running Configuration file Startup Configuration Uploads the Startup Configuration file Open the Copy Files Page See Copying System Files in section 13 4 Define the file type to upload Define the fields ao ON Click bmit The software is uploaded to the device 13 3 Activating Image Files The Active Image Page allows network managers to select and reset the Image files To download system files 1 Click System gt Maintenance gt File Management gt Active Image The Active Image Page opens Figure 125 Active Image Page TP UNK The Active Image Page contains the following fields TL 5L3428 L2 Management File Management Switch gt Unit No The unit number for which the Image file is Active Image 192 168 1 1 Acti I selected Fag ctive Image a 3 Quality of Service Unit No Active Image After Reset gt Active Image The Image file which is currently Peso Fe ll SNMP Management active on the unit Tie vnneen Submit 5 Diagnostics gt After Reset The Image file which is active on the Sas unit after the device is reset The possible field values are Image 1 Activates Image file 1 after the device is reset Image 2 Activates Image file 2 after the device is reset 2 Define the
48. only a Multicast Forward All table displays To define Multicast Forward All settings 1 Click System gt Bridging Config gt Multicast Support gt Bridge Multicast gt Multicast Forward All The Multicast Forward All Page opens Figure 99 Multicast Forward All Page TP LINK The Multicast Forward All Page contains the following fields gt VLAN ID Lists the VLAN for which Multicast ell parameters are displayed 1iittitttttsstetsetetseeetrt gt Port LAG Ports that can be added to a Multicast El jonansonannenansensanenennene service NA ECE EF Ee Ee FOO CoC CcCCco co Oo sc oocoadocto DE SE SE SE SE EE BE EE The following table summarizes the Multicast settings which can be assigned to ports using the Multicast Forward All Page Table 6 Bridge Multicast Forward All Router Port Control Settings Table Port Control Definition Doo Attaches the port to the Multicast router or switch as a dynamic port Attaches the port to the Multicast router or switch as a static port The port is not attached to a Multicast router or switch 2 Select a VLAN in the VLAN ID dropdown list 3 Define the VLAN port settings 4 Click Submit The Multicast Forward All settings for the selected VLAN are defined and the device is updated Simple Network Management Protocol SNMP provides a method for managing network devices The device supports the following SNMP versions gt SNMP version 1
49. starts using the authenticated user name The TACACS protocol ensures network integrity through encrypted protocol exchanges between the client and TACACS server AN Note The TACACS default parameters are user assigned defaults The default settings are applied to newly defined TACACS servers If default values are not defined the system defaults are applied to the new TACACS servers To define TACACS authentication settings 1 Click Security gt Management Security gt Authentication gt TACACS The TACACS Page opens Figure 33 TACACS Page a TP LINK The Default Parameters section contains the following arena ge gt Source IP Address Defines the default device 1 l le source IP address used for the TACACS session ae mm between the device and the TACACS server wins ee an Sate gt Key String 1 128 Characters Defines the i same authentication and encryption key for TACACS communications between the device and the TACACS server This key must match the encryption used on the TACACS server gt Timeout for Reply Defines the default time that passes before the connection between the device and the TACACS times out The default is 5 The TACACS Page also contains the following fields gt Host IP Address Defines the TACACS Server IP address gt Priority Defines the order in which the TACACS servers are used The field range is 0 6
50. the default value Disable Disables port reauthentication Reauthentication Period Displays the time span in seconds in which the selected port is reauthenticated The field default is 3600 seconds Authenticator State Displays the current authenticator state Quiet Period Displays the number of seconds that the device remains in the quiet state following a failed authentication exchange The possible field range is 0 65535 The field default is 60 seconds Resending EAP Defines the amount of time in seconds that lapses before EAP requests are resent The field default is 30 seconds Max EAP Requests Displays the total amount of EAP requests sent If a response is not received after the defined period the authentication process is restarted The field default is 2 retries Supplicant Timeout Displays the amount of time in seconds that lapses before EAP requests are resent to the supplicant The field default is 30 seconds Server Timeout Displays the amount of time in seconds that lapses before the device re sends a request to the authentication server The field default is 30 seconds Termination Cause Indicates the reason for which the port authentication was terminated Click amp The Port Authentication Settings Page opens Port Authentication Settings To define the network authentication global properties 1 Click System gt Network Security gt Authentication gt
51. the incoming packets evenly to all servers or redirect the packets to the next available server Media Access Control Address The MAC Address is a hardware specific address that MAC Address identifies each network node Characterizes a learning bridge in which the packet s source MAC address is recorded Packets destined for that address are forwarded only to the bridge interface on which that MAC Address Learning l address is located Packets addressed to unknown addresses are forwarded to every bridge interface MAC Address Learning minimizes traffic on the attached LANS A sub layer of the Data Link Control DTL layer Metropolitan Area Network A communications network covering a metropolitan area or a MAC Layer MAN suburb A filter that includes or excludes certain values for example parts of an IP address Message Digest 5 An algorithm that produces a 128 bit hash MD5 is a variation of MD4 and increases MD4 security MD5 verifies the integrity of the communication and authenticates the origin of the communication Media Dependent Interface A cable used for end stations MDIX Media Dependent Interface with Crossover MDIX A cable used for hubs and switches Multiply Divide Unit A high speed circuit that performs multiplication and division within the CPU Management Information Base MIBs contain information describing specific aspects of C network components Maximum Transfer Unit Specif
52. the system time is set according the Unicast server time information The possible values are Enable Enables the device to receive Unicast server updates Disable Disables the device from receiving Unicast server updates Enable Poll Unicast Servers Defines whether or not the device sends SNTP Unicast forwarding information to the SNTP server The possible values are Enable Enables the device to receive Poll Unicast server updates Disable Disables the device from receiving Poll Unicast server updates Define the Poll Interval Enable Receive Broadcast Servers Update Enable Receive Anycast Servers Update Enable Receive Unicast Servers Update and Enable Poll Unicast Servers fields and select at least one of the Enable fields Click Submit The SNTP global settings are defined and the device is updated 3 2 3 Configuring SNTP Authentication The SNTP Authentication Page enables configuring the SNTP authentication method To configure SNTP authentication 1 Click System gt System Info gt SNTP gt Authentication The SNTP Authentication Page opens Figure 13 SNTP Authentication Page TP LINK The SNTP Authentication Page contains the following F TLSL3428L2 Management fields p as Authentication 192 168 1 1 gt Enable SNTP Authentication Indicates if ao SE AN OAURANAN i EI SNTE Enable SNTP Authentication 7 aut
53. untagged VLAN amp GIStatisics EE packets This is the default value Eu Tagged Mirrors packets as tagged VLAN packets Source Port Indicates the port from which the packets are mirrored Type Indicates the port mode configuration for port mirroring The possible field values are RX Defines the port mirroring on receiving ports TX Defines the port mirroring on transmitting ports Both Defines the port mirroring on both receiving and transmitting ports This is the default value Remove Removes the port mirroring session The possible field values are Checked Removes the selected port mirroring sessions Unchecked Maintains the port mirroring session Add Port Mirroring Source Port el Type Tx Only submit Select a port type in the Type field Click Submit The port mirroring session is defined and the device is updated 91 To modify port mirroring settings 1 Click 2 The Port Mirroring Settings Page opens Figure 129 Port Mirroring Settings Page Port Mirroring Settings 2 Modify the Type field Source Port 3 Type Tx and Rx v 3 Click Submit Port mirroring settings are modified and the device is updated Submit To remove port mirroring 1 Click Maintenance gt Diagnostics gt Port Mirroring The Port Mirroring Page opens 2 Click the Remove checkbox for selected item and click Svbmit 14 2 Viewing Integra
54. version number Software Version Displays the installed software version number VV v V Boot Version Displays the current boot version running on the device N Define the System Name System Location and System Contact fields 3 Click Submit The system description is saved and the device is updated This section provides information for configuring system time parameters including gt gt Configuring Daylight Savings Time Configuring SNTP 3 1 Configuring Daylight Savings Time The System Information Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock If the system time is kept using an external SNTP clock and the external SNTP clock fails the system time reverts to the local hardware clock Daylight Savings Time can be enabled on the device The following is a list of Daylight Savings Time start and end times in specific countries VV VV VV VV WV Vv Y Vv VV VV VV V VV VV VV VV VV WV Albania From the last weekend of March until the last weekend of October Australia From the end of October until the end of March Australia Tasmania From the beginning of October until the end of March Armenia From the last weekend of March until the last weekend of October Austria From the last weekend of March until the last weekend of October Bahamas From April to October in conjunction with Daylight
55. 00 Mbps 1000 Indicates the port is currently operating at 1000 Mbps gt Duplex Mode Displays the port duplex mode This field is configurable only when auto negotiation is disabled and the port speed is set to 10M or 100M This field cannot be configured on LAGs The possible field values are Full The interface supports transmission between the device and its link partner in both directions simultaneously Half The interface supports transmission between the device and the client in only one direction at a time gt Auto Negotiation Displays the auto negotiation status on the port Auto negotiation is a protocol between two link partners that enables a port to advertise its transmission rate duplex mode and flow control abilities to its partner gt Advertisement Defines the auto negotiation setting the port advertises The possible field values are Max Capability Indicates that all port speeds and duplex mode settings are accepted 10 Half Indicates that the port advertises for a 10 Mbps speed port and half duplex mode setting 10 Full Indicates that the port advertises for a 10 Mbps speed port and full duplex mode setting 100 Half Indicates that the port advertises for a 100 Mbps speed port and half duplex mode setting 100 Full Indicates that the port advertises for a 100 Mbps speed port and full duplex mode setting 1000 Full Indicates that the port advertises for
56. 000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 m VVVVV VBVGVVVVVVVVVVVVSVVVSVVVVs8Vssyyzyyyy Leave All Timer Indicates the amount of time lapse in centiseconds that all device waits before leaving the GARP state The leave all time must be greater than the leave time The default value is 1000 centiseconds In the Copy From Entry Number field enter the interface in the To Row Number s field enter the row number of the required interface Click Submit The GARP parameters are modified and the device is updated To modify GARP settings 1 Click amp nextto the item to modify The GARP Parameters Settings Page opens Figure 78 GARP Parameters Settings Page 2 3 Click Submit The GARP parameters are modified Modify the Timer parameters and the device is updated 7 3 5 Defining GVRP GARP VLAN Registration Protocol GVRP is specifically provided for automatic distribution of VLAN membership information among VLAN aware bridges GVRP allows VLAN aware bridges to automatically learn VLANs to bridge ports GARP Parameters Settings GARP Timers Leave All Timer centiseconds 10000 Submit mapping without having to individually configure each bridge and register VLAN membership To define GVRP on the device Click System gt Bridging Config gt VLAN gt GARP gt GVRP The GVRP Parameters Page opens I interface G Portet gt LaG 1
57. 1 v Password Confirm Password Submit 4 Click Submit The Local User password is saved and the device is updated 30 31 5 1 2 2 Defining Line Passwords Network administrators can define line passwords in the Line Password Page After the line password is defined a management method is assigned to the password The device can be accessed using the following methods gt gt gt Console Passwords Telnet Passwords Secure Telnet Passwords To configure line passwords 1 Click System gt Management Security gt Passwords gt Line Password The Line Password Page opens Figure 41 Line Password Page The Line Password Page contains the following fields gt Console Line Password Defines the line password for accessing the device via a Console session Pass words can contain a maximum of 159 characters Telnet Line Password Defines the line password for accessing the device via a Telnet session Pass words can contain a maximum of 159 characters TP LINK 192 168 1 1 I System Info Bridging Config Quality of Service Security E Management Security Authentication Passwords Network Security JSNMP Management Maintenance Statistics TL 5L3428 L2 Man Line Password asswor Console Line Password p pe Telnet Line Password peee e Secure Telnet Line Password pe pe Submit Secure Telnet Line Password
58. 1024 The Poll Interval default is 1024 seconds pas ERANA D Enable Receive Broadcast Servers Updates He HE este iset D Security Defines whether or not the device monitors the SNTP pa Maintenance J Statistics Submit which the SNTP server is polled for Unicast information Enable Receive Unicast Servers Updates 7 Enable Poll Unicast Servers O servers for Broadcast server time information on the selected interfaces The possible values are Enable Enables the device to receive Broadcast server updates Disable Disables the device from receiving Broadcast server updates Enable Receive Anycast Servers Updates Defines whether or not the device polls the SNTP server for Anycast server time information If both the Enable Receive Anycast Servers Update and the Enable Receive Broadcast Servers Update fields are enabled the system time is set according to the Anycast server time information The possible values are Enable Enables the device to receive Anycast server updates Disable Disables the device from receiving Anycast server updates Enable Receive Unicast Servers Updates Defines whether or not the device polls the SNTP server for Unicast server time information If the Enable Receive Broadcast Servers Updates Enable Receive Anycast Servers Updates and Enable Receive Unicast Servers Updates fields are all enabled
59. 309 y TP LINK Embedded Web System User Guide TL SG3109 9 port Gigabit Managed Switch TL SL3428 24 4G Gigabit Managed Switch TL SL3452 48 4G Gigabit Managed Switch COPYRIGHT amp TRADEMARKS Specifications are subject to change without notice TP LINK is a registered trademark of TP LINK Technologies Co Ltd Other brands and product names are trademarks or registered trademarks of their respective holders No part of the specifications may be reproduced in any form or by any means or used to make any derivative such as translation transformation or adaptation without permission from TP LINK Technologies Co Ltd Copyright 2006 TP LINK Technologies Co Ltd All rights reserved FCC STATEMENT This equipment has been tested and found to comply with the limits for a class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the in
60. 3428 L2 Management Switch T ti Notification Filter Trap Filter Settings Filter Name IPFilter Security Object ID Subtree Filter Type Remove 1 1 36 1 2 1 4 Included O Submit Filter Type Indicates whether to send traps or informs relating to the selected OID Excluded Does not send traps or informs Included Sends traps or informs Remove Deletes filters Checked Deletes the selected filter Unchecked Maintains the list of filters Click treate The Add SNMP Notification Filter Page opens Figure 114 Add SNMP Notification Filter Page Define the Filter Name New Object Identifier Tree and Filter Type fields Click Submit The SNMP notification filter is defined and the device is updated 11 4 3 Defining Notification Receivers Add SNMP Notification Filter Filter Name system interfaces New Object Identifier Tree Select from List ip O Object iD icmp ALL tep zi Filter Type included v Submit The SNMP Notification Receiver Page contains information for defining filters that determine whether traps are sent to specific users and the trap type sent SNMP notification filters provide the following services gt gt gt gt Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Checks To define SNMP notification filters Click System gt SNMP Man
61. 5535 The default is 0 gt Source IP Address Defines the device source IP address used for the TACACS session between the device and the TACACS server gt Authentication Port 0 65535 Defines the port number via which the TACACS session occurs The default port is port 49 gt Timeout for Reply Defines the amount of time in seconds that passes before the connection between the device and the TACACS times out The field range is 1 1000 seconds gt Single Connection Maintains a single open connection between the device and the TACACS server The possible field values are Checked Enables a single connection Unchecked Disables a single connection gt Status Indicates the connection status between the device and the TACACS server The possible field values are Connected Indicates there is currently a connection between the device and the TACACS server Not Connected Indicates there is not currently a connection between the device and the TACACS server gt Remove Removes TACACS server The possible field values are Checked Removes the selected TACACS server Unchecked Maintains the TACACS servers 2 Click kreate The Add TACACS Host Page opens Figure 34 Add TACACS Host Page 3 Define the fields 4 Click Submit The TACACS server is defined and the device is updated To modify the TACACS server settings 1 Click Securit
62. 6c0o0o60no0oo0o0on0on0no0o0oo0oo0oo0onoo0ooo0ooo0ono0oo0oo0ooo S ooBcoo0o0o0no0oo0oo0oo0oo0no0oo0o0ooo0ono0oooooo0oo0oo0oooo LAGL1 L2 L3 L4 L5 L6 L7 L8 NE amp amp Ee amp E lo co0oco0o0cod8 scocoaceac Submit 1 Click System gt Bridging Config gt Multicast Support gt Bridge Multicast gt Multicast Group The Multicast Group Page opens 2 Click The Multicast Group Settings Page opens Figure 98 Multicast Group Settings Page 3 Select Ports LAGs for the selected VLAN and define the port settings 4 Click Submit The Multicast group settings are modified and device information is updated 3 Multicast Group Settings Microsoft Internet Explorer VLAN ID 1 Bridge IP Multicast 224 239 140112 1 123 Bridge Mac Multicast 01005e0c017b Unit No 1 Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 CCC OE OE OE CORE OSE OR OSEE OR OR OR OR OR OR OR OR OR OR OR EE EEE Ee Ee oo006B00000obon0o0000n0oo000on0n00n0o00no 0o 66060006 0o0ocon0o600n0o0o0no0o0o0o0o0oo0oo0o0o0 o86 66466666 6G6G6GG 66666666 66 LAGL1 L2 L3 L4 L5 L ORO FO Oo 6 co 6 G Submit 10 3 Defining Multicast Forward All Parameters The Multicast Forward All Page contains fields for attaching ports or LAGs to a device that is attached to a neighboring Multicast router switch Once IGMP Snooping is enabled Multicast packets are forwarded to the appropriate port or VLAN Unless LAGs are defined
63. After Reset field 3 Click Submit The selected image file is activated after the device is reset 13 4 Copying System Files Files can be copied and deleted using the Copy Files Page To copy system files 1 Click System gt Maintenance gt File Management gt Copy Files The Copy Files Page opens Figure 126 Copy Files Page The Copy Files Page contains the following fields gt Copy Configuration Copies the Running Configuration file to the Startup Configuration file gt Source Indicates the Running Configuration file is selected TP LINK TL SL3428 L2 Management Switch 192 168 1 1 Copy Files Destination Startup Configuration v Copy Configuration Source Running Configuration de C Restore Configuration Factory Defaults EJ Maintenance gt Destination Indicates the Startup Configuration file is selected gt Restore Configuration Factory Defaults Resets the Configuration file to the factory defaults The factory defaults are reset after the device is reset When unselected the device maintains the current Configuration file 2 Select Copy Configuration 3 Click Submit The file is copied To restore the default configuration 1 Click System gt File Management gt Copy Files The Copy Files Page opens 2 Select Restore Configuration Factory Defaults 3 Click Submit The factory defaults are restored and the device is updated T
64. EET EN IP Address Mask Interface Type Edit Remove mask i 1 192 168 1 1 255 255 255 0 VLAN1 Static O Brid ing Confi gt Interface Displays the interface used to manage the Baty See Sm H ecurity device Er fy Statistics gt Dynamic Indicates that the IP address is dynamically created gt Static Indicates the IP address is a static IP address gt Remove Removes the selected IP address from the interface The possible field values are Checked Removes the IP address from the interface Unchecked Maintains the IP address assigned to the Interface 2 Click treate The Add IP Interface Page opens Figure 54 Add IP Interface Page Add IP Interface 3 Define the P Address Network Mask Prefix Length Source IP Address and Interface Port LAG or VLAN Network Mask C Prefix Length 4 Click Submit The new interface is added and the interface portlet 1 e ach A cvp A device is updated Submit To modify IP interface settings 1 Click System gt System Info gt IP Configuration gt IP Addressing The IP Interface Page opens 2 Click amp The IP Interface Settings Page opens Figure 55 IP Interface Settings Page IP Interface Settings 3 Modify the IP Address and Interface fields leg 192 168 1 1 amp Network Mask 255 255 255 0 4 Click Submit The interface is modified and the C prefix Length 24 device is updated Interface C ponfel A c
65. Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but including FCS octets received on the interface since the device was last refreshed gt Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number The field range to detect jabbers is between 20 ms and 150 ms Collisions Displays the number of collisions received on the interface since the device was last refreshed gt gt Utilization Displays the percentage of the interface utilized 2 Select an entry in the History Entry No field 3 Click Submit The statistics are displayed 15 2 3 Configuring RMON Events This section includes the following topics gt Defining RMON Events Control gt Viewing the RMON Events Logs 15 2 3 1 Defining RMON Events Control The RMON Events Control Page contains fields for defining RMON events To set RMON events 1 Click System gt Statistics gt RMON gt Events The RMON Events Control Page opens Figure 141 RMON Events Control Page TP LUINK Switc The RMON Events Control Page contains the following mae TL SL3428 L2 Management fields gt E tEnt Disol th
66. Global status and click Svbmit The global GVRP parameters are saved To modify global GVRP or LAG parameters 1 Click amp next to GVRP or LAG global interface settings item The GVRP Parameters Settings Page opens Figure 80 GVRP Parameters Settings Page P 3 Enable or disable GVRP State Dynamic VLAN Creation and GVRP Registration Click Submit The global GVRP or LAG parameters are modified and the device is updated GVRP Parameters Settings Interface Port fet gt C LAG ga GVRP State Disable Dynamic VLAN Creation Enable gt GVRP Registration Enable v Submit Packets addressed to destinations stored in either the Static or Dynamic databases are immediately forwarded to the port The Dynamic MAC Address Table can be sorted by interface VLAN or MAC Address whereas MAC addresses are dynamically learned as packets from sources that arrive at the device Static addresses are configured manually An address becomes associated with a port by learning the port from the frame s source address but if a frame that is addressed to a destination MAC address is not associated with a port that frame is flooded to all relevant VLAN ports To prevent the bridging table from overflowing a dynamic MAC address from which no traffic arrives for a set period is erased This section contains information for defining both static and dynamic forwarding addresses and includes the following topics g
67. Indicates the cost of the port participating in the STP topology Ports with a lower cost are less likely to be blocked if STP detects loops gt Forward Transitions Indicates the number of times the port has changed from Forwarding state to Blocking state gt LAG Indicates the LAG to which the port belongs To modify the STP settings Interface Settings 1 Click The STP Interface Settings Page opens air fer 9 STP Enable gt Figure 86 STP Interface Settings Page Port Fast Disabled Enable Root Guard 2 Click the STP enable checkbox Port state Disabled i f Speed 100M 3 Define the fields En f 4 Click Submit The settings for the selected interface Default Path Cost are modified and device information is updated Priority l Designated Bridge ID HA Designated Port ID NIA Designated Cost MA Forward Transitions M A LAG Submit 61 9 2 Configuring the Rapid STP While Classic STP prevents Layer 2 forwarding loops in a general network topology convergence can take between 30 60 seconds This time may delay detecting possible loops and propagating status topology changes Rapid Spanning Tree Protocol RSTP detects and uses network topologies that allow a faster STP convergence without creating forwarding loops The Global System LAG information displays the same field information as the ports but represent the LAG RSTP information To view and define RSTP 1 Figure 87 RSTP Page
68. JE EE 19 9 Disable STP Disable Disabled Auto Enable rc P which the designated switch is attached to the LAN er nede ors sr 21 ez Disable STP Disable Disabled Auto Enable mi P 22 e22 Disable STP Disable Disabled Auto Enable rc P a Click System gt Bridging Info gt Spanning Tree gt RSTP The RSTP Page opens A Alternate Provides an alternate path to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link or when a LAN has two or more connections connected to a shared segment Disabled Indicates that the port is not participating in the Spanning Tree Mode Displays the current STP mode The STP mode is selected in the STP Properties Page The possible field values are STP Indicates that Classic STP is enabled on the device Rapid STP Indicates that Rapid STP is enabled on the device Multiple STP Indicates that Multiple STP is enabled on the device Fast Link Operational Status Indicates whether Fast Link is enabled or disabled for the port or LAG If Fast Link is enabled for a port the port is automatically placed in the forwarding state Point to Point Admin Status Indicates whether a point to point link is established or if the device is permitted to establish a point to point link Th
69. LANs including VLAN GARP and VLAN GVRP Section 6 Defining IP Addresses Provides information about defining device IP addresses ARP and Domain Name Servers DNS Section 8 Defining the Forwarding Database Provides information about configuring and managing both static and dynamic MAC addresses Section 9 Configuring the Spanning Tree Protocol Provides information about configuring Spanning Tree Protocol STP including the Rapid Spanning Tree Protocol RSTP and Multiple Spanning Tree Protocol MSTP Section 10 Configuring Multicast Forwarding Provides information about Multicast Forwarding Section 11 Configuring SNMP Management Provides information about Simple Network Management Protocol SNMP management including defining SNMP v1 v2c and v3 SNMP filters and notifications Section 12 Configuring Quality of Service Provides information about configuring Quality of Service parameters on the device Section 13 Managing System Files Provides information about downloading uploading and copying system files Section 14 Performing Device Diagnostics Provides information about port mirroring configuration copper and fiber cables testing and viewing device health information Section 15 Viewing Statistics Provides information about viewing device statistics including Remote Monitoring On Network RMON statistics and device history events Intended Audience This guide is intended fo
70. MP Management eg Disabled Enabled Enabled eg Disabled Enabled Enabled e10 Disabled Enabled Enabled e11 Disabled Enabled Enabled e12 Disabled Enabled Enabled e13 Disabled Enabled Enabled e14 Disabled Enabled Enabled e15 Disabled Enabled Enabled e16 Disabled Enabled Enabled e17 Disabled Enabled Enabled e18 Disabled Enabled Enabled e19 Disabled Enabled Enabled e20 Disabled Enabled Enabled e21 Disabled Enabled Enabled e22 Disabled Enabled Enabled e23 Disabled Enabled Enabled e24 Disabled Enabled Enabled g1 Disabled Enabled Enabled g2 Disabled Enabled Enabled g3 Disabled Enabled Enabled g4 Disabled Enabled Enabled Global System LAGS LAG 1 Disabled Enabled Enabled LAG 2 Disabled Enabled Enabled LAG 3 Disabled Enabled Enabled LAG 4 Disabled Enabled Enabled Maintenance Statistics KG RS OO NOE AO RGI GS En AE i E Duo APRP S ooon N Dna nuna e oL ONDA UOUN PALS NNNVNVSVNNVIVNIVNIVNNNINNNVNNNNNVNNNNS W Ww N Dynamic VLAN Creation Indicates if Dynamic VLAN creation is enabled on the interface The possible field values are Enable Enables Dynamic VLAN creation on the interface Disable Disables Dynamic VLAN creation on the interface GVRP Registration Indicates if VLAN registration through GVRP is enabled on the device The possible field values are Enable Enables GVRP registration on the device Disable Disables GVRP registration on the device 2 Select the GVRP
71. MP group membership 1 Click System gt SNMP Management gt Security gt Group Membership The SNMP Security Group Membership Page opens Figure 106 SNMP Security Group Membership Page TP LINK PE TL 5L3428 L2 Management Switch The SNMP Security Group Membership Page contains the MEG cionar parameters views Group Profi 192 168 1 1 h EN gt User Name ee Contains a list of user defined user I SJSNMP Management User Name Group Name Engine ID Authentication Edit Remove i s Ntication 1 User group Local None L E names The field range is up to 30 alphanumeric A Maintenance curl characters gt Group Name Contains a list of user defined SNMP groups SNMP groups are defined in the SNMP Group Profile Page gt Engine ID Displays either the local or remote SNMP entity to which the user is connected Changing or removing the local SNMP Engine ID deletes the SNMPv3 user database Local Indicates that the user is connected to a local SNMP entity Remote Indicates that the user is connected to a remote SNMP entity If the Engine ID is defined remote devices receive inform messages gt Authentication Displays the method used to authenticate users The possible field values are MD5 Key Users are authenticated using the HMAC MD5 algorithm SHA Key Users are authenticated using the HMAC SHA 96 authentication level MD5 Password The HMAC MD5 96 pass
72. Multiple Spanning Tree bridges by which frames can be transmitted In configuring MSTP the MST region to which the device belongs is defined A configuration consists of the name revision and region to which the device belongs Network administrators can define the MSTP instance settings using the MSTP Instance Settings Page To define instance settings for MSTP 1 Click System gt Bridging Config gt Spanning Tree gt MSTP gt Instance Settings The MSTP Instance Settings Page opens Figure 90 MSTP Instance Settings Page C TP LINK TL 5L3428 L2 Management The MSTP Instance Settings Page page contains the following fields 192 168 1 1 System Info Modify MSTP Instance gt Instance ID Specifies the VLAN group to which the Pam CREE TET Forwarding Database interface is assigned a instance D ra _ RSTP gt Included VLAN Maps the selected VLANs to DEE E Multicast Support Included VLAN the selected instance Each VLAN belongs to one de ee GISNMP Management instance i a res Bridge Priority pze pr Designated Root Bridge ID 32768 00 06 00 00 00 0a gt Bridge Priority Specifies the selected spanning od 0 0 Bridge ID 32768 00 06 00 00 00 0a tree instance device priority The field range is 0 61440 v Designated Root Bridge ID Indicates the ID of the bridge with the lowest path cost to the
73. NIA NIA NA NA e7 NA NA NA I28 fho ma NIA NIA NA NA ee NA NA Naha f19 nA NA N A NA NA eg NA NA Nafa 100 NA NIA NIA NA NIA 10 e10 NA NA Naha 100 N NA NIA NA NA 11 ett Na NA NA 128 fho N MA NIA NA NA 12 e12 NA NA Naha o N NA NIA NA NiA 13 e13 NA NA Naha o N NA NIA NA NA 14 e14 NA NA Naha ho N NA NIA NA NA sl oo co a on gt w hm oO on 64 65 Vv To add new interface settings for MSTP The possible field values are Root Provides the lowest cost path to forward packets to the root device Designated Indicates the port or LAG through which the designated device is attached to the LAN Alternate Provides an alternate path to the root device from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link or when a LAN has two or more connections connected to a shared segment Disabled Indicates the port is not participating in the Spanning Tree Mode Indicates the STP mode by which STP is enabled on the device The possible field values are Classic STP Classic STP is enabled on the device This is the default value Rapid STP Rapid STP is enabled on the device Multiple STP Multiple STP is enabled on the device Type Indicates whether the port is a Boundary or Master port The possible field values are
74. P Manageme hs Retesh i PL SE re Single Ennion Frames 0 statistics are displayed peee sade NE apr Oversize Packets 0 LAG Defines the specific LAG for which Etherlike Internal MAC Receive Errors 0 Received Pause Frames 0 statistics are displayed EE l gt Refresh Rate Defines the amount of time that passes before the interface statistics are refreshed The possible field values are 15 Sec Indicates that the Etherlike statistics are refreshed every 15 seconds 30 Sec Indicates that the Etherlike statistics are refreshed every 30 seconds 60 Sec Indicates that the Etherlike statistics are refreshed every 60 seconds No Refresh Indicates that the Etherlike statistics are not refreshed Frame Check Sequence FCS Errors Displays the number of FCS errors received on the selected interface Single Collision Frames Displays the number of single collision frames received on the selected interface Late Collisions Displays the number of late collision frames received on the selected interface Excessive Collisions Displays the number of excessive collisions received on the selected interface Internal MAC Transmit Errors Displays the number of internal MAC transmit errors on the selected interface Oversize Packets Displays the number of oversized packet errors on the selected interface Internal MAC Receive Errors Number of internal MAC received errors on th
75. Profile Rule Settings Page opens Figure 28 Profile Rule Settings Page 3 Modify the fields 4 Click Submit The profile rule is modified and the device is updated 5 1 1 3 Defining Authentication Profiles Add Profile Rule Access Profile Name 1 Priority Management Method All v I Interface portfei 7 Las 1 evafi z Network Mask I Source IP Address Prefix Length Action Permit gt Submit Profile Rule Settings Priority fh Management Method All Network Mask 0 0 0 0 IV Source IP Address C Prefix Length o Action Permit gt Submit Authentication profiles allow network administrators to assign authentication methods for user authentication User authentication can be performed either locally or on an external server User authentication occurs in the order the methods are selected If the first authentication method is not available the next selected method is used For example if the selected authentication methods are RADIUS and Local and the RADIUS server is not available then the user is authenticated locally To define Authentication profiles 1 Click System gt Management Security gt Authentication gt Authentication Profiles The Authentication Profiles Page opens Figure 29 Authentication Profiles Page The Authentication Profiles Page provides the following tables gt Login Authentication Profiles gt Enable Authentication Profiles
76. R Bandwidth If WWR weight is selected indicates the percentage 2 Define the fields 3 Click Submit The QoS queue settings are saved and the device is updated 12 3 Mapping Queues This section contains the following topics gt Mapping CoS Values to Queues gt Mapping QoS Values to Queues 12 3 1 Mapping CoS Values to Queues The CoS to Queue Page contains fields for classifying CoS settings to traffic queues To set CoS to Queue 1 Click System gt Quality of Service gt Queue Mapping gt CoS to Queue The CoS to Queue Page opens Figure 121 CoS to Queue Page TP LINK TL SL3428 L2 Management Switch gt Class of Service Specifies the CoS priority tag values where zero is the lowest and 8 is the highest CoS to Queue gt Queue Defines the traffic forwarding queue to which 192 168 1 1 System Info Qos to Queue the CoS priority is mapped Four traffic priority queues RA eernce TER 1 General Settings 1 o 2 are supported where zero is the lowest and 8 is the Fo Gusts Maani highest ee a Statistics gt Restore Defaults Allows you to restore default I 7 6 4 3 8 7 settings 4 Restore Defaults 2 Modify the Queue values or select Restore Defaults sa 3 Click Submit The CoS to Queue mapping settings are saved and the device is updated 12 3 2 Mapping QoS Values to Queues The DSCP to Queue Page
77. Receive Indicates the number of EAPOL Start frames received on the port Log off Frames Receive Indicates the number of EAPOL Logoff frames that have been received on the port Respond ID Frames Receive Indicates the number of EAP Resp Id frames that have been received on the port Respond Frames Receive Indicates the number of valid EAP Response frames received on the port Request ID Frames Transmit Indicates the number of EAP Req Id frames transmitted via the port Request Frames Transmit Indicates the number of EAP Request frames transmitted via the port VV VV VV v v WV Invalid Frames Receive Indicates the number of unrecognized EAPOL frames that have been received by on this port Vv Length Error Frames Receive Indicates the number of EAPOL frames with an invalid Packet Body Length received on this port gt Last Frame Version Indicates the protocol version number attached to the most recently received EAPOL frame gt Last Frame Source Indicates the source MAC address attached to the most recently received EAPOL frame 2 Select a port from the Port dropdown list The port statistics are displayed To update the refresh time gt To change the refresh rate for statistics select another rate from the Refresh Rate dropdown list 15 2 Managing RMON Statistics This section describes how to view and manage Remote Monitoring On Network RMON statistics history and alarms This section c
78. SN eee 70 11 3 1 Defining SNMP Global Parameters rnnrrrnnrnnnnnnnnnvnvrnnnnnnnnnnnvenrennnnnnnnnnnnnsnnnnnnnnnnennesnnnn 71 113 2 DENS NPs 71 11 3 3 Defining SNMP Group PoNl S vv senvmenstsevemmnleindsdtmenaredsmdnsdnsdsanne 72 11 3 4 Defining SNMP Group Members Lanusmemeiesjem indtmiepeilegeidvituueikuesdddane 73 11 3 5 Defining SNMP CGomMmunnl s masserer unsisk brette kaeninmednenne 75 1 351 SNMP Communities Basic Table xcs cecrscsccecciens sacs desncceustadbaraatihsasiegsissvadedcineucoageeguebenesdeite 75 11 3 5 2 SNMP Communities Advanced Table rrrrrnrnnnrnrvrrnrnnnnnnnnnverrnnnnnnnnnvnnnrrnnnnnnnnnnennennnnn 75 11 4 Configuring SNMP Notification Settings vcicin ssciteccdenadesondeecscceesvqucstcestessiiueeideecadsepmiesiddvaies 76 11 4 1 Defining SNMP Notification Properties rrrrrnnnrnnnnnrrrrrrnnnnnnnvnnnrrnnnnnnnnnvnnnrrnnnnnnnnnnennennnnn 76 114 2 Defining Notification Filters s sisien insine 76 11 4 3 Defining Notification Receivers rrrnrrnnnvrverrnnnrnnnnvvvvrrnnnrnnnnnvnrrrrnnnnnnnnnnrssnnnnnnnnnennesnsnn TT 11431 SNMPV1 26 Notification Recipient LL umemeanmnressamemiineunseisvvvreusieanivvanevvin 78 114 322 SNMPv3 Notification Recipient wicciasoceuinansicrnatncanspiedenncuciadunnistoianluisinsstddtmdecdeasiweliheaarnxdtenens 78 Section 12 Configuring Quality of Service rrrrrrrrrnnnnnnnnnnvnnnnnnennnnnnnn 80 12 1 Quality of Service OVS VOW case zeinteisctiersacaaisasouenctuns c
79. Savings Time in the United States Belarus From the last weekend of March until the last weekend of October Belgium From the last weekend of March until the last weekend of October Brazil From the third Sunday in October until the third Saturday in March During the period of Daylight Saving Time Brazilian clocks go forward one hour in most of the Brazilian southeast Chile In Easter Island from March 9 until October 12 In the rest of the country from the first Sunday in March or after 9th March China China does not use Daylight Saving Time Canada From the first Sunday in April until the last Sunday of October Daylight Saving Time is usually regulated by provincial and territorial governments Exceptions may exist in certain municipalities Cuba From the last Sunday of March to the last Sunday of October Cyprus From the last weekend of March until the last weekend of October Denmark From the last weekend of March until the last weekend of October Egypt From the last Friday in April until the last Thursday in September Estonia From the last weekend of March until the last weekend of October Finland From the last weekend of March until the last weekend of October France From the last weekend of March until the last weekend of October Germany From the last weekend of March until the last weekend of October Greece From the last weekend of March until the last weekend of Oc
80. The possible field values are Local 0 Local 7 v Description Provides a user defined server description gt Minimum Severity Indicates the minimum severity from which logs are sent to the server For example if Notice is selected all logs with a severity level of Notice and higher are sent to the remote server gt Remove Deletes the currently selected server from the Servers list The possible field values are Checked Removes the selected server from the Syslog Properties Page Once removed logs are no longer sent to the removed server Unchecked Maintains the remote servers 2 Click Hreate The Add Syslog Server Page opens Figure 23 Add Syslog Server Page Add Syslog Server bis Log Server IP Address 192 168 1 232 3 Define the P Address UDP Port Facility Description ser and Minimum Severity fields a Local gl 4 Click _Submit The Log server is defined and the a ala server Description device is updated Minimum Severity Alert v Submit gi This section describes pages that contain fields for setting security parameters for ports device management methods users and server security for the TP Link device This section contains the following topics gt Configuring Management Security gt Configuring Network Security 5 1 Configuring Management Security This section provides information for configuring device management security This
81. TrustMode cos gt Trust Mode Selects the trust mode If a packet Meese s CoS tag and DSCP tags are mapped to different rart for Incoming Traffic el Enable 0 e2 Enable e3 Enable ed Enable e5 Enable e6 Enable e7 Enable Enable eg Enable e10 Enable e11 Enable are sent to the lowest queue CoS Sets the Trust mode to CoS Packets are i oan queued based on their CoS tag value i oh Ebi 15 e15 Enable DSCP Sets the Trust mode to CoS Packets are Ss 17 elf Enable 18 e818 Enable v queues the Trust mode determines the queue to which the packet is assigned The possible field values are None Sets the Trust mode to none All packets h umna opo POPNOW NH oO oo oooocoqoooqac eoeoooqoooqoc9qo O VVVBVBVBVBsVssysyszyzyzyyzsy o queued based on their DSCP tag value In the QoS parameters list gt Number Indicates the number of the interface for which the global QoS parameters are defined gt Interface Displays the name of the interface for which the global QoS parameters are defined gt Trust Mode Indicates if the trust mode is enabled for the interface gt Default CoS for Incoming Traffic Displays the current settings for the default CoS value for incoming packets for which a VLAN tag is not defined The possible field values are 0 7 The default CoS is 0 N Select Enable in the Quality of Service field 3 Select the Trust Mode 4 C
82. ZI Join Timer centiseconds 200 Leave Timer centiseconds 600 Figure 79 GVRP Parameters Page The GVRP Parameters Page is divided into port and LAG parameters The field definitions are the same The GVRP Parameters Page contains the following fields gt GVRP Global Indicates if GVRP is enabled on the device The possible field values are Enable Enables GVRP on the selected device Disable Disables GVRP on the selected device Interface Displays the port on which GVRP is enabled The possible field values are Port Indicates the port number on which GVRP is enabled LAG Indicates the LAG number on which GVRP is enabled GVRP State Indicates if GVRP is enabled on the port The possible field values are Enable Enables GVRP on the selected port Disable Disables GVRP on the selected port TP LINK TL 5L3428 L2 Management Switch GVRP Parameters 192 168 1 1 E H System Info Interface GVRP State Dynamic n Edit aE VLAN Creation Registration Bridging Config el Disabled Enabled aa Interface e2 Disabled Enabled Enabled Forwarding Database e3 Disabled Enabled Enabled Spanning Tree WLAN e4 Disabled Enabled Enabled i B Membership e5 Disabled Enabled Enabled i GARP e Disabled Enabled Enabled y Multicast Support e7 Disabled Enabled Enabled HI Quality of Service H y Security SN
83. a table that maps VLAN parameters to ports Ports are assigned VLAN membership by toggling through the Port Control settings To define VLAN membership 1 Click System gt Bridging Config gt VLAN gt Membership gt Membership The VLAN Member Membership Page opens TP LINK Figure 74 VLAN Member Membership Page TL 9 3428 L2 Management Switch The VLAN Member Membership Page contains the EN wernt following fields ering bunn wan gt VLAN ID Displays the user defined VLAN ID emot gt VLAN Name Displays the name of the VLAN aS ia et 2 oto at aZ o ot at ozo oS et a7 otto 120 221 a22 0362 gt VLAN Type Indicates the VLAN type The possible on me field values are ee Dynamic Indicates the VLAN was dynamically EN created through GARP mm E E E EEE EE Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN Pele E Foie F gt Port Indicates the port membership gt LAG Indicates the LAG membership gt U Indicates the interface is an untagged VLAN member Packets forwarded by the interface are untagged gt T Indicates the interface is a tagged member of a VLAN All packets forwarded by the interface are tagged The packets contain VLAN information gt Includes the port in the VLAN gt E Excludes the interface from the VLAN However the interface can be added to t
84. access states gt Controlled Access Permits communication between the supplicant and the system if the supplicant is authorized gt Uncontrolled Access Permits uncontrolled communication regardless of the port state The device currently supports port based authentication via RADIUS servers 5 2 1 2 Advanced Port Based Authentication Advanced port based authentication enables multiple hosts to be attached to a single port Advanced port based authentication requires only one host to be authorized for all hosts to have system access If the port is unautho rized all attached hosts are denied access to the network Advanced port based authentication also enables user based authentication Specific VLANs in the device are always available even if specific ports attached to the VLAN are unauthorized For example Voice over IP does not require authentication while data traffic requires authentication VLANs for which authorization is not required can be defined Unauthenticated VLANs are available to users even if the ports attached to the VLAN are defined as authorized Advanced port based authentication is implemented in the following modes gt Single Host Mode Allows port access only to the authorized host gt Multiple Host Mode Multiple hosts can be attached to a single port Only one host must be authorized for all hosts to access the network If the host authentication fails or an EAPOL logoff message is received all
85. ach A e vanha Type Static Submit 6 1 2 Defining the Default Gateway Packets are forwarded to the default IP when frames are sent to a remote network via the default gateway The configured IP address must belong to the same subnet of one of the IP interfaces To define a default gateway for the system 1 Click System gt System Info gt IP Configuration gt IP Addressing gt Default Gateway The Default Gateway Page opens Figure 56 Default Gateway Page TP LINK The Default Gateway Page contains the following fields TL SL3428 L2 Management IP Addressing Switch gt User Defined Default Gateway Indicates the name IP interface Default Gateway 192 168 1 1 of the current default gateway mo bd ser Define au ew fis2168 1 255 gt Active Default Gateway Indicates if the current Hele EE z EPE Remove User Defined default gateway is defined as active Brusen Bridging Config Submit gt Remove Removes the defined default gateway pe SNMP Management tee 2 Enter the name of the User Defined Default Gateway 3 Click Submit The gateway is saved and the device is updated 6 1 3 Defining DHCP Addresses The Dynamic Host Configuration Protocol DHCP assigns dynamic IP addresses to devices on a network DHCP ensures that network devices can have a different IP address every time the device connects to the network To
86. age opens Figure 143 Edit RMON Event User Page Event Control Settings 3 Modify the local user properties fields Event Entry No 1 z Community Default Community 4 Click Submit The entry is updated in the RMON Description Default Description Events Control Page and the device is updated Type None Owner TP 15 2 3 2 Viewing the RMON Events Logs Submit The RMON Events Logs Page contains a list of RMON events To view RMON event logs 1 Click System gt Statistics gt RMON gt Events The RMON Events Logs Page opens Figure 144 RMON Events Logs Page TP LINK The RMON Events Logs Page contains the following Urke elg fields 192 168 1 1 System Info Events Logs gt Event Displays the RMON Events Log entry pace ae GE KN TG DEE Security number i El a Statistics gt Log No Displays the log number T C imarace Statisties m f L Statistics gt Log Time Displays the time when the log entry was Bae i Alarm entered gt Description Displays the log entry description 15 2 4 Defining RMON Alarms The RMON Alarm Page contains fields for setting network alarms Network alarms occur when a network problem or event is detected Rising and falling thresholds trigger alarms To set RMON alarms 1 Click System gt Statistics gt RMON gt Alarm The RMON Alarm Page opens Figure 145 RMON Alarm Page
87. agement gt Notification gt Notification Receiver The SNMP Notification Receiver Page ie opens Figure 115 SNMP Notification Receiver Page TP LINK The SNMP Notification Receiver Page c is divided into the Notification shall following tables gt SNMPvt1 2c Notification Recipient 2 Bidging Config Quality of Service Create ipi d Security gt SNMPv3 Notification Recipient mv Management SNMPV1 2 Notification Recipient ecuri ty ibi ificati i ificati i E A i PF Notification necip oe rs Notification WF Knin Timeout Retries Edit Remove EH lMaintenance 1 10 51 36 Traps TPL SNMP1 162 r i Statistics Switch Properties 192 168 1 1 n E C System Info Trap Station Management SNMPv3 Notification Recipient Recipients Notification User Security UDP Filter IP Type Name Level Port Name Timeout Retries Edit Remove Submit 11 4 3 1 SNMPv1 2c Notification Recipient The SNMP v1 v2c Recipient table contains the following fields gt gt Recipients IP Displays the IP address to which the traps are sent Notification Type Displays the type of notification sent The possible field values are Trap Indicates traps are sent Inform Indicates informs are sent Community String Displays the community string of the trap manager Notification Version Displays the trap type The possible field values are SNMP V1
88. an be placed in the Forwarding State in another STP instance For more information on configuring Multiple STP see Configuring the Multiple STP This section contains the following topics gt gt gt Configuring the Classic STP Configuring the Rapid STP Configuring the Multiple STP 9 1 Configuring the Classic STP This section describes the following topics gt gt Defining STP Properties Defining STP Interface Settings 9 1 1 Defining STP Properties The STP Properties Page contains parameters for enabling STP on the device To define STP properties 1 Click System gt Bridging Info gt Spanning Tree gt STP gt Properties The STP Properties Page opens Figure 84 STP Properties Page The STP Properties Page contains the following fields gt Spanning Tree State Indicates whether STP is enabled on the device The possible field values are Enable Enables STP on the device Disable Disables STP on the device STP Operation Mode Specifies the STP mode that is enabled on the device The possible field values are Classic STP Enables Classic STP on the device This is the default value TP LINK TL SL3428 L2 Management Switch Properties 192 168 1 1 System Info Bridging Config J Interface Forwarding Database Spanning Tree i STP H Multicast Support Quality of Service Security 4 GISNMP Management Hy Maintenance y Stati
89. ane D 10Man10 fo avan fo 12man12 I 13vant3 oO 14van14 fo 15an15 I 16 vante D zvani I 18 vante D VLAN vo om N MM A A Q N Bad 9 3 4 Configuring MSTP Interface Settings Network Administrators can assign MSTP interface settings using the MSTP Interface Settings Page To define interface for MSTP 1 Click System gt Bridging Config gt Spanning Tree gt MSTP gt Interface Settings gt Interface Table The MSTP Interface Settings Page opens Figure 92 MSTP Interface Table Page The MSTP Interface Settings Page contains the following fields gt Instance Lists the MSTP instances configured on the device The possible range is 0 15 gt Interface Displays the interface for which the MSTP settings are displayed The possible field values are Port Specifies the port for which the MSTP settings are displayed LAG Specifies the LAG for which the MSTP settings are displayed gt Role Indicates the port role assigned by the STP algorithm to provide to STP paths A MSTP Interface Table Microsoft Internet Explorer Interface Table Instance 1 Interface Role Mode Type Port Path Port ris Designated Designated Remain Priority Cost State Bridge ID Port ID Hops et NA NA Naha 19 na NIA NIA NA NA e2 NA NA NA 128 hs N NIA N A NA NA e3 NA NA NA 18 fho ma NIA NIA NA NIA e4 NA NWA NA 128 100 N NIA N A NA NA NA NA Nia fI28 f100 ma NA NIA NA NA ee NA NA NA h 100 mA
90. annot be authenticated locally the session is blocked Local RADIUS None Indicates that authentication first occurs locally If authentication cannot be verified locally the RADIUS server authenticates the management method If the RADIUS server cannot authenticate the management method the session is permitted RADIUS Local None Indicates that authentication first occurs at the RADIUS server If authentication cannot be verified at the RADIUS server the session is authenticated locally If the session cannot be authenticated locally the 26 21 session Is permitted Define the Console Telnet and Secure Telnet SSH fields Map the authentication method in the Secure HTTP selection box Map the authentication method in the HTTP selection box ao ON Click Submit The authentication mapping is saved and the device is updated 5 1 1 5 Defining TACACS Host Settings Terminal Access Controller Access Control System TACACS provides centralized security user access validation The system supports up to 4 TACACS servers TACACS provides a centralized user management system while still retaining consistency with RADIUS and other authentication processes TACACS provides the following services gt Authentication Provides authentication during login and via user names and user defined passwords gt Authorization Performed at login Once the authentication session is completed an authorization session
91. ast Link Operational Status Disable Port State Disabled sending Link Control Protocol LCP packets to Pond tn Pow Ari Stave ao configure and test the data link is enabled The possible Point to Point Operational Status Enable field values are Activate Protocol Migration Test 7 Checked Enables the Protocol Migration Unchecked Disables the Protocol Migration 3 In the RSTP Settings Page modify the following fields as required Point to Point Admin Status Point to Point Operational Status 4 Check the Activate Protocol Migration Test check box to activate Protocol Migration 5 Click Submit 6 Click Submit in the RSTP Page The RSTP parameters are saved and the device is updated 9 3 Configuring the Multiple STP Multiple Spanning Tree Protocol MSTP provides differing load balancing scenarios For example while port A is blocked in one STP instance the same port can be placed in the Forwarding state in another STP instance This section contains the following topics gt Defining MSTP Properties gt Configuring MSTP Instances gt Configuring MSTP VLAN Instances gt Configuring MSTP Interface Settings 9 3 1 Defining MSTP Properties The MSTP Properties Page contains information for defining global MSTP settings including region names MSTP revisions and maximum hops To define MSTP 1 Click System gt Bridging Config gt Spanning Tree gt MSTP gt Properties The MSTP Prope
92. at 1000 Mbps and is compatible with existing 10 100 Ethernet Gigabit Ethernet ae Generic Routing Encapsulation Enables tunneling using encapsulation with various protocol packet types GRE creates a virtual point to point link to remote IP internetwork routers GVRP GARP VLAN Registration Protocol Registers client stations into a VLAN Host Monitoring Protocol Collects network information from various networks hosts HMP monitors hosts spread over the internet as well as hosts in a single network HOL Head of Line Packets are queued Packets at the head of the queue are forwarded before packets at the end The path between two network devices for example two routers A computer that acts as a source of information or services to other computers i Allows specific modules to be removed and or replaced while the host device is running Hot Swapping l Eaa l without reconfiguring the device HTTP HyperText Transport Protocol Transmits HTML documents between servers and clients on the internet Definition D 3 Integrated Access Device Device that multiplexes varied communication technologies onto a single telephone line for transmission to the carrier Integrated Circuit Small electronic devices composed from semiconductor material ICMP Internet Control Message Protocol Allows the gateway or destination host to communicate with the source host For example to report a processing error Inter Domain Routing Pr
93. ation file commands as well as all commands entered during the current session After the device is powered down or rebooted all commands stored in the Running Configuration file are lost During the startup process all commands in the Startup file are copied to the Running Configuration File and applied to the device During the session all new commands entered are added to the commands existing in the Running Configuration file Commands are not overwritten To update the Startup file before powering down the device the Running Configuration file must be copied to the Startup Configuration file The next time the device is restarted the commands are copied back into the Running Configuration file from the Startup Configuration file gt Image files Software upgrades are used when a new version file is downloaded The file is checked for the right format and that it is complete After a successful download the new version is marked and is used after the device is reset This section contains the following topics gt Downloading System Files gt Uploading System Files gt Activating Image Files gt Copying System Files 13 1 Downloading System Files To download system files 1 Click System gt Maintenance gt File Management gt File Download The File Download Page opens Figure 123 File Download Page TP LINK The File Download Page is divided into the following Tr secti ONS File Download rest File Download
94. attached clients are denied access to the network gt Guest VLANs Provides limited network access to authorized ports If a port is denied network access via port based authorization but the Guest VLAN is enabled the port receives limited network access For example a network administrator can use Guest VLANs to deny network access via port based authentication but grant Internet access to unauthorized users gt Unauthenticated VLANS Are available to users even if the ports attached to the VLAN are defined as unauthorized 5 2 2 Defining Network Authentication Properties The Network Security Authentication Properties Page allows network managers to configure network authentication 32 33 parameters In addition Guest VLANs are enabled from the Network Security Authentication Properties Page To define the network authentication properties 1 Click System gt Network Security gt Authentication gt Properties The Network Security Authentication Properties Page opens ee TP LINK Figure 43 Network Security Authentication Properties EEG SESE ee SEG Page TEGE G G System Info System Information Bridging Config Quality of Service Port Based Authentication State Disable gt So RE Authentication Method RADIUS The Network Security Authentication Properties Page Cnt Sen Guest VLAN Disan Authentic aig VLAN List BE contains the following fields 33 ingen submit
95. b browser Embedded Web Servers are used in addition to or in place of a CLI or NMS Fast Ethernet Fast Ethernet transmits at 100 Mbps rather than 10 Mbps Fast Forward Table Provides information about forwarding routes If a packet arrives at a TI TI device with a known route the packet is forwarded via a route listed in the FFT If there is not a known route the CPU forwards the packet and updates the FFT First In First Out A queuing process where the first packet in the queue is the first to be transmitted Flapping occurs when an interface s state is constantly changing For example an Flapping STP port constantly changes from listening to learning to forwarding This may cause detrimental traffic loss Enables lower speed devices to communicate with higher speed devices This is Flow Control implemented by the higher speed device refraining from sending packets Ethernet packets smaller than 576 bits Packets containing the header and trailer information required by the physical medium File Transfer Protocol Transfers files between network nodes TI U GARP General Attributes Registration Protocol Registers client stations into a multicast domain GigaBit Interface Converter A hardware module used to attach network devices to fiber GBIC based transmission systems GBIC converts the serial electrical signals to serial optical signals and vice versa a Gigabit Ethernet transmits
96. c of the device on which TP Link Web Interface runs 5 TP Link Web Interface l l l l Provide access to online help and contain information about the EWS Information Tabs This section provides the following additional information gt Device Representation Provides an explanation of the TP Link user interface buttons including both management buttons and task icons gt Using the TP Link Embedded Web Interface Management Buttons Provides instructions for adding modifying and deleting configuration parameters 1 3 1 Device Representation The TP Link Embedded Web Interface Home Page contains a graphical representation of the device This representation varies according to the device platform Figure 3 Device Representation GIGA1 TP LINK TL SL3428 24 4G Gigabit Managed Switch ag pe m md a 20 40 00 6 16 14 System Figures in this guide are based on the TL SL3428 device The figures captions may differ if another device is used 1 3 2 Using the TP Link Embedded Web Interface Management Buttons Configuration Management buttons and icons provide an easy method of configuring device information and include the following Table 2 TP Link Web Interface Configuration Management Buttons Button Button Name Description eo ee Table 3 TP Link Web Interface Information Buttons Tab Tab Name Description 1 4 Using Screen and Table Options The TP Link Embedded Web Interface conta
97. cation Indicates that the packet is authenticated UDP Port Displays the UDP port used to send notifications The field range is 1 65535 The default is 162 Filter Name Includes or excludes SNMP filters Timeout Indicates the amount of time in seconds the device waits before resending informs The field range is 1 300 The default is 15 seconds Retries Indicates the number of times the device resends an inform request The field range is 1 255 The default is 3 Remove Deletes the currently selected recipient The possible field values are Checked Removes the selected recipient from the list of recipients 78 19 Unchecked Maintains the list of recipients 2 Click treate The Add SNMP Notification Receiver Page opens Figure 116 Add SNMP Notification Receiver Page 3 Define the Recipient IP Notification Type SNMPV1 v2c or SNMPv3 UPD Port Filter Name Timeout and Retries fields 4 Click Submit The SNMP Notification recipients are defined and the device is updated To modify SNMP notification recipients 1 Click System gt SNMP Management gt Notification gt Notification Receiver The SNMP Notification Receiver Page opens 2 Click The SNMP Notification Receiver Settings Page opens Figure 117 SNMP Notification Receiver Settings Page 3 Modify the Notification Type SNMPV1 v2c or SNMPv3 UPD Port Filter Name Timeout and Retries fields 4 Click Submit
98. change data streams TCP guarantees packet delivery and guarantees packets are transmitted and received in the order the are sent remote networks Trivial File Transfer Protocol Uses User Data Protocol UDP without security features to transfer files A message sent by the SNMP that indicates that system events have occurred Trunki Link Aggregation Optimizes port usage by linking a group of ports together to form a runkin 3 single trunk aggregated groups User Data Protocol Communication protocol that transmits packets but does not guarantee their delivery Virtual Local Area Networks Logical subgroups that constitute a Local Area Network LAN This is done in software rather than defining a hardware solution VSDL Very High Bit Rate DSL An asymmetric DSL version used at the fiber optic junction point final drop to nearby customers Wide Area Networks Networks that cover a large geographical area Specifies which IP address bits are used and which bits are ignored A wild card mask of 255 255 255 255 indicates that no bit is important A wildcard of 0 0 0 0 indicates that all the bits are important Unicast o A form a routing that transmits one packet to one user Wildcard Mask l aaas l l l For example if the destination IP address is 149 36 184 198 and the wildcard mask is 255 36 184 00 the first two bits of the IP address are used while the last two bits are ignored 112 71035590 309 3 TP LINK
99. contains the following fields FE E vii F gt Access Profile Name Displays the access profile to Soul Seen tees rte ane 7 which the rule is attached Go ER gt Priority Defines the rule priority When the packet is i a nen EE men me matched to a rule user groups are either granted per ee om mission or denied device management access The rule number is essential to matching packets to rules as packets are matched on a first fit basis gt Interface Indicates the interface type to which the rule applies The possible field values are Port Attaches the rule to the selected port LAG Attaches the rule to the selected LAG VLAN Attaches the rule to the selected VLAN gt Management Method Defines the management method for which the rule is defined Users with this access profile can access the device using the management method selected The possible field values are All Assigns all management methods to the rule Telnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile
100. ctions and fields ECisystom no SNTP Clock Time Zone gt Clock Source The source used to set the system dg skr a Re 7 ics ridging Confi j Dag Pisao DDMMMAYY clock The possible field values are VE Se LocalTime 0615 HHS l l r Sjsnve Er Time Zone Offset fom a None Indicates that a clock source is not used poser EE EE un 0 From E DDMMMIYY PEER HH MM The clock is set locally GE GE pee a d 7 I Recurring SNTP Indicates that the system time is set via an oa E week FTE worn E rne T crio SNTP server To Day Sun H week First Month Jan E Time OUUU HH MM Submit The Local Settings section contains the following fields gt gt gt Date The system date The field format is Day Month Year For example 04 May 50 May 4 2050 Local Time The system time The field format is HH MM SS For example 21 15 03 Time Zone Offset The hours difference between Greenwich Mean Time GMT and local time For example the Time Zone Offset for Paris is GMT 1 while the Time Zone Offset for New York is GMT 5 Daylight Savings Enables the automatic Daylight Savings Time DST on the device based on the device s location 10 11 The DST can be set according to unique start and end dates for a particular year or as a recurring period for any year For a specific setting in a particular year complete the fields in the Daylight Savings area for a recurring setting complete the fields in th
101. curred in e12 Test e13 Test the cable OK Indicates that the cable passed the test gt Cable Fault Distance Indicates the distance from the port where the cable error occurred gt Last Update Indicates the last time the port was tested gt Cable Length Indicates the approximate cable length This test can only be performed when the port is up and operating at 1 Gbps To perform a test 1 Click P The test parameters are displayed in the Copper Cable Test Page 14 3 Viewing Optical Transceivers The Optical Transceivers Page allows network managers to perform tests on fiber optic cables AN Note Optical transceiver diagnostics can be performed only when the link is present To test cables gt Figure 131 Optical Transceivers Page The Optical Transceivers Page contains the following Click System gt Maintenance gt Diagnostics gt Optical Transceivers The Optical Transceivers Page opens 192 168 1 1 fields SEE Optical Transceiver gt v VV VV VV V Bridging Config Quality of Service Port Temperature Voltage Current Output Power Input Power Transmitter Fault Loss of Signal Data Ready 93 Port Displays the port IP address on which the cable is tested Temperature Displays the temperature C at which the cable is operating Voltage Displays the voltage at which the cable is operating Current Displays the current at which t
102. dify port security settings fields 3 Click Submit The port security settings are saved only if Locked is selected in the Set Port field In addition the Limited Dynamic Lock mode is selected The default is 1 Action Indicates the action to be applied to packets arriving on a locked port The possible field values are Forward Forwards packets from an unknown source without learning the MAC address Discard Discards packets from any unlearned source This is the default value Shutdown Discards packets from any unlearned source and shuts down the port The port remains shut down until reactivated or until the device is reset Trap Enables traps when a packet is received on a locked port The possible field values are Checked Enables traps Unchecked Disables traps Trap Frequency Sec The amount of time in seconds between traps The default value is 10 seconds To modify port security Interface Table Settings Interface ed Classic Lock fi Lock Interface Learning Mode Max Entries and the device is updated Action on Violation discard Enable Trap E 5 2 3 2 Enabling Storm Control Storm control limits the amount of Multicast and Broadcast frames accepted and forwarded by the device When Layer 2 frames are forwarded Broadcast and Multicast frames are flooded to all ports on the relevant VLAN This occupies bandwidth and loads all nodes on all port
103. dsnmsiemenei anisitsinuiiddeni 25 5 1 1 5 Defining TACACS Host Settings rrrrrnnnnnnnnvvvnnrnnnnnnnnnvnvnnrnnnnnnnnnnnnrnsnnnnnnnnnnnrnnnnnnnnn 27 5 1 1 6 Defining RADIUS Server Settings rrrrrrnnrrnnnnvvnnrrnnnrnnnnnrnvrnrnnnnnnnvnnnnrnsnnnnnnnnnnnennnnnnnnn 28 5 1 2 Configuring TP ASSW ORGS seernes 30 ST DENN Local USES Leese es 30 5 1 2 2 Defining Line FEST TS Jade knanee 31 5125 Defining Enable PS VTS eee nige Sene 31 5 2 Configuring Network SCCUIity cccccccssssssseeceesessssseseeeeeessssseeeeeeeesssssseseseesecesssesseeeeeeesaas 31 5 2 1 Network Security Overview EE 32 5 2 1 1 Port Based Authentication rvvvrnnrnnnnnnnnnnnnnnnnvnvnnvvnnrnnnnnnnnnnnnnnnnnnnnnnrrnrnnnnnnnnnnnnnnnnnennsne 32 5 2 1 2 Advanced Port Based Authentication ccccccccccecseecesssssssseaceseseeeeeneeeeessssssseeeseess 32 5 2 2 Defining Network Authentication Properties cccccccccssssceeeeeeeesssseeeeeeeesssssseeeeeeeeeeesas 32 5 2 2 1 Defining Port Authentication Properties rnnrrrrnrnnnnnnnvrrvrrronnnnnnnvnnnrrnnnnnnnnnnennrnnnnnnnnn 33 5 2 2 2 Configuring Multiple Hosts Lasses eseefukdkennde sende 34 5 2 2 3 Defining Authentication Hosts socucecsccse sensed vasa dsniesnaceniteidiinasncthehiabsuieie mennietuelsmentieleesteai 30 5 2 3 Configuring Traffic CNT La een eedsnkrsknk 36 de Managing POr Secun ee 36 5 2 3 2 Enabling Storm CONTO ek 37 Section 6 Defining IP Addresses nnnnnnnnnnnn
104. e 100 Copper or 100 Fiber gt LAG Status Indicates whether the LAG is up or down gt LAG Speed Displays the configured aggregated rate for the LAG The possible field values are 10 Indicates the port is currently operating at 10 Mbps 100 Indicates the port is currently operating at 100 Mbps 1000 Indicates the port is currently operating at 1000 Mbps gt Auto Negotiation Displays the auto negotiation status of the LAG Auto negotiation is a protocol between two link partners that enables a port to advertise its transmission rate duplex mode and flow control abilities to its partner gt Back Pressure Displays the back pressure mode on the LAG Back pressure mode is used with half duplex mode to disable ports in the LAG from receiving messages gt Flow Control Displays the flow control status of the LAG 2 Click next to the item to modify The Port or LAG Interface Configuration Settings Page opens Figure 66 Interface Configuration Settings Page Port Configuration Settings Port el v In addition to the fields in the Interface Configuration Page a the Port or LAG Interface Configuration Settings Page PE ur m Current Port Status Up contains the following additional field d Admin Speed 100m gt Reactivate Suspended Port Reactivates a suspended sne e 1 1 Current Duplex Mode Full port The possible field values are rie Soe H Current Auto Negotiation Enable Check
105. e Transmits connectionless communications Intermediate System to Intermediate System Provides Link State PDUs LSPs authentication by including authentication information as part of the LSP Enable transporting identical data in fewer frames Jumbo Frames reduce overhead Jumbo Frames lower the processing time and ensure fewer interruptions Group of MD5 keys assigned to an interface Key chains are assigned to interfaces in the Key Chain RIP or OSPF interface parameters 108 Term Definition Data Link Layer or MAC Layer Contains the physical address of a client or server station Layer 2 processing is faster than Layer 3 processing because there is less information to process Network Layer Contains the logical address and protocol type IP IPX etc Layer 3 traffic can also be prioritized and forwarded based on packet information such as the source and destination address Layer 3 processing takes longer than Layer 2 processing as there is more information to process Establishes connections and ensures that all data arrives at the correct destination Packets inspected at the Layer 4 level are analyzed and forwarding decisions are based on their applications Link Control Protocol Manages authentication compression and encryption Enables the even distribution of data and or processing packets across available network Load Balancing resources For example load balancing may distribute
106. e Download 192 168 1 1 gt Software Image Upload 2 System to File Upload ri ging on g s gt Configuration Upload Ea a 13 SNMP Management aa ae Nees gement Software Image Upload 4 3 2 4 U d T Diagnostics TFTP Server IP Address La p oa ype SS Destination Filename Configuration Upload The Upload Type section contains the following fields TFTP Server P address r Destinatione File Name Peer gt Firmware Upload Specifies that the software image TESTE br file is uploaded If Firmware Upload is selected the Submit Configuration Upload fields are grayed out Configuration Upload Specifies that the Configuration file is uploaded If Configuration Upload is selected the Software Image Upload fields are grayed out 13 2 2 Software Image Upload The Software Image Upload section contains the following fields gt TFTP Server IP Address Specifies the address of the TFTP server to which the Software Image is uploaded gt Destination File Name Specifies the name of the software image file to which the Software Image is uploaded 13 2 3 Configuration Upload The Configuration Upload section contains the following fields gt TFTP Server IP Address Specifies the address of the TFTP server to which the Configuration file is uploaded gt Destination File Name Specifies the name of the file to which the Startup Configuration file is uploaded gt Transfer File Name Specifies the
107. e Recurring area Daylight Savings USA The device switches to DST at 2 00 a m on the first Sunday of April and reverts to standard time at 2 00 a m on the last Sunday of October European The device switches to DST at 1 00 am on the last Sunday in March and reverts to standard time at 1 00 am on the last Sunday in October The European option applies to EU members and other European countries using the EU standard Other The DST definitions are user defined based on the device locality If Other is selected the From and To fields must be defined Time Set Offset 1 1440 Used for non USA and European countries to set the amount of time for DST in minutes The default time is 60 minutes From Indicates the time that DST begins in countries other than the USA and Europe in the format Day Month Year in one field and HH MM in another For example if DST begins on October 25 2007 at 5 00 am the two fields should be set to 25 Oct 07 and 05 00 The possible field values are Date The date on which DST begins The possible field range is 1 31 Month The month of the year in which DST begins The possible field range is Jan Dec Year The year in which the configured DST begins Time The time at which DST begins The field format is HH MM For example 05 30 To Indicates the time that DST ends in countries other than the USA and Europe in the format Day Month Year in one
108. e only to the Master Download to All Units Downloads the system file to all units 13 1 3 Configuration Download The Configuration Download section contains the following fields gt gt gt D AARON TFTP Server IP Address Specifies the address of the TFTP server from which the configuration files are downloaded Source File Name Specifies the configuration files to be downloaded Destination File Specifies the destination file to which the configuration file is downloaded The possible field values are Running Configuration Downloads commands into the Running Configuration file Startup Configuration Downloads the Startup Configuration file and overwrites the old Startup Configuration file Open the File Download Page Select the download type Define the TFTP server address Define the Source File Name and Destination File fields Click Submit The requested files are downloaded to the specified destination 13 2 Uploading System Files The Copy Files Page contains fields for uploading the software from the device to the TFTP server To upload system files 1 Figure 124 File Upload Page Click System gt Maintenance gt File Management gt File Upload The File Upload Page opens TP LINK The File Upload Page is divided into the following sections TL SL3428 L2 Management File Management Switch gt Upload Type Fi
109. e possible field values are Enable The device is permitted to establish a point to point link or is configured to automatically establish a point to point link To establish communications over a point to point link the originating PPP first sends Link Control Protocol LCP packets to configure and test the data link After a link is established and optional facilities are negotiated as needed by the LCP the originating PPP sends Network Control Protocol NCP packets to select and configure one or more network layer protocols When each of the chosen network layer protocols has been configured packets from each network layer protocol can be sent over the link The link remains configured for communications until explicit LCP or NCP packets close the link or until some external event occurs This is the actual switch port link type It may differ from the administrative state Disable Disables point to point link Auto Enables a point to point link automatically gt Point to Point Operational Status Displays the point to point operating state gt LAG Displays the LAG to which the interface is attached 2 Click The RSTP Settings Page opens Figure 88 RSTP Settings Page Rapid Spanning Tree Settings The RSTP Settings Page contains the following fields in EG ponli C ach A addition to the settings listed in the RSTP Page Role Mean Mode STP gt Activate Protocol Migration Indicates whether F
110. e selected interface Received Pause Frames Displays the number of received paused frames on the selected interface VV VV VV VV WV Transmitted Paused Frames Displays the number of paused frames transmitted from the selected interface N Select an interface Port or LAG in the Interface field The Etherlike statistics are displayed 94 To update the refresh time gt To change the refresh rate for statistics select another rate from the Refresh Rate dropdown list To reset Etherlike interface statistics counters 1 Open the Etherlike Statistics Page 2 Click Clear All Counters The Etherlike interface statistics counters are cleared 15 1 3 Viewing GVRP Statistics The GVRP Statistics Page contains device statistics for GVRP To view GVRP interface statistics 1 Click System gt Statistics gt Interface Statistics gt GVRP The GVRP Statistics Page opens Figure 134 GVRP Statistics Page a TP UNK The GVRP Statistics Page contains the following fields O interface Statistics add gt Interface Specifies the interface type for which the ore sn ee statistics are displayed eee el Port Indicates port statistics are displayed SSI Hasna EERE No Retest Il LAG Indicates LAG statistics are displayed ry cece gt Refresh Rate Indicates the amount of time that a ee Cs oe oss passes before the GVRP statistics are refreshed The on Enn
111. e week within the month at which DST ends every year The possible field range is 1 5 Month The month of the year in which DST ends every year The possible field range is Jan Dec Time The time at which DST ends every year The field format is HH MM For example 05 30 Define the Date Local Time and Time Zone Offset fields To configure the device to automatically switch to DST select Daylight Savings and select either USA Euro pean or Other If you select Other you must define its From and To fields To configure DST parameters that will recur every year select Recurring and define its From and To fields 4 Click Submit The DST settings are saved and the device is updated 3 2 Configuring SNTP This section contains the following topics gt SNTP Overview gt Defining SNTP Global Settings gt Configuring SNTP Authentication gt Defining SNTP Servers gt Defining SNTP Interface Settings 3 2 1 SNTP Overview The device supports the Simple Network Time Protocol SNTP SNTP assures accurate network device clock time synchronization up to the millisecond Time synchronization is performed by a network SNTP server The device operates only as an SNTP client and cannot provide time services to other systems The device can poll the following server types for the server time gt Unicast gt Anycast gt Broadcast Time sources are established by stratums Stratums define the accuracy of the reference
112. ed Reactivates or unlocks the suspended Admin Advertisement IV max Capability I 10 Half IT 10 Full I 100 Half IT 100 Full I 1000 Full port PU 10 0 Fu 00 Har 100 Fu i Back Pressure Disable Unchecked Maintains the port s locked CE Disable Flow Control Disable z suspended state Current Flow Control Disable MDIMDIX AUTO v 3 Modify the Admin Speed Admin Duplex and Admin Current MDIMDIX MDIX LAG Advertisement fields 4 Click Submit The parameters are saved and the device is updated 46 7 2 Configuring LAGs Link Aggregation optimizes port usage by linking a group of ports together to form a single LAG Aggregating ports multiplies the bandwidth between the devices increases port flexibility and provides link redundancy The TP Link device supports both static LAGs and Link Aggregation Control Protocol LACP LAGs LACP LAGs negotiate aggregating port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them When configuring LAGs ensure the following All ports within a LAG must be the same media type A VLAN is not configured on the port The port is not assigned to a different LAG Auto negotiation mode is not configured on the port The port is in full duplex mode All ports in the LAG have the same ingress filtering and tagged modes All ports in the LAG have the same back pressure and flow control
113. er Displays the RMON station or user that pi requested the RMON information The field range is 0 20 characters Sample No Indicates the sample number from which the statistics were taken Drop Events Displays the number of dropped events that have occurred on the interface since the device was last refreshed Received Bytes Octets Displays the number of octets received on the interface since the device was last refreshed This number includes bad packets and FCS octets but excludes framing bits Received Packets Displays the number of packets received on the interface since the device was last refreshed including bad packets Multicast and Broadcast packets Broadcast Packets Displays the number of good Broadcast packets received on the interface since the device was last refreshed This number does not include Multicast packets Multicast Packets Displays the number of good Multicast packets received on the interface since the device was last refreshed CRC Align Errors Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the device was last refreshed gt Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the device was last refreshed gt
114. er Paraguay From April 6 until September 7 Poland From the last weekend of March until the last weekend of October Portugal From the last weekend of March until the last weekend of October Romania From the last weekend of March until the last weekend of October Russia From the last weekend of March until the last weekend of October Serbia From the last weekend of March until the last weekend of October Slovak Republic From the last weekend of March until the last weekend of October South Africa South Africa does not use Daylight Saving Time Spain From the last weekend of March until the last weekend of October Sweden From the last weekend of March until the last weekend of October Switzerland From the last weekend of March until the last weekend of October Syria From March 31 until October 30 Taiwan Taiwan does not use Daylight Saving Time Turkey From the last weekend of March until the last weekend of October United Kingdom From the last weekend of March until the last weekend of October United States of America From the first Sunday in April at 02 00 to the last Sunday in October at 02 00 To configure the daylight savings time 1 Figure 11 System Information Time Page Click System gt System Info gt General gt Time The System Information Time Page opens TP LINK The System Information Time Page contains the following General ESS se
115. es a backup that can replace the lost functionality An Internet host or router that passes DHCP messages between DHCP clients and Relay Agent DHCP servers Grips up to eight copper wires and resembles a standard RJ 11 telephone connector RJ 45 Connector RJ 45 connectors are commonly used with Ethernet devices Remote Monitoring on Network Provides network information to be collected from a single workstation Routing Information Protocol Stipulates how routing table information is exchanged between routers Real Time Operating System An operating system designed for use in a real time computer system Grips up to four wires RJ 11 connector plugs the handset into the telephone and the RJ 11 Connector l telephone into the wall A device that connects to separate networks Routers forward packets between two or more networks Routers operate at a Layer 3 level RSTP Rapid Spanning Tree Protocol Detects and uses network topologies that allow a faster convergence of the spanning tree without creating forwarding loops i Contains all Startup file commands as well as all commands entered during the current Running Configuration Fil session After the device is powered down or rebooted all commands stored in the ile Running Configuration file are lost RVSP Resource V Reservation Protocol Enables Internet applications to obtain differing service resources for traffic flows Divides LANs into separate LAN segments
116. es are Dynamic The IP address is dynamically created Static The IP address is a static IP address gt Remove Removes DNS servers The possible field values are Checked Removes the selected DNS server Unchecked Maintains the current DNS server list gt DNS Server Displays the DNS server IP address DNS servers are added in the Add DNS Server Page gt Active Server Specifies the DNS server that is currently active The possible field values are Selected Activates the selected DNS server after the device is reset Unselected Deactivates the selected DNS server after the device is reset This is the default value 2 Click the Enable DNS checkbox 3 Define the Default Domain Name 4 Click treate The Add DNS Server Page opens Figure 62 Add DNS Server Page 5 Enter the DNS Server name and click Set DNS Server Active 6 Click Submit The new server is added and device information is updated 6 2 2 Configuring Host Mapping Add DNS Server DHS Server DHS Server Currently Actie 10 5 12 33 Set DNS Server Active D Submit The DNS Host Mapping Page provides information for defining DNS Host Mapping To define DNS host mapping 1 Click System gt System Info gt IP Configuration gt Domain Name System gt Host Mapping The Host Mapping Page opens Figure 63 Host Mapping Page The Host Mapping Page contains the following fields
117. est Effort Indicates that traffic is assigned to the lowest priority queue and packet delivery is not guaranteed Border Gateway Protocol Enables information sharing routing information between groups of routers BootP server on a network or a configuration file loaded into the boot of a device Bridge Protocol Data Unit Provide bridging information in a message format BPDUs BPDU are sent across switch information with in Spanning Tree configuration BPDU packets contain information on ports addresses priorities and forwarding costs i A device that connects two networks Bridges are hardware specific however they are Bridge protocol independent Bridges operate at Layer 1 and Layer 2 levels i Device sets that receive broadcast frames originating from any device within a designated Broadcast Domain set Routers bind broadcast domains because routers do not forward broadcast frames An excessive amount of broadcast messages simultaneously transmitted across a Broadcast Storm network by a single port Forwarded message responses are heaped onto the network overloading network resources or causing the network to time out Broadcasting A method of transmitting packets to all ports on a network A packet transmission at faster than normal rates Bursts are limited in time and only occur under specific conditions Indicates the burst size transmitted at a faster than normal rate Committed Burst Size Indicates the ma
118. et naarisedtennnauitindcsententiaddesonccisiselGammapiedsiwentte 80 12 1 1 Mapping 10 Queues EE EEE 80 1212 QS ModE Leed embede 81 2121 PSN 82 2122 Advanced QOS NON aaa eee ae eee nee eee een ee eee 82 122 Enabling Quality of Service ssc daiiccetadcacutadspetcedecapesesibendede uialodscecnehacseeetocctesdeutnascectebnces 82 122 1 Enabling Quality of ANE 82 12 2 2 Defining QUEUES rek 83 123 Mapp GT EE E een 84 12 3 1 Mapping CoS Values to QuEues wrrrrrnnnnvvnnnnsnnrrnnnrrvernnnnrnnnnrvnnesesnnnnnnvnnnnesnsnrnnnnrvenesenenn 84 12 3 2 Mapping QoS Values to Queues Lanamennsamekmimu mjekviteantninkun neas 84 Section 13 Managing System Files nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 86 13 1 Downloading System FIESuueseeneerdneb endene evgdheddmdadnkesnssuaaei 86 Moet DONT Pr 86 13 1 2 Firmware Peri 8 13 1 9 Coniguration OMIM OA ee 87 13 2 Uploading System FICS Luuesomneedeten rdenmemsaulei dkkuneeddusma 87 geo PA 012 6 IY 9 ENE A E A A E E E E ES 87 13 2 2 Software Image Upload sysone cet ca siden ceccenetnensetetandebonsannanandodeeundeoedecmmnatenstaoudeonenecstinmadoeacoute 88 325 Fn NELL 88 13 3 Activating Image FS rn 88 13 4 Copying System FICS Lunde suns snueateuenlonedoduentarectausmensudeuudaeatseanmeocedactss 88 Section 14 Performing Device Diagnostics asavavnvnnnnnnnnnnnenennnnnnnnnnnnnnnnn 90 14I CPM een 90 14 2 Viewing Integrated Cable TestsS rrrrrrrnrnnnnnvrvrrrnnnrnnnnnvnnnrrnnnnn
119. ets are assigned to a specific queue using the chosen classification method various services can be applied Scheduling for output queues can be configured including gt Strict priority gt Weighted Round Robin WRR Scheduling schemes are specified per system WRR weights to the queues can be assigned in any order For each interface or queue the following output shaping can also be configured gt Committed Burst Size CBS gt Committed Information Rate CIR gt Actions for over the limit traffic 12 1 2 QoS Modes The device supports the following QoS modes gt Basic QoS Mode gt Advanced QoS Mode AN Note When moving to and from basic and advanced QoS modes some settings may be lost 12 1 2 1 Basic QoS Mode Basic Mode supports activating one of the following Trust settings gt VLAN Point Tag gt DiffServ Code Point gt None In addition a single IP based ACL can be attached directly to the interface see section on network security for more information Only packets that have a Forward action are assigned to the output queue based on the specified classification By properly configuring the output queues the following basic mode services can be set gt Minimum Delay The queue is assigned to a strict priority policy and traffic is assigned to the highest priority queue gt Best Effort Traffic is assigned to the lowest priority queue gt Bandwidth Assignments Bandwidths are assigned by
120. ets are directly forwarded to the ports The Dynamic Address Table can be sorted by interface VLAN and MAC Address To define the dynamic forwarding addresses 1 Click System gt Bridging Config gt Forwarding Database gt Dynamic Addresses The Dynamic Addresses Page opens Figure 83 Dynamic Addresses Page TP UNK The Dynamic Addresses Page contains the following fields aie vce ete gt Address Aging Sec Specifies the amount of Statie Address Dynamic Adress time in seconds that the MAC address remains in the aspen Pye eee Dynamic MAC Address table before being timed out if Temas bee sen no traffic from the source is detected The default value Sess Suppon eza is 300 seconds e gt Clear Table Clears the Current Address Table besette rea PT Pmacadaress F van The Query by section contains the following fields ev E gt Interface Specifies the interface Port or LAG for ey which the table is queried Current Address Table gt MAC Address Specifies the MAC address for a MOE which the table is queried FER EN gt VLAN ID Specifies the VLAN ID for which the table is queried gt Address Table Sort Key Specifies the means by which the Dynamic MAC Address Table is sorted The address table can be sorted by address VLAN or interface The Current Address Table section displays the parameters of the dynamic addresses
121. face provides real time graphs and RMON statistics to help system administrators monitor network performance This preface provides an overview to the TP Link Embedded Interface User Guide This preface includes the following sections gt Guide Overview gt Intended Audience Guide Overview This user guide is divided into the following sections to provide concise information for configuring and managing the TP Link device Section 1 Getting Started Provides information about using the EWS including the TP Link Embedded Web Interface management and information buttons as well as information about adding modifying and deleting devices Section 2 Defining Device Information Provides information about opening the device zoom view defining general system properties and enabling Jumbo frames Section 3 Setting the System Time Provides information about configuring system time parameters includ ing Daylight Savings Time DST and Simple Network Time Protocol SNTP Section 4 Configuring System Logs Provides information about enabling and defining system logs Section 5 Configuring Device Security Provides information about configuring device security for management security traffic control and network security Section 7 Configuring Interfaces Provides information about configuring system interfaces ports port groups LAGs and protocols LACP Provides information about configuring and managing V
122. fault Engine ID that is comprised of an Enterprise number and the default MAC address gt Use Default Uses the device generated Engine ID The default Engine ID is based on the device MAC address and is defined per standard as First 4 octets first bit 1 the rest is IANA Enterprise number Fifth octet Set to 3 to indicate the MAC address that follows Last 6 octets MAC address of the device 2 Define the Local Engine ID and Use Default fields 3 Click Submit The SNMP global security parameters are set and the device is updated 11 3 2 Defining SNMP Views SNMP Insert space views provide or block access to device features or portions of features For example a view can be defined which provides that SNMP group A has Read Only R O access to Multicast groups while SNMP group B has Read Write R W access to Multicast groups Feature access is granted via the MIB name or MIB Object ID To define SNMP views 1 Click System gt SNMP Management gt Security gt Views The SNMP Security Views Page opens Figure 101 SNMP Security Views Page TP UNK The SNMP Security Views Page contains the following Sj a fields Gandging Config e CalQuality of Service View Name Defaut F gt View Name Displays the user defined views The SP Managemen view name can contain a maximum of 30 alphanumeric sat Crate gt Object ID Subtree Displays the device feature OID 10818218 fe included
123. ference Guide 5 Click The TP Link Embedded Web Interface Home Page opens Figure 2 TP Link Embedded Web Interface Home Page z TP LINK The TP Link Embedded Web Interface Home Page m o contains the following views gt Port LED Indicators Located at the top of the home page the port LED indicators provide a visual repre a sentation of the ports on the TP Link front panel gt Tab Area Located above the LED indicators the tab area contains a list of the device features and their components gt Device View Located in the main part of the home page the device view provides a view of the device an information or table area and configuration instructions 1 3 Understanding the TP Link Embedded Web Interface The following table lists the user interface components with their corresponding numbers Table 1 Interface Components View Description 1 Tree V Tree View provides easy navigation through the configurable device features The main ree View branches expand to display the sub features Device View provides information about device ports current configuration and status table 2 Device View information and feature components Device View also displays other device information and dialog boxes for configuring parameters 3 Tab A The Tab Area enables navigation through the different device features Click the tabs to view ab Area all the components under a specific feature Provides a graphi
124. field and HH MM in another For example if DST ends on March 23 2008 at midnight the two fields should be 23 Mar 08 and 00 00 The possible field values are Date The date on which DST ends The possible field range is 1 31 Month The month of the year in which DST ends The possible field range is Jan Dec Year The year in which the configured DST ends Time The time at which DST starts The field format is HH MM For example 05 30 Recurring Recurring Enables user defined DST for countries in which DST is constant from year to year other than the USA and Europe From The time that DST begins each year In the example DST begins locally every first Sunday in April at midnight The possible field values are Day The day of the week from which DST begins every year The possible field range is Sunday Saturday Week The week within the month from which DST begins every year The possible field range is 1 5 Month The month of the year in which DST begins every year The possible field range is Jan Dec Time The time at which DST begins every year The field format is Hour Minute For example 02 10 To The time that DST ends each year In the example DST ends locally every first Sunday in October at midnight The possible field values are Day The day of the week at which DST ends every year The possible field range is Sunday Saturday Week Th
125. for bridging and routing Segmentation Segmentation a EN eliminates LAN bandwidth limitations A central computer that provides services to other computers on a network Services may include file storage and access to applications Simple Network Management Protocol Manages LANs SNMP based software communicates with network devices with embedded SNMP agents SNMP agents gather network activity and device status information and send the information back to a workstation SoC System on a Chip An ASIC that contains an entire system For example a telecom SoC application can contain a microprocessor digital signal processor RAM and ROM Prevents loops in network traffic The Spanning Tree Protocol STP provides tree Spanning Tree Protocol topography for any arrangement of bridges STP provides one path between end stations on a network eliminating loops Secure Shell Logs into a remote computer via a network executes commands and Sub network Subnets are portions of a network that share a common address component In TCP IP networks devices that share a prefix are part of the same subnet For example all devices with a prefix of 157 100 100 100 are part of the same subnet Definition Used to mask all or part of an IP address used in a subnet address Switch Filters and forwards packets between LAN segments Switches support any packet protocol type Transmissions Control Protocol Enables two hosts to communicate and ex
126. ge is displayed Figure 8 Reset Confirmation Message 3 Click Ha The device is reset and a prompt for a user name and password is displayed TP LINK TL SL3428 L2 Management Switch 192 168 1 1 System Info i General LI SNTP To save the current configuration settings Syslog click the Save Configuration button HIP Configuration JBridging Config Quality of Service Security SNMP Management Maintenance Statistics Reset Save Microsoft Internet Explorer a xj Q The device will restart with the start up configuration not the running configuration Would you like to continue cma 4 Enter a user name and password to reconnect to the web Interface 1 7 Logging Off from the Device Click pr The Logout Confirmation Message is displayed Figure 9 Logout Confirmation Message Thank you for using TP Link NMS You have successfully logged out of TP Link NMS Log In This section contains information for viewing and setting general system information The System Description Page contains parameters for configuring general device information including the system name location and contact the system MAC Address System Object ID System Up Time System IP and MAC addresses and both software and hardware versions To view and define the system description 1 Click System Info gt General gt Description The Sy
127. gement access The rule number is essential to matching packets to rules as packets are matched on a first fit basis The rule priorities are assigned in the Profile Rules Page gt Management Method Defines the management method for which the rule is defined Users with this access profile can access the device using the management method selected The possible field values are All Assigns all management methods to the rule Telnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device gt Interface Defines the interface on which the access profile is defined The possible field values are Port
128. gement Switch ocal Users Line Password Enable Password Level fi Passwor d a Alpha Numeric Confirm Passw p Alpha Numeric Submit Configure the fields and click Submit The password is enabled and the device is updated Network security manages both access control lists and locked ports This section contains the following topics gt Network Security Overview gt Defining Network Authentication Properties gt Configuring Traffic Control 5 2 1 Network Security Overview This section provides an overview of network security and contains the following topics gt Port Based Authentication gt Advanced Port Based Authentication 5 2 1 1 Port Based Authentication Port based authentication authenticates users on a per port basis via an external server Only authenticated and approved system users can transmit and receive data Ports are authenticated via the RADIUS server using the Extensible Authentication Protocol EAP Port based authentication includes gt Authenticators Specifies the device port which is authenticated before permitting system access gt Supplicants Specifies the host connected to the authenticated port requesting to access the system ser vices gt Authentication Server Specifies the server that performs the authentication on behalf of the authenticator and indicates whether the supplicant is authorized to access system services Port based authentication creates two
129. gs Page opens Figure 17 SNTP Interface Settings Page The SNTP Interface Settings Page contains the following fields gt Interface Indicates the interface on which SNTP can be enabled The possible field values are Port Indicates the specific port number on which SNTP is enabled TP LINK TL 5L3428 L2 Management Switch 192 168 1 1 System Info SNTP Interface o O General O SNTP Create 7 Syslog IP Configuration Bridging Config EE Servers Updates an J Quality of Service e15 r y Security SNMP Management Maintenance Submit y Statistics LAG Indicates the specific LAG number on which SNTP is enabled VLAN Indicates the specific VLAN number on which SNTP is enabled Receive Servers Updates Enables the server to receive or not receive updates Remove Removes SNTP interfaces Checked Removes the selected SNTP interface Unchecked Maintains the defined SNTP interfaces Click Create The Add SNTP Interface Page opens Figure 18 Add SNTP Interface Page Select the Interface Check the Receive Server Updates option Click Submit The SNTP interface is added and the device is updated Add SNTP Interface Interface portlets x ash A e vant 3 Receive Server Updates Submit This section provides informatio
130. gt Authenticated Hosts The Authenticated Hosts Page opens Figure 48 Authenticated Hosts Page TP UINK TL 5L3428 L2 Management Switch Properties hentication The Authenticated Hosts Page contains the following fields Tort naren 1 Multiple Host gt User Name Lists the supplicants that were HE AEG Quality of Service User Name Port Session Time Authentication Method MAC Address authenticated and are permitted on each port El l Ji See a deans au ty 3 e3 0 Remote 000000000000 gt Port Displays the port number eee i ra Romak DRONE 7 ar Management 6 e6 0 Remote 000000000000 gt Session Time Displays the amount of time in seer ve a ee seconds the supplicant was logged on the port TE ae a en gt Authentication Method Displays the method by 3 eg eee which the last session was authenticated The possible field values are Remote 802 1x authentication is not used on this port port is forced authorized None The supplicant was not authenticated RADIUS The supplicant was authenticated by a RADIUS server gt MAC Address Displays the supplicant MAC address 5 2 3 Configuring Traffic Control This section contains information for managing both port security and storm control and includes the following topics gt Managing Port Security gt Enabling Storm Control 5 2 3 1 Managing Port Security Network security can be inc
131. gt Download Type CaBrdging Config cee Quality of Service Firmware Download 6 gt Firmware Download gt Configuration Download 13 1 1 Download Type Security SNMP Management Maintenance 2 File Management 1 Diagnostics fy Statistics Configuration Download C Firmware Download TFTP Server IP Address Source File Name Destination File Software Image gt Configuration Download TFTP Server IP Address The Upload Type section contains the following fields sourceriename Destination File Running Configuration Submit gt Firmware Download Indicates that the download is for firmware If Firmware Download is selected the Configuration Download fields are grayed out gt Configuration Download Indicates that the download is for configuration files If Configuration Download is selected the Firmware Download fields are grayed out 87 13 1 2 Firmware Download The Firmware Download section contains the following fields gt gt gt gt gt TFTP Server IP Address Specifies the address of the TFTP server from which files are downloaded Source File Name Specifies the file to be downloaded Destination File Specifies the destination file to which system file is downloaded The possible field values are Software Image Downloads the Image file Boot Code Downloads the Boot file Download to Master Only Downloads the system fil
132. gt Interface gt Interface Configuration The Interface Configuration Page opens Figure 65 Interface Configuration Page TP LINK TL 5L3428 L2 Management Switch The Interface Configuration Page is divided into the klare Interface Configuration g Ports Table Interface Port Type Port Status Port Speed Duplex Mode Auto Negotiation Advertisement Back Pressure 1 100M copper Up 100M Full Enable 10H 10F 100H 100F Disable n Unknown gt Interface Configuration Ports Table 1 Multicast Support 3 n nknown gt Interface Configuration LAG Ports Table er So eter Dee ae J SNMP Management 6 nknown Maintenance 7 TY keah own Unknown 2 Statistics 8 100M copper Up 100M Full Enable 10H 10F 100H 100F Disable own Unknown The Interface Configuration Ports Table contains the following fields gt Interface Displays the port number gt Port Status Indicates whether the port is currently operational or non operational The possible field values are Up Indicates the port is currently operating Down Indicates the port is currently not operating gt Port Speed Displays the configured rate for the port The port type determines what speed setting options are available Port speeds can only be configured when auto negotiation is disabled The possible field values are 10 Indicates the port is currently operating at 10 Mbps 100 Indicates the port is currently operating at 1
133. h j wner 4 Click Submit The entry is added to the RMON 2 ax NO ampies to Kee History Control Page and the device is updated Sen sears E Sampling Interval land To modify a history entry user Submit fi Open the RMON History Control Page 2 Click amp The Edit Local History Entry User Page opens Figure 139 Edit Local History Entry User Page History Control Settings 3 Define the fields History Entry No 1 Source Interface O Portfe1 v LAG BE 4 Click Submit the entry is updated in the RMON Soon iP History Control Page and the device is updated Max No of Samples to Keep 50 Sampling Interval lan s a Submit 15 2 2 2 Viewing the RMON History Table The RMON History Table Page contains interface specific statistical network samplings Each table entry represents all counter values compiled during a single sample To view the RMON History Table 1 Figure 140 RMON History Table Page Click System gt Statistics gt RMON gt History gt History Table The RMON History Table Page opens g TL SL3428 L2 Management Switch ca The RMON History Table Page contains the following ant fi History Table le ds aaa REE E gt History Entry No Displays the entry number for the ventas I nterf Statist l l l History Control Table page EO Samle ra Bys Vor rasens Mest ar Packt paca Fragments ters Colisions Utan 2 History gt Own
134. he Address Resolution Protocol ARP converts IP addresses into physical addresses and maps the IP address to a MAC address ARP allows a host to communicate with other hosts only when the IP address of its neighbors is known To define ARP 1 Click System gt System Info gt IP Configuration gt IP Addressing gt ARP The ARP Page opens Figure 59 ARP Page The ARP Page contains the following fields gt ARP Entry Age Out Specifies the amount of time in seconds that passes between ARP Table entry requests Following the ARP Entry Age period the entry is deleted from the table The range is 1 40000000 The default value is 60000 seconds gt Clear ARP Table Entries Specifies the types of ARP entries that are cleared The possible values are None Maintains the ARP entries All Clears all ARP entries Dynamic Clears only dynamic ARP entries Static Clears only static ARP entries TP LINK TL SL3428 L2 Management Switch 192 168 1 1 L System Info ARP General SNTP ARP Entry Age Out 300 Sec i Bre Clear ARP Table Entries None v IP Addressing i Domain Name System JIBridging Config Quality of Service Create Security GE ul ea Interface IP Address MAC Address Status Edit Remove Maintenance Statistics 1 VLAN 1 192 168 1 47 00 0fea 22 29 36 Dynamic E Submit
135. he VLAN through GARP gt R Denies the interface VLAN membership even if GARP indicates the port is to be added 7 3 3 Defining VLAN Interface Settings The VLAN Interface Settings Page contains fields for managing ports that are part of a VLAN The Port Default VLAN ID PVID is configured on the VLAN Interface Settings Page All untagged packets arriving at the device are tagged with the port PVID To define VLAN interfaces 1 Click System gt Bridging Config gt VLAN gt Membership gt Interface Settings The VLAN Interface Settings Page opens TP LINK Figure 75 VLAN Interface Settings Page TL 5L3428 L2 Management Switch Interface Settings The VLAN Interface Settings Page contains the following mn rn System Info Interface va anmode Type Fittering VLAN F fields i Str gt Interface Displays the port number included in the SM ko imama 2 VLAN ae SSS f gt Interface VLAN Mode Displays the port mode The mg na km liven 2 possible values are SEI E General Indicates the port belongs to VLANs and 7 te 1 Am Ea each VLAN is user defined as tagged or untagged a tens Vee 2 full IEEE802 1q mode FF E Access Indicates a port belongs to a single no he 1 Arta re untagged VLAN When a port is in Access mode the a vento packet types which are accepted on the port cannot DK Acess Mita Enana J be designated Ingress
136. he cable is operating Output Power Indicates the rate at which the output power is transmitted Input Power Indicates the rate at which the input power is transmitted Transmitter Fault Indicates if a fault occurred during transmission Loss of Signal Indicates if a signal loss occurred in the cable Data Ready Indicates the transceiver has achieved power up and data is ready This section describes how to view and manage device statistics for interfaces GVRP EAP and Etherlike and how to view and define as RMON statistics history and alarms This section contains the following topics gt Viewing Interface Statistics gt Managing RMON Statistics 15 1 Viewing Interface Statistics This section contains the following topics gt Viewing Device Interface Statistics gt Viewing Etherlike Statistics gt Viewing GVRP Statistics gt Viewing EAP Statistics 15 1 1 Viewing Device Interface Statistics The Interface Statistics Page contains statistics for both received and transmitted packets To view interface statistics 1 Click System gt Statistics gt Interface Statistics The nterface Statistics Page opens Figure 132 Interface Statistics Page TP LINK The Interface Statistics Page contains the following fields legers gt Interface Indicates the device for which statistics 192 168 1 1 System Info Statistics Interface are displayed The possible field values are
137. henticating an SNTP session between the device EJ and an SNTP server is enabled on the device The Ke onal ROE Eu possible field values are dd EE ES KE GR Statistics 34238 PMS r r Checked Authenticates SNTP sessions between the device and SNTP server Unchecked Disables authenticating SNTP sessions between the device and SNTP server gt Encryption Key ID Indicates if the encryption key identification is used to authenticate the SNTP server and device The field value is up to 4294967295 gt Authentication Key Indicates the key used for authentication gt Trusted Key Indicates the encryption key used Unicast Anycast or elected Broadcast to authenticate the SNTP server gt Remove Removes Encryption Key IDs The possible field values are Checked Removes the selected Encryption Key ID Unchecked Maintains the Encryption Key IDs This is the default value 2 Check the Enable SNTP Authentication checkbox 3 Click submit SNTP Authentication is defined and the device is updated To define SNTP authentication parameters 1 Click treate The Add SNTP Authentication Page opens Figure 14 Add SNTP Authentication Page Add SNTP Authentication 2 Define the Encryption Key ID Authentication Key and Encryption Key ID 33511 gt Trusted Key fields Authentication Key TPL Trusted Key IV 3 Click Submit The SNTP Authentication Key is added and the device i
138. hentication Mapping Page contains the following mme C fields one TG gt Console Indicates that authentication profiles are ar ee used to authenticate console users EM EE gt Telnet Indicates that authentication profiles are used an GE to authenticate Telnet users Smits eee gt Secure Telnet SSH Indicates that authentication Sal H profiles are used to authenticate Secure Shell SSH am users SSH provides clients secure and encrypted Es pe remote connections to a device om gt Secure HTTP Indicates that authentication methods are used for Secure HTTP access Possible field values are None Indicates that no authentication method is used for access Local Indicates that authentication occurs locally RADIUS Indicates that authentication occurs at the RADIUS server Line Indicates that authentication uses a line password Enable Indicates that authentication uses an Enable password Local RADIUS Indicates that authentication first occurs locally If authentication cannot be verified locally the RADIUS server authenticates the management method If the RADIUS server cannot authenticate the management method the session is blocked RADIUS Local Indicates that authentication first occurs at the RADIUS server If authentication cannot be verified at the RADIUS server the session is authenticated locally If the session cannot be authenticated locall
139. his section contains the following topics gt Configuring Port Mirroring gt Viewing Integrated Cable Tests gt Viewing Optical Transceivers 14 1 Configuring Port Mirroring Port mirroring monitors and mirrors network traffic by forwarding copies of incoming and outgoing packets from one port to a monitoring port Port mirroring can be used as a diagnostic tool as well as a debugging feature Port mirroring also enables switch performance monitoring Network administrators can configure port mirroring by selecting a specific port from which to copy all packets and other ports to which the packets copied To perform port mirroring diagnostics il Figure 127 Port Mirroring Page Click System gt Maintenance gt Diagnostics gt Port Mirroring The Port Mirroring Page opens 7 P LNK The Port Mirroring Page contains the following fields TL SL3428 L2 Management Switch gt Destination Port Defines the port number to which Port Mirroring TRR 2 192 168 1 1 i r port traffic is copied T GSystem Ino Port Mirroring amp Bridging Config gt Transmit Packets Defines the how the packets are ie aE Ben 2 Click treate The Add Port Mirroring Page opens Figure 128 Add Port Mirroring Page 3 Select a port in the Source Port field SNMP Management cC Maintenance o File Management Destination Port e6 mirrored The possible field values are 7 Diagnostics Untagged Mirrors packets as
140. ice is updated ee 10 C Immediate Leave Submit 10 2 Defining Multicast Bridging Groups The Multicast Group Page displays the ports and LAGs attached to the Multicast service group in the Ports and LAGs tables The Port and LAG tables also reflect the manner in which the port or LAGs joined the Multicast group Ports can be added either to existing groups or to new Multicast service groups The Multicast Group Page permits new Multicast service groups to be created The Multicast Group Page also assigns ports to a specific Multicast service address group To define multicast groups 1 Click System gt Bridging Config gt Multicast Support gt Bridge Multicast gt Multicast Group The Multicast Group Page opens Figure 96 Multicast Group Page F T TP UNK TL 5L3428 L2 Management Switch The Multicast Group Page contains the following information gt Enable Bridge Multicast Filtering Indicates if Er Bridge Multicast filtering is enabled on the device vr The possible field values are Er even Checked Enables Multicast filtering on the device se Unchecked Disables Multicast filtering on the device If Multicast filtering is disabled Multicast frames are flooded to all ports in the relevant VLAN Disabled is the default value gt VLAN ID Identifies a VLAN and contains information about the Multicast group address gt Bridge Multicast Address Identif
141. ics Page 2 Click Clear All Counters The GVRP interface statistics counters are cleared 15 1 4 Viewing EAP Statistics The EAP Statistics Page contains information about EAP packets received on a specific port To view the EAP Statistics 1 Click System gt Statistics gt Interface Statistics gt EAP The EAP Statistics Page opens Figure 135 EAP Statistics Page TP LINK The EAP Statistics Page contains the following fields r Me gt Port Indicates the port which is polled for statistics EN EAP Statistics gt Refresh Rate Indicates the amount of time that Bridging Config 3 a Quality of Service Port fet z passes before the EAP statistics are refreshed The Fe Refresh Rate No Refresh Maintenance possible field values are ER RMON Frames Receive 0 15 Sec Indicates that the EAP statistics are i Log off Frames Receive 0 refreshed every 15 seconds besette 30 Sec Indicates that the EAP statistics are ee i 0 Invalid Frames Receive 0 refreshed every 30 seconds a Last Frame Source 00 00 00 00 00 00 60 Sec Indicates that the EAP statistics are refreshed every 60 seconds No Refresh Indicates that the EAP statistics are not refreshed Frames Receive Indicates the number of valid EAPOL frames received on the port Frames Transmit Indicates the number of EAPOL frames transmitted via the port Start Frames
142. ies the Multicast group MAC address IP address gt Port Displays the port that can be added to a Multicast service gt LAG Displays the LAG that can be added to a Multicast service The following table contains the IGMP port and LAG members management settings Table 5 IGMP Port LAG Members Table Control Settings Port Control Definition Dynamically joins ports LAG to the Multicast group in the Current Row Attaches the port to the Multicast group as static member in the Static Row The port LAG has joined the Multicast group statically in the Current Row Forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a Multicast group The port is not attached to a Multicast group 2 Click kreate The Add Multicast Group Page opens Figure 97 Add Multicast Group Page 3 Define the VLAN ID Bridge Multicast IP Address and Bridge Multicast MAC Address fields 4 Click Submit 5 In the Multicast Group Page select ports to join the Multicast group 6 Define the Multicast port settings 7 Click Submit The Multicast group is defined and the device is updated To modify the Multicast group settings 4 Add Multicast Group Microsoft Internet Explorer VLAN ID 13 Bridge IP Multicast KXXX Bridge Mac Multicast Unit No1 Port 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 N CCE CE LE EEE EE ACO OR OR EE EEE EE ee ee F ooo
143. ies the maximum frame size that can be transmitted over a network Frames that exceed the MTU must be broken into smaller frames Transmits copies of a single packet to multiple ports Network Processor CPU chips that are optimized for networking and communications functions 109 Term Definition Network Management System An interface that provides a method of managing a system A network connection endpoint or a common junction for multiple network lines Nodes include Processors Controllers e Workstations Object Identifier Used by SNMP to identify managed objects In the SNMP Manager Agent network management paradigm each managed object must have an OID to identify it Open Shortest Path First A TCP IP Interior Gateway protocol that calculates the lowest cost route multipath routing and load balancing Blocks of information for transmission in packet switched systems Protocol Data Unit A data unit specified in a layer protocol consisting of protocol control information and layer user data Packet Internet Groper Verifies if a specific IP address is available A packet is sent to another IP address and waits for a reply Determines if traffic levels are within a specified profile Policing manages the maximum traffic rate used to send or receive packets on an interface Port Physical ports provide connecting components that allow microprocessors to O communicate with peripheral equipment a Monitor
144. ile in Flash including the time the log was generated the log severity and a description of the log message The message log is available after reboot To view Flash memory logs 1 Click System gt System Info gt Syslog gt Flash The Syslog Flash Page opens Figure 21 Syslog Flash Page The Syslog Flash Page contains the following information gt Log Index Lists the log index number gt Log Time Lists the date and time that the log was entered gt Severity Lists the severity of the event for which the log was created in Flash memory gt Description Lists the event description 2 To remove current Flash memory logs click _ lear Logs 3 Click ia Logs are removed from the table 4 4 Defining System Log Servers TP UNK TL SL3428 L2 Management Switch 192 168 1 1 C System Info Flash General C SNTP Log Index Log Time Severity Description B Syslog 1 2147483642 01 Jan 2000 05 35 53 Warning STP W PORTSTATUS e8 STP status Forwarding IP Configuration Bridging Config Quality of Service 2 2147483643 01 Jan 2000 05 35 43 Warning STP W PORTSTATUS e1 STP status Forwarding 3 2147483644 01 Jan 2000 05 35 23 Informational SLINK I Up e8 4 2147483645 01 Jan 2000 05 35 22 Warning LINK W Down e8 Security 5 2147483646 01 Jan 2000 05 35 13 Informational LINK I Up e1 JSNMP Management 6 2147483647 01 Jan 2000 05 35 11 War
145. in or excluded from the selected SNMP view Mn gt View Type Indicates whether the defined OID 13614138272 emne F branch will be included in or excluded from the selected Er SNMP view gt Remove Deletes the currently selected view The possible field values are Checked Removes the selected view Unchecked Maintains the list of views 2 Click treate The Add SNMP View Page opens Figure 102 Add SNMP View Page Define the View Name field Define the view using Up and Down Define the View Type field Click S4bmit The view is defined and the device is updated D a A Q 11 3 3 Defining SNMP Group Profiles Add SNMP View View Name interfaces Up Subtree ID Tree Select from List ip C Insert 1 3 6 1 2 icmp Down tep x View Type Included v Submit The SNMP Security Group Profile Page provides information for creating SNMP groups and assigning SNMP access control privileges to SNMP groups Groups allow network managers to assign access rights to specific device features or feature aspects To define an SNMP group 1 Click System gt SNMP Management gt Security gt Group Profile The SNMP Security Group Profile Page opens Figure 103 SNMP Security Group Profile Page The SNMP Security Group Profile Page contains the following fields gt Group Name Displays the user defined group to which access control rules are applied The field range is
146. ins screens and tables for configuring devices This section contains the following topics gt Adding Configuration Information gt Modifying Configuration Information gt Deleting Configuration Information 1 4 1 Adding Configuration Information User defined information can be added to specific TP Link Web Interface pages by opening a new Add page To add information to tables or TP Link Web Interface pages 1 Open an TP Link Web Interface page 2 Click Greate An Add page opens for example Add IP Interface Page Figure 4 Add IP Interface Page Add IP Interface 3 Define the required fields Source IP Address SS Network Mask 4 Click aa The configuration information is saved E and the device is updated interface porfet AC uct c vanh A Submit 1 4 2 Modifying Configuration Information User defined information can be modified in specific TP Link Web Interface pages by opening a new Settings page To modify information in tables or TP Link Web Interface pages 1 Open the TP Link Embedded Web Interface page 2 Select a table entry 3 Click A Settings page opens for example the P Interface Settings Page Figure 5 IP Interface Settings Page IP Interface Settings 4 Modify the fields IP Address 192 168 1 1 gt Network Mask 255 255 2550 5 Click Submit The settings are saved and the device C prefix Length is updated Interface C portlet H c ach A e vanha Type Static
147. instance ID Root Port Indicates the selected instance s root port Root Path Cost Indicates the selected instance s path cost Bridge ID Indicates the bridge ID of the selected instance VV v Y Remaining Hops Indicates the number of hops remaining to the next destination N Define the fields 3 Click Submit The MSTP settings are saved and the device is updated 9 3 3 Configuring MSTP VLAN Instances Network Administrator can assign MSTP for VLAN instances To define MSTP for VLAN instances 1 Click System gt Bridging Info gt Spanning Tree gt MSTP gt Instance Settings gt VLAN Instance Configuration The MSTP VLAN Instance Configuration Page opens Figure 91 MSTP VLAN Instance Configuration Page The MSTP VLAN Instance Configuration Page page contains the following fields gt VLAN ID Maps the selected VLANs to the selected instance Each VLAN belongs to one instance gt Instance ID Specifies the VLAN group to which the interface is assigned gt VLAN Maps the selected VLANs to the selected instance Each VLAN belongs to one instance gt Instance ID Lists the configured instances for the selected VLAN To add a new VLAN instance 1 Select the VLAN ID and enter the Instance ID 2 Click Submit The device information is updated Vlan Instance Configuration Instance ID 0 15 vant oO Vian2 fo Vlan 3 Oo vans D mans D vanes D van D Vlan 8 Oo v
148. ld Broadcast Rate Limit 100 5 Click Submit Storm control is enabled on the device for the selected port Submit 38 This section provides information for defining IP addresses on the device using DHCP and ARP In addition this section contains parameters for defining device default gateways and Domain Name Servers This section contains the following topics gt Defining IP Addressing gt Defining Domain Name System 6 1 Defining IP Addressing This section provides information for assigning interface and default gateway IP addresses and defining ARP and DHCP parameters for the interfaces This section contains the following topics gt Defining IP Addresses gt Defining the Default Gateway gt Defining DHCP Addresses gt Defining ARP 6 1 1 Defining IP Addresses The IP Interface Page contains fields for assigning IP addresses Packets are forwarded to the default IP when frames are sent to a remote network The configured IP address must belong to the same IP address subnet of one of the IP interfaces 1 Click System gt System Info gt IP Configuration gt IP Addressing The P Interface Page opens Figure 53 IP Interface Page TP LINK The IP Interface Page contains the following fields TL 53428 L2 Management Switch gt IP Address Displays the currently configured IP address P IP Interface f J General gt Mask Displays the currently configured IP address
149. lick Submit QosS is configured and enabled on the device To modify interface settings 1 Click amp The QoS Interface Settings Page opens Figure 119 QoS Interface Settings Page CoS Settings 2 Define the fields Interface portlet Z e Lac H z Disable Trust Mode on Interface 3 Click Submit The interface settings are updated Set Default User Priority 05 12 2 2 Defining Queues The QoS Queue Settings Page contains fields for defining the QoS queue forwarding types The queue settings are set system wide To define queue settings for Quality of Service 1 Click System gt Quality of Service gt General Settings gt Queue Settings The QoS Queue Settings Page opens Figure 120 QoS Queue Settings Page TP LINK The QoS Queue Settings Page contains the following TL SL3428 L2 fi d Management Switch ields gt Queue Indicates the queue number acme Queue Bridging Confi gt Scheduling 5 Sauelty of Senica Strict Priority WRR General Settings ce Strict Priority Indicates that traffic scheduling for a nas SNMP Management Subd the selected queue is based strictly on the queue en Er priority WRR Indicates that traffic scheduling for the selected queue is based strictly on the WRR WWR Weight If WRR is selected indicates the predetemined weights 8 2 4 and 1 for queues 4 3 2 and 1 of WW
150. lticast group issue an IGMP report specifying that Multicast group is accepting members This results in the creation of the Multicast filtering database To enable IGMP Snooping 1 Click System gt Bridging Config gt Multicast Support gt IGMP Snooping The GMP Snooping Page opens Figure 94 IGMP Snooping Page TP LINK The IGMP Snooping Page contains the following fields gt Enable IGMP Snooping Status Indicates if IGMP TL 5L3428 L2 Management Switch Switch 192 168 1 1 H H a dem IGMP Snooping Snooping is enabled on the device IGMP Snooping I Seon Conto ee a ER abase dos can be enabled only if Bridge Multicast Filtering is Seem I i ulticast Suppo enabled The possible field values are FM Stony fan stop tt am ME Lean ar Quality of Service 1 1 Disabled Enabled 260 300 10 2 7 Checked Enables IGMP Snooping on the device Security 2 2 Disabled Enabled 260 300 10 2 SNMP Management Submit Maintenance Hy Statistics Unchecked Disables IGMP Snooping on the device gt VLAN ID Specifies the VLAN ID gt IGMP Snooping Status Indicates if IGMP Snooping is enabled on the VLAN The possible field values are Enable Enables IGMP Snooping on the VLAN Disable Disables IGMP Snooping on the VLAN gt Auto Learn Indicates if Auto Learn is enabled on the device If Auto Learn is enabled the devices automatically learns where other Multicas
151. m or process that requires services or processes for another computer ien typically a server Classification Control Lists Devices that grant deny or limit access to devices features CLL ME or applications in QoS Collisi A overlapping transmission of two or more packets that collide The data transmitted ollision cannot be used and the session is restarted A single logical port with two physical connections including an RJ 45 connection and a Combo Port SFP connection Community Specifies a group of users which retains the same system access rights Central Processing Unit The part of a computer that processes information CPUs are composed of a control unit and an ALU Indicates a state where an interface is not advertising links to the neighboring interface I 7 Cc due to Flapping Dynamic Host Configuration Protocol DHCP dynamically assigns IP addresses to devices on DHCP a network With dynamic addressing a device can have a different IP address every time it connects to the network DHCP also supports a mix of static and dynamic IP addresses i An Internet host using DHCP to obtain configuration parameters such as a network DHCP Client dd address DHCP Server An Internet host that returns configuration parameters to DHCP clients A group of computers and devices on a network that are grouped with common rules and procedures DSCP DiffServe Code Point DSCP provides a method of tagging IP packets
152. modes All ports in the LAG have the same priority All ports in the LAG have the same transceiver type The device supports up to eight LAGs and eight ports in each LAG Ports can be configured as LACP ports only if the ports are not part of a previously configured LAG VV VV VV V VV VV WV Ports added to a LAG lose their individual port configuration When ports are removed from the LAG the original port configuration is applied to the ports This section contains the following topics gt Defining LAG Members gt Configuring LACP 7 2 1 Defining LAG Members To define LAG members 1 Click System gt Bridging Config gt Interface gt LAG Membership The LAG Membership Page opens Figure 67 LAG Membership Page 2 Management Switch ation LACP Parameters The LAG Membership Page contains the following fields gt LAG Port Displays the LAG number 192 168 1 1 Ej System Info Interface Trunk Configuration L Bridging Config Interface LAG name Link State Member Edit Remove gt Name Displays the user defined port name Senne ca gt Link State Displays the link operational status uP _ r gt Members Displays the ports configured to the LAG es a oe 22 Membership groups are indicated as bold when active an a and as grayed when passive sng gt Remove Removes the LAG The possible field Submit values Checked Removes the selected LAG Unchecked
153. n for managing system logs The system logs enable viewing device events in real time and recording the events for later usage System logs record and manage events and report errors and informational messages Event messages have a unique format as per the Syslog protocols recommended message format for all error reporting For example Syslog and local device reporting messages are assigned a severity code and include a message mnemonic which identifies the source application generating the message It allows messages to be filtered based on their urgency or relevancy Each message severity determines the set of event logging devices that are sent per each event message The following table lists the log severity levels Table 4 System Log Severity Levels Severity Level Message 7 Provides detailed information about the log If a Debug error occurs contact Customer Tech Support This section contains the following topics Warning ooo Notice Informational gt Defining General Log Properties gt Viewing Memory Logs gt Viewing Flash Logs gt Defining System Log Servers 4 1 Defining General Log Properties The Syslog Properties Page contains fields for defining which events are recorded to which logs It contains fields for enabling logs globally and parameters for defining logs Log messages are listed from the highest severity to the lowest severity level To view the system log properties 1 Click System g
154. nabled Fr HN Security 2 VLAN2 Static Enabled 2 r SNMP Management Maintenance Statistics Submit Dynamic Indicates the VLAN was dynamically created through GARP Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN gt Unauthenticaed VLAN Indicates whether unauthorized users can access a Guest VLAN The possible field values are Enabled Enables unauthorized users to use the Guest VLAN Disabled Disables unauthorized users from using the Guest VLAN gt Remove Removes VLANSs The possible field values are Checked Removes the selected VLAN Unchecked Maintains the current VLANs To add a new VLAN 1 Click treate The Add VLAN Page opens Figure 72 Add VLAN Page 2 Define the VLAN ID and VLAN Name 3 Click Submit The new VLAN is saved and the device is updated To define VLAN properties 1 Click P The Edit VLAN Page opens Figure 73 Edit VLAN Page 2 Modify the VLAN Name and Disable Authentication fields 3 Click Submit The VLAN properties are saved 4 In the VLAN Member Properties Page Click bmit The VLAN information is saved and the device is updated 7 3 2 Defining VLAN Membership Add VLAN VLAN ID VLAN Name Submit Authentication VLAN Settings VLAN ID 2 VLAN Name VLAN2 Disable Authentication V Submit The VLAN Member Membership Page contains
155. nagement Security gt Passwords gt Local Users The Local Users Page opens Figure 39 Local Users Page The Local Users Page contains the following fields gt User Name Displays the user name gt Access Level Displays the user access level The lowest user access level is 1 and the highest is 15 Users with access level 15 are Privileged Users gt Reactivate User Changes the user status to active N ie tat E Passwords i Local Users ne Password Enable Password Local Users H y System Info H Bridging Config Quality of Service Create Security ao Management Secun ty User Name Access Level Lockout Status Edit Remove Ft sone 1 admin 15 Usable r asswords 4 Network Security 2 supervisor 15 Usable l T it 5 ne Main enance Submit Statistics gt Remove Removes the user from the User Name list The possible field values are Checked Removes the selected local user Unchecked Maintains the local users 2 Click treate The Add Local User Page opens Figure 40 Add Local User Page In addition to the fields in the Local Users Page the Add Local User Page contains the following fields gt Password Defines the local user password Local user passwords can contain up to 159 characters gt Confirm Password Verifies the password 3 Define the fields Add Local User User Name Access Level
156. ning LINK W Down e1 Maintenance Statistics Clear Logs Vs fon sc The Syslog Servers Page contains information for viewing and configuring the remote log servers New log servers can be defined and the log severity sent to each server To define Syslog servers 1 Click System gt System Info gt Syslog gt Servers The Syslog Servers Page opens Figure 22 Syslog Servers Page The Syslog Servers Page list the server parameters and contains the following fields gt Server Specifies the server to which logs can be sent gt UDP Port Defines the UDP port to which the server logs are sent The possible range is 1 65535 The default value is 514 TP LINK TL SL3428 L2 Management Switch 192 168 1 1 L System Info Syslog Servers General E Create B Syslog IP Configuration J Bridging Config I Quality of Service Hy Security J SNMP Management Submit y Maintenance Hy Statistics Server UDP Port Facility Description Minimum Severity Edit Remove 1192 168 1 232 514 Local3 Main syslog server Alert L o gt Port Facility Defines an application from which system logs are sent to the remote server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7
157. nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 39 61 Denning IP Addressing EE E E dommertcereemenad 39 6 1 1 Defining IP Addresses Luanda ddensenidsccneddwabcbaisedetdadowtedeneseduencsanenastccsecenasenane 39 6 1 2 Defining the Default Gateway Lusvemaenekneeideie adm eiisvmedendbaune 40 6 1 3 Defining DHCP Addresses rnrnnnnnnnnnnnnnvnnrernnnnnnnnvvnrsnnnnnnnnnnnnnrsnnnnnnnnnnnsesnnnnnnnnnnnesennnnnnne 40 OAA 1 91198 as eee ee ee ee E eee E eee 41 6 2 Defining Domain Name System rrnrnnnnnnnvevrrnnrnnnnnvnvvrnnnnnnnnnnvnnnrnnnnnnnnnnnnsennnnnnnnnnnnnsnnnnnnnne 42 621 Defining DNS SNE eee 42 6 2 2 Configuring Host Mapping vred naE 43 Section 7 Configuring InterfaCes nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 45 12 Configunng PONS vrede 45 T2 Ge oe Ga LAG EEE EEE er ee eee 47 1 2 1 Defining LAG Members aar teeawnsbadosdenawnctandeninbesseseetesaseceeasaoete 47 Lae SP iee 48 15 GR VLANS eee een 49 731 Defining VLAN Propers sriid Eie E EE dnne 49 7 3 2 Defining VLAN Member shi cccccccsssscecccsesssssseseeceeessssseeeeeeeecssssseeeeeeesesessseeseeeeeeseaas 50 7 3 3 Defining VLAN Interface Settings c ccccccccsssssssceeeeeessssseeeeeeeecesssseeeeeesesessseaseeeeesessns 51 34 Configuring GARP re 52 1541 DENN GARP ee E ee arsen 52 15 Demno GVRP eaer eenen EE En E E E EE OSRE 53 Section 8 Defining the Forwarding Database nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn 55 8 1 Configuring
158. nnnnnnrrrrnnnnnnnnnnnessnnnnnnnnnennesnsnn 91 14 3 VIEWING Optical Transceivers Laverne bosdactengbebiadetctuetiesseieotlneediusvekieccednelete 92 Section 15 Viewing StatistiCS rrrrrrnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnenenennnn 93 15 1 Viewing Interface SAN Svealand ene 93 15 1 1 Viewing Device Interface Statistics srrrrrrnnnnnnnrnrrrrrrnnnnnnnnnvnrrrrnnnnnnnvnnnrrnnnnnnnnnnnnnennnnn 93 15 1 2 Viewing Etherlike Statistics rrrrrrnnnnnnrnronnnnnnnnnnnvnrnnnnnnnnnnnnvrvnnnnnnnnnnnnrnnnnnnnnnnnnnnennnnnn 94 1542 VE GRP SANS ee 95 15 1 4 Viewing EAP ENGS rntuseinn 96 1952 NESTEN SA Sep EE 96 15 2 1 Viewing RMON Statistics vassdrags oinkensasane 97 1922 om RMON SON E 98 15 2 2 1 Defining RMON History CONT ON 2ecccicticncisensnniedncanseuecencetatwedacashbdacpatessendondveaniensiaretuenass 98 15 2 2 2 Viewing the RMON History Table Lanes inembmasmesdaedbnssje 99 15 2 3 Configuring RMON EEG 100 15 2 3 1 Defining RMON Events COM avanse eee 100 15 2 3 2 Viewing the RMON Events LOGS ssassepsverppeeksnenmhae bnguddibjbitas ae 101 192 4 PENGA RMON AES sessa E EE ESEE E EE 101 MOSS ANY EEE AEE EEEE EEE 104 The Embedded Web System EWS is a network management system The TP Link Embedded Web Interface configures monitors and troubleshoots network devices from a remote web browser The TP Link Embedded Web Interface web pages are easy to use and easy to navigate In addition the TP Link Embedded Web Inter
159. nvvnvrnnnnnnnnnnnnnnennnnnnnnnvnnenrnnnnnnn 3 1 3 Understanding the TP Link Embedded Web Interface rnnnnrrrnrrnnnnnnnrrvvrrrnnnnnnnrvvnnenrnnnnnnn 4 1 3 1 DEVICE RepresentatlON medkeiser aiis aria 5 1 3 2 Using the TP Link Embedded Web Interface Management Buttons rrrnnnrrrrrernnnnnnnne 5 1 4 Using Screen and Table OONOMS sccg cncs cacuensscazutcaseocnisedesacaicinnendeniecthdanenckvctessacshianddeuibebontsauces 6 1 4 1 Adding Configuration INfOrmation cccccccccccessssseeeeeeecesssseeeeceeeeseseeeeeeeeeesesesseaeeeeeeesss 6 1 4 2 Modifying Configuration Information tac ccccssdtscdncreccssentnteesednesiaesdbdvecieassageondtedetcissnacetedesadess 6 1 5 Deleting Configuration Information rrrnnnnrrrrnrnnnnnnnrnverrrnnrnnnnnrnnnrrnnnnnnnnnnnnnrnnnnnnnnnnnneesnnnnnnns 6 MO Resetting ME DViCO ee ml T 1 7 Logging Off from the DENE Lassen T Section 2 Defining Device Information nnnnnnnnnnnnnnnnnnnvnnnnnennnnenenennnnnnnnnnn 8 Section 3 Setting the System Time rnnnnnnnnnnnnnnnnnnnnnvnnnnnnnennevennnnnnnnnnnnnnnnnn 9 3 1 Configuring Daylight Savings TIME ssiccncsexcuceceodessaseonsaattenennnagnadacenadasensiendsidenesenacesatexneasstalsascmens 9 32 SNP eessen EEEa E EEE EEA EE EEEE Ree EEE 12 N ONTP ON NN 12 3 2 1 1 Polling for Unicast Time Information apr 12 3 2 1 2 Polling for Anycast Time Information ss ecrses cpitck antrndce er cissn cased edanecanecentensalettadlanaiatbecsedelaetens 12 3 2 1
160. on contains the following topics gt Defining SNMP Security gt Configuring SNMP Notification Settings 11 3 Defining SNMP Security This section describes configuring of SNMP security parameters and contains the following topics gt Defining SNMP Global Parameters gt Defining SNMP Views gt Defining SNMP Group Profiles 71 gt Defining SNMP Group Members gt Defining SNMP Communities 11 3 1 Defining SNMP Global Parameters The SNMP Security Global Parameters Page permits the enabling of both SNMP and Authentication notifications To define SNMP security global parameters 1 Click System gt SNMP Management gt Security gt Global Parameters The SNMP Security Global Parameters Page opens Figure 100 SNMP Security Global Parameters Page TP LINK TL SL3428 L2 Management Switch i I Global Parameters The SNMP Secunty Global Parameters Page contains the 192 168 1 1 A System Info Engine ID following fields H onfi Quality of Service Local Engine ID 5 32 Characters 800022570300060000000a Use Default O Submit gt Local Engine ID 0 32 Characters Displays the local device Engine ID The field value is a hexadecimal Maintenance string Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or a colon The Engine ID must be defined before SNMPVv3 is enabled Select a de
161. ontains the following topics gt Viewing RMON Statistics 97 gt Configuring RMON History gt Defining RMON Alarms 15 2 1 Viewing RMON Statistics The RMON Statistics Page contains fields for viewing information about device utilization and errors that occurred on the device To view RMON statistics 1 Click System gt Statistics gt RMON gt Statistics The RMON Statistics Page opens Figure 136 RMON Statistics Page TP LINK The RMON Statistics Page contains the following fields Ty aee SWI Interface Indicates the device for which statistics P ge Fe Statisti are displayed The possible field values are eee Ke i EG a Quality of Serice Interface Q Portfet z C wsh E Port Defines the specific port for which RMON ste a Refresh Rate No Refiesh Z a 3 Maintenance statistics are displayed i Terence Statistics ske aai i ipi RMON Broadcast Packets Received 0 LAG Defines the specific LAG for which RMON eds Mens Packets Recehed 9 A Events eee 0 Statistics are displayed Alam Sa 0 Fragments 0 Refresh Rate Defines the amount of time that f N z i Frames of 64 Bytes 0 passes before the interface statistics are refreshed TE o Frames of 256 to 511 Bytes 0 The possible field values are Frames of 512t0 1023 Bytes 0 Frames of 1024 to 1632 Bytes 0 15 Sec Indicates that the RMON statistics are A refreshed ever
162. ort Authentication Properties The Port Authentication Page allows network managers to configure port based authentication global parameters To define the port based authentication global properties 1 Figure 44 Port Authentication Page The Port Authentication Page contains the following fields gt gt Click System gt Network Security gt Authentication gt Port Authentication The Port Authentication Page opens TP UINK TL SL3428 L2 Management Switch Properties Multiple Ho 192 168 1 1 Copy from Entry Number Copies port authentica FR EN H Quality of Service Copy from Entry Number to Entry Number s tion information from the selected port Pee saeco oe nd ae r ped res to Entry Number s TT Copies port authentication a er Control 1 el Force Authorized Dis e 3600 Force Authorized fAISNMP Management 2 e2 Disable False 3600 Initializ information to the selected port Bitte EG fe Port Displays a list of interfaces on which port based F der ve ae 8 e8 Force Authorized Disable False 3600 Force Authorized authentication is enabled oe Disable False 3800 Initialize User Name Displays the supplicant user name Figure 45 Port Authentication Settings Page 3 Define the fields Em e User Name 4 Check Reauthenticate Now to immediately n forceAuthorized reauthenticate the selected port when submitting
163. otocol Specifies how routers communicate with different domain O DU routers Institute of Electrical and Electronics Engineers An engineering organization that develops communications and networking standards Used in the Spanning Tree Protocol IEEE 802 1d supports MAC bridging to avoid IEEE 802 1d network loops IEEE 802 1p Prioritizes network traffic at the data link MAC sub layer Defines the operation of VLAN Bridges that permit the definition operation and EEE 802 1q administration of VLANs within Bridged LAN infrastructures Internet Group Management Protocol Allows hosts to notify their local switch or router Interior Gateway Protocol Allows for routing information exchange between gateways in System images are saved in two Flash sectors called images image 1 and image 2 The Image File i l active image stores the active copy while the other image stores a second copy Internet Protocol Specifies the format of packets and their addressing method IP more interconnected LANs or WANs IP Multicast Transmits multicast packets in a network Multicast routing copies one IP Version 6 Provides a newer version of the Internet Protocol and follows IP version 4 IPv4 IPv6 increases the IP address size from 32 bits to 128 bits In addition IPv6 TPv6 support more levels of addressing hierarchy more addressable nodes and supports simpler auto configuration of addresses IPX Internetwork Packet Exchang
164. possible field values are Lom A 15 Sec Indicates that the GVRP statistics are p refreshed every 15 seconds man 30 Sec Indicates that the GVRP statistics are mana tint Lt refreshed every 30 seconds 60 Sec Indicates that the GVRP statistics are refreshed every 60 seconds No Refresh Indicates that the GVRP statistics are not refreshed Join Empty Displays the device GVRP Join Empty statistics Empty Displays the device GVRP Empty statistics Leave Empty Displays the device GVRP Leave Empty statistics Join In Displays the device GVRP Join In statistics Leave In Displays the device GVRP Leave in statistics Leave All Displays the device GVRP Leave all statistics Invalid Protocol ID Displays the device GVRP Invalid Protocol ID statistics Invalid Attribute Type Displays the device GVRP Invalid Attribute ID statistics Invalid Attribute Value Displays the device GVRP Invalid Attribute Value statistics Invalid Attribute Length Displays the device GVRP Invalid Attribute Length statistics Invalid Event Displays the device GVRP Invalid Event statistics N VV VV VV VV v v WV Select an interface Port or LAG in the nterface field The GVRP statistics are displayed To update the refresh time gt To change the refresh rate for statistics select another rate from the Refresh Rate dropdown list To reset GVRP interface statistics counters 1 Open the GVRP Statist
165. quency 1 1000000 field can be defined only if multiple hosts are disabled The default is 10 seconds gt Status Indicates the host status If there is an asterisk the port is either not linked or is down The possible field values are Unauthorized Indicates that either the port control is Force Unauthorized and the port link is down or the port control is Auto but a client has not been authenticated via the port Not in Auto Mode Indicates that the port control is Forced Authorized and clients have full port access Single host Lock Indicates that the port control is Auto and a single client has been authenticated via the port No Single Host Indicates that Multiple Host is enabled gt Number of Violations Indicates the number of packets that arrived on the interface in single host mode from a host whose MAC address is not the supplicant MAC address 2 Click The Multiple Host Settings Page opens Multiple Hosts Settings Figure 47 Multiple Host Settings Page Port el Enable Multiple Hosts vw 3 Define the fields Action on Violation discard v 4 Click Submit The multiple host settings are saved Aiaia aie E and the device is updated Trap Frequency fio a ee Submit 5 2 2 3 Defining Authentication Hosts En The Authenticated Hosts Page contains a list of authenticated users To define authenticated users 1 Click System gt Network Security gt Authentication
166. r network administrators familiar with IT concepts and network terminology This section provides an introduction to the user interface and includes the following topics Configuring the device to use TP Link Embedded Web Interface Starting the TP Link Embedded VWeb Interface Understanding the TP Link Embedded Web Interface Using Screen and Table Options Resetting the Device VV VV v WV Logging Off from the Device 1 1 Configuring the device to use TP Link Embedded Web Interface When the device is received the Embedded Web Interface can not be accessed until the device is properly configured To use TP Link Embedded Web Interface use the console interface to assign an IP address and subnet mask on the default VLAN and add a super user with the highest privilege level 15 which is allowed to log onto the device via Embedded Web Interface Below is an example console gt en console config console config username admin password admin level 15 console config interface vlan 1 console config if ip address 192 168 1 1 255 255 255 0 console config if exit console config exit console copy running config startup config 01 Jan 2000 01 02 49 COPY I FILECPY Files Copy source URL running config destination URL flash startup config 01 Jan 2000 01 02 50 COPY W TRAP The copy operation was completed successfully Copy succeeded The above example uses the following assumptions gt The user name and passwo
167. rd are both admin gt The IP address assigned to the default VLAN is 192 168 1 1 gt The subnet mask for the network is 255 255 255 0 Once the device is configured as above you can open the Embedded Web Interface authentication page by typing the URL http 192 168 1 1 into the location bar of the web browser And then use admin as both the user name and password to log onto the device For more detailed information on how to configure the device via console interface read Section 4 Starting and Configuring the Device in the TP Link Installation Guide 1 2 Starting the TP Link Embedded Web Interface This section contains information on starting the TP Link Embedded Web interface lt e gt Note Disable the popup blocker before beginning device configuration using the EWS To access the TP Link user interface 1 Open an Internet browser 2 Ensure that pop up blockers are disabled If pop up blockers are enable modify add and device information messages may not open 3 Enter the device IP address in the address bar and press Enter The Login Page opens Figure 1 Login Page wef TP LINK 192 168 1 1 4 Enter your user name and password AN N ote Type in Username and Password then click OK C gt Passwords are case sensitive me gt To operate the device disable all pop ups with a popup blocker gt For information on using the CLI to define default passwords see the TP Link CLI Re
168. reased by limiting access on a specific port only to users with specific MAC addresses The MAC addresses can be dynamically learned or statically configured Locked port security monitors both received and learned packets that are received on specific ports Access to the locked port is limited to users with specific MAC addresses These addresses are either manually defined on the port or learned on that port up to the point when it is locked When a packet is received on a locked port and the packet TP Link source MAC address is not tied to that port either it was learned on a different port or it is unknown to the system the protection mechanism is invoked and can provide various options Unauthorized packets arriving at a locked port are either gt Forwarded gt Discarded with no trap gt Discarded with a trap gt Shuts down the port Locked port security also enables storing a list of MAC addresses in the configuration file The MAC address list can be restored after the device has been reset Disabled ports are activated from the Port Security Page To view port security parameters 1 Click System gt Network Security gt Traffic Control gt Port Security The Port Security Page opens 36 37 Figure 49 Port Security Page TP LINK The Port Security Page contains the following fields FER gt Interface Displays the Port or LAG name gt aston de gt Interface Stat
169. rror packets received from the selected interface Transmit Statistics gt Total Bytes Octets Displays the number of octets transmitted from the selected interface Unicast Packets Displays the number of Unicast packets transmitted from the selected interface gt gt Multicast Packets Displays the number of Multicast packets transmitted from the selected interface gt Broadcast Packets Displays the number of Broadcast packets transmitted from the selected interface 2 Select an interface in the nterface field The interface statistics are displayed To reset interface statistics counters 1 Open the nterface Statistics Page 2 Click lear All Counters The interface statistics counters are cleared 15 1 2 Viewing Etherlike Statistics The Etherlike Statistics Page contains interface statistics To view Etherlike interface statistics 1 Click System gt Statistics gt Interface Statistics gt Etherlike The Etherlike Statistics Page opens Figure 133 Etherlike Statistics Page TP LINK TL SL3428 L2 Management Switch The Etherlike Statistics Page contains the following fields gt Interface Indicates the device for which statistics are ERTER E System Info Statistics Etherlike displayed The possible field values are E a rol uo apr i i Hi Security res e o Refresh Port Defines the specific port for which Etherlike 3 ASNN
170. rties Page opens 62 Figure 89 MSTP Properties Page TP LINK TL 5L3428 L2 Management The MSTP Properties Page contains the following fields gt Region Name Indicates the name of the user EEE 2 System Info MSTP General defined STP region viene Region Name 00 06 00 00 00 0a orwarding Database FR gt Revision Indicates that an unsigned 16 bit number ieee up a LRSTP IST Master 32768 00 06 00 00 00 0a that identifies the revision of the current MSTP LER i P Multicast Support Submit configuration The revision number is required as part fee ee eee of the MSTP configuration Maintenance The possible range is 0 65535 gt Max Hops Specifies the total number of hops that occur in a specific region before the BPDU is discarded Once the BPDU is discarded the port information is aged out The possible field range is 1 40 The default value is 20 hops gt IST Master Identifies the Spanning Tree Master instance The IST Master is the specified instance root 2 Define the Region Name Revision and Max Hops fields 3 Click Submit The device information is updated 9 3 2 Configuring MSTP Instances MSTP maps VLANs into STP instances Packets assigned to various VLANs are transmitted along different paths within Multiple Spanning Tree Regions MST Regions Regions are one or more
171. s Trap Frequency fi 0 Submit Il A Broadcast Storm is a result of an excessive amount of broadcast messages simultaneously transmitted across a network by a single port Forwarded message responses are heaped onto the network straining network resources or causing the network to time out Storm control is enabled for all Gigabit ports by defining the packet type and the rate the packets are transmitted The system measures the incoming Broadcast and Multicast frame rates separately on each port and discards the frames when the rate exceeds a user defined rate The Storm Control Page provides fields for configuring broadcast storm control To enable storm control for a port 1 Click System gt Network Security gt Traffic Control gt Storm Control The Storm Control Page opens Figure 51 Storm Control Page The Storm Control Page contains the following fields Traffieontrol mas Ta 3 192 168 1 1 gt Port Indicates the type of storm control which is gt Iystem ne Storm Control H y Bridging Config I Quality of Service enabled on the selected port The possible field values i Security Port Enable Broadcast Control Broadcast Mode Broadcast Rate Limit Edit ae om Er e1 Disabled Broadcast Only 100 2 Bw cumy e2 Disabled Broadcast Only 100 A are ae USE e3 Disabled Broadcast Only 100 P i ee e4 Disabled Broadcast Only 100 P Le 25 Disabled Broadcast Only 100 U cast B ca
172. s Page opens Figure 77 GARP Parameters Page The GARP Parameters Page contains the following fields gt gt Copy from Entry Number Indicates the row number from which GARP parameters are copied To Entry Number Indicates the row number to which GARP parameters are copied Interface Displays the port or LAG on which GARP is enabled Join Timer Indicates the amount of time in centiseconds that PDUs are transmitted The default value is 20 centiseconds Leave Timer Indicates the amount of time lapse in centiseconds that the device waits before leaving its GARP state Leave time is activated by a Leave All Time message sent received and cancelled by the Join message received Leave time must be greater than or TP LINK TL 5L3428 L2 Management Switch 192 168 1 1 Quality of Service 28 g4 200 29 LAG 1 200 equal to three times the join time The default value is 60 centiseconds 10000 10000 10000 10000 10000 10000 10000 10000 10000 EI System Info Interface Join Timer Leave Timer Leave All Timer SNE 1 et 200 600 _ Bridging Config Interface 2 2 200 600 Forwarding Datab 3 3 200 600 Spanning Tree 4 4 200 600 VLAN 5 5 200 600 _ Membership 6 6 200 600 C GARP 7 7 200 600 y Multicast Support 8 8 200 600 ity o i 9 9 200 600 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10000 10
173. s and mirrors network traffic by forwarding copies of incoming and outgoing Port Mirroring S packets from one port to a monitoring port Indicates port speed Port speeds include e Ethernet 10 Mbps e Fast Ethernet 100Mbps e Gigabit Ethernet 1000 Mbps Point to Point Protocol Enables connecting to the Internet over a serial link PPP Port Speed establishes sessions between a PC and an ISP using the Link Control Protocol LCP Privil An authorizations set that performs security relevant functions for example user access rivilege to a device Protocol A set of rules that governs how devices exchange information across networks Protocol Stack Layered set of protocols working together to provide networking functions Quality of Service QoS provides policies that contain sets of filters rules QoS allows network managers to decide how and what network traffic is forwarded according to priorities application types and source and destination addresses Query Extracts information from a database and presents the information for use Remote Authentication Dial In User Service A method for authenticating system users and tracking connection time Remote Desktop Protocol Allows a clients to communicate with the Terminal Server over the network 110 111 Term Definition Provides duplication of devices services or events If a device service or event fails Redundancy redundancy provid
174. s are Enable Enables the device to send authentication failure notifications Disable Disables the device from sending authentication failure notifications 2 Define the Enable SNMP Notification and Enable Authentication Notifications fields 3 Click Submit The SNMP notification properties are defined and the device is updated 11 4 2 Defining Notification Filters The SNMP Notification Filter Page permits filtering traps based on OlDs Each OID is linked to a device feature or a portion of a feature The SNMP Notification Filter Page also allows network managers to filter notifications To define notification filters 16 11 1 Click System gt SNMP Management gt Notification gt Notification Filter The SNMP Notification Filter Page opens Figure 113 SNMP Notification Filter Page The SNMP Notification Filter Page contains the following fields gt gt Filter Name Contains a list of user defined notification filters Object ID Subtree Displays the OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients OIDs are selected from either the Select from field or the Object ID field 192 168 1 1 Hy System Info H y Bridging Config H y Quality of Service H y Security i SNMP Management Notification 4 Maintenance Create H y Statistics TP LINK TL 5L
175. s are applied to maps in Service QoS mode A Trust Behavior can be selected or the output service fields can be selected including gt VLAN Priority Tags VPT VPTs are mapped to an output queues based on the VPT While queue mapping is user defined the VPT default mapping to the output queue is as follows In the VPT default mapping Queue 1 has the lowest priority The following table contains the VPT to Queue default settings Table 7 VPT Default Mapping Table VPT Value Queue Number KE Mapping of the VPT to the output queue is performed on a system wide basis and can be enabled or disabled per port gt Default CoS Packets arriving untagged are assigned to a default VPT which can be set by the user on a per port basis Once the VPT is assigned the packet is treated as if it had arrived with this tag The VPT mapping to the output queue is based on the same user defined 802 1p tag based definitions gt DSCP Users can configure the system to use the IP DSCP of the incoming packet to the output priority queues The mapping of the IP DSCP to priority queue is set on a per system basis If this mode is active a non IP packet is always classified to the best effort queue The default mapping is shown in the following table Table 8 DSCP Default Mapping Table DSCP Value Queue Number a onest pro All network traffic which is not assigned a DSCP value is forwarded with Best Effort service After pack
176. s the total amount of STP state changes that have occurred Last Topology Change Indicates the amount of time that has elapsed since the bridge was initialized or reset and the last topographic change that occurred The time is displayed in a day hour minute second format such as 2 days 5 hours 10 minutes and 4 seconds Complete the Spanning Tree State and Bridge Settings fields Click Submit The new STP definition is added and device information is updated 9 1 2 Defining STP Interface Settings Network administrators can assign STP settings to specific interfaces using the STP Interface Settings Page The Global LAGs section displays the STP information for Link Aggregated Groups To assign STP settings to an interface 1 Click System gt Bridging Info gt Spanning Tree gt STP gt Interface Settings The STP Interface Settings Page opens Figure 85 STP Interface Settings Page TP LINK TSS 2 Magee Sul The STP Interface Settings Page contains the following or ni gt Interface The interface for which the information is MR EEE SEN EEE displayed EET gt STP Status Indicates f STP is enabled onthepot A Et fie The possible field values are SET i ii Enabled Enables the STP on the po ETTE Disabled Disables the STP on the port emew eg om See nggi gt Fast Link Indicates if Fast Link is enabled on the Seuss Sl Gk aa __ _ _ _8 fa port If Fast Link mode is enabled for
177. s updated Submit 3 2 4 Defining SNTP Servers The SNTP Servers Page contains information for enabling SNTP servers as well as adding new SNTP servers In addition the SNTP Servers Page enables the device to request and accept SNTP server traffic To define SNTP servers 1 Click System gt System Info gt SNTP gt Servers The SNTP Servers Page opens 14 Figure 15 SNTP Servers Page TP UNK The SNTP Servers Page contains the following fields J i SN Po dd gt SNTP Server Displays user defined SNTP server IP Sn nt SNTP Servers addresses Up to eight SNTP servers can be defined Do i gt Poll Interval Indicates whether or not the device uly Se wie 2 fel sia Umas na a Je polls the selected SNTP server for system time informa Minnene E tion gt Encryption Key ID Displays the encryption key identification used to communicate between the SNTP server and VV v v Figure 16 Add SNTP Server Page device The field range is 1 4294967295 Preference Indicates which SNTP server provides the SNTP system time The possible field values are Primary Indicates the primary server provides SNTP information Secondary Indicates the backup server provides SNTP information Status The operating SNTP server status The possible field values are Up Indicates the SNTP server is currently operating normally
178. section includes the following topics gt Configuring Authentication Methods gt Configuring Passwords 5 1 1 Configuring Authentication Methods This section provides information for configuring device authentication methods This section includes the following topics Defining Access Profiles Defining Profile Rules Defining Authentication Profiles Mapping Authentication Profiles Defining TACACS Host Settings Defining RADIUS Server Settings VV VV V WV 5 1 1 1 Defining Access Profiles Access profiles are profiles and rules for accessing the device Access to management functions can be limited to user groups User groups are defined for interfaces according to IP addresses or IP subnets Access profiles contain management methods for accessing and managing the device The device management methods include gt All gt Telnet gt Secure Telnet SSH gt HTTP Management access to different management methods may differ between user groups For example User Group 1 can access the switch module only via an HTTPS session while User Group 2 can access the switch module via both HTTPS and Telnet sessions The Access Profile Page contains the currently configured access profiles and their activity status Assigning an access profile to an interface denies access via other interfaces If an access profile is assigned to any interface the device can be accessed by all interfaces To configure access profiles 1 Click System g
179. ses Each time a domain name is assigned the DNS service translates the name into a numeric IP address For example www ipexample com is translated into 192 87 56 2 DNS servers maintain databases of domain names and their corresponding IP addresses This section contains the following topics gt Defining DNS Servers gt Configuring Host Mapping 6 2 1 Defining DNS Servers The DNS Server Page contains fields for enabling and activating specific DNS servers To enable DNS and define the DNS server 1 Click System gt System Info gt IP Configuration gt Domain Name System The DNS Server Page opens Figure 61 DNS Server Page TP LINK The DNS Server Page contains the following fields TL S 3428 L2 Management Domain Name Systen Switch gt Enable DNS Enables translating the DNS names Host Mapping 192 168 1 1 into IP addresses The possible field values are i System to FANG nable IV Checked Translates the domains into IP J EI onfiguration JIP Addressing ad d resses he eros Me i 2 ame System Default Parameters a Suri ce Bae ault Domain am Unchecked Disables translating domains into IP et EE E SNMP Management Remove m ad d resses i 5 el gt Default Domain Name Specifies the user defined A DNS server name KONE ica A 2 1 10 5 12 33 KO T gt Type Displays the IP address type The possible Submit field valu
180. settings Port el 7 4 Click Submit The LACP settings are saved and the device is updated LACP Port Priority fi LACP Timeout Long Subrit 7 3 Configuring VLANs VLANs are logical subgroups with a Local Area Network LAN which combine user stations and network devices into a single unit regardless of the physical LAN segment to which they are attached VLANs allow network traffic to flow more efficiently within subgroups VLANs use software to reduce the amount of time it takes for network changes additions and moves to be implemented VLANs have no minimum number of ports and can be created per unit per device or through any other logical connection combination since they are software based and not defined by physical attributes VLANs function at Layer 2 Since VLANs isolate traffic within the VLAN a Layer 3 router working at a protocol level is required to allow traffic flow between VLANs Layer 3 routers identify segments and coordinate with VLANs VLANs are Broadcast and Multicast domains Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated VLAN tagging provides a method of transferring VLAN information between VLAN groups VLAN tagging attaches a 4 byte tag to packet headers The VLAN tag indicates to which VLAN the packets belong VLAN tags are attached to the VLAN by either the end station or the network device VLAN tags also contain VLAN network priority information
181. ssigned SNMP view gt Remove Removes SNMP groups The possible field values are Checked Removes the selected SNMP group Unchecked Maintains the SNMP groups 72 2 Click kreate The Add SNMP Group Profile Page opens Figure 104 Add SNMP Group Profile Page Add SNMP Group Profile GroupName 3 Define the Group Name Security Model Security Level seers Ee Security Level Mo Authentication It and Operation fields Operation I Read Default z I write Default IT Notify Defau Submit 4 Click Submit The SNMP group profile is added and the device is updated To modify the SNMP Group settings 1 Click System gt SNMP Management gt Security gt Group Profile The SNMP Security Group Profile Page opens 2 Click The SNMP Group Profile Settings Page opens Figure 105 SNMP Group Profile Settings Page SNMP Group Profile Settings Query Access Control Configuration 3 Modify the Group Name Security Model Security oa Security Level o Authentication Operation V Read Default I write Default 4 Click Submit The SNMP group profile is modified Submit and the device is updated Level and Operation fields 7 IT Notify Default 11 3 4 Defining SNMP Group Members The SNMP Security Group Membership Page enables assigning system users to SNMP groups as well as defining the user authentication method To define SN
182. st M tbd see 26 Disabled Broadcast Only 100 e7 Disabled Broadcast Only 100 P eg Disabled Broadcast Only 100 B cast M cast tbd e Disabled Broadcast Only 100 P Disabled Broadcast Only 100 P Disabled Broadcast Only 100 B cast S N tbd Disabled Broadcast Only 100 Disabled Broadcast Only 100 Disabled Broadcast Only 100 vi gt Enable Broadcast Control Indicates if forwarding Broadcast packet types on the interface gt Broadcast Mode Specifies the Broadcast mode currently enabled on the device The possible field values are Unknown Unicast Multicast amp Broadcast Counts Unicast Multicast and Broadcast traffic Multicast amp Broadcast Counts both Broadcast and Multicast traffic together SOHO Broadcast Counts only the Broadcast traffic gt Broadcast Rate Threshold Indicates the maximum rate kilobytes per second at which unknown packets are forwarded The range is 0 1 000 000 The default value is zero All values are rounded to the nearest 64 Kbps If the field value is under 64 Kbps the value is rounded up to 64 Kbps with the exception of the value zero 2 Click nextto the port to configure The Storm Control Settings Page opens Figure 52 Storm Control Settings Page Storm Control Settings 3 Select the Port Storm Control Settings foal el Enable Broadcast Control 4 Click Enable Broadcast Control and define the Rate ee roste 3 Thresho
183. stem Description Page opens Figure 10 System Description Page TP LINK The System Description Page contains the following fields TL 513428 L2 Management 1 gt Model Name Displays the device model number 192 168 1 1 and name er EG System Information pe General a Model Name TL 5L3428 L2 Management Switch gt System Name Defines the user defined device As EE i HIP Configuration 1 j 5 JBridging Co System Location name The field range is 0 160 characters ere sytem contact Security em ObjectiD 1 3 6 1 4 1 100 gt System Location Defines the location where the EEEE cove 4 our 4 minutes 68 seconde Statistics Base MAC Address 00 06 00 00 00 0a system is currently running The field range is 0 160 Hardware Version 01 00 00 Software Version 1 0 0 29 Boot Version 1 0 0 04 Submit characters gt System Contact Defines the name of the contact person The field range is 0 160 characters gt System Object ID Displays the vendor s authoritative identification of the network management sub system contained in the entity gt System Up Time Displays the amount of time since the most recent device reset The system time is displayed in the following format Days Hours Minutes and Seconds For example 41 days 2 hours 22 min utes and 15 seconds Base MAC Address Displays the device MAC address Hardware Version Displays the installed device hardware
184. stics STP General Global Settings Spanning Tree State Enable gt STP Operation Mode Classic STP gt BPDU Handling Flooding z Path Cost Default Values Short gt Bridge Settings Priority 32768 Hello Time 2 Sec o Sec C Forward Delay 15 Sec C Max Age Designated Root Bridge ID 32768 00 06 00 00 00 0a Root Bridge ID 32768 00 06 00 00 00 0a Root Port 0 Root Path Cost 0 Topology Changes Counts 1 Last Topology Change OD OH 14M 15 Submit Rapid STP Enables Rapid STP on the device Multiple STP Enables Multiple STP on the device BPDU Handling Determines how BPDU packets are managed when STP is disabled on the port or device BPDUs are used to transmit spanning tree information The possible field values are Filtering Filters BPDU packets when spanning tree is disabled on an interface This is the default value Flooding Floods BPDU packets when spanning tree is disabled on an interface Path Cost Default Values Specifies the method used to assign default path cost to STP ports The possible field values are Short Specifies 1 through 65 535 range for port path cost This is the default value Long Specifies 1 through 200 000 000 range for port path cost The default path cost assigned to an interface varies according to the selected method Hello Time Max Age or Forward Delay The Bridge Settings section contains the following fields
185. t 4 Click Submit The RADIUS server is added and the Dead Time een E Use Default device is updated Key String Alpha Numeric Use Default Source IP Address I Use Default Usage Type All To modify RADIUS server settings Submit IP Address Lists the RADIUS server IP addresses Priority Displays the RADIUS server priority The possible values are 1 65535 where 1 is the highest value The RADIUS server priority is used to configure the server query order Authentication Port Identifies the authentication port The authentication port is used to verify the RADIUS server authentication The authenticated port default is 1812 Number of Retries Defines the number of transmitted requests sent to the RADIUS server before a failure occurs The possible field values are 1 10 Three is the default value Timeout for Reply Defines the amount of time in seconds the device waits for an answer from the RADIUS server before retrying the query or switching to the next server The possible field values are 1 30 Three is the default value Dead Time Defines the amount of time in minutes that a RADIUS server is bypassed for service requests The range is 0 2000 The default is 0 minutes Source IP Address Defines the source IP address that is used for communication with RADIUS servers Usage Type Specifies the RADIUS server authentication type The default value is All The possible field values are Log
186. t Configuring Static Addresses gt Configuring Dynamic Forwarding Addresses 8 1 Configuring Static Addresses The Forwarding Database Static Addresses Page contains parameters for defining the age interval on the device To prevent static MAC addresses from being deleted when the device is reset ensure that the port attached to the MAC address is locked To prevent static MAC addresses from being deleted when the device is reset ensure that the port attached to the MAC address is locked To define Static addressing for the forwarding database 1 Click System gt Bridging Config gt Forwarding Database gt Static Addresses The Forwarding Database Static Addresses Page opens Figure 81 Forwarding Database Static Addresses Page 7 D LINK The Forwarding Database Static Addresses Page contains TL SL3428 L2 Management Switch the following fields Static Address 192 168 1 1 A gt VLAN ID Displays the VLAN ID number to which Sytem fo Static Addresses T el o ai x reate the entry refers Fe La _ 1 aSpanning Tree VLANID MAC Address Interface Status Remove gt MAC Address Displays the MAC address to which Fr 1 000000124030 e1 Permanent IT i Qualit of Service the entry refers FSsuiy Submit SNMP Management gt Interface Displays the interface to which the entry cage refers Port The specific port number to which the forwarding database parameters refer LAG The specific LAG number
187. t Management Security gt Authentication gt Access Profiles The Access Profile Page opens Figure 24 Access Profile Page TRUNK Authentication BRETTES TE The Access Profile Page contains the following fields man i M z gt Access Profile Name Defines the access profile Fer name The access profile name can contain up to 32 pees l V characters a a dl gt Active Profile Defines the access profile currently ge Submit active gt Remove Removes the selected access profile The possible field values are Figure 25 Add Access Profile Page Checked Removes the selected access profile Access Profiles cannot be removed when Active Unchecked Maintains the access profiles Disable Active Profile Disables the active access profile The possible field values are Checked Disables the active access profiles Unchecked Indicates the access profile is currently active This is the default value Click treate The Add Access Profile Page opens Add Access Profile In addition to the fields in the Access Profile Page the Add aaia Access Profile Page contains the following fields o gt Access Profile Name Defines a new access profile re e hE evan name oo ani gt Rule Priority Defines the rule priority When the Action Permit z packet is matched to a rule user groups are either Submit granted permission or denied device mana
188. t System Info gt Syslog gt Properties The Syslog Properties Page opens Figure 19 Syslog Properties Page The Syslog Properties Page contains the following fields gt Enable Logging Indicates if device global logs for Cache File and Server Logs are enabled Console logs are enabled by default The possible field values are Checked Enables device logs Unchecked Disables device logs gt Severity Notice Provides device information Informational Provides device information Debug Provides debugging messages AN Note TP LINK TL SL3428 L2 Management Switch Properties 192 168 1 1 i 1 System Info Logs Settings General Bj SNTP Enable Logging V Syslog EL sel Severity Console Memory Logs Log Flash Bridging Config Emergency F 5 v Quality of Service Security Alert M Vv M GISNMP Management Critical NW Vv VW Maintenance Statistics Errar M K M Warning NW NW T Notice NW IV F Informational M Vv F Debug O O FP Submit When a severity level is selected all severity level choices above the selection are selected automatically gt Console Defines the minimum severity level from which logs are sent to the console gt RAM Logs Defines the minimum severity level from which logs are sent to the RAM Log kept in RAM Cache gt Log File
189. t TE Events Control vent Entry UISPIays tne event ge gt Community Displays the community to which the S CASNMP Management ETE EE EN UNE EEE KNE Pi ode nance 1 Default Community Default Description None 1 1 2000 1 1 0 TP 2 D event belongs Submit gt Description Displays the user defined event description gt Type Describes the event type Possible values are Log Indicates that the event is a log entry Trap Indicates that the event is a trap Log and Trap Indicates that the event is both a log entry and a trap None Indicates that no event occurred gt Time Displays the time that the event occurred Vv Owner Displays the device or user that defined the event gt Remove Removes a RMON event The possible field values are Checked Removes a selected RMON event Unchecked Maintains RMON events 2 Click treate The Add RMON Event User Page opens 100 Figure 142 Add RMON Event User Page Add Event Entry i i Event Entry 2 3 Define the fields Community Default Community 4 Click Submit The entry is added to the RMON ARR Defaut Description Events Control Page and the device is updated None wer o To modify an RMON Event user Submit 1 Click System gt Statistics gt RMON gt Events The RMON Events Control Page opens displaying defined event entries 2 Click nextto an entry The Edit RMON Event User P
190. t groups are located Enables or disables Auto Learn on the Ethernet device The possible field values are Enable Enables auto learn Disable Disables auto learn gt Host Timeout Indicates the amount of time host waits to receive a message before timing out The default time is 260 seconds gt MRouter Timeout Indicates the amount of the time the Multicast router waits to receive a message before it times out 67 The default value is 300 seconds gt Leave Timeout Indicates the amount of time the host waits after requesting to leave the IGMP group and not receiving a Join message from another station before timing out If a Leave Timeout occurs the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user defined or an immediate leave value The default timeout is 10 seconds 2 Click the Enable IGMP Snooping Status checkbox 3 Click Submit IGMP Snooping is enabled on the device To modify IGMP Snooping 1 Click amp The Multicast Global Parameters Settings Page opens Figure 95 Multicast Global Parameters Settings Page Multicast Global Parameters Settings 2 Modify the VLAN ID IGMP Status Enable Enable Auto VLAN ID 1 gt Learn Host Timeout MRouter Timeout and Leave IGMP Status Enable Disable gt Timeout fields gii enable IR l Host Timeout Pe o 3 Click Submit The IGMP global parameters are MRouter Timeout 300 modified and the dev
191. te in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or colon gt Password Defines the password for the group member 3 Define the User Name Group Name Engine ID Authentication Method Password Authentication Key and Privacy Key fields 4 Click Submit The SNMP group membership is modified and the device is updated To modify SNMP Group Membership settings 1 Click System gt SNMP Management gt Security gt Group Membership The SNMP Security Group Membership Page opens 2 Click E The SNMP Group Membership Settings Page opens Figure 108 SNMP Group Membership Settings Page j SNMP Group Membership Settings User Name User1 gt 3 Modify the Group Name Engine ID Authentication re loca Method Password Authentication Key and Privacy Group Name group Key fields Authentication Method None 7 Password een j i oo entication n Lene 4 Click _ Submit The SNMP group membership is je _ Ko ap i iva hess modified and the device is updated sti Remove Submit 14 15 11 3 5 Defining SNMP Communities Access rights are managed by defining communities in the SNMP Communities Page When the community names are changed access rights are also changed SNMP communities are defined only for SNMP v1 and SNMP v2c To define SNMP communities 1 Click System gt SNMP Management gt Security gt Communities The SNMP Security Communities
192. ted Cable Tests The Copper Cable Page contains fields for performing tests on copper cables Cable testing provides information about where errors occurred in the cable the last time a cable test was performed and the type of cable error which occurred The tests use Time Domain Reflectometry TDR technology to test the quality and characteristics of a copper cable attached to a port Cables up to 120 meters long can be tested Cables are tested when the ports are in the down state with the exception of the Approximated Cable Length test To view cable test results gt Click System gt Maintenance gt Diagnostics gt Copper Cable The Copper Cable Page opens Figure 130 Copper Cable Page TP LINK The Copper Cable Page contains the following fields Mn ee eager 11 L2 Management Diagnostics Switd gt Port Specifies the port to which the cable is tome 192 168 1 1 connected System Info i ca i pa AN sa le Port Test Result Cable Fault Distance Last Update Cable Length gt Test Result Displays the cable test results Possible oe et NoCable OM 01 an 2000042740 Test Maintenance e2 Test values are i ae Management e3 Test pa Diagnostics Ti No Cable Indicates that a cable is not connected Fr a 06 es to the port E Open Cable Indicates that a cable is connected n e9 Test on only one side e10 E l n E Short Cable Indicates that a short has oc
193. terference by one or more of the following measures gt Reorient or relocate the receiving antenna gt Increase the separation between the equipment and receiver gt Connect the equipment into an outlet on a circuit different from that to which the receiver is connected gt Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference 2 This device must accept any interference received including interference that may cause undesired operation EC DECLARATION OF CONFORMITY EUROPE In compliance with the EMC Directive 89 336 EEC Low Voltage Directive 73 23 EEC this product meets the requirements of the following standards gt EN55022 gt EN55024 gt EN60950 SAFETY NOTICES AN Caution Do not use this product near water for example in a wet basement or near a swimming pool Avoid using this product during an electrical storm There may be a remote risk of electric shock from lightning TABLE OF CONTENTS Pee JG 1 EN LOE EEE NE EE 1 ai late ete 20010 131 g 6 EEE ee eee 2 Section 1 Getting Started rrrrrrrnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnvenennnnnnnnnnnnnnnnn 3 1 1 Configuring the device to use TP Link Embedded Web Interface rrrrrrnnrnnnnnrrverennnnnnnnn 3 1 2 Starting the TP Link Embedded Web Interface anrrnrrnnnnnnnnn
194. ters to respond to ARP requests for nodes located on different sub VLANs belonging to the same Super VLAN Routers respond with their MAC address Authentication Header Protocol Provides source host authentication and data integrity Address Resolution Protocol A TCP IP protocol that converts IP addresses into physical addresses ASIC Application Specific Integrated Circuit A custom chip designed for a specific application Asset Tag Specifies the user defined device reference Authentication Profile Set of rules that enable login to and authentication of users and applications Allows 10 100 Mpbs or 10 100 1000 Mbps Ethernet ports to establish for the following features e Duplex Half Duplex Mode e Flow Control Auto negotiation e Speed Amechanism used with Half Duplex mode that enables a port not to receive a message The main segment of a network Backbone types include e Building e Campus Backbone e Metropolitan e National Data e Telecommunications Term Definition Backplane The main BUS that carries information in the device Specifies the amount of data that can be transmitted in a fixed amount of time For digital Bandwidth devices bandwidth is defined in Bits per Second bps or Bytes per Second Bandwidth Assignment Indicates the amount of bandwidth assigned to a specific application user and or interface Baud Indicates the number of signaling elements transmitted each second B
195. to which the forwarding database parameters refer gt Status Displays how the entry was created The possible field values are Secure The MAC Address is defined for locked ports Permanent The MAC address is permanent Delete on Reset The MAC address is deleted when the device is reset Delete on Timeout The MAC address is deleted when a timeout occurs gt Remove Removes the entry The possible field values are Checked Removes the selected entry Unchecked Maintains the current static forwarding database 2 Click treate The Add Forwarding Database Page Add Forwarding Database opens Interface a Port e1 Ac Lac Figure 82 Add Forwarding Database Page MAC Address Gwan iz 3 Define the Interface MAC Address VLAN ID or VLAN C WLAN Name i r Name and Status fields Status Permanent 4 Click Submit The forwarding database information is Submit modified and the device is updated 8 2 Configuring Dynamic Forwarding Addresses The Dynamic Addresses Page contains parameters for querying information in the Dynamic MAC Address Table including the interface type MAC addresses VLAN and table storing The Dynamic MAC Address Table contains information about the aging time before a dynamic MAC address is erased and includes parameters for querying and viewing the Dynamic MAC Address table The Dynamic MAC Address table contains address parameters by which pack
196. tober Hungary From the last weekend of March until the last weekend of October India India does not use Daylight Saving Time Iran From Farvardin 1 until Mehr 1 Iraq From April 1 until October 1 Ireland From the last weekend of March until the last weekend of October Israel Varies year to year Italy From the last weekend of March until the last weekend of October Japan Japan does not use Daylight Saving Time ordan From the last weekend of March until the last weekend of October VV VV VV VV VV VV VV VV VV VV VV VV VV WV Latvia From the last weekend of March until the last weekend of October Lebanon From the last weekend of March until the last weekend of October Lithuania From the last weekend of March until the last weekend of October Luxembourg From the last weekend of March until the last weekend of October Macedonia From the last weekend of March until the last weekend of October Mexico From the first Sunday in April at 02 00 to the last Sunday in October at 02 00 Moldova From the last weekend of March until the last weekend of October Montenegro From the last weekend of March until the last weekend of October Netherlands From the last weekend of March until the last weekend of October New Zealand From the first Sunday in October until the first Sunday on or after March 15 Norway From the last weekend of March until the last weekend of Octob
197. trol Page opens Figure 137 RMON History Control Page TP LINK The RMON History Control Page contains the following ee r de gt History Entry No Displays the entry number for Er ats aea kice Er me TESE gt Source Interface Displays the interface from which Sie er 1 et 1800s 0 TY D the history samples were taken The possible field Eee Et values are BA Port Specifies the port from which the RMON information was taken LAG Specifies the port from which the RMON information was taken gt Sampling Interval Indicates in seconds the time that samplings are taken from the ports The field range is 1 3600 The default is 1800 seconds equal to 30 minutes gt Samples Requested Displays the number of samples to be saved The field range is 1 65535 The default value is 50 gt Current Number of Samples in List Displays the current number of samples taken gt Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters gt Remove Removes History Control entries The possible field values are Checked Removes the selected History Control entry Unchecked Maintains the current History Control entries 2 Click treate The Add History Entry User Page opens Figure 138 Add History Entry User Page Add History Entry i New History Entry 2 3 Define the fields ER porlet E c uc
198. up to 30 characters gt Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 SNMPV1 is defined for the group SNMPv2c SNMPv2c is defined for the group SNMPv3 SNMPV3 is defined for the group TP LINK Or Ad 7 Bon Seourit 20 Global t na ans 192 168 1 1 System Info SNMP Groups Bridging Config 4 Quality of Service Create H y Security SNMP Management Security Maintenance Group Name Security Model Security Level Operation Edit Remove Read Write Notify 1 group SNMPy1 No Authentication Default r Submit gt Security Level Defines the security level attached to the group Security levels apply to SNMPv3 only The possible field values are No Authentication Indicates that neither the Authentication nor the Privacy security levels are assigned to the group Authentication Authenticates SNMP messages and ensures that the SNMP message s origin is authenticated Privacy Encrypts SNMP messages gt Operation Defines the group access rights The possible field values are Read Management access is restricted to read only and changes cannot be made to the assigned SNMP view Write Management access is read write and changes can be made to the assigned SNMP view Notify Sends traps for the a
199. us Indicates the host status The Er a een ones ESA S fone possible field values are Tate dd 2 3 SNMP Management e4 Unlocked ClassicLock 1 Discard Fa v 2 Unauthorized Indicates that the port control kue umoa Gasco ed Fae 10 is Force Unauthorized the port link is down or unne asst Last ae the port control is Auto but a client has not been sia Und Gael 1 eae f authenticated via the port moue oe n 3 Not in Auto Mode Indicates that the port control is Forced Authorized and clients have full port access Single host Lock Indicates that the port control is Auto and a single client has been authenticated via the port gt Learning Mode Defines the locked port type The Learning Mode field is enabled only if Locked is selected in the Set Port field The possible field values are Classic Lock Locks the port using the classic lock mechanism The port is immediately locked regardless of the number of addresses that have already been learned Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port The port learns up to the maximum addresses allowed on the port Both relearning and aging MAC addresses are enabled gt Max Entries Specifies the number of MAC address that can be learned on the port The Max Entries field is enabled 1 Click The Port Security Settings Page opens Figure 50 Port Security Settings Page 2 Mo
200. vice was last refreshed Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral octet Alignment Error number The field range to detect jabbers is between 20 ms and 150 ms Collisions Displays the number of collisions received on the interface since the device was last refreshed gt Frames of xx Bytes Number of xx byte frames received on the interface since the device was last refreshed 2 Select an interface Port or LAG in the Interface field The RMON statistics are displayed To update the refresh time gt To change the refresh rate for statistics select another rate from the Refresh Rate dropdown list To reset RMON statistics counters 1 Open the RMON Statistics Page 2 Click Clear All Counters The RMON statistics counters are cleared 15 2 2 Configuring RMON History This section contains the following topics gt Defining RMON History Control gt Viewing the RMON History Table 15 2 2 1 Defining RMON History Control The RMON History Control Page contains information about samples of data taken from ports For example the samples may include interface definitions or polling periods To set RMON history control 1 Click System gt Statistics gt RMON gt History The RMON History Con
201. with QoS priority information Permits simultaneous transmissions and reception of data There are two different types of duplex mode e Full Duplex Mode Permits bisynchronous communication for example a telephone Duplex Mode Two parties can transmit information at the same time e Half Duplex Mode Permits asynchronous communication for example a walkie talkie Only one party can transmit information at a time Distance Vector Multicast Routing Protocol DVMRP tunnels multicast messages DVMRP within unicast packets DVMRP supports rate limiting and distribution control based on destination address Egress Port Port from which network traffic is transmitted Enhanced Interior Gateway Routing Protocol Provides fast convergence support for variable length subnet mask and supports multiple network layer protocols End System An end user device on a network Exterior Gateway Protocol Permits exchanging routing information between two neighboring gateway hosts in an autonomous systems network Encapsulating Security Payload Provides a variety of security services for IPv4 and IPv6 106 107 Term Definition Uses a bus or star topology and supports data transfer rates of Mpbs A newer version called Fast Ethernet supports 100 Mbps Ethernet is standardized as per IEEE 802 3 Ethernet is the most commonly implemented LAN standard Embedded Web Server Provides device management via a standard we
202. word is used for authentication The user should enter a password SHA Password Users are authenticated using the HMAC SHA 96 authentication level The user should enter a password No Authentication No user authentication is used gt Remove Removes users from a specified group The possible field values are Checked Removes the selected user Unchecked Maintains the list of users 2 Click kreate The Add SNMP Group Membership Page opens Figure 107 Add SNMP Group Membership Page Adu SNMP oroup Momborehip In addition to the fields in the SNMP Security Group Fa om Membership Page The Add SNMP Group Membership Group Name groupt z Page contains the following fields EE zl gt Authentication Method Defines the SNMP Authenticationkey d v authentication method did HE gt Authentication Key Defines the HMAC MD5 96 or Submit HMAC SHA 96 authentication level The authentication and privacy keys are entered to define the authentication key If only authentication is required 16 bytes are defined If both privacy and authentication are required 32 bytes are defined Each byte in hexadecimal character strings is two hexadecimal digits Each byte can be separated by a period or a colon gt Privacy Key Defines the privacy key LSB If only authentication is required 20 bytes are defined If both privacy and authentication are required 36 bytes are defined Each by
203. ximum number of data bits transmitted within a specific time interval Configuration Data Base A file containing a device s configuration information Classless Interdomain Routing Based on route aggregation Routers group routes CIDR together and reduce the amount of routing information carried by the core routers Several IP networks appear to networks outside the group as a single larger entity Committed Information Rate Indicates the rate Bps that data is transmitted using frame relay services FRS The rate is averaged over a minimum time increment An aspect of Quality of Service system that is comprised of an IP ACL and or a MAC Class Map ACL Class maps are configured to match packet criteria and are matched to packets in a first fit fashion Class of Service CoS The 802 1p priority scheme CoS provides a method for tagging Class of Service packets with priority information A CoS value between 0 7 is added to the Layer II header of packets where zero is the lowest priority and seven is the highest Creates new addresses on the internet The new addresses are distributed to ISPs for Classless Inter Domain their customers use CIDR reduces the Internet routers burden by combining routes Routing One IP address represents thousands of addresses serviced by a major backbone provider 105 Term Definition CLI Command Line Interface A set of line commands used to configure the system Client A computer syste
204. y gt Management Security gt Authentica tion gt TACACS The TACACS Page opens 2 Select TACACS server entry 3 Click amp The TACACS Host Settings Page opens Figure 35 TACACS Host Settings Page 4 Modify the fields 5 Click Submit The TACACS host settings are saved and the device is updated 5 1 1 6 Defining RADIUS Server Settings Add TACACS Host Host IP Address Priority Source IP Address Key String Authentication Port 49 Timeout for Reply sec Use Default Single Connection IT Use Default Use Default Submit TACACS Host Settings Host IP Address 10 22 14 v Priority Source IP Address XXX I Use Default Key String EE Authentication Port 49 Timeout for Reply 1 sec 1 Use Default Status Not Connected Single Connection I Use Default Submit Remote Authorization Dial In User Service RADIUS servers provide additional security for networks RADIUS servers provide a centralized authentication method for web access The default parameters are user defined and are applied to newly defined RADIUS servers If new default parameters are not defined the system default values are applied to newly defined RADIUS servers To configure RADIUS servers 1 Click System gt Management Security gt Authentication gt Radius The Radius Page opens 28 29 Figure 36 Radius Page TP LINK i ee 3 A
205. y the session is blocked Local RADIUS None Indicates that authentication first occurs locally If authentication cannot be verified locally the RADIUS server authenticates the management method If the RADIUS server cannot authenticate the management method the session is permitted RADIUS Local None Indicates that authentication first occurs at the RADIUS server If authentication cannot be verified at the RADIUS server the session is authenticated locally If the session cannot be authenticated locally the session is permitted gt HTTP Indicates that authentication methods are used for HTTP access Possible field values are None Indicates that no authentication method is used for access Local Indicates that authentication occurs locally RADIUS Indicates that authentication occurs at the RADIUS server Line Indicates that authentication uses a line password Enable Indicates that authentication uses an Enable password Local RADIUS Indicates that authentication first occurs locally If authentication cannot be verified locally the RADIUS server authenticates the management method If the RADIUS server cannot authenticate the management method the session is blocked RADIUS Local Indicates that authentication first occurs at the RADIUS server If authentication cannot be verified at the RADIUS server the session is authenticated locally If the session c
206. y 15 seconds 30 Sec Indicates that the RMON statistics are refreshed every 30 seconds 60 Sec Indicates that the RMON statistics are refreshed every 60 seconds Received Bytes Octets Displays the number of octets received on the interface since the device was last refreshed This number includes bad packets and FCS octets but excludes framing bits Received Packets Displays the number of packets received on the interface including bad packets Multicast and broadcast packets since the device was last refreshed Broadcast Packets Received Displays the number of good broadcast packets received on the interface since the device was last refreshed This number does not include Multicast packets Multicast Packets Received Displays the number of good Multicast packets received on the interface since the device was last refreshed CRC amp Align Errors Displays the number of CRC and Align errors that have occurred on the interface since the device was last refreshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the device was last refreshed Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the device was last refreshed Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but including FCS octets received on the interface since the de
Download Pdf Manuals
Related Search