TL-SG3216 V1 User Guide
Page 2
... and, if not installed and used in accordance with the instruction manual, may be required to make any means or used to correct the interference at his own expense. Operation of electric shock from TP-LINK TECHNOLOGIES CO., LTD. This device complies with the limits for a... NOTICES Caution: Do not use this product during an electrical storm. Other brands and product names are trademarks or registered trademarks of TP-LINK TECHNOLOGIES CO., LTD. All rights reserved. Avoid using this product near a swimming pool. COPYRIGHT & TRADEMARKS Specifications are subject to provide...
... and, if not installed and used in accordance with the instruction manual, may be required to make any means or used to correct the interference at his own expense. Operation of electric shock from TP-LINK TECHNOLOGIES CO., LTD. This device complies with the limits for a... NOTICES Caution: Do not use this product during an electrical storm. Other brands and product names are trademarks or registered trademarks of TP-LINK TECHNOLOGIES CO., LTD. All rights reserved. Avoid using this product near a swimming pool. COPYRIGHT & TRADEMARKS Specifications are subject to provide...
TL-SG3216 V1 User Guide
Page 6
... 10.4.3 VLAN Binding 132 10.5 Application Example for ACL 133 Chapter 11 Network Security ...136 11.1 IP-MAC Binding ...136 11.1.1 Binding Table 136 11.1.2 Manual Binding 137 11.1.3 ARP Scanning 139 11.1.4 DHCP Snooping 140 11.2 ARP Inspection ...146 11.2.1 ARP Detect ...150 11.2.2 ARP Defend 151 11.2.3 ARP Statistics...
... 10.4.3 VLAN Binding 132 10.5 Application Example for ACL 133 Chapter 11 Network Security ...136 11.1 IP-MAC Binding ...136 11.1.1 Binding Table 136 11.1.2 Manual Binding 137 11.1.3 ARP Scanning 139 11.1.4 DHCP Snooping 140 11.2 ARP Inspection ...146 11.2.1 ARP Detect ...150 11.2.2 ARP Defend 151 11.2.3 ARP Statistics...
TL-SG3216 V1 User Guide
Page 12
Introduces how to CONTENTS 5 Return to configure the PCs. z Network Diagnose: Test if the destination is used to assemble the commonly used in this manual. Introduces how to load firmware of the switch via FTP function. Introduces how to use 802.1X Client Software provided for authentication. z Device Diagnose: Test ...
Introduces how to CONTENTS 5 Return to configure the PCs. z Network Diagnose: Test if the destination is used to assemble the commonly used in this manual. Introduces how to load firmware of the switch via FTP function. Introduces how to use 802.1X Client Software provided for authentication. z Device Diagnose: Test ...
TL-SG3216 V1 User Guide
Page 20
... Time is the time displayed while the switch is running. Tx: Select Tx to load the following entries are displayed on this page you can manually set the system time, get GMT automatically if it has connected to load the following page. 13 Choose the menu System→System Info→...
... Time is the time displayed while the switch is running. Tx: Select Tx to load the following entries are displayed on this page you can manually set the system time, get GMT automatically if it has connected to load the following page. 13 Choose the menu System→System Info→...
TL-SG3216 V1 User Guide
Page 21
...: System Current Time Mode: Displays the current date and time of the switch. ¾ Time Config Manual: Get GMT: Synchronize with PC'S Clock: When this option is selected, you can set the date and time manually. The switch will get GMT automatically if it has connected to a NTP Server. When this option...
...: System Current Time Mode: Displays the current date and time of the switch. ¾ Time Config Manual: Get GMT: Synchronize with PC'S Clock: When this option is selected, you can set the date and time manually. The switch will get GMT automatically if it has connected to a NTP Server. When this option...
TL-SG3216 V1 User Guide
Page 22
... configure the system IP of the switch. z DHCP: When this option is 192.168.0.1 and you should enter IP Address, Subnet Mask and Default Gateway manually. Subnet Mask: Enter the subnet mask of the switch. Default Gateway: Enter the default gateway of the switch. On this IP Address. Changing the IP...
... configure the system IP of the switch. z DHCP: When this option is 192.168.0.1 and you should enter IP Address, Subnet Mask and Default Gateway manually. Subnet Mask: Enter the subnet mask of the switch. Default Gateway: Enter the default gateway of the switch. On this IP Address. Changing the IP...
TL-SG3216 V1 User Guide
Page 40
... the Port Security feature for Port Security configuration. The Port Security function is disabled when the 802.1X function is enabled. 5.2 LAG LAG (Link Aggregation Group) is selected, the learned MAC address will be cleared after the aging time. • Static: When Static mode is to the... the Learn Mode for the Port Security, Port Mirror, MAC Address Filtering, Static MAC Address Binding and 802.1X Authentication, can be deleted manually. The further explains are following: z If the ports, which are suggested to add the ports with ARP Inspection and DoS Defend enabled to...
... the Port Security feature for Port Security configuration. The Port Security function is disabled when the 802.1X function is enabled. 5.2 LAG LAG (Link Aggregation Group) is selected, the learned MAC address will be cleared after the aging time. • Static: When Static mode is to the... the Learn Mode for the Port Security, Port Mirror, MAC Address Filtering, Static MAC Address Binding and 802.1X Authentication, can be deleted manually. The further explains are following: z If the ports, which are suggested to add the ports with ARP Inspection and DoS Defend enabled to...
TL-SG3216 V1 User Guide
Page 42
Figure 5-6 Detail Information 5.2.2 Static LAG On this page, you to view or modify the information for each LAG. • Edit: Click to modify the settings of the LAG. Operation: Allows you can manually configure the LAG. Figure 5-7 Manually Config 35 Click the Detail button for the member ports of your selected LAG. Choose the menu Switching→LAG→Static LAG to get the information of the LAG. • Detail: Click to load the following page. The LACP feature is disabled for the detailed information of the manually added Static LAG.
Figure 5-6 Detail Information 5.2.2 Static LAG On this page, you to view or modify the information for each LAG. • Edit: Click to modify the settings of the LAG. Operation: Allows you can manually configure the LAG. Figure 5-7 Manually Config 35 Click the Detail button for the member ports of your selected LAG. Choose the menu Switching→LAG→Static LAG to get the information of the LAG. • Detail: Click to load the following page. The LACP feature is disabled for the detailed information of the manually added Static LAG.
TL-SG3216 V1 User Guide
Page 47
... bytes. Displays the number of good unicast packets received or transmitted on the port. Displays the number of collisions experienced by auto-learning or configured manually. Most the entries are not counted in seconds to Enable/Disable refreshing the Traffic Summary automatically. Displays the number of the packets. The entries in...
... bytes. Displays the number of good unicast packets received or transmitted on the port. Displays the number of collisions experienced by auto-learning or configured manually. Most the entries are not counted in seconds to Enable/Disable refreshing the Traffic Summary automatically. Displays the number of the packets. The entries in...
TL-SG3216 V1 User Guide
Page 48
...Table learning The bound MAC address can facilitate the switch to reduce broadcast packets and enhance the efficiency of the Address Table. Filtering Manually No Yes - updated by the other ports in the same VLAN. In the stable networks, the static MAC address entries can ... Way Aging out Being kept after Relationship between the reboot bound MAC address and (if the configuration the port is saved) Static Manually No Yes Address Table configuring The bound MAC address can view all the information of packets forwarding remarkably. Choose the menu Switching→...
...Table learning The bound MAC address can facilitate the switch to reduce broadcast packets and enhance the efficiency of the Address Table. Filtering Manually No Yes - updated by the other ports in the same VLAN. In the stable networks, the static MAC address entries can ... Way Aging out Being kept after Relationship between the reboot bound MAC address and (if the configuration the port is saved) Static Manually No Yes Address Table configuring The bound MAC address can view all the information of packets forwarding remarkably. Choose the menu Switching→...
TL-SG3216 V1 User Guide
Page 50
... the MAC address. In the stable networks, the static MAC address entries can be displayed in the static learning mode will be added or removed manually, independent of packets forwarding without learning the address. MAC Address: VLAN ID: Port: Type: Aging Status: Displays the MAC address learned by the port with...
... the MAC address. In the stable networks, the static MAC address entries can be displayed in the static learning mode will be added or removed manually, independent of packets forwarding without learning the address. MAC Address: VLAN ID: Port: Type: Aging Status: Displays the MAC address learned by the port with...
TL-SG3216 V1 User Guide
Page 53
... the switch to filter the packets which includes this MAC address as the source address or destination address, so as to be added or removed manually, independent of the MAC address. The filtering MAC address entries act on all the ports in time. Figure 5-14 Filtering Address 46 If the aging...
... the switch to filter the packets which includes this MAC address as the source address or destination address, so as to be added or removed manually, independent of the MAC address. The filtering MAC address entries act on all the ports in time. Figure 5-14 Filtering Address 46 If the aging...
TL-SG3216 V1 User Guide
Page 124
... assign ACL rules and configure the priority of the packets through learning the source MAC of the UNTAG packets sent from voice device and the link type of the voice VLAN. The default VLAN of the port and processing mode Automatic Mode TAG voice ACCESS: Not supported. Automatic Mode: In this...:Supported. If security mode is not enabled, the port forwards all the packets. 117 UNTAG voice ACCESS、TRUNK、GENERAL: Not supported. stream Manual Mode TAG voice ACCESS: Not supported. The default VLAN of the port can operate in two modes: automatic mode and...
... assign ACL rules and configure the priority of the packets through learning the source MAC of the UNTAG packets sent from voice device and the link type of the voice VLAN. The default VLAN of the port and processing mode Automatic Mode TAG voice ACCESS: Not supported. Automatic Mode: In this...:Supported. If security mode is not enabled, the port forwards all the packets. 117 UNTAG voice ACCESS、TRUNK、GENERAL: Not supported. stream Manual Mode TAG voice ACCESS: Not supported. The default VLAN of the port can operate in two modes: automatic mode and...
TL-SG3216 V1 User Guide
Page 127
... the voice device. The switch determines whether a received packet is a voice packet by checking whether the port receives voice data or not z Manual: In this mode, you can manually add a port to the voice VLAN or remove a port from the voice VLAN. The switch analyzes the received packets and the packets recognized...
... the voice device. The switch determines whether a received packet is a voice packet by checking whether the port receives voice data or not z Manual: In this mode, you can manually add a port to the voice VLAN or remove a port from the voice VLAN. The switch analyzes the received packets and the packets recognized...
TL-SG3216 V1 User Guide
Page 143
... and Snooping) are supported by the switch. (1) Manually: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you to bind the IP address, MAC address, ... the entries in descending order of priority. Figure 11-1 Binding Table 136 Chapter 11 Network Security Network Security module is implemented on the Binding Table, Manual Binding, ARP Scanning and DHCP Snooping pages. 11.1.1 Binding Table On this page, you can quickly get the information of the IP address, MAC address...
... and Snooping) are supported by the switch. (1) Manually: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you to bind the IP address, MAC address, ... the entries in descending order of priority. Figure 11-1 Binding Table 136 Chapter 11 Network Security Network Security module is implemented on the Binding Table, Manual Binding, ARP Scanning and DHCP Snooping pages. 11.1.1 Binding Table On this page, you can quickly get the information of the IP address, MAC address...
TL-SG3216 V1 User Guide
Page 144
...here. Source: Displays the Source of the Host. Protect Type: Allows you entered. Choose the menu Network Security→IP-MAC Binding→Manual Binding to modify the Host Name and Protect Type. VLAN ID: Displays the VLAN ID here. Select: Select the desired entry to load ... the Search button to view your desired entry in the Binding Table. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed. • Snooping: Only the entries...
...here. Source: Displays the Source of the Host. Protect Type: Allows you entered. Choose the menu Network Security→IP-MAC Binding→Manual Binding to modify the Host Name and Protect Type. VLAN ID: Displays the VLAN ID here. Select: Select the desired entry to load ... the Search button to view your desired entry in the Binding Table. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed. • Snooping: Only the entries...
TL-SG3216 V1 User Guide
Page 145
...Port: Displays the number of the entry. VLAN ID: Enter the VLAN ID. Protect Type: Select the Protect Type for the entry. ¾ Manual Binding Table Select: Select the desired entry to the Host. Host Name: Displays the Host Name here. MAC Address: Displays the MAC Address of the... Host. VLAN ID: Displays the VLAN ID here. It is multi-optional. Figure 11-2 Manual Binding The following entries are displayed on this screen: ¾ Manual Binding Option Host Name: Enter the Host Name. MAC Address: Enter the MAC Address of port connected to the ...
...Port: Displays the number of the entry. VLAN ID: Enter the VLAN ID. Protect Type: Select the Protect Type for the entry. ¾ Manual Binding Table Select: Select the desired entry to the Host. Host Name: Displays the Host Name here. MAC Address: Displays the MAC Address of the... Host. VLAN ID: Displays the VLAN ID here. It is multi-optional. Figure 11-2 Manual Binding The following entries are displayed on this screen: ¾ Manual Binding Option Host Name: Enter the Host Name. MAC Address: Enter the MAC Address of port connected to the ...
TL-SG3216 V1 User Guide
Page 148
... source. The Client applies to the Server for DHCP-snooping implementation For different DHCP Clients, DHCP Server provides three IP address assigning methods: (1) Manually assign the IP address: Allows the administrator to bind the static IP address to the specific Client (e.g.: WWW Server) via the "Client/Server" communication mode...
... source. The Client applies to the Server for DHCP-snooping implementation For different DHCP Clients, DHCP Server provides three IP address assigning methods: (1) Manually assign the IP address: Allows the administrator to bind the static IP address to the specific Client (e.g.: WWW Server) via the "Client/Server" communication mode...
TL-SG3216 V1 User Guide
Page 150
... IP addresses of the Host for automatic binding. Option 82 can cooperate with the ARP Inspection and the other parameters to Clients. Since there is manually configured by the user by discarding the DHCP packets on the distrusted port, so as to induce the users to the evil financial website or...
... IP addresses of the Host for automatic binding. Option 82 can cooperate with the ARP Inspection and the other parameters to Clients. Since there is manually configured by the user by discarding the DHCP packets on the distrusted port, so as to induce the users to the evil financial website or...
TL-SG3216 V1 User Guide
Page 158
The specific ports, such as up-linked port, routing port and LAG port, should be set as to load the following page. On the Network Security→ARP Inspection→ARP Detect ... With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the Host together via Manual Binding, ARP the Host together. On the Network Security→IP-MAC bound entry. On the Network Security→ARP Inspection→ARP Detect page...
The specific ports, such as up-linked port, routing port and LAG port, should be set as to load the following page. On the Network Security→ARP Inspection→ARP Detect ... With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the Host together via Manual Binding, ARP the Host together. On the Network Security→IP-MAC bound entry. On the Network Security→ARP Inspection→ARP Detect page...