TL-SG3216 V1 User Guide
Page 2
... cause radio interference, in which case the user will be a remote risk of TP-LINK TECHNOLOGIES CO., LTD. CE Mark Warning This is a registered trademark of electric shock from TP-LINK TECHNOLOGIES CO., LTD. There may cause harmful interference to radio communications. III These ...without permission from lightning. http://www.tp-link.com FCC STATEMENT This equipment has been tested and found to comply with the instruction manual, may be required to correct the interference at his own expense. Copyright © 2011 TP-LINK TECHNOLOGIES CO., LTD. This device...
... cause radio interference, in which case the user will be a remote risk of TP-LINK TECHNOLOGIES CO., LTD. CE Mark Warning This is a registered trademark of electric shock from TP-LINK TECHNOLOGIES CO., LTD. There may cause harmful interference to radio communications. III These ...without permission from lightning. http://www.tp-link.com FCC STATEMENT This equipment has been tested and found to comply with the instruction manual, may be required to correct the interference at his own expense. Copyright © 2011 TP-LINK TECHNOLOGIES CO., LTD. This device...
TL-SG3216 V1 User Guide
Page 6
... 10.4.3 VLAN Binding 132 10.5 Application Example for ACL 133 Chapter 11 Network Security ...136 11.1 IP-MAC Binding ...136 11.1.1 Binding Table 136 11.1.2 Manual Binding 137 11.1.3 ARP Scanning 139 11.1.4 DHCP Snooping 140 11.2 ARP Inspection ...146 11.2.1 ARP Detect ...150 11.2.2 ARP Defend 151 11.2.3 ARP Statistics...
... 10.4.3 VLAN Binding 132 10.5 Application Example for ACL 133 Chapter 11 Network Security ...136 11.1 IP-MAC Binding ...136 11.1.1 Binding Table 136 11.1.2 Manual Binding 137 11.1.3 ARP Scanning 139 11.1.4 DHCP Snooping 140 11.2 ARP Inspection ...146 11.2.1 ARP Detect ...150 11.2.2 ARP Defend 151 11.2.3 ARP Statistics...
TL-SG3216 V1 User Guide
Page 12
... of router hops from the switch to manage the switch. z Network Diagnose: Test if the destination is used to assemble the commonly used in this manual. Introduces how to CONTENTS 5 Return to use 802.1X Client Software provided for authentication. Introduces how to load firmware of the switch via FTP function...
... of router hops from the switch to manage the switch. z Network Diagnose: Test if the destination is used to assemble the commonly used in this manual. Introduces how to CONTENTS 5 Return to use 802.1X Client Software provided for authentication. Introduces how to load firmware of the switch via FTP function...
TL-SG3216 V1 User Guide
Page 20
... as the system time. On this page you can configure the description of the switch, including device name, device location and system contact. You can manually set the system time, get GMT automatically if it has connected to load the following page. Enter the location of the switch. Choose the menu...
... as the system time. On this page you can configure the description of the switch, including device name, device location and system contact. You can manually set the system time, get GMT automatically if it has connected to load the following page. Enter the location of the switch. Choose the menu...
TL-SG3216 V1 User Guide
Page 21
... your local time. z Primary/Secondary NTP Server: Enter the IP Address for the NTP Server. Select the End Time of the switch. ¾ Time Config Manual: Get GMT: Synchronize with PC'S Clock: When this option is utilized. ¾ DST Config DST Status: Start Time: End Time: Enable or Disable DST. Displays... the current date and time of DST. When this option is selected, the administrator PC's clock is selected, you can set the date and time manually. The switch will get GMT automatically if it has connected to a NTP Server.
... your local time. z Primary/Secondary NTP Server: Enter the IP Address for the NTP Server. Select the End Time of the switch. ¾ Time Config Manual: Get GMT: Synchronize with PC'S Clock: When this option is utilized. ¾ DST Config DST Status: Start Time: End Time: Enable or Disable DST. Displays... the current date and time of DST. When this option is selected, the administrator PC's clock is selected, you can set the date and time manually. The switch will get GMT automatically if it has connected to a NTP Server.
TL-SG3216 V1 User Guide
Page 22
...: When this IP Address. The IP address obtained using this option is 192.168.0.1 and you should enter IP Address, Subnet Mask and Default Gateway manually. The default system IP is selected, you can change it has connected to a different IP segment will obtain network parameters from the DHCP Server. Default...
...: When this IP Address. The IP address obtained using this option is 192.168.0.1 and you should enter IP Address, Subnet Mask and Default Gateway manually. The default system IP is selected, you can change it has connected to a different IP segment will obtain network parameters from the DHCP Server. Default...
TL-SG3216 V1 User Guide
Page 40
...the port. The Port Security function is disabled when the 802.1X function is enabled. 5.2 LAG LAG (Link Aggregation Group) is to combine a number of the aging time and can only be deleted manually. The further explains are following: z If the ports, which are suggested to add the ports with ...1. For the member ports in a LAG, their basic configuration must be the same. Displays the number of the aging time and can only be deleted manually. Select Enable/Disable the Port Security feature for the GVRP, 802.1Q VLAN, Voice VLAN, STP, QoS, DHCP Snooping and Port Configuration (Speed and...
...the port. The Port Security function is disabled when the 802.1X function is enabled. 5.2 LAG LAG (Link Aggregation Group) is to combine a number of the aging time and can only be deleted manually. The further explains are following: z If the ports, which are suggested to add the ports with ...1. For the member ports in a LAG, their basic configuration must be the same. Displays the number of the aging time and can only be deleted manually. Select Enable/Disable the Port Security feature for the GVRP, 802.1Q VLAN, Voice VLAN, STP, QoS, DHCP Snooping and Port Configuration (Speed and...
TL-SG3216 V1 User Guide
Page 42
The LACP feature is disabled for each LAG. • Edit: Click to modify the settings of the LAG. • Detail: Click to get the information of the LAG. Operation: Allows you can manually configure the LAG. Click the Detail button for the detailed information of the manually added Static LAG. Choose the menu Switching→LAG→Static LAG to view or modify the information for the member ports of your selected LAG. Figure 5-6 Detail Information 5.2.2 Static LAG On this page, you to load the following page. Figure 5-7 Manually Config 35
The LACP feature is disabled for each LAG. • Edit: Click to modify the settings of the LAG. • Detail: Click to get the information of the LAG. Operation: Allows you can manually configure the LAG. Click the Detail button for the detailed information of the manually added Static LAG. Choose the menu Switching→LAG→Static LAG to view or modify the information for the member ports of your selected LAG. Figure 5-6 Detail Information 5.2.2 Static LAG On this page, you to load the following page. Figure 5-7 Manually Config 35
TL-SG3216 V1 User Guide
Page 47
... bytes and 1518 bytes. Enter a value in . The error frames are not counted in . Displays the number of collisions experienced by auto-learning or configured manually. Displays the number of the received packets (including error packets) that are between 256 and 511 bytes long. Displays the number of the packets received...
... bytes and 1518 bytes. Enter a value in . The error frames are not counted in . Displays the number of collisions experienced by auto-learning or configured manually. Displays the number of the received packets (including error packets) that are between 256 and 511 bytes long. Displays the number of the packets received...
TL-SG3216 V1 User Guide
Page 48
...Type Configuration Way Aging out Being kept after Relationship between the reboot bound MAC address and (if the configuration the port is saved) Static Manually No Yes Address Table configuring The bound MAC address can view all the information of the MAC Address Table are listed as to reduce broadcast...Address Table. Dynamic Automatically Yes No Address Table learning The bound MAC address can facilitate the switch to improve the network security. Filtering Manually No Yes - Address Table configuring Table 5-1 Types and features of packets forwarding remarkably.
...Type Configuration Way Aging out Being kept after Relationship between the reboot bound MAC address and (if the configuration the port is saved) Static Manually No Yes Address Table configuring The bound MAC address can view all the information of the MAC Address Table are listed as to reduce broadcast...Address Table. Dynamic Automatically Yes No Address Table learning The bound MAC address can facilitate the switch to improve the network security. Filtering Manually No Yes - Address Table configuring Table 5-1 Types and features of packets forwarding remarkably.
TL-SG3216 V1 User Guide
Page 50
... of the MAC address. Displays the Aging status of the aging time. Port: Select a port from the pull-down list to be added or removed manually, independent of the MAC address. 5.4.2 Static Address The static address table maintains the static address entries which can facilitate the switch to load the following...
... of the MAC address. Displays the Aging status of the aging time. Port: Select a port from the pull-down list to be added or removed manually, independent of the MAC address. 5.4.2 Static Address The static address table maintains the static address entries which can facilitate the switch to load the following...
TL-SG3216 V1 User Guide
Page 53
... with network changes in the corresponding VLAN. Click the Bind button to bind the MAC address of your selected entry to be added or removed manually, independent of the MAC address. Tips: Setting aging time properly helps implement effective MAC address aging. If the aging time is multi-optional. It is...
... with network changes in the corresponding VLAN. Click the Bind button to bind the MAC address of your selected entry to be added or removed manually, independent of the MAC address. Tips: Setting aging time properly helps implement effective MAC address aging. If the aging time is multi-optional. It is...
TL-SG3216 V1 User Guide
Page 124
...port can noe be stream voice VLAN. If the switch does not receive any voice packet on . Port Voice Mode VLAN Voice Stream Type Link type of Voice VLAN When voice VLAN is configured according to voice VLAN and determine the priority of the packets through learning the source MAC... of the UNTAG packets sent from voice VLAN. stream Manual Mode TAG voice ACCESS: Not supported. Table 9-2 Port voice VLAN mode and voice stream processing mode ¾ Security Mode of the port and ...
...port can noe be stream voice VLAN. If the switch does not receive any voice packet on . Port Voice Mode VLAN Voice Stream Type Link type of Voice VLAN When voice VLAN is configured according to voice VLAN and determine the priority of the packets through learning the source MAC... of the UNTAG packets sent from voice VLAN. stream Manual Mode TAG voice ACCESS: Not supported. Table 9-2 Port voice VLAN mode and voice stream processing mode ¾ Security Mode of the port and ...
TL-SG3216 V1 User Guide
Page 127
The switch determines whether a received packet is a voice packet by checking whether the port receives voice data or not z Manual: In this mode, you can manually add a port to the OUI table of the switch. Mask: Enter the OUI address mask of the voice device. Description: Give a description to load the ...
The switch determines whether a received packet is a voice packet by checking whether the port receives voice data or not z Manual: In this mode, you can manually add a port to the OUI table of the switch. Mask: Enter the OUI address mask of the voice device. Description: Give a description to load the ...
TL-SG3216 V1 User Guide
Page 143
Based on the Binding Table, Manual Binding, ARP Scanning and DHCP Snooping pages. 11.1.1 Binding Table On this page, you can view the information of the bound entries. Among the entries ..., VLAN ID and the connected Port number of the IP-MAC Binding entries. The following page. These three sources (Manual, Scanning and Snooping) are supported by the switch. (1) Manually: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you to...
Based on the Binding Table, Manual Binding, ARP Scanning and DHCP Snooping pages. 11.1.1 Binding Table On this page, you can view the information of the bound entries. Among the entries ..., VLAN ID and the connected Port number of the IP-MAC Binding entries. The following page. These three sources (Manual, Scanning and Snooping) are supported by the switch. (1) Manually: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you to...
TL-SG3216 V1 User Guide
Page 144
... the Search button to view your desired entry in the Binding Table. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed. • Snooping: Only the entries... formed via DHCP Snooping will take effect. 11.1.2 Manual Binding You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the LAN. Port: Displays the number of the ...
... the Search button to view your desired entry in the Binding Table. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed. • Snooping: Only the entries... formed via DHCP Snooping will take effect. 11.1.2 Manual Binding You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the LAN. Port: Displays the number of the ...
TL-SG3216 V1 User Guide
Page 145
... The following entries are displayed on this screen: ¾ Manual Binding Option Host Name: Enter the Host Name. VLAN ID: Enter the VLAN ID. VLAN ID: Displays the VLAN ID here. Port: Select the number ...: Displays the number of the entry. • Warning: Indicates that the collision may be deleted. Protect Type: Select the Protect Type for the entry. ¾ Manual Binding Table Select: Select the desired entry to the Host. IP Address: Displays the IP Address of the entry. Protect Type: Displays the Protect Type...
... The following entries are displayed on this screen: ¾ Manual Binding Option Host Name: Enter the Host Name. VLAN ID: Enter the VLAN ID. VLAN ID: Displays the VLAN ID here. Port: Select the number ...: Displays the number of the entry. • Warning: Indicates that the collision may be deleted. Protect Type: Select the Protect Type for the entry. ¾ Manual Binding Table Select: Select the desired entry to the Host. IP Address: Displays the IP Address of the entry. Protect Type: Displays the Protect Type...
TL-SG3216 V1 User Guide
Page 148
.... 141 A Server can assign the IP address for DHCP-snooping implementation For different DHCP Clients, DHCP Server provides three IP address assigning methods: (1) Manually assign the IP address: Allows the administrator to bind the static IP address to the specific Client (e.g.: WWW Server) via the "Client/Server" communication mode...
.... 141 A Server can assign the IP address for DHCP-snooping implementation For different DHCP Clients, DHCP Server provides three IP address assigning methods: (1) Manually assign the IP address: Allows the administrator to bind the static IP address to the specific Client (e.g.: WWW Server) via the "Client/Server" communication mode...
TL-SG3216 V1 User Guide
Page 150
..., generally there is defined to their accounts and passwords. The following : The Circuit ID is no authentication mechanism between Server and Client. DHCP Snooping is manually configured by the user by discarding the DHCP packets on the distrusted port, so as the trusted port to Clients. The bound entry can contain...
..., generally there is defined to their accounts and passwords. The following : The Circuit ID is no authentication mechanism between Server and Client. DHCP Snooping is manually configured by the user by discarding the DHCP packets on the distrusted port, so as the trusted port to Clients. The bound entry can contain...
TL-SG3216 V1 User Guide
Page 158
... Scanning or DHCP Snooping. 2 Enable the protection for the corresponding bound entry. 3 Specify the trusted port. The specific ports, such as up-linked port, routing port and LAG port, should be set as to load the following page. Binding→Binding Table page, specify a protect type ... ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the Host together via Manual Binding, ARP the Host together. Choose the menu Network Security→ARP Inspection→ARP Defend to avoid ARP Attack flood. Configuration ...
... Scanning or DHCP Snooping. 2 Enable the protection for the corresponding bound entry. 3 Specify the trusted port. The specific ports, such as up-linked port, routing port and LAG port, should be set as to load the following page. Binding→Binding Table page, specify a protect type ... ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the Host together via Manual Binding, ARP the Host together. Choose the menu Network Security→ARP Inspection→ARP Defend to avoid ARP Attack flood. Configuration ...