Tenda L3 Managed Switch User Guide

User Guide for Tenda models including: L3 Managed Switch

TEG5328P-24-410WV1.0&TEG5310P-8-150WV1.0&TEG5328FV1.0&TEG5312FV1.0-User Guide

Tenda

L3 Managed Switch User Guide

Manual: Set the DNS server address manually. Primary DNS It displays the primary/secondary DNS server address of the switch. Secondary DNS You can click to modify it. Device SN It displays the device SN info of the switch. 8 4 Switching 4.1 Port management 4.1.1 Basic lick Switching > Port > asic to enter the page.

File Info : application/pdf, 112 Pages, 4.46MB

TEG5310P-8-150W User Guide

L3 Managed Switch User Guide

Copyright Statement
© 2020 Shenzhen Tenda Technology Co., Ltd. All rights reserved.
is a registered trademark legally held by Shenzhen Tenda Technology Co., Ltd. Other brand and product names mentioned herein are trademarks or registered trademarks of their respective holders. Copyright of the whole product as integration, including its accessories and software, belongs to Shenzhen Tenda Technology Co., Ltd. No part of this publication can be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the prior written permission of Shenzhen Tenda Technology Co., Ltd.
Disclaimer
Pictures, images and product specifications herein are for references only. To improve internal design, operational function, and/or reliability, Tenda reserves the right to make changes to the products without obligation to notify any person or organization of such revisions or changes. Tenda does not assume any liability that may occur due to the use or application of the product described herein. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information and recommendations in this document do not constitute a warranty of any kind, express or implied.
i

Preface

Thank you for choosing Tenda!

This user guide is applicable to the following switches. For product features and software screenshots, please refer to the actual product. TEG5328P-24-410W is used for illustration if there is no other specification.

Model

Product Name

TEG5328P-24-410W

L3 Managed PoE Switch

TEG5310P-8-150W

L3 Managed PoE Switch

TEG5328F

L3 Managed Switch

TEG5312F

L3 Managed Switch

Web UI of different models may differ. The Web UI actually displayed shall prevail.

Conventions

The typographical elements that may be found in this document are defined as follows.

Item Cascading menus Parameter and value Variable

Presentation > Bold Italic

Example System > Live Users Set User Name to Tom. Format: XX:XX:XX:XX:XX:XX

UI control

Bold

On the Policy page, click the OK button.

The symbols that may be found in this document are defined as follows.

Symbol

Meaning

This format is used to highlight information of importance or special interest. Ignoring this type of note may result in ineffective configurations, loss of data or damage to device.

This format is used to highlight a procedure that will save time or resources.

For more documents
If you want to get more documents of the device, visit www.tendacn.com and search for the corresponding product model.

The related documents are listed as below.

Document

Description

Quick Installation Guide

It introduces how to set up the device quickly for internet access, the descriptions of LED indicators, ports, and buttons, FAQ, statement information, and so on.

User Guide

It introduces how to set up more functions of the device for more requirements, including all functions on the web UI of the device.

Data Sheet

It introduces the basic information of the device, including product overview, selling points, and specifications.

Technical Support

If you need more help, contact us by any of the following means. We will be glad to assist you as soon as possible.

Global: (86) 755-27657180 (China Time Zone)

Hotline

United States: 1-800-570-5892 (Toll Free: 7 x 24 hours)
Canada: 1-888-998-8966 (Toll Free: Mon - Fri 9 am - 6 pm PST)

support@tenda.com.cn

Hong Kong: 00852-81931998

Website

www.tendacn.com

iii

Contents
1 Web login ....................................................................................................................................... 1 1.1 Login ....................................................................................................................................... 1 1.2 Logout .................................................................................................................................... 3
2 Web UI introduction.......................................................................................................................4 2.1 Web layout ............................................................................................................................. 4 2.2 Commonly used buttons ........................................................................................................ 5
3 System summary ............................................................................................................................ 6 4 Switching ........................................................................................................................................ 8
4.1 Port management .................................................................................................................. 8 4.1.1 Basic ............................................................................................................................ 8 4.1.2 Port mirroring..............................................................................................................9 4.1.3 Port aggregation........................................................................................................10 4.1.4 Port rate limit ............................................................................................................ 11 4.1.5 Packet statistics ......................................................................................................... 12
4.2 VLAN ..................................................................................................................................... 15 4.2.1 Overview ...................................................................................................................15 4.2.2 VLAN configuration ................................................................................................... 16 4.2.3 Example of 802.1Q VLAN configuration....................................................................18
4.3 DHCP relay............................................................................................................................21 4.4 DHCP snooping.....................................................................................................................24 4.5 Spanning tree ....................................................................................................................... 26
4.5.1 Overview ...................................................................................................................26 4.5.2 Global ........................................................................................................................ 33 4.5.3 Port configuration ..................................................................................................... 36 4.5.4 Port statistics ............................................................................................................. 37
iv

4.5.5 Instance info .............................................................................................................. 38 4.6 LLDP configuration ............................................................................................................... 40
4.6.1 Overview ...................................................................................................................40 4.6.2 Global ........................................................................................................................ 41 4.6.3 Port configuration ..................................................................................................... 42 4.6.4 Neighbor info ............................................................................................................ 43 4.7 IGMP snooping ..................................................................................................................... 45 4.7.1 IGMP snooping principle...........................................................................................45 4.7.2 Global ........................................................................................................................ 47 4.7.3 Fast leave...................................................................................................................48 5 Routing ......................................................................................................................................... 49 5.1 Static routing ........................................................................................................................ 49 5.2 ARP ....................................................................................................................................... 50 5.3 DHCP server .........................................................................................................................52 5.3.1 Overview ...................................................................................................................52 5.3.2 DHCP settings ............................................................................................................ 52 5.3.3 DHCP reservation ...................................................................................................... 54 5.3.4 Client list....................................................................................................................54 6 QoS policy.....................................................................................................................................56 6.1 ACL........................................................................................................................................56 6.1.1 Overview ...................................................................................................................56 6.1.2 Configuration guidance ............................................................................................. 56 6.1.3 ACL list ....................................................................................................................... 57 6.1.4 MAC ACL....................................................................................................................57 6.1.5 IP ACL.........................................................................................................................58 6.1.6 Apply ACL .................................................................................................................. 59 6.2 QoS ....................................................................................................................................... 60 6.2.1 Overview ...................................................................................................................60 6.2.2 Configuration guidance ............................................................................................. 64
v

6.2.3 QoS scheduler ........................................................................................................... 65 6.2.4 802.1P ....................................................................................................................... 66 6.2.5 DSCP .......................................................................................................................... 67 6.2.6 Port priority ............................................................................................................... 67 7 Network security .......................................................................................................................... 69 7.1 MAC filtering ........................................................................................................................ 69 7.2 802.1X .................................................................................................................................. 70 7.2.1 Overview ...................................................................................................................70 7.2.2 Global ........................................................................................................................ 71 7.2.3 Port configuration ..................................................................................................... 71 7.3 Attack defense......................................................................................................................74 7.3.1 Overview ...................................................................................................................74 7.3.2 ARP attack defense....................................................................................................74 7.3.3 DoS attack defense....................................................................................................75 7.3.4 MAC address attack defense.....................................................................................76 8 Device settings ............................................................................................................................. 77 8.1 User management................................................................................................................77 8.2 SNMP....................................................................................................................................78 8.2.1 Overview ...................................................................................................................78 8.2.2 Configuration guidance ............................................................................................. 80 8.2.3 Basic .......................................................................................................................... 81 8.2.4 Permission control .................................................................................................... 81 8.2.5 Notification................................................................................................................ 83 8.3 System time..........................................................................................................................84 8.3.1 Manual setting ..........................................................................................................84 8.3.2 Network calibration...................................................................................................84 8.4 Maintenance ........................................................................................................................ 85 8.4.1 Firmware upgrade ..................................................................................................... 85 8.4.2 Configuration import.................................................................................................85
vi

8.4.3 Backup ....................................................................................................................... 86 8.4.4 Reboot ....................................................................................................................... 86 8.4.5 Factory settings ......................................................................................................... 87 8.5 Log management.................................................................................................................. 88 8.5.1 Log info......................................................................................................................88 8.5.2 Server settings...........................................................................................................89 8.6 Diagnostics ........................................................................................................................... 90 8.6.1 Ping test.....................................................................................................................90 8.6.2 Tracert test ................................................................................................................ 90 8.7 MAC settings ........................................................................................................................ 92 8.7.1 MAC address table .................................................................................................... 92 8.7.2 Static MAC address ................................................................................................... 93 8.8 Time period .......................................................................................................................... 94 9 Visualization ................................................................................................................................. 95 9.1 Global ................................................................................................................................... 95 9.2 Device list ............................................................................................................................. 98 10 PoE management ......................................................................................................................... 99 10.1 Overview ............................................................................................................................99 10.2 Global ...............................................................................................................................100 10.3 Port settings .....................................................................................................................101 Appendix ..........................................................................................................................................103 A.1 Safety precautions .............................................................................................................103 A.2 Acronyms and Abbreviations.............................................................................................104
vii

1 Web login

1.1 Login

Step 1 Step 2

Connect the computer to any of the ports from 1 to 24 of the switch using an Ethernet cable.
Set the IP address of the computer to an unused one belonging to the same network segment of the IP address of the switch.
The default IP address of the switch is 192.168.0.1, you can set the IP address of the computer to 192.168.0.X (X is an unused number ranging from 2 to 254), and subnet mask to 255.255.255.0.

Step 3 Start a browser (such as Chrome) and enter the IP address of the switch (default: 192.168.0.1) in the address bar to access the login page.
Step 4 Enter your user name and password (the default user name and password are admin) and click Login.
1

----End
If the above page does not appear, try the following solutions: Clear the cache of the web browser or try another web browser. Check whether another device with the IP address 192.168.0.1 exists in the local network. If the problem persists, reset the switch and try again. Reset method: When the SYS LED indicator
is blinking, hold down the reset button (LED Mode or LED/Reset or Reset) for about 10 seconds, and then release it when all LED indicators are solid on. The switch is restored to factory settings when the SYS LED indicator blinks again.
After logging in to the web UI, you can start to configure the switch.
2

1.2 Logout
After you log in to the switch's web UI page, the system will automatically log you out if there is no operation within the login timeout. Alternatively, you can directly click the user name on the upper right corner, and then click Exit to exit the web UI page.
3

2 Web UI introduction
2.1 Web layout
The Web UI page can be divided into four parts: level-1 navigation bar, level-2 navigation bar, tab page area, and the configuration area.

No.

Name

Description

Level-1 navigation bar

The navigation bars and tab pages display the function menu of the

Level-2 navigation bar switch. When you select a function in navigation bar, the

Tab page area

configuration of the function appears in the configuration area.

Configuration area

This area enables you to view and modify configuration.

2.2 Commonly used buttons

Common buttons Cancel

Description

Used for refreshing displayed contents on the current page.

Used for configuring the settings on the current page in batches.

Used for saving the configurations on the current page and enabling the

configurations to take effect. If you only click

to save the configurations,

they will be cleared after the switch reboots.

Used for restoring the original configuration without saving the configuration on the current page.

Used for viewing help information corresponding to the settings on the current page.

Used for adding new rules on the current page.

Used for deleting the rules on the current page.

Used to save all current configurations of the switch. If you click the configurations, they still remain after the switch reboots.

to save

3 System summary
On the System Summary page, you can view the connection status of each port, utilization rate, system time, and device information. TEG5310P-8-150W is used for illustration here.

Parameter description
Name
System Summary
Utilization Rate System Time Uptime

Description

It displays the connection status of each port of the switch:

indicates that the port is connected to a device, and that the port is not connected to a device.

indicates

It displays the CPU and memory utilization of the switch.

It displays the system time of the switch.

It displays the time during which this switch is operating since the last reboot.

Device Name

It displays the name of the switch. You can click to modify it.

Device Info

Device Location Firmware Version Hardware Version MAC Address

It displays the location of the switch. You can click It displays the firmware version of the switch. It displays the hardware version of the switch. It displays the MAC address of the switch.

to modify it.

Name

VLAN1 IP Address

Description
It displays the IP address of the default VLAN of the switch. The computer belonging to the default VLAN can log in to the web UI of the switch using this IP address.

DNS Assignment Type
Primary DNS Secondary DNS Device SN

You can modify the DNS assignment type by clicking . Auto: The DNS server address is automatically assigned. Manual: Set the DNS server address manually.
It displays the primary/secondary DNS server address of the switch. You can click to modify it.
It displays the device SN info of the switch.

4 Switching
4.1 Port management
4.1.1 Basic
Click Switching > Port > Basic to enter the page. On this page, you can view and configure the basic parameters of the ports.

Parameter description

Name Port Port Status
Speed/Duplex

Description It specifies the ID of the port. It specifies the current connection status of the port.
: The port is connected. : The port is not connected. : The port is disabled. It specifies the negotiation speed and duplex mode of the port. HDX: Half duplex.

Name
Port Isolation
Ingress Limit Egress Limit Ingress Flow Egress Flow Jumbo Frame

Description FDX: Full duplex. Auto-negotiation: Negotiate the speed and duplex mode with the port of the
peer device.
It specifies the isolation group to which the port belongs. Ports belonging to different isolation groups can communicate with each other while ports belonging to the same group cannot. Ports that are not assigned to any isolation groups are displayed in the Disabled state, indicating that they can communicate with all ports.
With the function enabled, the ingress flow of the port will be monitored. When congestion occurs on the ingress port, the switch sends a PAUSE frame to notify the peer device to stop or slow down data transmission for a specific period of time, so as to avoid incurred message loss.
With the function enabled, when the switch receives a PAUSE frame from the peer device, the switch stops or slows down the data transmission speed of the corresponding port for a specific period of time to avoid incurred message loss.
It specifies the statistics of data traffic received by the port.
It specifies the statistics of data traffic transmitted by the port.
It specifies the size of the packet that can be received or transmitted by the port. Packets which exceed this size will be discarded.

4.1.2 Port mirroring

Port mirroring is a method of copying and sending network packets from a port or multiple ports (source ports) to a specified port (destination port) of the switch. The destination port is commonly connected to a data monitoring device, enabling you to monitor data traffic, analyze performance, and diagnose fault.
Click Switching > Port > Port Mirroring to enter the page. On this page, you can configure the mirroring rules.

Parameter description

Name ID Mirroring Group Type

Description It specifies the ID of the mirroring group. This switch only supports local mirroring group types.

Name Source Port Destination Port
Direction

Description
It specifies the ports whose packets will be copied. Multiple ports can be selected.
Packets of source ports will be copied to this port. A mirroring group can contain only one destination port.
It specifies the packet type. Ingress: Packets received by source ports will be copied to the destination port. Egress: Packets transmitted by source ports will be copied to the destination
port. Two-way: Packets transmitted and received by source ports will be copied to
the destination port.

4.1.3 Port aggregation

Port aggregation is used to converge multiple physical ports into a logical aggregation group, and multiple physical links in one aggregation group are regarded as one logical link. The Port Aggregation function binds multiple physical links into one logic link and enables them to share traffic load for each other, thus increasing the bandwidth between the switch and peer device. Meanwhile, each member in an aggregation group backs up each other's data dynamically, improving connection reliability.
The network topology of port aggregation is shown as follows.

This switch

Aggregation group

Peer device
In the same aggregation group, all member ports must be set to the same configurations with respect to STP, QoS, VLAN configuration and port management.
Click Switching > Port > Port Aggregation to enter the page. On this page, you can configure the
10

port aggregation rules.

Parameter description

Name Aggregation Group
Aggregation Mode

Description
It specifies the ID of aggregation groups. When the Aggregation Mode is set to Static, Aggregation Group ID ranges from 1 to 32. When the Aggregation Mode is set to Dynamic, Aggregation Group ID ranges from 33 to 64.
There are two aggregation modes: Static and Dynamic. Static aggregation: All member ports in the aggregation group converge into one
logical port. Dynamic aggregation: LACP (Link Aggregation Control Protocol) for all member
ports in the aggregation group is enable, and the actual aggregated ports must be determined together with the peer device through LACP protocol.

Algorithm Member Port

The aggregation mode of the switch needs to be the same as that of the peer device. Otherwise, the data cannot be forwarded properly or the loops occur.
It specifies the routing algorithms for the aggregation group:
src-dst-mac: Member ports in the aggregation group share the load according to the source MAC address and destination MAC address in the received packet.
src-dst-ip: Member ports in the aggregation group share the load according to the source IP address and destination IP address in the received packet.
src-dst-mac-ip-port: Member ports in the aggregation group share the load according to the source MAC address, destination MAC address, source IP address, destination IP address, TCP/UDP source port number and destination port number in the received packet.
It specifies the members of an aggregation group.
In the static aggregation mode, the member ports are members of an aggregation group.
In the dynamic aggregation mode, the member ports are the ports enabled the LACP protocol, and the actual aggregated ports must be determined together with the peer device through LACP protocol.

4.1.4 Port rate limit

Click Switching > Port > Port Rate Limit to enter the page. On this page, you can configure the

egress rate of the port and set the suppression value of each port for receiving broadcast, multicast and unknown unicast packets.

Parameter description

Name Port Egress Rate (Mbps) Broadcast Packet Multicast Packet Unknown Unicast
Suppression Value

Description
It specifies the ID of the port.
It specifies the maximum egress rate of the port. "--" stands for no rate limit.
It displays whether the broadcast packet suppression function is enabled or disabled.
It displays whether the multicast packet suppression function is enabled or disabled.
It displays whether the unknown unicast packet suppression function is enabled or disabled.
It specifies the total rate at which broadcast, multicast and unknown unicast messages are allowed to pass by when the suppression function is enabled. There is no suppression when the suppression function is disabled or the suppression value is greater than the ingress or egress rate.

4.1.5 Packet statistics

Click Switching > Port > Packet Statistics to enter the page. On this page, you can view and delete the information of packets received and sent by each port.

Parameter description

Name

Description

Port

It specifies the ID of the port.

Transmitted Packets It specifies the total packets sent by a port.

Transmitted Byte It specifies the total bytes sent by a port.

Received Packets It specifies the total packets received by a port.

Received Byte

It specifies the total bytes received by a port.

To view the details of packets received and sent by a port, please click the button port.

behind the

Parameter description

Name Total Bytes Broadcast Packets Unicast Packets Error Packets
Discard Packets

Description It specifies the bytes received/sent by the port. It specifies the number of the broadcast packets received/sent by the port. It specifies the number of the unicast packets received/sent by the port. It specifies the number of the error packets received/sent by the port. It specifies the number of the discarded packets when the port is receiving/sending packets.

4.2 VLAN

4.2.1 Overview

VLAN (Virtual Local Area Network) is a technology that divides devices in LAN into different logical, instead of physical, network segments to realize virtual working groups. VLANs allow a network station constituted by switches to be logically segmented into different domains for broadcast separation. All members in a VLAN are treated as in the same broadcast domain and communicate as if they were on the same network segment, regardless of their physical locations. Different VLANs cannot intercommunicate directly. Inter-VLAN communication can only be achieved using a router or other layer-3 devices that are able to perform Layer-3 forwarding.
This switch supports 802.1Q VLAN and can communicate with devices that support 802.1Q VLAN in VLAN as well.

802.1Q VLAN

802.1Q VLAN is defined by IEEE 802.1q protocol. With 802.1Q VLAN, the switch can process messages by identifying the tags in messages.
This switch supports three 802.1Q VLAN port types:

- Access: An access port belongs only 1 VLAN, generally used for connecting the computer.
- Trunk: A trunk port can receive and send messages belonging to multiple VLANs. Usually, a trunk port is used for switches connection.
- Hybrid: A hybrid port can receive and send messages belonging to multiple VLANs. Usually, a hybrid port is used for switches connection, and can be connected to a computer.

Methods of each port type to process packets are shown as follows.

Port Link Type Receiving tagged data Receiving untagged data Sending data

Access port

Messages are forwarded after the tags are removed.

Trunk port Hybrid port

Forward to other ports Forward to other ports

in the corresponding in the corresponding

VLAN according to the VLAN according to the

VID in the tag.

PVID on this port.

If the VID value of the message is the same as its PVID value, the message is forwarded after the tags are removed. Otherwise, forward it with its tags remained.
If the VID value of the message belongs to the tagged VLAN, the message is forwarded with its tags remained; if the VID value of the message belongs to the untagged VLAN, the message is forwarded after the tags are removed.

4.2.2 VLAN configuration
Configuring 802.1Q VLAN rules
A VLAN rule is created by default to ensure communication between switches in factory settings. All ports are set to be members of this VLAN by default with the VLAN ID of 1 and the IP address of 192.168.0.1. This rule cannot be deleted. Click Switching > VLAN > 802.1Q VLAN to enter the page. On this page, you can configure the rules of 802.1Q VLAN.

Parameter description

Name VLAN ID VLAN Description L3 Virtual Interface
IP Obtaining Type

Description
It specifies the VLAN ID, used for identifying the VLAN to which the packet belongs.
It is used to identify VLAN groups. If it is not set, the default description is "VLAN and four-digit VLAN ID". For example, when VLAN ID is 3, the VLAN description is VLAN0003.
After the L3 virtual interface is enabled, you can configure the IP address and subnet mask for the VLAN interface. After the IP address information is configured, the communication between VLANs can be realized through static routes.
It specifies the type that the VLAN interface employs to obtain an IP address. Manual: Manually configure the IP address and subnet mask for the VLAN
interface. DHCP: Automatically obtain the IP address info from the DHCP server.

IPv4 Address Subnet Mask

When the IP address obtaining type is set to DHCP, ensure that there is a DHCP server belonging to the VLAN.
The IP address of the VLAN interface can be configured only when the L3 Virtual Interface is enabled. Devices connected to ports in the VLAN group can use this IP address to log in on the Web UI of the switch.
It specifies the subnet mask of the VLAN interface.

Configuring port members
Click Switching > VLAN > Port Member to enter the page. On this page, you can configure the PVID and Tag treatment policies of each port to realize VLAN isolation.

Parameter description

Name Port
Link Type
PVID Tagged Untagged

Description
It specifies the ID of the port.
Three VLAN link types are supported: Access, Trunk, and Hybrid. Access: An access port only belongs to 1 VLAN and transmits untagged messages. It
is commonly used to connect to terminals, such as computers. Trunk: A trunk port can receive and transmit messages belonging to multiple
VLANs, usually used as a cascade-connected port between switches. Hybrid: A hybrid port can receive and transmit messages belonging to multiple
VLANs. A hybrid port can be used as a cascade-connected port between switches, or to connect to terminals.
It specifies the default VLAN ID of a port. When receiving untagged packets, the port forwards them to the corresponding VLAN based on the PVID of the port itself.
If the VID of the tagged packets received by the port is the same with the tagged VLAN, the port retains the tags of the packets and transmit them.
If the VID of the tagged packets received by the port is the same with the untagged VLAN, the port removes the tags of the packets and transmit them.

4.2.3 Example of 802.1Q VLAN configuration

Network requirement
The staff in the financial department and marketing department of a company work on the second floor, while the servers for these two departments are on the third floor. Now it is required that the communication is available within each department and the servers can be accessible respectively, but the two departments cannot communicate with each other.
Solution
Configure an 802.1Q VLAN for two switches: - Create two VLANs for the switches. Assign the ports connected to the financial department's devices to VLAN 5, and the ports to the marketing department's devices to VLAN 7. - Add the ports that connect two switches to both VLAN 5 and VLAN 7.

Port 7

Switch A
Port 1

Port 5

Port 1

Switch B
Port 7

Port 5

Financial Department
VLAN 5
Marketing Department VLAN 7

Configuration procedure
I. Configuring Switch A Step 1 Add VLANs.
1. Log in to the web UI of Switch A and click Switching > VLAN > 802.1Q VLAN.
18

2. Click Add and enter the following information on the pop-out window, and then click Confirm. - Set VLAN ID to 5. - Set VLAN Description to Finance.
3. Repeat step 2 and add another VLAN with the VLAN ID of 7 and VLAN Description of Marketing.
Step 2 Configuring port attribute. 1. Click Switching > VLAN > Port Member. 2. Click the button behind port 5 and set PVID to 5. 3. Click the button behind port 7 and set PVID to 7. 4. Click the button behind port 1 to set Link Type to Trunk and Tagged to 5, 7.
II. Configuring Switch B Refer to the steps of configuring Switch A.
----End
19

Verification
The staff can access the server of their department, but cannot access the server of the other department. The staff in the same department can communicate with each other but cannot communicate to the staff of other departments.
20

4.3 DHCP relay
The basic network model of DHCP requires the client and server in the same LAN. In a network with multiple VLANs, it is necessary to configure a DHCP server for each VLAN, which is of high cost. With the DHCP Relay function enabled, the switch can provide relay service to DHCP server and DHCP clients in different network segments, and forward DHCP protocol messages across network segments, enabling DHCP clients in multiple networks to share a same DHCP server. The working principles of DHCP Relay are shown below.
- When DHCP relay receives the DHCP discover or DHCP request messages sent by DHCP client in broadcast, it fills in the IP address of DHCP relay with the giaddr field in the message, and forwards the message to the specified DHCP server in unicast according to the configuration.
- The DHCP server selects the IP address with the same address segment in the address pool according to the giaddr field in the message, and sends the response message with this IP address information to DHCP relay.
- When DHCP relay receives a response message from the server, the DHCP relay removes the Option 82 field in the packet and broadcasts the DHCP response message to the interface network of the relay device.
Option 82, also called the DHCP Relay Agent Information Option, is an option in DHCP message that records the location Information of the DHCP clients. You can use this option to locate the DHCP client, thus implementing security and charging control for clients. The corresponding IP address and parameter allocation policies can also be configured on the DHCP server according to the Option 82 information, thus flexibly allocating the IP address. By default, the Option 82 of this switch is disabled. After it is enabled, the working mechanism of
21

Option 82 of this switch are shown as follows.

Type of received messages

Processing policy

Add the default content of this switch to the Option 82 information of the DHCP request message, and forward the message.

DHCP request message without Option 82
DHCP request message with Option 82
DHCP response message

The default content of this switch includes the ID of the port that receives the request packet from the DHCP client, the MAC address of the DHCP client and its VLAN.
DHCP request messages are processed according to the following configuration policies.
Replace: Replace the original information of the Option 82 in the message with the default content of the switch, and forward it.
Retain: Retain the original state of the Option 82 in the message and forward it.
Discard: Discard the DHCP request packet with the Option 82 and forward the DHCP request message without Option 82.
Delete Option 82 from the DHCP response packet and forward the message.

Click Switching > DHCP Relay to enter the page. On this page, you can configure the DHCP Relay rules.

Parameter description

Name Option 82
Option 82 Policy

Description
It is used to enable or disable the Option 82 policy. Option 82 records the location info of DHCP clients. The Option 82 policy takes effect only when the Option 82 is enabled.
The switch supports three policies: Replace: When the DHCP Relay receives DHCP request messages, it replaces the
original Option 82 info with the default content of the switch and forwards the messages.

Name
VLAN ID Server IP

Description Retain: When the DHCP Relay receives DHCP request messages, it retains the
original Option 82 state and forwards the messages. Discard: The DHCP Relay discards the DHCP request message with the Option 82,
and forwards the DHCP request message without Option 82.
It species the VLAN to which the clients belong. The VLAN must already exist, and its L3 virtual interface is configured.
It specifies the IP address of the remote DHCP server. The IP address of the remote DHCP server cannot belong to the same network segment as that of the VLAN to which clients belong.

4.4 DHCP snooping
DHCP Snooping is a security mechanism that protects the DHCP service. - It ensures that DHCP clients can obtain IP addresses from the correct servers. The port connecting to the authorized DHCP server is the trusted port, and other ports are untrusted ports. The switch forwards the DHCP messages received by the trusted ports and discards the response messages received by the untrusted ports from the DHCP server, so as to ensure that the DHCP clients can only obtain the IP addresses from the correct DHCP servers. - It records the entries of the DHCP Snooping table. By snooping DHCP-request message and DHCP-ACK message received by the trusted port, the switch establishes a DHCP Snooping table, which includes the MAC address of the client, the IP address of the DHCP client assigned by the DHCP server, the port connecting the DHCP client, and the VLAN info. The DHCP Snooping table is an important basis for ARP validation.
The network topology of DHCP Snooping is shown in the follow figure, assuming that the DHCP Snooping function of switch 1 and switch 2 is both enabled.

Trusted ports: Ports 1 and 4 Untrusted ports: Ports 2, 3, and 5

DHCP Server

Switch 2
Port 4 Port 5

Port 2

Port 1
Switch 1
Port 3

DHCP Client 1

DHCP Client 2

The DHCP snooping function is only available when this function is enabled and the switch is between the DHCP client and DHCP server (or DHCP relay) in the connection network. When the switch is between the DHCP server and DHCP relay, the DHCP snooping function is unavailable.
24

Click Switching > DHCP Snooping to enter the page. On this page, you can configure the DHCP Snooping rules.

Parameter description

Name Port Port Property
Option 82
Option Policy

Description
It specifies the ID of the port.
It is used to configure the DHCP snooping property of the current port, including trusted port or untrusted port. Trusted port: It is connected to a legal DHCP server, and forwards received DHCP
messages normally. Untrusted Port: After receiving the response messages sent by the DHCP server,
the port discards the messages, thus disabling fake DHCP servers erected privately from assigning IP addresses to clients.
It is used to enable or disable the Option 82. Option 82 records the location information of the DHCP client. The option policy takes effect when Option 82 is enabled. Please refer to Option 82 for its working mechanism.
Three Option 82 policies are supported by this switch: Replace: When the DHCP Relay receives DHCP request messages, it replaces the
original Option 82 information with the default content of the switch and forwards the messages. Retain: When the DHCP Relay receives DHCP request messages, it retains the original Option 82 state and forwards the message. Discard: The DHCP Relay discard the DHCP request message with the Option 82, and forwards the DHCP request message without Option 82.

4.5 Spanning tree
4.5.1 Overview
Spanning Tree helps avoid loops in the network to protect the network from broadcast storms, and provide link redundancy backup.
This switch supports three spanning tree modes: STP (Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol) and MSTP (Multi Spanning Tree MST).
STP
STP is a network protocol based on IEEE 802.1d. It is a protocol that ensures a loop-free topology for in local area network and provide backup redundant links. The devices under this protocol discover the loops in the network by communicating with each other, and selectively block some ports, and eventually establish a spanning tree structure without loops, so as to prevent the decline of the message processing capacity of the devices due to the continuous proliferation and endless circulation of messages in the loop network. STP protocol message
To implement spanning tree function, switches in the network transfer BPDUs (Bridge Protocol Data Unit) between each other to exchange information. BPDUs carry the information that is needed for switches to calculate the spanning tree.
The network topology is determined by BPDU transmission among devices. There are two types of BPDUs of STP protocol:
- Configuration BPDU: It is used for spanning tree calculation and spanning tree topology maintenance.
- TCN BPDU (Topology Change Notification BPDU): It is used to notify the changes of network topology structure.
Basic concepts of STP
Bridge ID The bridge ID contains both bridge priority and MAC address, in which the bridge priority is a configurable parameter. The smaller the bridge ID, the higher the bridge priority. The root bridge is the bridge with the smallest bridge ID. Root bridge Root bridge acts as the root of a tree. There is only one root bridge in the network and it is changeable according to the network topology changes.
Initially, all devices regard themselves as the root bridges. They generate their own configuration BPDUs and send them out periodically. When the network topology becomes stable, only the root
26

bridge device can send configuration BPDUs out and other devices can only forward these BPDUs.
Root port
The root port is the port in a non-root bridge device that has the smallest path cost from the bridge to the root bridge, responsible for communication with the root bridge. There is only one root port on the non-root bridge device and no root port on the root bridge device.
Designated bridge and designated port - Designated bridge: For a switch, designated bridge is the device that connects to and forwards BPDUs to the switch. For the LAN, it is the device that forwards BPDUs in the same network segment. In each network segment, the device with the least path cost to the root bridge is the designated bridge. If more than one switch has the same path cost to the root bridge, the one with the smallest bridge ID is the designated bridge. - Designated port: As for a device, it is the port that forwards BPDUs to the host. As for a LAN, it is the port that forwards BPDUs in the same network segment.
Path cost
It is a parameter for choosing the link path by STP. By calculating the path cost, STP chooses the better links and blocks the redundant links, so as to disbranch the loop-network to form a treetopological loop-free network.
The basic network diagram of STP is shown as the following figure. The switch A, B and C are connected successively.
Switch A

Port A1

Port A2

Port B3

Port C6

Switch B

Port B4

Port C5

Switch C

After calculation, switch A is selected as the root bridge, and the link between ports A2 and C6 is blocked.
- Bridges: Switch A is the root bridge of the network, while switch B is the designated bridge of switch C.
- Ports: Port B3 and port C5 are the root ports of switch B and switch C respectively. Port A1 and port B4 are the designated ports of switch A and switch B respectively. Port C6 is the blocking port of switch C.

BPDU priority in STP mode
The smaller the bridge ID is, the higher the bridge priority is. If the root bridge ID is the same, then the root path costs are compared. The comparison method is to assume the root path cost in BPDU and the path cost corresponding to this port to be S, then the BPDU with smaller S has higher priority. If the root path costs are the same, compare the designated bridge ID, designated port ID and ID of the port that receives the BPDU successively, one with the smallest ID has higher priority.
STP computing process

1. Initial status

Initially, each port of the switch generates a BPDU regarding the switch as the root bridge, with the root path cost being 0, the ID of the designated bridge being the switch ID, and the designated port being itself.

2. Optimal BPDU selection

Each switch sends out its BPDUs and receives BPDUs from other switches. The following table shows the procedure to select the optimal BPDU.
Step Content

Receiving BPDU with lower priority: If the priority of the BPDU received by a port is lower than that

of the port itself, the switch discards the received BPDU and does not deal with the BPDU of that

port.

Receiving BPDU with higher priority: If the priority of the received BPDU is higher than that of the port itself, the switch replaces the BPDU of the port with the received one.

The switch selects the best BPDU by comparing BPDUs on all ports.

3. Root bridge selection

The root bridge is selected by BPDU exchange and root bridge ID comparison. The switch with the smallest root bridge ID is chosen as the root bridge.

4. Root port and designated port selection

The selection procedure is shown in the following table:

Step Content

For each switch (except the root bridge), the port that receives the optimal BPDU is chosen as the root port of the switch.

The switch calculates a designated port BPDU for each ports according to the root port BPDU and root port path cost.

The ID of the root bridge is replaced with that of the root port.

Root path cost is replaced with the sum of the root path cost of the root port BPDU and the path cost corresponding the root port.

Step Content The ID of the designated bridge is replaced with that of the switch itself. The ID of the designated port is replaced with the port ID itself.

The switch compares the calculated BPDU with the BPDU of the port whose role requires to be determined, and deal with the port according to different comparison results.

If the calculated BPDU takes the precedence over the BPDU of the port, the port is chosen as the

designated port with its BPDU replaced with the calculated BPDU, and regularly sends out the BPDU.

If the BPDU of this ort takes the precedence over the calculated BPDU, the BPDU of this port is not changed and the port is blocked. The port only receives BPDUs but cannot forward BPDU or other data.

In a stable topology, only the root ports and designated ports can forward data, and other ports are blocked. The blocked ports can only receive BPDUs, but not forward data.
STP Timer
Hello Time
It specifies the interval for the root bridge to send BPDU messages to other switches, used to test if the links malfunction. Maximum Aging Time
It specifies the maximum duration during which if a switch does not receive a BPDU message from the root bridge, it sends BPDU packets to all the other switches for recalculate the new STP. Forwarding Delay
It specifies the delay time the port state migration takes after the network topology changes.
Link malfunction leads to STP recalculation in the network, in which case, the STP structure will change accordingly. However, as the new BPDUs cannot be spread to the whole network immediately, the temporal loops might occur if the new root ports and the designated ports forward data at once. Therefore, STP adopts a state migration mechanism, that is, the new root ports and designated ports begin to forward data after twice forwarding delay, which ensures the new BPDUs have been spread to the whole network.
RSTP
RSTP is defined by the IEEE 802.1w standard and downward compatible with IEEE 802.1d STP. In addition to a loop-free network and redundant links, it features with fast convergence. If all bridges in a LAN support RSTP, it enables a rapid topology tree generation when the network topology changes (traditional STP topology tree: 50 seconds, RSTP topology tree: 1 second).
RSTP determines the network topology by exchanging BPDUs among switches. However, the BPDU format of RSTP differs from that of STP. When the topology is changing, RST-BPDU messages are
29

spread by floods to notify the change to the whole network.
Conditions for rapid state migration of the root ports and designated ports in RSTP: - Root port: The original root port of the switch stops forwarding data and the designated port of the upstream switch begins to forward data. - Designated port: If the designated port is an edge port, it can directly transit to forwarding state; if the designated port is a P2P port, it can transit to forwarding state once it gets response from the downstream switch through handshake.
Edge Port
An edge port is a designated port on the edge of the switching network. It is directly connected to terminal devices. An edge port can transit to forwarding state immediately without going through listening and learning states. If it receives a BPDU, it immediately turns from an edge port to a common spanning tree port, and joins the STP generation.
P2P Port
A P2P port used to connect to other switches. Under RSTP/MSTP, all ports operating in full-duplex mode are considered to be P2P ports.
MSTP
Disadvantages of STP and RSTP in common working environments: - STP: Ports cannot rapidly transit the states, and even ports on links with point-topoint ports and edge ports can only transit to forwarding states after twice forwarding delay. - RSTP: It features with fast convergence, but as all VLANs in the LAN share only one spanning tree and all messages of VLANs should be forwarded along this spanning tree. Therefore, the redundant links cannot be blocked by VLANs, and data traffic load cannot be balanced among VLANs.
MSTP is defined by the IEEE 802.1s standard and compatible with STP and RSTP. It not only features with fast convergence, but also allows data flows of different VLANs to be forwarded along the paths respectively, thus enabling better load sharing mechanism for redundant links, which compensates for the limitations of STP and RSTP.
Features of MSTP: - MSTP supports mapping VLANs to the spanning tree instances through VLAN-toinstance mapping table, and realizes load balancing by mapping multiple VLANs to one instance. - MSTP divides the spanning tree network into multiple regions, each of which contains internal spanning trees that are independent of one another. - MSTP prunes a loop network into a loop-free tree network to avoid continuous proliferation and endless circulation of messages, and also provided multiple redundant paths for data forwarding, thus ensuring load balancing in data forwarding process.
30

MST region The MST region (Multiple Spanning Tree Regions) is made up of multiple devices in a switching network and their network segments. These devices have the following features:
- A spanning tree protocol enabled - Same region name - Same configuration summary (the configuration of the mapping relationship between
VLAN and MSTI is the same) - Same MSTP revision level - Physically linked together MSTI MSTP can generate multiple independent spanning trees in an MST region, and each spanning tree is regarded as an MSTI (Multiple Spanning Tree Instance). In the MST region, MSTP generates multiple spanning trees according to the VLAN-to-instance mapping table, and maps the VLANs to the spanning trees. The spanning tree calculation method of MSTP is the same with that of STP. IST An IST (Internal Spanning Tree) is a special spanning tree in the MST region. It is commonly called MSTI 0. CST CST (Common Spanning Tree) is a single spanning tree that connects all MST regions within the network. MSTP considers MST regions as separate devices and generates CST connecting to all regions. CIST CIST (Common and Internal Spanning Tree) is a single spanning tree that connects all devices within the network. It consists of the ISTs in all MST regions and the CST. Regional Root Regional Root is the root bridge of IST or MSTI within the MST region. Regional roots vary with the different spanning tree topologies. Common Root Bridge Common Root Bridge is the root bridge of CIST. Based on BPDUs comparison, MSTP selects an optimal device as the common root bridge in the whole network. Similar to STP, MSTP uses BPDUs to calculate spanning trees, except that BPDUs carries MSTP configuration information. The basic concept diagram of MSTP is shown as follows.
31

MST region A

CST (Common Spanning Tree)

MST region B

MST region C

The topology of each MSTI in MST region C is as follows.
Connected to MST region A

Connected to MST region B

Switch 1

MSTI0

MSTI1

Switch 2

Switch 3
VLAN 1 is mapped to MSTI0. VLAN 2 and VLAN 3 are mapped to MSTI1. VLAN 1 is mapped to MSTI2.

MSTI2

Region Root MSTI topology

Port status
In MSTP, port status includes the following four types according to whether the port can forward data and the ways to process BPDUs:
- Forwarding: The port receives and forwards data, receives and sends BPDUs, and learns addresses.
- Learning: The port does not receive or forward data, but receives and sends BPDUs, also learns addresses.

- Discarding: The port neither receives or forwards data, nor sends BPDUs or learns addresses, but receives BPDUs.
- Disabled: The port is not physically linked.
Port role
In MSTP, there are different roles of the ports: - Root port: It has the least past cost to the root bridge and is responsible for forwarding data from a non-root bridge to the root bridge. - Designated port: It forwards data to the downstream network segment or device. - Master port: It is on the shortest path from the MST region to the common root bridge, connecting the MST region to the common root bridge. - Alternate port: It acts as the backup port for the root port or master port. - Backup port: It acts as the backup port for the designated port. - Disable port: It is a port that is not physically linked.
The port roles are shown as the following diagram:

Region edge port: Ports A1, A2, B3, B4

Master port: Port A1

Alternative port: Ports A2. C1

Designated port: Ports A3, B2, A4, C3

Backup port: Port C4

Root port: Ports B1, C2

Port A1

Port A3

Connect to common root bridge
Port A2
Switch A
Port A4

Switch B
Port B1 Port B2

Port B3

Port B4

MST region

Switch C
Port C1 Port C2
Port C3

Port C4

4.5.2 Global
Click Switching > Spanning Tree > Global to enter the page. On this page, you can configure the global parameters of the spanning tree.

Parameter description

Name Status
Mode

Description
It is used to enable or disable the spanning tree function.
The switch supports three spanning tree modes: STP, RSTP and MSTP. STP: Spanning tree protocol. RSTP: Rapid Spanning Tree Protocol, compatible with STP protocol, featuring with
fast convergence. MSTP: Multiple Spanning Tree Protocol, compatible with RSTP and STP, providing
better load sharing mechanism for redundant links.

Bridge Confuguration

Parameter description

Name

Description

Maximum Aging Time

It specifies the maximum duration during which the BPDU can be kept in the switch. The configuration should meet the following formulas:
Maximum Aging Time 2 × (hello time + 1) Maximum Aging Time 2 × (forwarding delay - 1)

Hello Time

It specifies the interval at which the switch sends BPDU, which is set to 2 seconds by default.

Forwarding Delay

It specifies the delay that the port state migration takes after the network topology changes, which is set to 15 seconds by default.

Name Maximum Hops
Bridge Priority

Description
It specifies the maximum number of the BPDU that can be forwarded, used to limit the scale of the spanning tree.
It specifies the system priority of a switch in the participation in the spanning tree calculation. The priority is an important criterion by which the root bridge is determined. Switch with the higher priority will be chosen as the root bridge on equal conditions.

MSTP Domain Setting

Parameter description

Name Region Name Revision Digest

Description It specifies the identity of the MST Region. The default value is the MAC address of the switch. It specifies the MSTP revision level, which is set to 0 by default. It specifies the value calculated based on the VLAN mapping interior.

MSTP Instance

Parameter description

Name Instance ID VLAN Mapping List Bridge Priority

Description A maximum of 32 instances are allowed. 0 indicates internal spanning tree. The spanning tree is calculated by each instance separately. It specifies the instance mapping VLAN.
It specifies the instance system priority used for root bridge election of instances in

Name

Description MST regions.

Specified Root Bridge

Parameter description

Name Bridge ID Region Root ID Root Path Cost
Topology Status
Root Bridge ID Root Port Internal Root Path Cost Last Changed Time

Description
It specifies the bridge priority and bridge MAC address of this switch.
It specifies the bridge priority and bridge MAC address of the regional root bridge in the region of this switch.
It specifies the sum of root port path cost and the root path cost of all switches packets pass by. The root path cost of the root bridge is 0.
It specifies the topology status of the spanning tree of this switch. Topology_calculation: The port is unstable during the calculation of spanning tree,
and the packets cannot be forwarded. Commonly, with the default time parameters, the Topology_calculation status can last up to 50 seconds when the mode is STP, while for RSTP and MSTP, the time duration is less than 3 seconds. Topological_stability: The port is stable, and the network is normal.
For STP and RSTP, it specifies the bridge priority and MAC address of the root bridge; while for MSTP, it specifies the bridge priority and MAC address of the common root bridge.
It specifies the port nearest to the root bridge on a non-root-bridge switch.
It specifies the reference value used to choose path and calculate path cost in the path of MST region. It is also the criterion used in determining whether the port is chosen as the root port The smaller the value is, the higher the priority will be.
It specifies the time of the last topology change.

4.5.3 Port configuration

Click Switching > Spanning Tree > Port Configuration. On this page, you can configure the STP parameters of the ports.

Parameter description

Name Port STP Status
Edge Port
P2P Port

Description
It specifies the ID of the port.
It indicates whether the STP function is enabled or not. Only when the STP function in both Global and Port Configuration is enabled can the port join spanning tree calculation.
The edge port can rapidly migrate to the forwarding state from the congestion state. No need to wait for the delay time. The edge port is commonly connected to terminals. When receiving BPDU messages, the edge port is changed to a non-edge port. All ports are edge ports by default. Disable: This port is a non-edge port. Enable: This port is an edge port.
A P2P port can perform fast migration. In RSTP/MSTP mode, all ports in full-duplex mode are considered as P2P ports. The default port automatically identifies links. Auto: P2P port can be automatically identified. Disable: This port is a P2P port. Enable: This port is not a P2P port.

4.5.4 Port statistics

Click Switching > Spanning Tree > Port Statistics to enter the page. On this page, you can view the spanning tree packets transmitted, received and discarded by each port.

Parameter description

Name Port MSTP
RSTP
STP TCN Unknown Illegal

Description
It specifies the ID of the port.
It specifies the number of configuration BPDU with MSTP info transmitted or received by the port.
It specifies the number of configuration BPDU with RSTP info transmitted or received by the port.
It specifies the number of configuration BPDU with STP info transmitted or received by the port.
It specifies the number of TCN BPDU message transmitted or received by the port.
It specifies the number of discarded unknown STP packets.
It specifies the number of discarded error STP packets.

4.5.5 Instance info

Click Switching > Spanning Tree > Instance Info to enter the page. On this page, you can view and configure the MSTP instance information.

Parameter description

Name Instance ID Port Port Role Port Status Region Root ID
Designated Bridge
Designated Port Priority
Path Cost

Description
It is used to select the instance ID to check the STP state information of the instance.
It specifies the ID of the port.
It specifies the role of the port plays in the spanning tree instance. For more details, please refer to Port role.
It specifies the current operating status of the port. For more details, please refer to Port status.
It specifies the bridge priority and bridge MAC address of the regional root bridge.
It specifies the bridge ID of the switch that connects to this switch and is used to forwards BPDU messages to the switch. The designated bridge ID of the root port and backup port is the bridge ID of the switch used to send BPDU messages; while the designated bridge ID of the designated port is the bridge ID of the switch itself.
It specifies the port to which the designated bridge forwards BPDU messages.
It specifies the priority of the port in spanning tree calculation. When the root bridge ID, root path cost, and bridge ID are the same, priority is an important criterion to determine whether the port is selected as the root port. The smaller the value of the priority is, the higher the priority will be.
It is a reference value used to select the paths and calculate the path costs in the instance within the MST region, also a reference for root port selection. The smaller the value is, the higher the priority will be.

4.6 LLDP configuration
4.6.1 Overview
In a multi-vendor environment, a standard protocol is required that allows network devices from different vendors to discover other devices, exchange system and configuration information. LLDP (Link Layer Discovery Protocol) provides a standard link layer discovery method that organizes the main capabilities, management address, device identifier, and interface identifier info of devices on this side into different TLVs (Type/Length/Value), and encapsulates them in LLDPDUs (Link Layer Discovery Protocol Data Unit) to release to neighbors to which they are directly connected. After receiving these info, the neighbors will save them as the standard MIB (Management Information Base) to enable the network management system to check and judge the link communication conditions.
Basic concepts
LLDP message LLDP message is encapsulated with LLDPDU. LLDPDU LLDPDU is a data unit encapsulated in LLDP message. Each LLDPDU is a sequence of type-lengthvalue (TLV) structures. TLV A TLV is an information element of LLDPDU. Each TLV carries one piece of information. Management address The network management system uses the management address to identify and manage the device for topology maintenance and network management. The management address is encapsulated in the management address TLV of the LLDP message.
Operating mechanism
LLDP is a one-way protocol for information notification or retrieval. It notifies an operating method with no requirement of confirmation and unavailable for query. Main works of LLDP:
- Initialize and maintain information in the local MIB. - Obtain required information from the local MIB and encapsulate it in the LLDP
frames. There are two ways to trigger sending LLDP frames: One is triggered by timer expiration, and the other one is triggered by the device status change. - Identify and process the received LLDPDU frames.
40

- Maintain the LLDP MIBs of the remote devices. - Notify the MIB information changes of the local or remote devices. LLDP operating status There are four LLDP operating statuses: - Send & Receive: In this mode, the switch can send and receive LLDP messages. - Send Only: In this mode, the switch can only send LLDP messages. - Receive Only: In this mode, the switch can only receive LLDP messages. - Disable: In this mode, the switch cannot send or receive LLDP messages. When the LLDP operating status changes, its LLDP protocol state machine reinitializes. You can configure Initialization Delay to prevent frequent initializations caused by frequent changes of the operating status. If you have configured the Initialization Delay, the switch must wait the specified time to initialize LLDP after the LLDP operating status changes. LLDP message transmission mechanism When the operating status of the port is Send & Receive or Send Only, the switch sends LLDP messages to its neighbor devices periodically. When the local device information changes, the switch immediately notifies the changes to neighbor devices by sending LLDP messages. But to prevent LLDP messages from overwhelmingly sent to the network caused by frequent changes of local device information, each LLDP message needs to be delayed for a specific time after the last message is sent. When the operating status of the port changes from Disable or Receive Only to Send & Receive or Send Only, the switch sends a LLDP message to its neighbor devices immediately. LLDP message receiving mechanism When the operating status of the port is Send & Receive or Receive Only, the switch confirms the validity of every received LLDP message and its TLVs. After verification, it saves the neighbor device's information and starts an aging timer according to the value of TTL (Time to Live) in Time to Live TLV. If the value is zero, the neighbor device's information ages out immediately.
4.6.2 Global
Click Switching > LLDP Configuration > Global to enter the page. On this page, you can configure the global parameters of LLDP.
41

Parameter description

Name LLDP Function Sending Interval
TTL Multiplier
Initialization Delay

Description
It is used to enable or disable the LLDP function.
It specifies the interval at which the switch sends LLDPDUs to neighbors.
The TTL Multiplier is used to control the TTL field value in LLDPDUs transmitted by the switch. The TTL is the duration in which the local info can survive on the neighbor devices.
TTL Min (65535, TTL multiplier x LLDPDU transmission interval), indicating the minimum value ranging from 65535 to TTL multiplier × LLDPDU transmission interval
To prevent the port from performing initialization continuously as a result of frequent operating status changes, you can configure an initialization delay time for the port which enables the port to perform initialization for the specific time after the operating status change.

4.6.3 Port configuration

Click Switching > LLDP Configuration > Port Configuration to enter the page. On this page, you can configure the LLDP operating status for each port.

Parameter description

Name

Description

Port

It specifies the ID of the port.

LLDP Operating Status

It indicates the LLDP operating status of each port. Disable: The LLDP function of this port is disabled. Send Only: The port only sends but not receives LLDP messages. Receive Only: The port only receives but not sends LLDP messages. Send & Receive: The port both sends and receives LLDP messages. No Change: Keep the current configuration.

4.6.4 Neighbor info

Click Switching > LLDP Configuration > Neighbor Info to enter the page. On this page, you can view the neighbor information.

Parameter description

Name Port System Name

Description It specifies the ID of the port. It specifies the system name of the neighbor device. It specifies the port information of the neighbor device.

Port ID
Neighbor ID Management IP Survival Time Port Description Description Performance

The port information can be a port number, MAC address, or other information, defined by the information carried in the LLDP message from the neighbor device. It specifies the MAC address of the neighbor device.
It specifies the management IP address of the neighbor device.
It specifies the rest of the time that the neighbor info can be saved and displayed on the switch.
It specifies the detailed description of the port used to transmit LLDP messages on the neighbor device.
It specifies the detailed description of the neighbor device.
It specifies the features supported by the neighbor device.

4.7 IGMP snooping

IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast constraint mechanism running on the layer 2 Ethernet switches, which is used to manage and control multicast groups.
4.7.1 IGMP snooping principle
As shown in the figure below, multicast data is broadcasted from the IGMP-Snooping-disabled layer-2 device; But with IGMP Snooping enabled, the layer-2 device will establish a mapping table for ports and multicast MAC addresses by analyzing IGMP messages, and forward multicast data to the specific receiver.

IGMP-Snooping-disabled layer-2 device

Server

Multicast device Layer-2 device

IGMP-Snooping-enabled layer-2 device

Server

Multicast device Layer-2 device

Host A (Receiver)

Host B

Multicast data

Host C (Receiver)

Host A (Receiver)

Host B

Host C (Receiver)

IGMP snooping only forwards data to the specific receivers through the layer-2 multicast, providing the following advantages:
- Reduce broadcast in layer-2 network and saves network bandwidth. - Enhance the security of multicast data. - Provide convenience for charging management to each host.
As shown in the following figure, router A is connected to the multicast source, IGMP snooping of switch A and switch B is enabled, while host A and host C are the receivers of the multicast data.

Server

Router A

A1 Switch A

Switch B

Host A (Receiver)

Host B

Host C (Receiver)

Host D

Router port
On an IGMP-snooping-enabled layer 2 device, the ports toward upstream layer 3 multicast devices are called router ports (Ports A1 and B1 in the above figure).
Host port
On an IGMP-snooping-enabled layer 2 device, the ports toward downstream receiver hosts are called host ports (Ports A2, A4 and B2 in the above figure).
General query
The IGMP querier (router A in the above figure) periodically sends IGMP general queries to all hosts and devices in the local network segment to check the multicast group members.
After receiving an IGMP general query, the layer 2 device (switches A and B in the above figure) forwards the query, and performs the following treatment to the receiving ports:
- If the receiving port is included in the mapping table, the layer 2 device restarts the aging timer for the port.
- If the receiving port is excluded in the mapping table, the layer 2 device adds the port to the mapping table and starts an aging timer for the port.
Specific query
When a host with enabled IGMPv2 or IGMPv3 leaves the multicast group, it sends IGMP leave group messages. When the ports of the layer-2 devices (switches A and B in the above figure) receives the IGMP leave group message, the following actions will be done according to the mapping table:
- If no forwarding entry of the multicast group is found or the matching forwarding entry does not contain the receiving port, the layer 2 device discards the IGMP leave group message directly instead of forwarding it to other ports.

- If the forwarding entry of the multicast group is found, and the matching forwarding entry contains other host ports, the layer 2 device discards the IGMP leave group message directly instead of forwarding it to other ports, and sends IGMP specific query message to the leaving host.
- If the forwarding entry of the multicast group is found, and the matching forwarding entry does not contain other host ports, the layer 2 device forwards the message through the router port and also sends IGMP specific query message to the host.
4.7.2 Global
Click Switching > IGMP Snooping > Global to enter the page. On this page, you can configure the global parameters of IGMP snooping.

Parameter description

Name IGMP Snooping VLAN ID VLAN
Protocol Version
Routing Port Aging Time
General Query Response Time
Specific Query Response Time

Description
It is used to enable or disable the IGMP snooping function.
It specifies the VLAN whose IGMP Snooping function is required.
It is used to enable or disable the IGMP Snooping function of the VLAN.
Supported IGMP message versions: v1: Only process messages of IGMPv1. v2: Only process query messages of IGMPv1 and IGMPv2. v3: Process messages of IGMPv1, IGMPv2, and IGMPv3.
It specifies the time of the routing port aging timer. During this period, if the routing port does not receive the IGMP general query message, the switch deletes the port from the mapping table.
It specifies the maximum response time to the general query. After the switch forwards the general query message, and during this time period, if the port does not receive the IGMP membership message that responds to the general query, the port will be deleted from the mapping table.
It specifies the maximum response time to the specific query. After the switch forwards the IGMP specific query message to the host ports, and during the time period, if the host port does not receive the IGMP membership message that responds to the specific query by the host, the switch deletes the port in the

Name
Aging Time of Host Port
Multicast Discard

Description
mapping table.
It specifies the time of the host port aging timer. When the host port does not receive the IGMP membership message during this time period, the switch deletes the port from the mapping table.
With the Multicast Discard function enabled, the switch forwards the unknown multicast data message only to its router port and does not broadcast in VLAN. If the switch does not have any router port, the unknown multicast data will be discarded and not forwarded.

4.7.3 Fast leave

Click Switching > IGMP Snooping > Fast Leave to enter the page. On this page, you can configure the fast leave mode for each port.

Parameter description

Name Port
Fast Leave

Description
It specifies the ID of the port.
With the function enabled, when receiving the IGMP leave group messages from this port, the switch removes the port from the corresponding IGMP snooping multicast forwarding list, and does not wait till the aging time of the host port times out.

5 Routing
5.1 Static routing
Static route is the fixed route manually configured by the administrator, generally used in the small-sized, stable topology network. Static route is efficient, reliable and easy to configure, which can improve the forwarding speed of packets. But static route cannot automatically adapt to network topology changes. So when the network malfunctions or the network topology changes, the administrator needs to manually modify the static routing configuration.
The static route owns the highest priority among all routes.
Click Routing > Static Routing to enter the page. On this page, you can view and configure the static routing rules.

Parameter description

Name Destination Address Subnet Mask
Next Hop

Description It specifies the network segment of the destination network. It specifies the subnet mask of the destination network. It specifies the ingress IP address of the next hop route after packets' egress from the switch.

5.2 ARP

In the data transmission process, IP address is the address of the host in the network layer. If you want to send packets to the destination host in the network layer, the data link layer address of the destination host (such as the Ethernet MAC address) is required.

ARP (Address Resolution Protocol) can convert an IP address to MAC address and maintains an internal ARP table in the data base of the switch to record the corresponding relationship between MAC addresses and IP addresses of other hosts which communicates recently with this switch. If the switch requires to communicate with the destination host, the ARP address will be resolved first. The resolution process are as follows:

Step 1

The switch checks if a rule with the corresponding relationship between the IP address and MAC address of the destination host exists in the switch's ARP table. If so, the switch sends the data to the destination host according to the queried rule. If not, the switch broadcasts an ARP request data frame in the LAN, which contains the IP address and MAC address of the switch itself as well as the IP address of the destination host.

Step 2

All devices in the LAN can receive this request. When the destination host receives this request, it responds to the switch with an ARP response frame, which contains the MAC address of the destination host.

Step 3 After the switch receives the ARP response, it records the corresponding relationship of IP address and MAC address of the destination host into its ARP table for further use.

Click Routing > ARP to enter the page. On this page, you can view and configure the ARP table.

Parameter description

Name
ARP Aging Time
IP Address MAC Address VLAN ID Type

Description It specifies the aging time of ARP. If the switch does not receive the ARP message within this period of time, the ARP rule will be deleted from the ARP table. It specifies the IP address of the host. It specifies the MAC address of the host corresponding to the IP address. It specifies the VLAN layer 3 interface at which the ARP rule locates. It specifies the types of the table.

Name Aging Time

Description Dynamic: It specifies the ARP table which is automatically identified by the switch.
The life cycle is the ARP aging time. Static: It specifies the manually configured ARP table. The rule is permanently valid,
and is free from the limitations of the ARP aging time.
It specifies the remaining aging time of the ARP rule.

5.3 DHCP server
This section only applies to TEG5328F&TEG5312F.
5.3.1 Overview
With increasing network demands, the network expands greatly and becomes more complex, resulting in computers outnumbering the allocable IP addresses. Besides, the locations of the wireless devices often change, so the IP addresses of the devices need to be constantly updated. DHCP (Dynamic Host Configuration Protocol) can solve the above issues by IP address dynamic assignment strategy.
The DHCP server of this switch does not support IP address allocation based on Option 82.
IP address allocation strategy
According to different needs of clients, DHCP provides two kinds of IP address assignment strategies:
- Dynamic IP address assignment: DHCP assigns the IP address with a valid period to the client, and the client needs to reapply for the IP address after expiry. This strategy applies to most clients.
- Static IP address assignment: The administrator binds the fixed IP addresses for some specific clients. Assigning a fixed IP address can prevent the failure of some functions based on the IP address due to IP address changes.
5.3.2 DHCP settings
Click Routing > DHCP Server > DHCP Settings to enter the page. On this page, you can view and configure the DHCP server.
52

Parameter description

Name

Description

DHCP Server

Enable or disable the DHCP Server function.

Name

It specifies the name of the IP address pool.

IP Address Range It specifies the range of IP addresses that can be assigned.

Subnet Mask

It specifies the subnet mask assigned by the DHCP server to a client.

Default Gateway It specifies the gateway address assigned by the DHCP server to a client.

IP Address Pool

Lease Time

It specifies the validity period of an IP address assigned by the DHCP server to a client.
By half of the lease time, the client sends a DHCP request to the DHCP server to renew the lease. If the request succeeds, the lease will be renewed from the time of sending the request; if not, the renewal process restarts at 7/8 of the lease time. If the request succeeds, the lease will be renewed from the time of sending the request; if the request still fails, the client needs to reapply for the IP address after the lease expires.
It is recommended to set to 1 day if there is no other special requirement.

DNS

It specifies the DNS server address assigned to clients.

Excluded IP Range

It specifies the IP addresses in the IP address pool that are not assigned by the DHCP server by dynamic assignment strategy.

VLAN Interface It specifies the VLAN where the address pool policy takes effect.

Layer-3 Interface DHCP Server for Interface Subnet Mask
DHCP Server

It specifies the IP address of the VLAN interface.
It specifies the subnet mask of the VLAN interface.
With it enabled, the DHCP Server function of the VLAN interface takes effect.

5.3.3 DHCP reservation
Click Routing > DHCP Server > DHCP Reservation to enter the page. On this page, you can view and configure the DHCP Reservation policy.

Parameter description

Name Client Name Client IP Client MAC

Description It specifies the description of the DHCP reservation policy. If the reservation policy is added from the client list, it displays the client name or you can customize it. It specifies a fixed address assigned by the DHCP server to the client. It specifies the MAC address of a client.

5.3.4 Client list

Click Routing > DHCP Server > Client List to enter the page. On this page, you can perform the following operations to the devices whose IP addresses are obtained from this switch.
- View the client name, assigned IP address, and other information.
- Click Reserve, the assigned IP address can be added to the DHCP Reservation list and the DHCP server assigns this IP address to the client all the time.

Parameter description

Name Client Name Client IP Client MAC Expire In

Description It specifies the name of a client. It specifies an IP address assigned by the DHCP server to the client. It specifies the MAC address of a client. It specifies the rest time of the lease.

Name Assignment Type

Description
It specifies the address assignment policy by the DHCP server to the client. Dynamic: the DHCP server assigns IP address to this client using dynamic IP address
assignment policy. Static: the DHCP server assigns static address to this client using static IP address
assignment policy.

6 QoS policy

6.1 ACL

6.1.1 Overview

ACL (Access Control List) is used to filter messages by configuring matching rules and operations. After the message is received by the port of the switch, it is analyzed according to the ACL rules of this port. And these rules decide what packets can pass and what should be rejected, which can effectively prevent illegal users from accessing the network and improve network security.
This switch supports ACL based on two matching rules: MAC address and IP address. - MAC ACL: Matches the filtering rules according to the source MAC address and destination MAC address of the layer-2 data frame. - IP ACL: Matches the filtering rules based on the source IP address and destination IP address of the layer-3 packet IP head.
An ACL ID can be configured with multiple ACL matching rules, and the message matches the rule according to rule priority. Once a message is matched to a rule with a higher priority, it stops matching to other rules.
6.1.2 Configuration guidance

Flitering rules based on MAC address

Step Task

ACL List

MAC ACL

Apply ACL

Description
Required. You can configure an ACL ID ranging from 200 to 299.
Required. You can configure the filtering rule that matches the source and destination MAC addresses of the layer 2 data frame. Multiple MAC ACL rules can be configured with one ACL ID.
Required. The MAC ACL rule takes effect when it is applied to the corresponding port of the switch.

Flitering rules based on IP address

Step Task

ACL List

IP ACL

Apply ACL

Description
Required. You can configure an ACL ID ranging from 100 to 199.
Required. You can configure the filtering rule that matches the source and destination IP addresses of the layer 3 data packet. Multiple IP ACL rules can be configured with one ACL ID.
Required. The IP ACL rule takes effect when it is applied to the corresponding port of the switch.

6.1.3 ACL list

Click QoS Policy > ACL > ACL List to enter the page. On this page, you can view and configure the ACL ID and description.

Parameter description

Name ACL ID Description

Description It specifies the ID of the ACL, which is used to identify the ACL. For convenient management, you can add a description for ACL.

6.1.4 MAC ACL

Click QoS Policy > ACL > MAC ACL to enter the page. On this page, you can view and configure the MAC ACL rules.

Parameter description

Name ACL ID Priority VLAN ID Source MAC
Destination MAC Message Type ACL Mode

Description
It is used to select the ACL for MAC ACL rules configuration. The ACL ID should be added in ACL List in advance.
This field specifies the priority of a rule. A smaller value indicates a higher priority. The message starts matching from the rule with the highest priority. Once matched, the message stops checking rules.
It specifies the VLAN to which the message belongs. If this field is not configured, it indicates messages of all VLANs.
It specifies the source MAC address of the message. Any MAC: It specifies all MAC addresses. Specified MAC: Combined with mask, it is used to specify a certain MAC address or
MAC address segment.
It specifies the destination MAC address of the message. Any MAC: It specifies all MAC addresses. Specified MAC: Combined with mask, it is used to specify a certain MAC address or
MAC address segment.
It specifies the message type of the layer-2 data frame. If this field is not configured, it indicates any message type.
It specifies the ACL mode in which the switch processes the messages that match the rule, including Allow (that is, forward) or Block (that is, discard).

6.1.5 IP ACL

Click QoS Policy > ACL > IP ACL to enter the page. On this page, you can view and configure the IP ACL rules.

Parameter description

Name ACL ID Priority

Description
It is used to select the ACL for IP ACL rules configuration. The ACL ID should be added in ACL List in advance.
It specifies the priority of the rule. A smaller value indicates a higher priority. The message starts matching from the rule with the highest priority. Once matched,

Name Protocol Source IP
Destination IP Source Port Destination Port ACL Mode

Description the message stops checking rules.
It specifies the protocol type field of the layer 3 IP packet head of a message, such as IP, ICMP, and so on. You can also enter the protocol number manually.
It specifies the source IP address of the message. Any IP: It indicates all IP addresses. Specified IP: Combined with mask, it indicates a certain network address.
It specifies the destination IP address of the message. Any IP: It indicates all IP addresses. Specified IP: Combined with mask, it indicates a certain network address.
When the protocol type is TCP or UDP, you can configure the protocol source port number
When the protocol type is TCP or UDP, you can configure the protocol destination port number.
It specifies the ACL mode in which the switch processes the messages that match the rule, including Allow (that is, forward) or Block (that is, discard).

6.1.6 Apply ACL

The ACL rules take effect when applying them to physical ports.
Click QoS Policy > ACL > Apply ACL to enter the page. On this page, you can apply the configured ACL rules to physical ports.

Parameter description

Name Applied Port ACL ID
Filtering Direction

Description It specifies the physical port number to which the ACL rule applies. It specifies the ACL applying to the port. It specifies the message filtering direction of the port. Only Ingress is supported by this switch.

6.2 QoS

6.2.1 Overview
In traditional IP network, packets are treated equally. This network service policy is known as Besteffort, which delivers the packets to their destination with the best effort, with no assurance and guarantee for delivery delay, reliability, and so on. Nowadays, in addition to traditional applications such as www, FTP and E-mail, new services occur, such as video conference, remote education, Video-on-Demand (VoD) and video telephone, which need higher requirements for bandwidth, delay and jitter. QoS (Quality of Service) policy can meet the above demands and improve the quality of service in the network.
This switch classifies the messages according to priority at the ingress stage, then maps them to different queues at the egress stage, and finally forwards these messages by queues according to the scheduling mode, so as to guarantee the quality of network service.
Scheduling mode
Queue scheduling is used to solve the problem of resource preemption by multiple messages when the network is congested. This switch supports three scheduling modes: strict priority, simple weighted priority and weighted priority. Each scheduling mode has eight queues (queues 0 to 7) with different data forwarding priority. Strict Priority
Map the messages to different queues according to priority
Queue 7

Receive messages

Queue 6 Queue 5

Messages in Queue 7 takes the highest priority to be transmitted

Queue 0
Strict priority scheduling algorithm is specially designed for critical service applications. An important feature of critical services is that they demand preferential service in congestion in order
60

to reduce the response delay.
In queue scheduling, the messages are sent in queues strictly following the priority order from high to low (Queue 7 > Queue 6 > ... > Queue 0). When the queue with higher priority is empty, messages in the queue with lower priority are sent. You can put critical service messages into the queues with higher priority and put non-critical service messages (such as E-mail) into the queues with lower priority. In this way, critical service messages are sent preferentially, and non-critical service messages are sent when the critical service messages are not sent.
Disadvantage of Strict Priority: If there are messages in the queues with higher priority for a long time during congestion, the messages in the queues with lower priority will keep stuck because they are not served.
Simple Weighted Priority
In this mode, there is no priority and all queues equally share the bandwidth.
Weighted Priority
This scheduling algorithm schedules all the queues in turn to ensure that every queue can be assigned a certain service time. The weighted value stands for the proportion of assigned resource. Assuming there are eight output queues for a port, and each queue is assigned with a weighted value. For instance, you can configure the eight weighted values of a 100 Mbps port to 25, 20, 15, 15, 10, 5, 5 and 5 respectively. In this way, the queue with the lowest priority can be assured of 5 Mbps of bandwidth at least, thus avoiding the disadvantage of Simple Priority queue-scheduling algorithm that messages in low-priority queues are possibly not to be served for a long time. Another advantage of Weighted Priority queue-scheduling algorithm is that though the queues are scheduled in turn, the service time for each queue is not fixed, which means if a queue is empty, the next queue will be scheduled immediately. In this way, the bandwidth resources can be fully utilized.
Map the messages to different queues according to priority
Queue 7

Receive messages

Queue 6 Queue 5

Send the messages in queues according to weighted value
......

Queue 0

Priority
This switch supports three priority modes: 802.1P Priority, DSCP priority, and Port Priority. 802.1P Priority 802.1P priority lies in Layer 2 packet headers and is applicable to occasions where the Layer 3 packet header does not need analysis but QoS must be assured at Layer 2. 802.1P priority is available only in an 802.1Q tagged packet. As seen below, the 4-byte 802.1Q tag contains a 2-byte TPID (Tag Protocol Identifier, value: 0x8100) and a 2-byte TCI (Tag Control Information).
The figure below displays a detailed view of an 802.1Q tag. The field Priority under TCI is the 802.1P priority, which consists of 3 bits ranging from 0 to 7.

By default, the 802.1P priority, queues, and key words of this switch are mapped as follows.

802.1P Priority

Queue

Key Word

best-effort

background

spare

excellent-effort

controlled-load

video

voice

network-management

DSCP Priority
RFC2474 re-defines the ToS (Type of Service) field in the IP message header, which is called the DS (Differentiated Services) field. The first six bits (bits 0 to 5) of the DS field indicate DSCP (Differentiated Services Codepoint) priority ranging from 0 to 63. The last 2 bits (bits 6 and 7) are reserved.

The corresponding relationship between the DSCP priority and key words are as follows.

DSCP Priority (Decimal)

DSCP Priority (Binary)

Key Word

101110

001010

af11

001100

af12

001110

af13

010010

af21

010100

af22

010110

af23

011010

af31

011100

af32

011110

af33

100010

af41

100100

af42

100110

af43

001000

cs1

010000

cs2

011000

cs3

100000

cs4

101000

cs5

110000

cs6

111000

cs7

000000

be (default)

By default, the DSCP priority and queues of this switch are mapped as follows.

DSCP Priority 0 - 7 8 - 15 16 - 23 24 - 31 32 - 39 40 - 47 48 - 55 56 - 63

Queue 1 2 3 4 5 6 7 8

Port Priority

You can manually configure the Cos (Class of Service) priority of physical ports to map the physical ports with queues. The port maps messages to the corresponding queues according to the configured mapping relationship when the following two situations occur:
- The messages received by the port do not carry the priority tags trusted by the port. Example: For a port with 802.1P priority mode enabled, the received messages do not carry the 802.1Q tag.
- The port does not trust the 802.1P priority mode and DSCP priority mode.

The Cos priority of the ports and queues are mapped as follows.

Cos Priority

Queue

6.2.2 Configuration guidance

Based on 802.P priority

Step Task

QoS Scheduler

Description Required. Select the scheduler mode of the switch based on actual demands.

Step Task

802.1P

Port Priority

Description
Required. Configure the mapping relation between 802.1P priority and queues .
Required. Set the priority mode of corresponding ports to 802.1P Trust and configure the Cos priority for all ports.

Based on DSCP priority

Step Task

QoS Scheduler

DSCP

Port Priority

Description
Required. Select the scheduler mode of the switch based on actual demands.
Required. Configure the mapping relation between DSCP priority and queues .
Required. Set the priority mode of corresponding ports to DSCP Trust and configure the Cos priority for all ports.

6.2.3 QoS scheduler

Click QoS Policy > QoS > QoS Scheduler to enter the page. On this page, you can configure the QoS scheduling mode and congestion control policies.

Parameter description

Name QoS Mode

Description
It specifies the scheduler mode for the port traffic. Strict Priority: The switch forwards the messages strictly based on the message
priority from high to low. The queue messages with the lower priority are forwarded only when the queue with higher priority is empty. Simple Weighted Priority: 8 queues equally share the bandwidth. Weighted Priority: You need to configure a weighted value for each queue. The weighted value indicates the weight of obtaining resources. If congestion occurs on the port, the bandwidths are assigned based on the weight of each queue.

Name Queue Settings
Egress Discard

Description If the QoS Mode is set to Weighted Priority, you need to configure the weighted value for each queue. When this function is enabled, the switch disables the flow control function to meet the requirements of network clone in various environments.
This function applies to network clone scenario and is not recommended in common scenarios.

6.2.4 802.1P

Click QoS Policy > QoS > 802.1P to enter the page. On this page, you can configure the mapping relationship of the 802.1P priority and queues.

Parameter description

Name Priority 0 Priority 1 Priority 2 Priority 3 Priority 4 Priority 5 Priority 6

Description It specifies the queue in which the messages' priority is 0. It specifies the queue in which the messages' priority is 1. It specifies the queue in which the messages' priority is 2. It specifies the queue in which the messages' priority is 3. It specifies the queue in which the messages ' priority is 4. It specifies the queue in which the messages' priority is 5. It specifies the queue in which the messages' priority is 6.

Name Priority 7
6.2.5 DSCP

Description It specifies the queue in which the messages' priority is 7.

Click QoS Policy > QoS > DSCP to enter the page. On this page, you can configure the mapping relationship between the DSCP priority and queues.

Parameter description

Name DSCP Port Queue

Description
It specifies the priority level (range: 0 to 63) defined by DS field of the IP message heads.
It specifies the scheduler queue of the egress port.

6.2.6 Port priority

Click QoS Policy > QoS > Port Priority to enter the page. On this page, you can configure the application priority mode and Cos priority for the physical ports of the switch.

Parameter description

Name Port Cos Priority
Trust Mode

Description
It specifies the ID of the port.
It specifies the Cos priority of the physical ports. When the switch receives messages not in accordance with the trust mode rules or the port is in non-trust mode, the messages rejoin queues based on the correspondence.
It specifies the method which the port uses to process the received messages.
Non-Trust: All messages received by the port rejoin queues according to the correspondence of the configured Cos priority.
802.1P Trust: When the port receives VLAN messages, the messages rejoin queues according to the correspondence of the 802.1P. When the port receives other messages, the messages rejoin queues according to the correspondence of the Cos priority.
DSCP Trust: When the port receives IP messages, the messages rejoin queues according to the correspondence of the DSCP. When the port receives other messages, the messages rejoin queues according to the correspondence of the Cos priority.

7 Network security
7.1 MAC filtering
With this function enabled, the switch can check the source MAC address and destination MAC address of the received packets. If the source MAC address or destination MAC address of a packet exists in the MAC filtering list, the packet will be discarded. MAC filtering can effectively prevent illegal users from accessing the network, thus improving network security. Click Network Security > MAC Filtering to enter the page. On this page, you can configure the MAC filtering rules.

Parameter description

Name MAC Address VLAN

Description
It specifies the MAC address to be filtered. When the source MAC address or destination MAC address of a packet is the same as the listed MAC address, the packet will be discarded.
It specifies the VLAN in which the MAC filtering rule takes effect.

7.2 802.1X
7.2.1 Overview
802.1X is a network access control technology brought up by the IEEE. It is used to authenticate and control LAN users. The authentication system involves three parties: client, device, and authentication server.
- Authentication client: A client device sends an authentication request and the authentication server in LAN verifies its validity. A client software supporting 802.1X authentication is required.
- Authentication device: It provides interface for the client to connect to LAN. It is located between the client and the authentication server, and decides whether the client can access LAN or not according to the message returned by the authentication server.
- Authentication server: It provides authentication service for clients. The commonly used one is the RADIUS (Remote Authentication Dial-In User Service) server. The authentication server decides whether the client passes the authentication according to the client authentication message sent by the authentication device, and notifies the result to the authentication device. The device decides whether the client can access LAN or not.
This switch serves as the authentication device in the authentication system. It communicates with the authentication server by means of EAP termination. After receiving the EAP message from the client, the switch encapsulates the client authentication information from the message into the standard RADIUS message, and then forwards the RADIUS message to the authentication server. The basic diagram of the authentication system is shown as follows.

EAP

RADIUS

Authentication client

Authentication device

Authentication server

This switch only supports authentication based on port access. If one of the users passes the authentication, the port becomes authorized, and the following users who use this port can access the network without authentication. However, when this user is offline, the port becomes unauthorized, and all the other users under this port are unable to access the network.

7.2.2 Global
Click Network Security > 802.1X > Global to enter the page. On this page, you can configure the parameters of 802.1X authentication server.

Parameter description

Name

Description

802.1X Authentication It is used to enable/disable the 802.1X Authentication function.

Authentication Server It specifies the IP address of the RADIUS authentication server. There should be

reachable routes between the RADIUS authentication server and this switch.

Authorized Shared Key

It specifies the shared key of a RADIUS authentication/authorization message. It must be the same as the key set at the RADIUS authentication/authorization server side.

7.2.3 Port configuration

Click Network Security > 802.1X > Port Configuration to enter the page. On this page, you can configure the 802.1X authentication parameters for each port.

Parameter description

Name

Description

Port

It specifies the ID of the port.

Port Control Mode

It specifies the control mode of the port to access the network.
Auto: The 802.1X authentication is enabled on the port. The initial state is unauthorized and the user cannot access the network resources. If a user passes the authentication, the port is authorized and the user is allowed to access the network resources.
Mandatory Authorization: The port is always in the authorization state. It allows users to access the network resources.
Mandatory Non-authorization: The port is always in the non-authorization state. It forbids users to access the network resources without authentication and authorization.
Disable: The authentication is disabled on the port. It allows users to access the network resources.

Authentication Status

It specifies the authentication status of the port. Authorized: The user is allowed to access the network resources over the port. Non-authorized: The user is not allowed to access the network resources over the
port.

Re-authentication

It is used to enable/disable the 802.1X re-authentication function of the port.
With the function enabled, the switch periodically sends re-authentication request to the authentication client to check the connection status and confirm that the

Name
Re-authentication Timeout
Client Timeout
Max Reauthentication Times

Description authentication client is online.
It specifies the interval at which the switch launches re-authentication to authentication clients. If the re-authentication function is enabled on a port, the switch launches reauthentication requests to the online devices connected to the port at this interval.
It specifies the timeout period in which the client responds to the re-authentication request. After the switch sends a re-authentication request message to a client, if the switch does not receive any response in this time period, the switch will send the message again.
It specifies the maximum times of failed re-authentication for a client. The switch forces the client offline if the failed re-authentication times of the client exceeds this value.

7.3 Attack defense
7.3.1 Overview
These switch support three attack defense methods: ARP Attack Defense, DoS (Denial of Service) Attack Defense and MAC Address Attack Defense. ARP Attack Defense ARP received rate is set to prevent ARP messages in LAN from being overwhelmingly sent to a port, resulting in CPU overload and leading to function failure or even device malfunction. If the ARP received rate of the switch exceeds the threshold value you set, the switch randomly discards some ARP messages to ensure that the ARP received rate is within the threshold value you set. DoS Attack Defense The DoS Attack Defense function is used to prevent some hosts from maliciously consuming server resources by sending a large number of service requests, leaving other hosts unable to use network services properly. MAC Address Attack Defense MAC Address Attack Defense limits the switch to learn MAC address, so as to prevent it from constantly learning a large number of invalid message source MAC addresses in LAN which can enlarge the MAC address forwarding table and result in forwarding performance degradation.
7.3.2 ARP attack defense
Click Network Security > Attack Defense > ARP Attack Defense to enter the page. On this page, you can configure the threshold value of the switch's ARP Received Rate.

Parameter description

Name ARP Received Rate

Description
It specifies the maximum rate at which the switch receives the ARP messages. If the ARP messages received by the switch within 1 secondexceed this threshold value, the switch is considered to be attacked by ARP, and the switch will randomly discard some ARP messages.

7.3.3 DoS attack defense
Click Network Security > Attack Defense > DoS Attack Defense to enter the page. On this page, you can configure DoS Attack Defense rules.

Parameter description

Name

Description

Detect whether inconsistencies exist between the ARP message Sender_MAC and L2_MAC.

After it is enabled, the switch does not forward ARP messages with inconsistent Sender_MAC and L2_MAC.

Detect whether the TCP messages are multicast or broadcast messages.

After it is enabled, the switch does not forward multicast or broadcast TCP messages.

Detect whether all flags of TCP messages are 0.

After it is enabled, the switch does not forward TCP messages whose flags are all 0.

Detect whether the FIN, URG, and PSH flags After it is enabled, the switch does not forward the TCP

of the TCP message are all 1.

message whose FIN, URG, and PSH flags are all 1.

Detect whether the SYN, FIN, and flags of the TCP message are all 1.

After it is enabled, the switch does not forward the TCP message whose SYN and FIN flags are all 1.

Detect whether the SYN and RST flags of the TCP message are both 1.

After it is enabled, the switch does not forward the TCP message whose SYN and RST flags are both 1.

Detect whether the source port number or destination port number of the TCP and UDP message is 0.

After it is enabled, the switch does not forward the TCP and UDP message whose source port number or destination port number is 0.

Detect whether the TCP SYN message contains data.

After it is enabled, the switch does not forward the TCP SYN message that contains data.

ICMP message fragment detection

After it is enabled, the switch does not respond to the fragmented ICMP message.

7.3.4 MAC address attack defense
Click Network Security > Attack Defense > MAC Address Attack Defense to enter the page. On this page, you can configure whether the port can forward the unknown unicast message.

Parameter description

Name Port MAC Discard

Description
It specifies the ID of the port.
With this function enabled, the port no longer learns the MAC addresses and discards the received unknown unicast messages.

8 Device settings
8.1 User management
Assigning different access permissions to different types of users can reduce the risk of the switch's configuration from being tampered. This switch supports three types of users: administrator, operation user, and common user. Administrator There is only one administrator created by the system by default. The administrator can perform operations of all functions. The default username and password are both admin. Operation User An operation user can perform all operations besides software upgrade, reset or user management. Common User A common user can check configuration of the switch. Click Device Settings > User Management to enter the page. On this page, you can add users of this switch (8 users at most).

Parameter description

Name User User Type
Login Timeout

Description
It specifies the user name.
It specifies the types of users. This switch supports three types of users: administrator, operation user and common user.
If a user performs no operation on the web UI within the interval, the system logs the user out.

8.2 SNMP
8.2.1 Overview
SNMP (Simple Network Management Protocol) enables a network management station to remotely manage the network devices supporting this protocol, including monitoring network status, modifying network device configuration, receiving network event alarms, and so on.
SNMP can shield the physical differences between devices and realize automatic management of devices from different vendors.
SNMP management framework
SNMP management framework consists of three parts: SNMP manager, SNMP agent and MIB (Management Information Base).
- SNMP manager: A system used for controlling and monitoring network nodes by SNMP. The most commonly used is NMS (Network Management System), which can be a server specially used for network management or an application program for executing management function on a certain network device.
- SNMP agent: Software which runs on managed devices for maintaining management information and reporting management data to a SNMP management system when it is needed.
- MIB: It is a collection of managed objects. When NMS manages the devices, some functional parameters of the managed devices are required, such as the port state, CPU utilization and the like, which are also called managed objects. MIB defines a series of properties for those managed objects: object name, access right, data type, and so on. Each SNMP agent has its corresponding MIB and the SNMP manager can perform read/write operations according to management permissions.
SNMP agent is managed by SNMP manager in the SNMP network and they interact with each other via SNMP.
SNMP basic operations
The following three basic operations are available for this switch to achieve intercommunication between the SNMP manager and SNMP agent:
- Get: The SNMP manager-uses it to retrieve the value(s) of one or more objects of the SNMP agent.
- Set: The SNMP manager-uses it to reconfigure the value(s) of one or more objects in MIB.
- Trap: The SNMP agent uses it to send alert information to SNMP manager.
78

SNMP versions
This switch is compatible with SNMPv1, SNMPv2c and SNMPv3. - SNMPv3 adopts the authentication method with user name and password. - SNMPv1 and SNMPv2c adopt Community Name authentication. If the community name of the SNMP message fails to pass the authentication, the message will be discarded. The SNMP community name defines the relationship between SNMP manager and SNMP agent. It functions as a password that limits the SNMP manager to access SNMP agent of the switch.
MIB introduction
SNMP features a tree structure and each tree node represents a managed object. An object can be identified with a string of numbers which indicate a path starting from the root. The number string is the OID (Object Identifier). In the following figure, the OID of the object A is (1.3.6.1.2.1.1); while object B is (1.3.6.1.2.1.2).
MIB tree structure
View
The MIB view is a subset of all managed objects in MIB. A managed object is represented by OID, and the configured view rule (include/exclude) decides whether the object is managed or not. OID of each managed object can be found on the SNMP management software.
Group
After creating the view, you can create SNMP groups. You can add Read Only/Read & Write/Notification view for each SNMP group to meet the demand of achieving different access permission to the switch's function for users from different groups.
User
After creating the groups, you can add users for each group. The SNMP manager uses the user
79

name and authentication/encryption password created here to log in to the SNMP agent.
Community
For SNMPv1 and SNMPv2c, after the view is created, the community is required to be created. The group name functions as a password for SNMP manager authentication. View access permissions of each group can be added here to achieve access permission management.
8.2.2 Configuration guidance

SNMPv3
Step Operation

Basic

Create views

Create groups

Create users

Configure Trap

SNMPv1/SNMPv2c
Step Operation

Basic

Create views

Create communities

Notification

Description
Required. Enable the SNMP agent function.
Optional. Create views for the managed objects in the View List on Permission Control page. A view named Default is created by system by default.
Required. Create SNMP groups in the Group List on Permission Control page, and add views with different access permissions for the groups.
Required. Create SNMP users in the User List on Permission Control page, and configure the authentication/encryption mode as well as password.
Optional. Configure the notification with the security version of v3 on Notification page.
Description
Required. Enable the SNMP agent function.
Optional. Create views for the managed objects in the View List on Permission Control page. A view named Default is created by system by default.
Required. Create SNMP communities in the Community List on Permission Control page.
Optional. Configure the notification with the security version of v1/v2c on Notification page.

8.2.3 Basic
Click Device Settings > SNMP > Basic to enter the page. On this page, you can configure the basic SNMP parameters.

Parameter description

Name SNMP Contact Info Location Info Local Engine ID

Description
It is used to enable/disable the SNMP function.
It is used to configure the contact info of the switch for the SNMP manager to fast locate this switch.
It is used to configure the location info of the switch for the SNMP manager to fast locate this switch.
It specified the Local Engine ID of the switch. You need to enter this ID at the SNMP manager side in order to manage the switch.

8.2.4 Permission control

Click Device Settings > SNMP > Permission Control to enter the page. On this page, you can configure the SNMP permissions.

Parameter description

Name Community List Group List
User List
View List

Community Name Access Mode MIB View Group Name Security Level Read Only Read&Write Notification User Name User Group Security Level
Authentication Mode
Authentication Password
Security Mode
Security Password View Name
Rule
MIB Subtree OID

Description
It specifies the name of a community.
It specifies the access permission for the community to access the views, including Read Only and Read&Write.
It specifies the views that community can access. The MIB view should be configured in View List in advance.
It specifies the name of a group.
It specifies the security level of the group: No Security, Authentication, Authentication&Privacy.
Control the access permissions for users in a group through the view. At least one of the three types should be configured. The MIB view should be configured in View List in advance.
It specifies the name of the user.
It specifies the group of the user. The group needs to be configured in Group List in advance.
It specifies the security level of the user. After the user's group is selected, the security level is filled in automatically.
It specifies the user's authentication mode. This switch only supports MD5 (MD5 Message Digest Algorithm). This parameter can be set only if the security level of the group is Authentication or Authentication&Privacy.
It specifies the authentication password of the user. This parameter can be set only if the security level of the group is Authentication or Authentication&Privacy.
It specifies the security mode of the user. This switch supports two security modes: AES and DES. This parameter can be set only if the security level of the group is Authentication&Privacy.
It specifies the security password of the user. This parameter can be set only if the security level of the group is Authentication&Privacy.
It specifies the name of a view.
It specifies the OID rule. include: This OID can be managed by the SNMP. exclude: This OID cannot be managed by the SNMP.
It specifies the managed objects (represented by OID) of the view.

8.2.5 Notification
The notification function enables the switch to send messages to the SNMP manager and notify some important events (such as the device is restarting), so the manager can monitor and deal with the specific events of the switch with SNMP management software.
Click Device Settings > SNMP > Notification to enter the page. On this page, you can configure the SNMP notification function.

Parameter description

Name Enable All trap Target Host IP
Community/User
UDP Port Security Version Security Level

Description
It is used to enable/disable all trap.
It specifies the IP address of trap target host, which is also the IP address of the managed host. Ensure that there are reachable routes between the target host and this switch.
It specifies the community name, user name or group name required by authentication. You need to enter the corresponding group name, user name or community name. If the Security Version is set to v3, only a user name or group name is allowed. If the Security Version is set to v1 or v2c, only a community name is allowed.
It specifies the UDP port enabled for Trap on the managed host.
It is used to select a security version used by Trap, including v1, v2c and v3, which should be consistent with the software version of the SNMP manager.
When the Security Version is set to v3, you need to select a security level. The Security Level includes No Security, Authentication, and Authentication&Privacy.

8.3 System time
To ensure that the time-based functions of the switch works properly, it is necessary to ensure that the system time of the switch is accurate. This switch supports manual setting and network calibration. To access the page, click Device Settings > System Time.
8.3.1 Manual setting
The network administrator needs to manually set the system time of the switch. After the switch restarts for each time, the administrator needs to reset it. You can manually modify the date and time, or you can click Sync with Local Time to synchronize the time of the switch with the computer.
8.3.2 Network calibration
The switch automatically synchronizes with the Internet time server. As long as the switch is connected to the Internet, it can automatically calibrate its system time. After the switch is restarted, it can also calibrate automatically.
84

8.4 Maintenance
8.4.1 Firmware upgrade
Click Device Settings > Maintenance to enter the page. On this page, you can click Upgrade to update the switch's software, enjoying a better user experience.
To avoid damages to the switch, ensure that the switch is upgraded properly. Please note that: Before upgrading, download the latest software of the switch from the official website: www.ip-
com.com.cn. Generally, the filename extension of the upgrading file is .bin. During the upgrading process, ensure stable power supply to the switch.
8.4.2 Configuration import
Click Device Settings > Maintenance to enter the page. On this page, you can click Import to import the backup configuration file to the switch.
The switch does not verify the content of a file, so ensure that the file is correct before import.
85

8.4.3 Backup
Click Device Settings > Maintenance to enter the page. On this page, you can click Back Up to save the switch's configuration information in the local computer.
For example, if you have made a lot of configuration to the switch for better state and performance in a specific operation environment, it is recommended to back up the switch's configuration. After you upgrade the switch or restore the switch to factory settings, you can import this backup configuration file to restore the switch to the state you want.

Please click

on the upper right corner to save all settings before back up.

8.4.4 Reboot
When a parameter you set does not work properly, you can try to reboot the switch to fix this issue. Click Device Settings > Maintenance to enter the page. On this page, you can click Reboot to restart the switch.
86

Please click

on the upper right corner to save all settings before rebooting the switch.

8.4.5 Factory settings
If you forget your username or password when you log in the web UI of the switch, you can restore the factory settings of the switch, and then use the default username and password (both are admin) to log in. This switch supports Software reset and Hardware reset. Software reset Click Device Settings > Maintenance to enter the page. On this page, you can click Reset to restore the switch to factory settings.
During the resetting process, please ensure the stable power supply to the switch.
Hardware reset When the SYS LED indicator is blinking, hold down the reset button (LED Mode or LED/Reset or Reset) for about 10 seconds, and then release it when all indicators are solid on. When the SYS LED indicator blinks again, the switch is restored to factory settings.
87

8.5 Log management

8.5.1 Log info

The logs of a switch record all situations and the user's operations after the switch is reset from the last time. You can check the log info of the switch for troubleshooting if there is any network fault.

The logs are divided into eight levels based on importance and can be filtered according to the log level. The smaller the value, the higher the emergency.

Log level

Value

Description

Emergency

System unavailable information

Alert

Message that needs to be quickly responded

Critical

Critical information

Error

Error information

Warning

Warning information

info

Notification that needs to be recorded

debug

Message generated in debugging process

Click Device Settings > Log Management > Log Info to enter the page. On this page, you can view, download and delete the log info of the switch.

Parameter description

Name Log Level ID Generated Time Log Level System Log

Description It is used to filter which logs are displayed by log level. It specifies the log ID. It specifies the time point when the log is generated. It specifies the level of the log. It displays the content of the log.

8.5.2 Server settings

Click Device Settings > Log Management > Server Settings to enter the page. On this page, you can configure the log server and upload the log info of the switch to the server.

Parameter description

Name Server Enabled Log Level
Server IP Address
Port

Description It is used to enable/disable the log server. Logs of this level and above will be uploaded to the server. It specifies the IP address of the log server. Ensure that there are reachable routes between the log server and this switch. It specifies the port number used by the log server.

8.6 Diagnostics
Click Device Settings > Diagnostics to enter the page. On this page, you can perform Ping/Tracert test.
- Ping test: It is used to test network connection and connection quality. - Tracert test: It is used to test the routes of the packets from switch to the target host.
8.6.1 Ping test
Click Device Settings > Diagnostics > Ping Test to enter the page. On this page, you can test the network connection.

Parameter description
Name Target IP Address Transmit Times Packet Size

Description It specifies the IP address of the device to be pinged. It specifies the number of data packets sent by Ping. It specifies the size of data packets sent by Ping.

8.6.2 Tracert test

Click Device Settings > Diagnostics > Tracert to enter the page. On this page, you can test the routes of the packet from the switch to the target device.

Parameter description
Name Target IP Address Maximum Hops

Description
It specifies the IP address of the device for which the tracert test is to be performed.
It specifies the maximum hops for the tracert test.

8.7 MAC settings
8.7.1 MAC address table
The switch creates the MAC address forwarding table by address learning mechanism. The table includes MAC address, VLAN ID and port number. When forwarding a message, the switch adopts the following two forwarding modes based on the MAC address table information:
- Unicast mode: If an entry in the MAC address forwarding table is available for the destination MAC address, the switch will forward the message to the port indicated by the MAC address table entry.
- Broadcast mode: If the switch receives a message with the destination MAC address whose lowest bit of the second byte is 1, or no entry in the MAC address forwarding table is available for the destination MAC address, the switch forwards the message to all ports except the receiving port in broadcast mode. The broadcast messages, multicast messages and unknown unicast messages will be forwarded in broadcast mode.
Click Device Settings > MAC Settings > MAC Address Table to enter the page. On this page, you can view and delete the MAC address table entries.

Parameter description
Name Aging Time MAC Address Type

Description
It specifies the aging time of the MAC address table, which is effective only for dynamic entry. When the duration since the switch receives the last message whose source address is consistent with the source MAC address in the table exceeds the aging time, the MAC address table will be automatically deleted.
MAC address, format: XXXX-XXXX-XXXX
It specifies the type of the MAC address. Static: It specifies the MAC address entry manually configured by the
administrator. Dynamic: It specifies the MAC address entry automatically generated by
the switch.

Name VLAN Port

Description It specifies the VLAN to which the MAC address belongs. It specifies the physical port to which the MAC address corresponds.

8.7.2 Static MAC address

Click Device Settings > MAC Settings > Static MAC Address to enter the page. On this page, you can configure the static MAC address table. The configuration exists as static table entries in the MAC address table, beyond the control of MAC aging time.

Parameter description
Name VLAN ID MAC Address Port

Description It specifies the VLAN to which the MAC address belongs. MAC address, format: XXXX-XXXX-XXXX It specifies the physical port to which the MAC address corresponds.

8.8 Time period
This section only applies to TEG5328P-24-410W&TEG5310P-8-150W.
Time Period is used to configure the specified date, cycle and time period to control the specified time periods during which the PoE function takes effect. Click Device Settings > Time Period to enter the page. On this page, you can configure the time according to actual situations.

Parameter description
Name ID Date Cycle
Time Period

Description It specifies the ID of the time period. It is used to specify the start and end dates. It is used to specify the days of the cycle. It is used to specify the period of time, and a maximum of 3 time periods are allowed.

If you configured only one of Date, Cycle, and Time Period, only the configured parameter is effective. If you configured two or three of the parameters, the overlap time is effective.
If you configured only the Time Period, the configured time period is effective every day by default.
If you configured only the Cycle, such as Mon., but did NOT configure the Time Period, all the 24 hours every Mon. are effective.

9 Visualization
This section only applies to TEG5310P-8-150W&TEG5312F. TEG5310P-8-150W is used as an example for illustration.
For some networks that do not access the internet (such as large or medium-sized security monitoring networks), Visualization function of this switch provides central management and maintenance for these networks. With the Visualization function, the switch can locally manage the devices in the network. Based on the LLDP, UPnP, ARP protocols, this function can automatically discover the devices connecting to this switch (such as router, switch, IP camera, AP and so on), and generate a network topology, on which you can view and configure the basic parameters of these devices.
9.1 Global
Click Visualization > Global to enter the page. On this page, you can view and configure the basic parameters of the devices connected to this switch.
95

Parameter description
Name

Description
It is used to refresh the network topology manually.
It is used to save the topology in PNG format locally.
It is used to clear the offline devices in the topology while removing all configuration of these devices on the Visualization page. With this function enabled, the network topology is refreshed automatically. Auto Refresh cycle: 10 minutes. With this function enabled, the switch's ports that are connected to the devices are displayed on the topology.
With this function enabled, the IP addresses and device names of the devices are displayed on the topology.

To search a device, click .
You can search the device by filtering the device type or directly enter the device name/IP address/MAC address in the search bar. Click the icon of the device, and you will be directed to the location of this device on the network topology.

You can zoom in or out the typology by clicking / or scrolling the mouse wheel.
96

You can view and modify related parameters of this switch by clicking the icon of this switch.
: It is used to refresh the network topology. : It is used to enable/disable each port, or enable/disable the PoE power supply function of each port. You can view and modify related parameters of other devices by clicking the icon of the device.
: It is used to enter the web login page of the device.
97

9.2 Device list
Click Visualization > Device List to enter the page. On this page, you can view and modify the basic information of all devices.

Parameter description
Name
Device Name
Device Type
Device Model Device Status MAC Address IP Address

Description

It specifies the name of the device. If it is blank, it indicates that there is no

corresponding field in the protocol message. You can click the device name.

to modify

The device name modified here is only displayed on the Visualization page, and the corresponding field in the protocol message will not be changed.

It specifies the type of the device. You can click type.

to modify the device

The device type modified here is only displayed on the Visualization page, and the corresponding field in the protocol message will not be changed.

It specifies the model of the device. If it is blank, it indicates that there is no

corresponding field in the protocol message. You can click the device model.

to modify

It specifies the online/offline status of the device.

It specifies the MAC address of the device.

It specifies the IP address of the device.

10 PoE management
This section only applies to TEG5328P-24-410W&TEG5310P-8-150W. TEG5328P-24-410W is used as an example for illustration.
10.1 Overview
PoE (Power over Ethernet, also known as remote Power supply) refers to the power supply of the device through external connection of the Ethernet cable to the PD (Powered Device), such as IP phone, wireless AP, network camera, and so on. The advantages of PoE power supply are shown as below:
- Convenient connection: Network terminal only needs an Ethernet cable instead of external power supply.
- Stability: PD supports PoE power and can be connected to other power supply to realize redundancy power supply.
- Standard: It complies with IEEE 802.3af and IEEE 802.3at standards, with globally unified power interface.
- Wide application: It can be used for IP phone, wireless AP (Access Point), portable device charger, card reader, webcam, data acquisition, and so on.
- All 1 - 24 ports (ports 1 - 8 for TEG5310P-8-150W) of this switch support PoE function, can automatically detect PD, and supply power for PD conforming to IEEE 802.3af and IEEE 802.3at standards. Due to the limited power of the system and each port, some configurations must be made for the switch in order to ensure the proper power for each PD and to make full use of the system power.
99

10.2 Global
Click PoE management > Global to enter the page. On this page, you can check the power supply information and configure the power management mode.

Parameter description
Name
Power Mode
Total Available Power Total Remaining Power PoE Chip Temperature

Description
It is used to select a power mode for PoE power supply of the switch. Static Allocation: It allows you to configure a power for each port of the
switch. When the switch supplies PoE power, the configured power will be compulsorily reserved to this port, and cannot be used by other ports. Dynamic Allocation: The switch allocates power based on the power consumed by each port. When reaching the full load, the switch allocates power based on the configured port priority (priority + port number). If the priorities are the same, the port with the smaller port number has a higher priority.
It specifies the maximum power supported by the switch.
It specifies the remaining power of the switch.
It specifies the temperature of the PoE chip.

100

10.3 Port settings
Click PoE Management > Port Configuration to enter the page. On this page, you can configure the PoE parameters of the ports of this switch.

Parameter description
Name Port
PoE Status
Power Standard Transmitted power PD Level
Priority

Description
It specifies the port number.
It specifies the PoE power supply status of the port. : The PoE power supply function of the port is enabled, and the power is
supplied normally. : The PoE power supply function of the port is enabled, but no power is
supplied. : The PoE power supply function of the port is disabled.
It specifies the power supply standard of the ports: AT (IEEE 802.3at) or AF (IEEE 802.3af). The maximum power of each port under the AT standard is 30 W while that under the AF standard is 15.4 W.
It specifies the real-time PoE power of the port.
It specifies the level of the PoE-powered device connected to the current port when the power supply is normal. The switch automatically obtains the device level.
It specifies the priority of the current port, which takes effect only when the Power Mode is set to Dynamic Allocation. A reasonable port priority ensures that specified ports can still supply power properly under the full load state. Among ports with different priorities, ports with higher priorities should be guaranteed the required

101

Name Static Allocation Power ID

Description power first. Among ports with a same priority, ports with smaller IDs should be guaranteed the required power first.
It specifies the static allocation power of the current port, which takes effect only when the Power Mode is set to Static Allocation.
It specifies the enabled period of the PoE function for the port, which needs to be set in the Time Period section. "--" indicates that the port is not assigned with the time period, and the PoE power is enabled all the time.

102

Appendix
A.1 Safety precautions
Before performing an operation, read the operation instructions and precautions to be taken, and follow them to prevent accidents. The warning and danger items in other documents do not cover all the safety precautions that must be followed. They are only supplementary information, the installation and maintenance personnel need to understand the basic safety precautions to be taken. 1. Do not use this apparatus near water. 2. Clean only with dry cloth. 3. Do not block any ventilation openings, such as newspapers, table-cloth, curtains, etc. 4. Do not install near any heat sources such as radiators, heat registers, stoves or other apparatus that produce heat. 5. Do not damage the ground conductor or operate the device in the absence of well installed ground conductor. Conduct the appropriate electrical inspection. 6. Protect the power cord from being walk on or pinched particularly at the plugs, convenience receptacles and at the point where they exit from the apparatus. 7. Only use attachments/accessories specified by the manufacturer. 8. Unplug this apparatus during lighting storms or when unused for long periods of time. 9. Mains plug is used as the disconnect device, the disconnect device shall remain readily operable. 10. Refer all servicing to qualified service personnel. Servicing is required when the apparatus has been damaged in any way, such as power-supply cord or plug is damaged, liquid has been spilled or objects have fallen into the apparatus, the apparatus has been exposed to rain or moisture, does not operate normally, or has been dropped. 11. Warning: To reduce the risk of fire or electric shock, do not expose this apparatus to rain or moisture. The apparatus shall not be exposed to dripping or splashing. 12. Warning: To reduce the risk of electric shock, do not remove cover as there no userserviceable parts inside. Refer servicing to qualified personnel.
103

A.2 Acronyms and Abbreviations

Acronym or Abbreviation ACL ARP CIST CST DHCP DoS IGMP IST LACP LLDP LLDPDUs MSTI MIB MSTP NMS OID PoE QoS RADIUS RSTP SNMP STP TPID TCI TCN BPDU TTL VLAN

Full Spelling Access Control List Address Resolution Protocol Common and Internal Spanning Tree Common Spanning Tree Dynamic Host Configuration Protocol Denial of Service Internet Group Management Protocol Internal Spanning Tree Link Aggregation Control Protocol Link Layer Discovery Protocol Link Layer Discovery Protocol Data Unit Multiple Spanning Tree Instance Management Information Base Multi Spanning Tree Protocol Network Management System Object Identifier Power over Ethernet Quality of Service Remote Authentication Dial-In User Service Rapid Spanning Tree Protocol Simple Network Management Protocol Spanning Tree Protocol Tag Protocol Identifier Tag Control Information Topology Change Notification BPDU Time to Live Virtual Local Area Network

104

References

Microsoft Word 2016