TL-SG3216 V1 User Guide
Page 2
...designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. Operation of electric shock from TP-LINK TECHNOLOGIES CO., LTD. Avoid using this product near water, for example, in which case the user may cause undesired operation.... basement or near a swimming pool. Any changes or modifications not expressly approved by any means or used in accordance with the instruction manual, may cause radio interference, in any form or by the party responsible for a Class A digital device, pursuant to radio communications...
...designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. Operation of electric shock from TP-LINK TECHNOLOGIES CO., LTD. Avoid using this product near water, for example, in which case the user may cause undesired operation.... basement or near a swimming pool. Any changes or modifications not expressly approved by any means or used in accordance with the instruction manual, may cause radio interference, in any form or by the party responsible for a Class A digital device, pursuant to radio communications...
TL-SG3216 V1 User Guide
Page 6
... 10.4.3 VLAN Binding 132 10.5 Application Example for ACL 133 Chapter 11 Network Security ...136 11.1 IP-MAC Binding ...136 11.1.1 Binding Table 136 11.1.2 Manual Binding 137 11.1.3 ARP Scanning 139 11.1.4 DHCP Snooping 140 11.2 ARP Inspection ...146 11.2.1 ARP Detect ...150 11.2.2 ARP Defend 151 11.2.3 ARP Statistics...
... 10.4.3 VLAN Binding 132 10.5 Application Example for ACL 133 Chapter 11 Network Security ...136 11.1 IP-MAC Binding ...136 11.1.1 Binding Table 136 11.1.2 Manual Binding 137 11.1.3 ARP Scanning 139 11.1.4 DHCP Snooping 140 11.2 ARP Inspection ...146 11.2.1 ARP Detect ...150 11.2.2 ARP Defend 151 11.2.3 ARP Statistics...
TL-SG3216 V1 User Guide
Page 12
... via FTP function. z Log: View configuration parameters on the switch. z Network Diagnose: Test if the destination is used to assemble the commonly used in this manual. z Device Diagnose: Test the connection status of the switch and the connected device are available. Lists the hardware specifications of the switch. Here mainly introduces...
... via FTP function. z Log: View configuration parameters on the switch. z Network Diagnose: Test if the destination is used to assemble the commonly used in this manual. z Device Diagnose: Test the connection status of the switch and the connected device are available. Lists the hardware specifications of the switch. Here mainly introduces...
TL-SG3216 V1 User Guide
Page 20
... time displayed while the switch is running. Choose the menu System→System Info→System Time to load the following page. 13 You can manually set the system time, get GMT automatically if it has connected to display the bandwidth utilization of sending packets on this port. 4.1.2 Device Description On...
... time displayed while the switch is running. Choose the menu System→System Info→System Time to load the following page. 13 You can manually set the system time, get GMT automatically if it has connected to display the bandwidth utilization of sending packets on this port. 4.1.2 Device Description On...
TL-SG3216 V1 User Guide
Page 21
...: System Current Time Mode: Displays the current date and time of the switch. ¾ Time Config Manual: Get GMT: Synchronize with PC'S Clock: When this option is selected, you can set the date and time manually. Select the Start Time of DST. 14 The switch will get GMT automatically if it has...
...: System Current Time Mode: Displays the current date and time of the switch. ¾ Time Config Manual: Get GMT: Synchronize with PC'S Clock: When this option is selected, you can set the date and time manually. Select the Start Time of DST. 14 The switch will get GMT automatically if it has...
TL-SG3216 V1 User Guide
Page 22
Note: 1. The default system IP is restarted and you should enter IP Address, Subnet Mask and Default Gateway manually. Default Gateway: Enter the default gateway of the switch. You can log on this option is selected, the switch will obtain network parameters from the ...
Note: 1. The default system IP is restarted and you should enter IP Address, Subnet Mask and Default Gateway manually. Default Gateway: Enter the default gateway of the switch. You can log on this option is selected, the switch will obtain network parameters from the ...
TL-SG3216 V1 User Guide
Page 40
... Learning mode and other functions for the LAG port member. z The ports, which are in a LAG, their basic configuration must be deleted manually. z It's not suggested to implement the traffic load sharing among the member ports in an aggregation group, their configurations should be out of the... port is disabled for the member ports. 33 The Port Security function is disabled when the 802.1X function is enabled. 5.2 LAG LAG (Link Aggregation Group) is multi-optional. Displays the port number. The further explains are following: z If the ports, which are suggested to add the...
... Learning mode and other functions for the LAG port member. z The ports, which are in a LAG, their basic configuration must be deleted manually. z It's not suggested to implement the traffic load sharing among the member ports in an aggregation group, their configurations should be out of the... port is disabled for the member ports. 33 The Port Security function is disabled when the 802.1X function is enabled. 5.2 LAG LAG (Link Aggregation Group) is multi-optional. Displays the port number. The further explains are following: z If the ports, which are suggested to add the...
TL-SG3216 V1 User Guide
Page 42
Figure 5-6 Detail Information 5.2.2 Static LAG On this page, you to view or modify the information for each LAG. • Edit: Click to modify the settings of the LAG. • Detail: Click to load the following page. The LACP feature is disabled for the detailed information of the manually added Static LAG. Figure 5-7 Manually Config 35 Choose the menu Switching→LAG→Static LAG to get the information of the LAG. Click the Detail button for the member ports of your selected LAG. Operation: Allows you can manually configure the LAG.
Figure 5-6 Detail Information 5.2.2 Static LAG On this page, you to view or modify the information for each LAG. • Edit: Click to modify the settings of the LAG. • Detail: Click to load the following page. The LACP feature is disabled for the detailed information of the manually added Static LAG. Figure 5-7 Manually Config 35 Choose the menu Switching→LAG→Static LAG to get the information of the LAG. Click the Detail button for the member ports of your selected LAG. Operation: Allows you can manually configure the LAG.
TL-SG3216 V1 User Guide
Page 47
... number and click the Select button to Enable/Disable refreshing the Traffic Summary automatically. Displays the details of collisions experienced by auto-learning or configured manually. Displays the number of good broadcast packets received or transmitted on the port. Address Table contains the port-based MAC address information, which is between...
... number and click the Select button to Enable/Disable refreshing the Traffic Summary automatically. Displays the details of collisions experienced by auto-learning or configured manually. Displays the number of good broadcast packets received or transmitted on the port. Address Table contains the port-based MAC address information, which is between...
TL-SG3216 V1 User Guide
Page 48
... Configuration Way Aging out Being kept after Relationship between the reboot bound MAC address and (if the configuration the port is saved) Static Manually No Yes Address Table configuring The bound MAC address can view all the information of the MAC Address Table are listed as to improve... address entries can be learned by the other ports in the same VLAN. The types and the features of the Address Table. Filtering Manually No Yes - Choose the menu Switching→MAC Address→Address Table to reduce broadcast packets and enhance the efficiency of Address Table...
... Configuration Way Aging out Being kept after Relationship between the reboot bound MAC address and (if the configuration the port is saved) Static Manually No Yes Address Table configuring The bound MAC address can view all the information of the MAC Address Table are listed as to improve... address entries can be learned by the other ports in the same VLAN. The types and the features of the Address Table. Filtering Manually No Yes - Choose the menu Switching→MAC Address→Address Table to reduce broadcast packets and enhance the efficiency of Address Table...
TL-SG3216 V1 User Guide
Page 50
.... VLAN ID: Enter the corresponding VLAN ID of the MAC address. In the stable networks, the static MAC address entries can be added or removed manually, independent of packets forwarding without learning the address. MAC Address: VLAN ID: Port: Type: Aging Status: Displays the MAC address learned by the port with...
.... VLAN ID: Enter the corresponding VLAN ID of the MAC address. In the stable networks, the static MAC address entries can be added or removed manually, independent of packets forwarding without learning the address. MAC Address: VLAN ID: Port: Type: Aging Status: Displays the MAC address learned by the port with...
TL-SG3216 V1 User Guide
Page 53
... default value. 5.4.4 Filtering Address The filtering address is multi-optional. Choose the menu Switching→MAC Address→Filtering Address to be added or removed manually, independent of the switch. Displays the dynamic MAC Address. It is to forbid the undesired packets to load the following page. Displays the Type of...
... default value. 5.4.4 Filtering Address The filtering address is multi-optional. Choose the menu Switching→MAC Address→Filtering Address to be added or removed manually, independent of the switch. Displays the dynamic MAC Address. It is to forbid the undesired packets to load the following page. Displays the Type of...
TL-SG3216 V1 User Guide
Page 124
... port and processing mode Automatic Mode TAG voice ACCESS: Not supported. Voice ports are automatically added into or removed from voice device and the link type of the port can not be voice VLAN. The following table shows the detailed information. GENERAL: Supported. The default VLAN of the ...to voice VLAN and determine the priority of the packets through learning the source MAC of the access port in two modes: automatic mode and manual mode. stream TRUNK:Supported. UNTAG voice ACCESS: Supported. The default VLAN of the port can noe be voice VLAN and the egress ...
... port and processing mode Automatic Mode TAG voice ACCESS: Not supported. Voice ports are automatically added into or removed from voice device and the link type of the port can not be voice VLAN. The following table shows the detailed information. GENERAL: Supported. The default VLAN of the ...to voice VLAN and determine the priority of the packets through learning the source MAC of the access port in two modes: automatic mode and manual mode. stream TRUNK:Supported. UNTAG voice ACCESS: Supported. The default VLAN of the port can noe be voice VLAN and the egress ...
TL-SG3216 V1 User Guide
Page 127
... menu QoS→Voice VLAN→OUI Config to load the following entries are forwarded. z Disable: All packets are displayed on this mode, you can manually add a port to join the voice VLAN. Configure the security mode for forwarding packets. The switch determines whether a received packet is a voice packet by checking...
... menu QoS→Voice VLAN→OUI Config to load the following entries are forwarded. z Disable: All packets are displayed on this mode, you can manually add a port to join the voice VLAN. Configure the security mode for forwarding packets. The switch determines whether a received packet is a voice packet by checking...
TL-SG3216 V1 User Guide
Page 143
...the Hosts in descending order of the IP-MAC Binding entries. Chapter 11 Network Security Network Security module is implemented on the Binding Table, Manual Binding, ARP Scanning and DHCP Snooping pages. 11.1.1 Binding Table On this page, you can view the information of the bound entries. Please... the multiple protection measures for automatic binding. Based on the ARP Scanning page for the scanning. (3) DHCP Snooping: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you can quickly get the information of...
...the Hosts in descending order of the IP-MAC Binding entries. Chapter 11 Network Security Network Security module is implemented on the Binding Table, Manual Binding, ARP Scanning and DHCP Snooping pages. 11.1.1 Binding Table On this page, you can view the information of the bound entries. Please... the multiple protection measures for automatic binding. Based on the ARP Scanning page for the scanning. (3) DHCP Snooping: You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that you can quickly get the information of...
TL-SG3216 V1 User Guide
Page 144
... and modify the Protect Type of the Hosts in the Binding Table. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed. • Snooping: Only the entries...the entry. Note: 1 Among the entries with Critical collision level, the one with the highest Source priority will take effect. 11.1.2 Manual Binding You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that the collision may be displayed. ¾...
... and modify the Protect Type of the Hosts in the Binding Table. • All: All the bound entries will be displayed. • Manual: Only the manually added entries will be displayed. • Scanning: Only the entries formed via ARP Scanning will be displayed. • Snooping: Only the entries...the entry. Note: 1 Among the entries with Critical collision level, the one with the highest Source priority will take effect. 11.1.2 Manual Binding You can manually bind the IP address, MAC address, VLAN ID and the Port number together in the condition that the collision may be displayed. ¾...
TL-SG3216 V1 User Guide
Page 145
...is multi-optional. Port: Displays the number of port connected to the Host. Protect Type: Select the Protect Type for the entry. ¾ Manual Binding Table Select: Select the desired entry to be caused by the MSTP function. • Critical: Indicates that the entry has a collision with .... VLAN ID: Enter the VLAN ID. IP Address: Displays the IP Address of the Host. Figure 11-2 Manual Binding The following entries are displayed on this screen: ¾ Manual Binding Option Host Name: Enter the Host Name. IP Address: Enter the IP Address of the Host. MAC ...
...is multi-optional. Port: Displays the number of port connected to the Host. Protect Type: Select the Protect Type for the entry. ¾ Manual Binding Table Select: Select the desired entry to be caused by the MSTP function. • Critical: Indicates that the entry has a collision with .... VLAN ID: Enter the VLAN ID. IP Address: Displays the IP Address of the Host. Figure 11-2 Manual Binding The following entries are displayed on this screen: ¾ Manual Binding Option Host Name: Enter the Host Name. IP Address: Enter the IP Address of the Host. MAC ...
TL-SG3216 V1 User Guide
Page 148
... figure. A Server can assign the IP address for DHCP-snooping implementation For different DHCP Clients, DHCP Server provides three IP address assigning methods: (1) Manually assign the IP address: Allows the administrator to bind the static IP address to the specific Client (e.g.: WWW Server) via the "Client/Server" communication mode...
... figure. A Server can assign the IP address for DHCP-snooping implementation For different DHCP Clients, DHCP Server provides three IP address assigning methods: (1) Manually assign the IP address: Allows the administrator to bind the static IP address to the specific Client (e.g.: WWW Server) via the "Client/Server" communication mode...
TL-SG3216 V1 User Guide
Page 150
... problem will happen. DHCP Snooping feature prevents the network from DHCP Clients. ¾ DHCP Cheating Attack During the working process of DHCP, generally there is manually configured by the user by discarding the DHCP packets on the distrusted port, so as the following: The Circuit ID is to be defined. Option...
... problem will happen. DHCP Snooping feature prevents the network from DHCP Clients. ¾ DHCP Cheating Attack During the working process of DHCP, generally there is manually configured by the user by discarding the DHCP packets on the distrusted port, so as the following: The Circuit ID is to be defined. Option...
TL-SG3216 V1 User Guide
Page 158
Choose the menu Network Security→ARP Inspection→ARP Defend to avoid ARP Attack flood. The specific ports, such as up-linked port, routing port and LAG port, should be set as to load the following page. Required. Configuration Procedure: Step Operation Description 1...With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the Host together via Manual Binding, ARP the Host together. Figure 11-14 ARP Defend 151 Required. Scanning or DHCP Snooping. 2 Enable the protection for the corresponding ...
Choose the menu Network Security→ARP Inspection→ARP Defend to avoid ARP Attack flood. The specific ports, such as up-linked port, routing port and LAG port, should be set as to load the following page. Required. Configuration Procedure: Step Operation Description 1...With the ARP Defend enabled, the switch can terminate receiving the ARP packets for 300 seconds when the transmission speed of the Host together via Manual Binding, ARP the Host together. Figure 11-14 ARP Defend 151 Required. Scanning or DHCP Snooping. 2 Enable the protection for the corresponding ...