Trendnet TI-PG1284 Manual

TRENDnet User’s Guide Cover Page
TRENDnet User’s Guide Table of Contents
Port Settings ................................................................................................................ 28

Contents
Product Overview ...........................................................................1 General Settings ................................................................................................ 29
Information ........................................................................................................ 31
Package Contents .......................................................................................................... 1
Advanced Settings ........................................................................ 32
Features ......................................................................................................................... 1
Bandwidth Control ...................................................................................................... 32
Product Hardware Features........................................................................................... 3
QoS .................................................................................................................... 32
SFP Transceiver/Optical Cable Installation .................................................................... 5 Rate Limitation .................................................................................................. 38
Switch Installation ..........................................................................6 IGMP Snooping ............................................................................................................ 41
DIN-Rail Installation ....................................................................................................... 6 IGMP Snooping .................................................................................................. 41
Install power supply connections .................................................................................. 7 IGMP Filtering .................................................................................................... 46
Multicast Listener Discovery (MLD) Snooping ................................................... 49
Basic IP Configuration .................................................................................................... 7 MVR ................................................................................................................... 52
Connect additional devices to your switch .................................................................... 9 Multicast Address .............................................................................................. 56
Explicit Host Tracking ......................................................................................... 58
Accessing switch management interfaces ...................................... 10
VLAN ............................................................................................................................ 59
Access your switch command line interface................................................................ 10
Port Isolation ..................................................................................................... 59
CLI Command Modes ......................................................................................... 11 802.1Q VLAN ...................................................................................................... 60
Access your switch web management page ................................................................ 12 GARP/GVRP ....................................................................................................... 65
MAC-based VLAN ............................................................................................... 67
System Information....................................................................... 13 Protocol-based VLAN ......................................................................................... 68
Basic Settings ................................................................................ 14 Q-in-Q VLAN (VLAN Stacking) ............................................................................ 69
General Settings .......................................................................................................... 14 DHCP Option 82 ........................................................................................................... 76
System ............................................................................................................... 14 DHCP Relay .................................................................................................................. 79

Jumbo Frame ..................................................................................................... 17 Dual Homing ................................................................................................................ 81
SNTP ................................................................................................................... 18
ERPS ............................................................................................................................. 83
Management Host ............................................................................................. 21
Link Aggregation .......................................................................................................... 87
MAC Management ....................................................................................................... 22
Link Layer Discovery Protocol (LLDP) ........................................................................... 91
Static MAC Settings ............................................................................................ 22
MAC Table.......................................................................................................... 24 Loop Detection ............................................................................................................ 94
Age Time Settings .............................................................................................. 24 Modbus........................................................................................................................ 96
Refusal (Black-hole MAC)................................................................................... 24
PoE (Power over Ethernet) ........................................................................................ 100
Port Mirror ................................................................................................................... 26
PTP (IEEE-1588 v2) ..................................................................................................... 106
© Copyright 2016 TRENDnet. All Rights Reserved.

i
TRENDnet User’s Guide Table of Contents
Static Route ............................................................................................................... 115 User Account ............................................................................................................. 177

STP ............................................................................................................................. 118 Technical Specifications .............................................................. 179
Xpress Ring ................................................................................................................ 132 Troubleshooting ......................................................................... 182
Security....................................................................................... 134 Appendix .................................................................................... 183
IP Source Guard ......................................................................................................... 134
DHCP Snooping ................................................................................................ 134
Binding Table ................................................................................................... 139
ARP Inspection ................................................................................................. 140
Access Control List (ACL) ............................................................................................ 144
802.1x ........................................................................................................................ 147
Port Security .............................................................................................................. 153
TACACS+ .................................................................................................................... 154
Monitor ...................................................................................... 158
Alarm ......................................................................................................................... 158
Hardware Information ............................................................................................... 158
Port Statistics ............................................................................................................. 159
Port Utilization ........................................................................................................... 160
RMON Statistics ......................................................................................................... 160
SFP Information ......................................................................................................... 161
Traffic Monitor ........................................................................................................... 161
Management .............................................................................. 163
SNMP ......................................................................................................................... 163
SNMP Trap ....................................................................................................... 166
SNMPv3 ........................................................................................................... 166
Auto Provision ........................................................................................................... 169
Mail Alarm ................................................................................................................. 170
Maintenance .............................................................................................................. 172
System Log ................................................................................................................. 176

ii
TRENDnet User’s Guide TI-PG1284i
Product Overview Features

TRENDnet’s 12-Port Hardened Industrial Gigabit PoE+ Layer 2+ Managed DIN-Rail
Switch, model TI-PG1284i, has eight Gigabit PoE+ ports, four Gigabit SFP slots, and a
240W PoE budget. The switch is equipped with an IP30 rated metal enclosure and
designed to withstand a high degree of vibration, shock, protection against
ESD/EMI/surge, and operate within a wide temperature range (- 40 – 75 °C (- 40 -
167°F)) for harsh environments. L2+ management include features such as PoE port
control, 802.1Q/Q-in-Q VLAN, multicast, spanning tree, link aggregation, QoS, IPv4/IPv6
static routing, ACLs, and 802.1X which allow for network integration flexibility.
Industrial Hardened Design

Equipped with a rugged IP30 rated enclosure and designed to withstand a high degree
of vibration, shock, protection against ESD/EMI/surge, and operate with a wide
temperature range (- 40 – 75 °C (- 40 - 167 °F)) for harsh environments.
Integration Flexibility
Managed features include PoE control, IP static routing, access control lists, VLAN, IGMP
snooping, QoS, RMON, SNMP trap, and syslog for monitoring and flexible network
integration.
TI-PG1284i Fault Tolerance

Features dual redundant power inputs (Primary and RPS) from external power sources
and an output alarm relay to indicate the event of input power failure
Package Contents
In addition to your switch, the package includes:
 Quick Installation Guide
 CD-ROM (User’s Guide)
 RJ-45 to RS-232 console cable (1.8 m / 6 ft.)
If any package contents are missing or damaged, please contact the retail store, online
retailer, or reseller/distributor from which the product was purchased.
Please note power supply is sold separately (model: TI-24048).

1
Full PoE+ Power Budget Redundant Power

Supplies up to 30 Watts of PoE/PoE+ power per port with a 240 Watt PoE power budget Dual redundant power inputs (primary and RPS) with overload current protection
Network Ports and Capacity Alarm Output

8 x Gigabit PoE+ ports and 4 x Gigabit SFP slots allow for a 24Gbps switching capacity Alarm relay output triggered by power failure of primary and/or redundant power and
and 1 x console (RJ-45 to RS-232) for out-of-band management failure per port (DIP switch)
Integrated DIN-Rail Mount Jumbo Frame

IP30 rated metal enclosure with integrated DIN-Rail mounting hardware Sends larger packets, or Jumbo Frames (up to 10K)
Full PoE Control Per Port Wide Temperature

PoE control features include enabling/disabling PoE and class, power priority, PD alive Hardened switch is rated for an operating temperature range of - 40 to 75 °C (-40 to 167
check, scheduling, and power delay per port using CLI or web management. °F)
Traffic Management Electro Magnetic Compliance

Managed features include 802.1Q/Q-in-Q/GVRP/MAC & Protocol-Based VLAN, IGMP Complies with IEC61000-6-2 EMC generic standard immunity for industrial
v1/2/3, IGMP Snooping, MLD, MVR, per port bandwidth control/802.1p/DSCP/Queue environments
Scheduling (SPQ/WRR), STP/RSTP/MSTP spanning tree, static and dynamic link
aggregation, and Xpress Ring + ERPS protection for flexible network integration.
Shock and Vibration Resistant
Layer 2+ Management Rated for shock (IEC 60068-2-27), freefall (IEC 60068-2-32), and vibration (IEC 60068-2-
6)
Offers IPv4/IPv6 static or DHCPv4/v6 assignment, IPv4/IPv6 static routing and proxy
ARP, DHCP server/relay/option 82, and DHCP server snooping/screening to filter out
unauthorized DHCP servers LED Indicators
LED indicators convey power, redundant power, alarm, SFP, PoE, and network port
Access Controls status
Management via HTTPS and SSH protocols and features such as trusted host, ACLs, IP-
MAC-Port binding, ARP inspection, 802.1X RADIUS, MAC address learning, IP Source Grounding Point
Guard provide layered network access controls.
Grounding point protects equipment from external electrical surges
System Monitoring
Monitoring features include SNMP v1/v2c/3, MIB support, SNMP trap, RMON Groups (1,
2, 3, 9), SMTP alert, syslog, port mirroring, SFP DDMI, and ModBus/TCP.

2
Product Hardware Features LED Indicators
LED State Status

PWR ON When the PWR LED is on, the device is using the primary
(Green) power input source.
OFF Primary power input source is off, disconnected, or has
failed.
RPS ON When the RPS LED lights on, the device is using the
(Green) redundant power input source.
OFF Redundant power input source is off, disconnected or has
failed.
ALM Indicates alarm has been triggered on DIP switch settings and
(Red) ON signal sent out through ALM terminals on terminal block to
third party alarm device.
OFF No alarm triggered.
POST ON Device is ready and completed boot process.
(Green) OFF Device is not ready.
SFP Slots 9-12 ON SFP link is connected.
(Green) BLINKING Data is transmitting/receiving.
OFF SFP link is disconnected.
PoE Ports 1-8 ON PoE supplied to Ethernet port.
(Green) OFF No PoE supplied to Ethernet port.
Ports 1-8 ON Ethernet port is connected.
1000M
(Green)
BLINKING Data is transmitting/receiving.
10/100M
(Orange) OFF Ethernet port is not connected.
 Ports 1-8 – Designed to operate at 10Mbps, 100Mbps, or Gigabit speed in both

half-duplex and full-duplex transfer modes. Supports Auto MDI-X and capable
of delivering up to 30W (802.3at PoE+) per port.
 SFP Slots 9-12 – Designed to operate at Gigabit speeds.
 Reboot Button – Push the button and release to reboot the switch.
 Grounding point/screw – The switch chassis can also be connected to a known
ground point for additional safety and protection. (grounding wire not
included)
Note: For any unused ports or SFP slots, it is recommended to leave the rubber plugs
installed during operation.

3
6-pin Removable Terminal Block ALM DIP Switches
DIP No Name State Status

1 PWR ON Primary power input source alarm trigger enabled.
OFF Primary power input source alarm trigger disabled.
2 RPS ON Redundant power input source alarm trigger enabled.
OFF Redundant power input source alarm trigger disabled.
3 P1 ON Ethernet port 1 link alarm trigger enabled.
OFF Ethernet port 1 link alarm trigger disabled.
4 P2 ON Ethernet port 2 link alarm trigger enabled.
Input/Ouput Function OFF Ethernet port 2 link alarm trigger disabled.
PWR Input Connects primary power source (ex. external power supply) to power the 5 P3 ON Ethernet port 3 link alarm trigger enabled.
(+) & (-) device. Device will obtain power from this input first priority if available.
Please make sure to power supplies are turned off before wiring in. OFF Ethernet port 3 link alarm trigger disabled.
Use a flat-head screw driver to loosen (counter-clockwise) or tighten 6 P4 ON Ethernet port 4 link alarm trigger enabled.
(clockwise) the wiring from the external power supply. OFF Ethernet port 4 link alarm trigger disabled.
Please ensure that the external power supply is supplying within the 7 P5 ON Ethernet port 5 link alarm trigger enabled.
range of 48VDC ~ 57VDC @ 240W or above. 260W for max. PoE+ power. OFF Ethernet port 5 link alarm trigger disabled.
Please note power supply is sold separately (model: TI-24048)
Device supports overload current protection and reverse polarity 8 P6 ON Ethernet port 6 link alarm trigger enabled.
protection. OFF Ethernet port 6 link alarm trigger disabled.
RPS Input Connects redundant power source (ex. external power supply) to power 9 P7 ON Ethernet port 7 link alarm trigger enabled.
(+) & (-) the device. Device will obtain power from this input secondary priority if OFF Ethernet port 7 link alarm trigger disabled.
primary power input is not available or has failed. 10 P8 ON Ethernet port 8 link alarm trigger enabled.
Please make sure to power supplies are turned off before wiring in.
Use a flat-head screw driver to loosen (counter-clockwise) or tighten OFF Ethernet port 8 link alarm trigger disabled.
(clockwise) the wiring from the external power supply. 11 P9 ON SFP slot 9 link alarm trigger enabled.
Please ensure that the external power supply is supplying within the OFF SFP slot 9 link alarm trigger disabled.
range of 48VDC ~ 57VDC @ 240W or above. 260W for max. PoE+ power. 12 P10 ON SFP slot 10 link alarm trigger enabled.
Please note power supply is sold separately (model: TI-24048) OFF SFP slot 10 link alarm trigger disabled.
Device supports overload current protection and reverse polarity
protection. 13 P11 ON SFP slot 11 link alarm trigger enabled.
ALM Output Connects external alarm and sends output signal if fault is detected OFF SFP slot 11 link alarm trigger disabled.
based on DIP switch settings. 14 P12 ON SFP slot 12 link alarm trigger enabled.
OFF SFP slot 12 link alarm trigger disabled.
Supports an output with current carrying capacity of 1A @ 24V DC.
Note: Turn off the power before connecting modules or wires.

Calculate the maximum possible current in each power wire and common wire. Observe
all electrical codes dictating the maximum current allowable for each wire size. If current
go above the maximum ratings, the wiring could overheat, causing serious damage to
your equipment.

4
SFP Transceiver/Optical Cable Installation
1. Remove the rubber plug from the SFP slot.

Note: For any unused ports or SFP slots, it is recommended to leave the
rubber plugs installed during operation.
2. Slide the selected SFP module into the selected SFP slot (Make sure the SFP
module is aligned correctly with the inside of the slot)
3. Insert and slide the module into the SFP slot until it clicks into place.
4. Remove any rubber plugs that may be present in the SFP module’s slot.
5. Align the fiber cable’s connector with the SFP module’s mouth and insert the
connector
6. Slide the connector in until a click is heard
7. If you want to pull the connector out, first push down the release clip on top
of the connector to release the connector from the SFP module
To properly connect fiber cabling: Check that the fiber terminators are clean. You can
clean the cable plugs by wiping them gently with a clean tissue or cotton ball moistened
with a little ethanol. Dirty fiber terminators on fiber optic cables will impair the quality of
the light transmitted through the cable and lead to degraded performance on the port.
Note: When inserting the cable, be sure the tab on the plug clicks into position to
ensure that it is properly seated.

5
The switch can be installed to a 35mm (W) DIN-Rail located in cabinet, rack, or
Switch Installation enclosure.
DIN-Rail Installation To mount the switch to a DIN-Rail using the attached DIN-Rail bracket, position the
switch in front of the DIN-Rail and hook the bracket over the top of the rail.
Then rotate the switch downward towards the rail until your hear a click indicating the
The site where the switch will be installed may greatly affect its performance. When bracket is secure and locked into place.
installing, consider the following pointers:
Note: The switch model may be different than the one shown in the example
illustrations.
 Install the switch in the appropriate location. Please refer to the technical
specifications at the end of this manual for the acceptable operating temperature
and humidity ranges.
 Install the Switch in a site free from strong electromagnetic field generators (such
as motors), vibration, dust, and direct exposure to sunlight.
 Install the switch in a location that is not affected by strong electromagnetic field
generators (such as motors), vibration, dust, and direct sunlight.
 Leave at least 10cm of space at the front and rear of the switch for ventilation.
Fasten the DIN-Rail bracket to the rear of the switch using the included
fasteners/screws. To unmount the switch from the DIN-Rail, slightly pull the switch downwards to clear
Note: The DIN-Rail bracket may already be installed to your switch when received. the bottom of the DIN-Rail and rotate away from DIN-Rail to unmount.
The movable clip at the top of the DIN-Rail bracket should be on top.

6
Install power supply connections Basic IP Configuration

Connect the power supply (sold separate, e.g. TRENDnet TI-S24048) to the switch
terminal block as shown below.
Note: Polarities V+ and V- should match between power supply and connections to
switch terminal block.
Optional: The switch chassis can also be connected to a known ground point for
additional safety and protection (grounding wire not included).
2. Assign a static IP address to your computer’s network adapter in the subnet of

192.168.10.x (e.g. 192.168.10.25) and a subnet mask of 255.255.255.0.
4. Open your web browser, and type the IP address of the switch in the address bar, and
then press Enter. The default IP address is 192.168.10.200.
5. Enter the User Name and Password, and then click Login. By default:
User Name: admin
Password: admin
Note: User name and password are case sensitive.

7
6. Click Basic Settings and then click General Settings. 8. Click Save at the top right.
9. When confirmation message appears click OK.
Note: Once the settings are saved, you can connect the switch to your network.
7. Configure the switch IP address settings to be within your network subnet, then click
Apply.Note: You may need to modify the static IP address settings of your computer’s
network adapter to IP address settings within your subnet in order to regain access to
the switch.

8
Connect additional devices to your switch
You can connect additional computers or other network devices to your switch using Ethernet cables to connect them to one of the available Gigabit PoE+ Ports (1-8). Check the status of
the LED indicators on the front panel of your switch to ensure the physical cable connection from your computer or device.
Note: If you encounter issues connecting to your network, there may be a problem with your computer or device network settings. Please ensure that your computer or device network
settings (also called TCP/IP settings) are configured properly within the network subnet your switch is connected.

9
Accessing switch management interfaces Parity None

Access your switch command line interface Number of Data Bits 8
Note: The system may be managed out-of-band through the console port. The console Number of Stop Bits 1
port is a female RJ-45 port and the included RJ-45 male to RS-232 serial DB-9 female
console cable. Throughout this user’s guide, the term “CLI Configuration” will be used Flow Control None
reference access through the command line interface.
1. Using the included RJ-45 to RS-232 serial DB-9 cable, connect the RJ-45 end to the
switch console port and connect the RS-232 end to your computer RS-232 DB-9 male
5. After you have setup all of the parameters appropriately, the terminal emulation
port.
window should display a prompt for user name and password.
Enter the user name and password. By default:
Console User Name: admin
Note: User Name and Password are case sensitive.
Enable Mode/Privileged Exec User Name: admin
Enable Mode/Privileged Exec Password: admin
Setting Default Value

Default Username admin
Default Password admin

2. On your computer, run the terminal emulation program (ex. HyperTerminal,
TeraTerm, Putty, etc.). IP Address 192.168.10.200
Subnet Mask 255.255.255.0
3. Select the appropriate COM port used for connecting to the switch console. Default Gateway 0.0.0.0
Management VLAN 1
4. Use the following settings for the connection.
Default Username admin
Default Password admin
Terminal Emulation VT100
Baud Rate 38400

10
CLI Command Modes TI-PG1284I(config)#interface eth0

Node Command Description TI-PG1284I(config-if)#
enable show hostname This command displays the system’s network
name.  interface
Its command prompt is “TI-PG1284I(config-if)#”.
configure reboot This command reboots the system.
It means these commands can be executed in this command prompt.
eth0 ip address A.B.C.D/M This command configures a static IP and subnet In Configure code, executing command “interface gigaethernet1/0/5” enter
mask for the system. the interface port 5 node.
interface show This command displays the current port Or
configurations. In Configure code, executing command “interface fastethernet1/0/5” enter
acl show This command displays the current access the interface port 5 node.
control profile. Note: depend on your port speed, gigaethernet1/0/5 for gigabit Ethernet
ports and fastethernet1/0/5 for fast Ethernet ports.
vlan show This command displays the current VLAN
configurations.
TI-PG1284I(config)#interface gigaethernet1/0/5
TI-PG1284I(config-if)#
The Node type:
 enable
 vlan
Its command prompt is “TI-PG1284I#”.
Its command prompt is “TI-PG1284I(config-vlan)#”.
In Configure code, executing command “vlan 2” enter the vlan 2 node.
 configure
Note: where the “2” is the vlan ID.
Its command prompt is “TI-PG1284I(config)#”.
TI-PG1284I(config)#vlan 2
In Enable code, executing command “configure terminal” enter the configure
TI-PG1284I(config-vlan)#
node.
TI-PG1284I# configure terminal
 acl
Its command prompt is “TI-PG1284I(config-acl)#”.
 eth0
Its command prompt is “TI-PG1284I(config-if)#”.
In Configure code, executing command “access-list test” enter the access-list
It means these commands can be executed in this command prompt. test node.
In Configure code, executing command “interface eth0” enter the eth0 Note: where the “test” is the profile name.
interface node.

11
Parameter Description
TI-PG1284I(config)#access-list test
User ID Enter the user name.
TI-PG1284I(config-acl)#
Password Enter the password.
Access your switch web management page
Note: Your switch default management IP address http://192.168.10.200 is accessed Default:
through the use of your Internet web browser (e.g. Internet Explorer®, Firefox®,
Chrome™, Safari®, Opera™) and will be referenced frequently in this User’s Guide. User name: admin
Throughout this user’s guide, the term Web Conifiguration will be used to reference Password: admin
access from web management page.
1. Open your web browser and go to the IP address http://192.168.10.200. Your switch
will prompt you for a user name and password.
2. Enter the user name and password. By default:

User Name: admin
Password: admin
Note: User Name and Password are case sensitive.

12
Web Configuration
System Information
System Status > System Information
CLI Configuration
Node Command Description
enable show hostname This command displays the system’s network
name.
enable show interface eth0 This command displays the current Eth0
configurations.
enable show model This command displays the system information.
enable show running-config This command displays the current operating
configurations.
enable show system-info This command displays the system’s CPU loading
and memory information.
enable show uptime This command displays the system up time.
Model Name This field displays the model name of the Switch.
Host name This field displays the name of the Switch.
Boot Code
This field displays the boot code version.
Version
Firmware Version This field displays the firmware version.
Built Date This field displays the built date of the firmware.

13
DHCP Client This field displays whether the DHCP client is enabled on the Basic Settings
Switch.
General Settings
IP Address This field indicates the IP address of the Switch. System
Management VLAN
Subnet Mask This field indicates the subnet mask of the Switch.
To specify a VLAN group which can access the Switch.
Default Gateway This field indicates the default gateway of the Switch.  The valid VLAN range is from 1 to 4094.
 If you want to configure a management VLAN, the management VLAN should
MAC Address This field displays the MAC (Media Access Control) address of the be created first and the management VLAN should have at least one member
Switch. port.
Serial Number The serial number assigned by manufacture for identification of

the unit. Host Name
The hostname is same as the SNMP system name. Its length is up to 64 characters.
Management This field displays the VLAN ID that is used for the Switch
VLAN management purposes. The first 16 characters of the hostname will be configured as the CLI prompt.
CPU Loading This field displays the percentage of your Switch’s system load. Default Settings
Memory This field displays the total memory the Switch has and the The default Hostname is TI-PG1284I
Information memory which is currently available (Free) and occupied (Usage). The default DHCP client is disabled.
The default Static IP is 192.168.10.200
Current Time This field displays current date (yyyy-mm-dd) and time
(hh:mm:ss). Subnet Mask is 255.255.255.0
Default Gateway is 0.0.0.0
DHCPv6 Client This field displays whether the DHCPv6 client is enabled on the
Switch. Management VLAN is 1.
IPv6 Link Local This field displays the Switch’s link local IP address for IPv6. CLI Commands
IPv6 Default Node Command Description
Gateway This field displays the default gateway for IPv6.
enable ping IPADDR [–c COUNT] This command
IPv6 Global sends an echo
This field displays the Switch’s global IP address for IPv6.
request to the
Refresh Click this to update the information in this screen. destination host.
The –c parameter
allow user to
specific the packet

14
count. The default range: 0 ~ 1047

count is 4. bytes.
enable ping IPADDR [–s SIZE] This command configure reboot This command
sends an echo reboots the
request to the system.
destination host.
configure hostname STRINGS This command sets
The –s parameter
the system's
allow user to
network name.
specific the packet
size. Valid range: 0 configure interface eth0 This command
~ 1047 bytes. enters the eth0
interface node to
enable ping IPADDR [–c COUNT –s SIZE] This command
configure the
sends an echo
system IP.
request to the
destination host. configure configure terminal This command
The –c parameter changes the mode
allow user to to config mode.
specific the packet
count. The default configure interface eth0 This command
count is 4. The –s changes the mode
parameter allow to eth0 mode.
user to specific the eth0 show This command
packet size. Valid displays the eth0
range: 0 ~ 1047 configurations.
bytes.
eth0 ip address A.B.C.D/M This command
enable ping IPADDR [-s SIZE –c COUNT] This command configures a static
sends an echo IP and subnet
request to the mask for the
destination host. system.
The –c parameter
allow user to eth0 ip address default-gateway A.B.C.D This command
specific the packet configures the
count. The default system default
count is 4. The –s gateway.
parameter allow eth0 ip dhcp client (disable|enable|renew) This command
user to specific the configures a DHCP
packet size. Valid

15
client function for Example: The procedures to configure an IP address for the Switch.
the system.  To enter the configure node.
Disable: Use a TI-PG1284I#configure terminal
static IP address
TI-PG1284I(config)#
on the switch.
Enable & Renew:
Use DHCP client to  To enter the ETH0 interface node.
get an IP address TI-PG1284I(config)#interface eth0
from DHCP server. TI-PG1284I(config-if)#
eth0 management vlan VLANID This command
configures the  To get an IP address from a DHCP server.
management vlan. TI-PG1284I(config-if)#ip dhcp client enable
eth0 ip ipv6-address This command
AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH/M configures a global  To configure a static IP address and a gateway for the Switch.
scope of IPv6
address and TI-PG1284I(config-if)#ip address 192.168.202.111/24
subnet mask for TI-PG1284I(config-if)#ip address default-gateway 192.168.202.1
the system.
eth0 ip ipv6-address default-gateway This command  To configure a static global IPv6 address and a gateway for the Switch.
AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH configures a  Please set the static global IPv6 address first.
default gateway TI-PG1284I(config-if)#ip ipv6-address 3ffe::1235/64
for the system.
eth0 ip ipv6-dhcp client (disable|enable|renew) This command  And the set the IPv6 default gateway address.
configures a TI-PG1284I(config-if)#ip ipv6-address default-gateway 3ffe::1234
DHCPv6 client
function for the
system.
Disable: Use a
static IP address
on the switch.
Enable & Renew:
Use DHCPv6 client
to get an IP
address from
DHCPv6 server.

16
Web Configuration Select Disable if you want to configure the Switch’s IP address
Basic Settings > General Settings > System manually.
Global Address Configure a global IPv6 address for the Switch.
Set – Set an IPv6 default gateway for the Switch.

Default Gateway
Unset – Unset the IPv6 default gateway for the Switch.
Apply Click this button to take effect the settings.
Refresh Click this button to reset the fields to the last setting.
Jumbo Frame
Jumbo frames are Ethernet frames with a payload greater than 1500 bytes. Jumbo frames
can enhance data transmission efficiency in a network. The bigger the frame size, the
better the performance.
Notice:
The jumbo frame settings will apply to all ports.
If the size of a packet exceeds the jumbo frame size, the packet will be dropped.
The available values are 1522, 1536, 1552, 9010, 9216, 10240.
Configures a IPv4 address for your Switch in dotted decimal
IP Address
notation. For example, 192.168.10.200.
Default Settings
Subnet Mask Enter the IP subnet mask of your Switch in dotted decimal The default jumbo frame is 10240 bytes.
notation for example 255.255.255.0.
Default Gateway Enter the IP address of the default outgoing gateway in dotted CLI Configuration
decimal notation, for example 192.168.10.1.
IPv6 Settings
enable show jumboframe This command displays the
Select Enable to allow the Switch to automatically get an IP current jumbo frame settings.
DHCPv6 Client address from a DHCPv6 server. Click Renew to have the Switch
re-get an IP address from the DHCP server.

17
configure jumboframe This command configures the This field configures the maximum number of bytes of frame size
Frame Size
(10240|1522|1536|1552|9010|9216) maximum number of bytes of for specified port(s).
frame size for all ports.
configure interface IFNAME This command enters the
interface configure node. Refresh Click this button to reset the fields to the last setting.
interface jumboframe This command configures the
(10240|1522|1536|1552|9010|9216) maximum number of bytes of
frame size.
SNTP
configure interface range gigabitethernet1/0/ This command enters the
The Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer
PORTLISTS interface configure node.
systems over packet-switched, variable-latency data networks. A less complex
if-range jumboframe This command configures the implementation of NTP, using the same protocol but without requiring the storage of
(10240|1522|1536|1552|9010|9216) maximum number of bytes of state over extended periods of time is known as the Simple Network Time Protocol
frame size. (SNTP). NTP provides Coordinated Universal Time (UTC). No information about time
zones or daylight saving time is transmitted; this information is outside its scope and must
be obtained separately.
Web Configuration
UDP Port: 123.
Basic Settings > General Settings > Jumbo Frame
Daylight saving is a period from late spring to early fall when many countries set their
clocks ahead of normal local time by one hour to give more daytime light in the evening.
Note:
1. The SNTP server always replies the UTC current time.
2. When the Switch receives the SNTP reply time, the Switch will adjust the time
with the time zone configuration and then configure the time to the Switch.
3. If the time server’s IP address is not configured, the Switch will not send any
SNTP request packets.
4. If no SNTP reply packets, the Switch will retry every 10 seconds forever.
5. If the Switch has received SNTP reply, the Switch will re-get the time from NTP
Parameter Description server every 24 hours.
6. If the time zone and time NTP server have been changed, the Switch will
Port This field specifies a port or a range of ports for configuration. repeat the query process.
7. No default SNTP server.

18
Default Settings month: 1-12

Current Time: day: 1-31
----------------------------------------------- configure time daylight-saving-time This command enables the daylight
Time: 0:3:51 (UTC) saving time.
Date: 1970-1-1 configure no time daylight-saving-time This command disables daylight saving
on the Switch.
Time Server Configuration:
configure time daylight-saving-time This command sets the start time of
----------------------------------------------- start-date (first | second | the Daylight Saving Time.
Time Zone : +00:00 third | fourth | last) (Sunday
IP Address: 0.0.0.0 | Monday | Tuesday |
Wednesday | Thursday |
Friday | Saturday) MONTH
DayLight Saving Time Configuration: HOUR
-----------------------------------------------
configure time daylight-saving-time This command sets the end time of the
State : disabled end-date (first | second | Daylight Saving Time.
Start Date: None. third | fourth | last) (Sunday
End Date : None. | Monday | Tuesday |
Wednesday | Thursday |
Friday | Saturday) MONTH
CLI Configuration HOUR
Node Command Description configure time ntp-server This command disables / enables the
enable show time This command displays current time (disable|enable) NTP server state.
and time configurations. configure time ntp-server IP_ADDRESS This command sets the IP address of
configure time Sets the current time on the Switch. your time server.
HOUR:MINUTE:SECOND hour: 0-23 configure time ntp-server domain- This command sets a domain name of
min: 0-59 name STRING your time server.
sec: 0-59 configure time timezone STRING Configures the time difference
Note: If you configure Daylight Saving between UTC (formerly known as
Time after you configure the time, the GMT) and your time zone.
Switch will apply Daylight Saving Time. Valid Range: -1200 ~ +1200.
configure time date Sets the current date on the Switch.
YEAR/MONTH/DAY year: 1970- Example:
TI-PG1284I(config)#time ntp-server 192.5.41.41

19
TI-PG1284I(config)#time timezone +0800

Current Date This field displays the date you open / refresh this menu.
TI-PG1284I(config)#time ntp-server enable
TI-PG1284I(config)#time daylight-saving-time start-date first Monday 6 0 Time and Date Setting
TI-PG1284I(config)#time daylight-saving-time end-date last Saturday 10 0
Select this option if you want to enter the system date and time
Manual
manually.
Web Configuration
Enter the new date in year, month and day format and time in
Basic Settings > General Settings > SNTP hour, minute and second format. The new date and time then
New Time
appear in the Current Date and Current Time fields after you click
Apply.
Enable
Select this option to use Network Time Protocol (NTP) for the time
Network Time
service.
Protocol
Select a pre-designated time server or type the IP address or type
NTP Server the domain name of your time server. The Switch searches for the
timeserver for up to 60 seconds.
Select the time difference between UTC (Universal Time

Time Zone Coordinated, formerly known as GMT, Greenwich Mean Time)
and your time zone from the drop-down list box.
Daylight Saving Settings
Select Enable if you want to use Daylight Saving Time. Otherwise,

State
select Disable to turn it off.
Configure the day and time when Daylight Saving Time starts if you
enabled Daylight Saving Time. The time is displayed in the 24 hour
format. Here are a couple of examples:
Daylight Saving Time starts in most parts of the United States on
the second Sunday of March. Each time zone in the United States
Parameter Description Start Date starts using Daylight Saving Time at 2 A.M. local time. So in the
United States you would select Second, Sunday, March and 2:00.
Current Time and Date
Daylight Saving Time starts in the European Union on the last
Sunday of March. All of the time zones in the European Union start
Current Time This field displays the time you open / refresh this menu.
using Daylight Saving Time at the same moment (1 A.M. GMT or
UTC). So in the European Union you would select Last, Sunday,

20
March and the last field depends on your time zone. In Germany Node Command Description
for instance, you would select 2:00 because Germany's time zone
is one hour ahead of GMT or UTC (GMT+1). enable show interface eth0 The command displays the all of the interface
eth0 configurations.
Configure the day and time when Daylight Saving Time ends if you
enabled Daylight Saving Time. The time field uses the 24 hour eth0 show The command displays the all of the interface
format. eth0 configurations.
Here are a couple of examples: eth0 management host The command adds a management host address.
Daylight Saving Time ends in the United States on the last Sunday A.B.C.D
of October. Each time zone in the United States stops using
eth0 no management host The command deletes a management host
Daylight Saving Time at 2 A.M. local time. So in the United States
A.B.C.D address.
End Date you would select First, Sunday, November and 2:00.
Daylight Saving Time ends in the European Union on the last
Sunday of October. All of the time zones in the European Union Example:
stop using Daylight Saving Time at the same moment (1 A.M. GMT TI-PG1284I#configure terminal
or UTC). So in the European Union you would select Last, Sunday,
TI-PG1284I(config)#interface eth0
October and the last field depends on your time zone. In Germany
for instance, you would select 2:00 because Germany's time zone TI-PG1284I(config-if)#management host 192.168.200.106
is one hour ahead of GMT or UTC (GMT+1).
Web Configuration
Apply Click Apply to take effect the settings.
Basic Settings > General Settings > Management Host
Refresh Click Refresh to begin configuring this screen afresh.
Management Host
The feature limits the hosts which can manage the Switch. That is, any hosts can manage
the Switch via telnet or web browser. If user has configured one or more management
host, the Switch can be managed by these hosts only. The feature allow user to configure
management IP up to 3 entries.
Default Settings
The default is none, any host can manage the Switch via telnet or web browser.
Management
This field configures the management host.
CLI Configuration Host

21
source MAC address came.

2. The Switch checks to see if the frame's destination MAC address matches a
source MAC address already learnt in the MAC Table.
Refresh Click this button to begin configuring this screen afresh.
 If the Switch has already learnt the port for this MAC address, then it
Management Host List forwards the frame to that port.
 If the Switch has not already learnt the port for this MAC address, then
This field displays a sequential number for each management the frame is flooded to all ports. If too much port flooding, it may lead
No. to network congestion.
host.
 If the Switch has already learnt the port for this MAC address, but the
Management destination port is the same as the port it came in on, then it filters the
This field displays the management host.
Host frame.
Action Click the Delete button to remove the specified entry.
MAC Management
Dynamic Address:
The MAC addresses are learnt by the switch. When the switch receives frames, it will
record the source MAC, the received port and the VLAN in the address table with an age
time. When the age time is expired, the address entry will be removed from the address
table.
Static Address:
The MAC addresses are configured by users. The static addresses will not be aged out by
the switch; it can be removed by user only. The maximum static address entry is up to Figure MAC Table Flowchart
256. Default Settings
The default MAC address table age time is 300 seconds.
The MAC Table (a MAC table is also known as a filtering database) shows how frames are The Maximum static address entry is 256.
forwarded or filtered across the Switch’s ports. When a device (which may belong to a
VLAN group) sends a packet which is forwarded to a port on the Switch, the MAC address
Static MAC Settings
of the device is shown on the Switch’s MAC Table. It also shows whether the MAC address
is dynamic (learned by the Switch) or static (manually entered). CLI Configuration
The Switch uses the MAC Table to determine how to forward frames. See the following Node Command Description
figure.
enable show mac-address-table This command displays the current MAC
1. The Switch examines the received frame and learns the port from which this aging-time address table age time.

22
enable show mac-address-table This command displays the current

(static|dynamic) static/dynamic unicast address entries.
enable show mac-address-table This command displays information of a
mac MACADDR specific MAC.
enable show mac-address-table This command displays the current
port PORT_ID unicast address entries learnt by the
specific port.
configure mac-address-table static This command configures a static unicast
MACADDR vlan VLANID port entry. Parameter Description
PORT_ID
Static MAC Settings
configure no mac-address-table static This command removes a static unicast
MACADDR vlan VLANID entry from the address table. Enter the MAC address of a computer or device that you want to
configure mac-address-table aging- This command configures the mac table MAC Address add to the MAC address table.
time VALUE aging time. Valid format is hh:hh:hh:hh:hh:hh.
configure clear mac address-table This command clears the dynamic VLAN ID Enter the VLAN ID to apply to the computer or device.
dynamic address entries.
Enter the port number to which the computer or device is
Port
connected.
Example:
TI-PG1284I(config)#mac-address-table static 00:11:22:33:44:55 vlan 1 port 1 Apply Click Apply to take effect the settings.

Web Configuration
Basic Settings > MAC Management > Static MAC Settings Static MAC Table
This field displays the MAC address of a manually entered MAC

Static MAC MAC Address
address entry.
A static Media Access Control (MAC) address is an address that has been manually This field displays the VID of a manually entered MAC address
entered in the MAC address table, and do not age out. When you set up static MAC VLAN ID
entry.
address rules, you are setting static MAC addresses for a port, so this may reduce the
need for broadcasting. This field displays the port number of a manually entered MAC
Port address entry. The MAC address with port CPU means the
Switch’s MAC addresses itself.

23
Click Delete to remove this manually entered MAC address entry Age Time Settings
Action from the MAC address table. You cannot delete the Switch’s MAC Basic Settings > MAC Management > Age Time Settings
address from the static MAC address table.
MAC Table
Basic Settings > MAC Management > MAC Table
Configure the age time; the valid range is from 20 to 500 seconds.
Age Time
Parameter Description The default value is 300 seconds.
Show Type Select All, Static, Dynamic or Port and then click Apply to display Apply Click Apply to take effect the settings.
Apply the corresponding MAC address entries on this screen.
Refresh Click this to update the information in the MAC table.
Refresh Click this to update the information in the MAC table.
MAC Address This field displays a MAC address.
This field displays whether this entry was entered manually Refusal (Black-hole MAC)
Type This type of MAC address entries are configured manually. A switch discards the packets
(Static) or whether it was learned by the Switch (Dynamic).
destined for or originated from the MAC addresses contained in blackhole MAC address
VLAN ID This field displays the VLAN ID of the MAC address entry. entries. Blackhole entries are configured for filtering out frames with specific source or
destination MAC addresses
This field displays the port number the MAC address entry is
Port associated. It displays CPU if it is the entry for the Switch itself.
Notice: User can configure up to 20 entries.
The CPU means that it is the Switch’s MAC.
Total Counts This field displays the total entries in the MAC table.

24
CLI Configuration Web Configuration

Node Command Description Basic Settings > MAC Management > Refusal MAC Settings
enable show mac-address-table This command displays the current refusal

refusal MAC address only.
configure mac-address-table This command configures a refusal MAC on
refusal MACADDR vlan a specific VLAN.
VLANID
configure mac-address-table This command configures a refusal MAC.
refusal MACADDR
Example: The procedures to configure a refusal MAC address

 To enter the configure node.
TI-PG1284I#configure terminal
TI-PG1284I(config)# Enter the MAC address of a computer or device that you want to
MAC Address refusal.
Valid format is hh:hh:hh:hh:hh:hh.
 To configure a refusal MAC address for all ports and all vlans.
TI-PG1284I(config)#mac-address-table refusal 00:11:22:33:44:55 VLAN ID Enter the VLAN ID to apply to the computer or device.

 To configure a refusal MAC address for all ports on a specific vlan.
TI-PG1284I(config)#mac-address-table refusal 00:11:22:33:44:55 vlan 1. Refresh Click Refresh to begin configuring this screen afresh.
MAC Address This field displays a MAC address.
VLAN ID This field displays the VLAN ID of the MAC address entry.
Click Delete to remove this manually entered MAC address entry

Action
from the refusal MAC address table.
Total Counts This field displays the total entries in the refusal MAC table.

25
Port Mirror CLI Configuration
Port-based Mirroring Node Command Description

The Port-Based Mirroring is used on a network switch to send a copy of network packets enable show mirror This command displays the current port
sent/received on one or a range of switch ports to a network monitoring connection on mirroring configurations.
another switch port (Monitor to Port). This is commonly used for network appliances that
configure mirror (disable|enable) This command disables / enables the port
require monitoring of network traffic, such as an intrusion-detection system.
mirroring on the switch.
configure mirror destination port This command specifies the monitor port for
Port Mirroring, together with a network traffic analyzer, helps to monitor network traffic.
PORT_ID the port mirroring.
Users can monitor the selected ports (Source Ports) for egress and/or ingress packets.
configure mirror source ports This command adds a port or a range of ports
PORT_LIST mode as the source ports of the port mirroring.
Source Mode:
(both|ingress|egress)
Ingress : The received packets will be copied to the monitor port.
configure no mirror source ports This command removes a port or a range of
Egress : The transmitted packets will be copied to the monitor port.
PORT_LIST ports from the source ports of the port
Both : The received and transmitted packets will be copied to the mirroring.
monitor port.
Note:
1. The monitor port cannot be a trunk member port. Example:
2. The monitor port cannot be ingress or egress port. TI-PG1284I#configure terminal
3. If the Port Mirror function is enabled, the Monitor-to Port can receive mirrored TI-PG1284I(config)#mirror enable
packets only. TI-PG1284I(config)#mirror destination port 2
4. If a port has been configured as a source port and then user configures the port
as a destination port, the port will be removed from the source ports TI-PG1284I(config)#mirror source ports 3-11 mode both
automatically.
Default Settings
Mirror Configurations:
State : Disable
Monitor port : 1
Ingress port(s) : None
Egress port(s) : None

26
Web Configuration
Basic Settings > Port Mirroring
Select Enable to turn on port mirroring or select Disable to turn it
State
off.
Monitor to Port Select the port which connects to a network traffic analyzer.
Settings in this field apply to all ports.

Use this field only if you want to make some settings the same
All Ports for all ports.
Use this field first to set the common settings and then make
adjustments on a port-by-port basis.
Source Port This field displays the number of a port.
Select Ingress, Egress or Both to only copy the ingress (incoming),

egress (outgoing) or both (incoming and outgoing) traffic from the
Mirror Mode specified source ports to the monitor port. Select Disable to not
copy any traffic from the specified source ports to the monitor
port.

27
Port Settings received (input) data, simulating a complete communications circuit using a single
 Duplex mode computer.
A duplex communication system is a system composed of two connected parties or

devices that can communicate with one another in both directions.  Auto MDI-MDIX
Auto-MDIX (automatic medium-dependent interface crossover) is a computer
Half Duplex: networking technology that automatically detects the required cable connection type
(straight-through or crossover) and configures the connection appropriately, thereby
A half-duplex system provides for communication in both directions, but only one removing the need for crossover cables to interconnect switches or connecting PCs peer-
direction at a time (not simultaneously). Typically, once a party begins receiving a signal, to-peer. When it is enabled, either type of cable can be used or the interface
it must wait for the transmitter to stop transmitting, before replying. automatically corrects any incorrect cabling. For Auto-MDIX to operate correctly, the
speed on the interface and duplex setting must be set to "auto". Auto-MDIX was
developed by HP engineers Dan Dove and Bruce Melvin.
 Auto Negotiation
Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to
obtain the connection speed and duplex mode that both ends support. When auto-
negotiation is turned on, a port on the Switch negotiates with the peer automatically to
determine the connection speed and duplex mode.
Full Duplex:
A full-duplex, or sometimes double-duplex system, allows communication in both
If the peer port does not support auto-negotiation or turns off this feature, the Switch
directions, and, unlike half-duplex, allows this to happen simultaneously. Land-line
determines the connection speed by detecting the signal on the cable and using half
telephone networks are full-duplex, since they allow both callers to speak and be heard
duplex mode. When the Switch’s auto-negotiation is turned off, a port uses the pre-
at the same time.
configured speed and duplex mode when making a connection, thus requiring you to
make sure that the settings of the peer port are the same in order to connect.
 Flow Control
A concentration of traffic on a port decreases port bandwidth and overflows buffer
memory causing packet discards and frame losses.IEEE802.3x flow control is used in full
 Loopback Test duplex mode to send a pause signal to the sending port, causing it to temporarily stop
sending signals when the receiving port memory buffers fill and resend later.
A loopback test is a test in which a signal in sent from a communications device and
returned (looped back) to it as a way to determine whether the device is working right or
as a way to pin down a failing node in a network. One type of loopback test is performed The Switch uses IEEE802.3x flow control in full duplex mode and backpressure flow
using a special plug, called a wrap plug that is inserted in a port on a communications control in half duplex mode. IEEE802.3x flow control is used in full duplex mode to send
device. The effect of a wrap plug is to cause transmitted (output) data to be returned as a pause signal to the sending port, causing it to temporarily stop sending signals when the
receiving port memory buffers fill. Back Pressure flow control is typically used in half

28
duplex mode to send a "collision" signal to the sending port (mimicking a state of packet General Settings
collision) causing the sending port to temporarily stop sending signals and resend later. CLI Configuration
Note: 1000 Base-T doesn’t support force mode.
enable show interface IFNAME This command displays the current
port configurations.
 Cable Test.
This feature determines the quality of the cables, shorts, and cable impedance mismatch, configure interface IFNAME This command enters the interface
bad connectors, termination mismatch, and bad magnetics. The feature can work on the configure node.
copper Ethernet cable only. interface show This command displays the current
port configurations.
Default Settings interface loopback (none | mac) This command tests the loopback
The default port Speed & Duplex is auto for all ports. mode of operation for the specific
The default port Flow Control is Off for all ports. port.
interface flowcontrol (off | on) This command disables / enables
the flow control for the port.
interface speed (auto|10-full||10-half| This command configures the
100-full|100-half|1000-full) speed and duplex for the port.
interface shutdown This command disables the specific
port.
interface no shutdown This command enables the specific
port.
interface description STRINGs This command configures a
description for the specific port.
interface no description This command configures the
default port description.
interface cable test This command diagnostics the
Ethernet cable and shows the
broken distance.
interface clean cable-test result This command cleans the test
result of the Ethernet cable test.
interface show cable-test result This command displays the test
result of the Ethernet cable test.

29
configure interface range This command enters the interface

gigabitethernet1/0/ PORTLISTS configure node.
if-range description STRINGs This command configures a
description for the specific ports.
if-range no description This command configures the
default port description for the
specific ports.
if-range shutdown This command disables the specific
ports. Parameter Description
if-range no shutdown This command enables the specific Port Select a port or a range ports you want to configure on this screen.
ports.
State Select Enable to activate the port or Disable to deactivate the port.
if-range speed (auto|10-full||10-half| This command configures the
100-full|100-half|1000-full) speed and duplex for the port. Select the speed and duplex mode of the port. The choices are:
• Auto
Example: • 10 Mbps / Full Duplex
TI-PG1284I#configure terminal Speed/Duplex • 10 Mbps / Half Duplex
TI-PG1284I(config)#interface gi1/0/1 • 100 Mbps / Full Duplex
TI-PG1284I(config-if)#speed auto • 100 Mbps / Half Duplex
• 1000 Mbps / Full Duplex
Web Configuration Select On to enable access to buffering resources for the port thus
Basic Settings > Port Settings > General Settings Flow Control ensuring lossless operation across network switches. Otherwise,
select Off to disable it.
Port This field displays the port number.
State This field displays whether the port is enabled or disabled.
Speed/Duplex This field displays the speed either 10M, 100M or 1000M and the
duplex mode Full or Half.

30
Flow Control This field displays whether the port’s flow control is On or Off. Port This field displays the port number.
This field displays the link status of the port. If the port is up, it Description The meaningful name for the port.
Link Status displays the port’s speed, duplex and flow control setting.
Otherwise, it displays Link Down if the port is disabled or not The field displays the detail port status if the port is blocked by
Status
connected to any device. some protocol.
Uptime The sustained time from last link up.

Information
Medium Mode The current working medium mode, copper or fiber, for the port.
Basic Settings > Port Settings > Information
Port Select a port or a range ports you want to configure on this screen.
Description Configures a meaningful name for the port(s).
Port Status

31
Priority scheduling is implemented by the priority queues stated above. The Switch will
Advanced Settings empty the four hardware priority queues in order, beginning with the highest priority
Bandwidth Control queue, 7, to the lowest priority queue, 0. Each hardware queue will transmit all of the
packets in its buffer before permitting the next lower priority to transmit its packets.
QoS When the lowest hardware priority queue has finished transmitting all of its packets, the
Each egress port can support up to 8 transmit queues. Each egress transmit queue highest hardware priority queue will begin transmitting any packets it may have received.
contains a list specifying the packet transmission order. Every incoming frame is
forwarded to one of the 8 egress transmit queues of the assigned egress port, based on QoS Enhancement
its priority. The egress port transmits packets from each of the 8 transmit queues
You can configure the Switch to prioritize traffic even if the incoming packets are not
according to a configurable scheduling algorithm, which can be a combination of Strict
marked with IEEE 802.1p priority tags or change the existing priority tags based on the
Priority (SP) and/or Weighted Round Robin (WRR).
criteria you select. The Switch allows you to choose one of the following methods for
assigning priority to incoming packets on the Switch:
Typically, networks operate on a best-effort delivery basis, which means
that all traffic has equal priority and an equal chance of being delivered in  802.1p Tag Priority - Assign priority to packets based on the packet’s 802.1p
a timely manner. When congestion occurs, all traffic has an equal chance tagged priority.
of being dropped.  Port Based QoS - Assign priority to packets based on the incoming port on the
Switch.
 DSCP Based QoS - Assign priority to packets based on their Differentiated Services
When you configure the QoS feature, you can select specific network Code Points (DSCPs).
traffic, prioritize it according to its relative importance, and use
congestion-management and congestion-avoidance techniques to give Note: Advanced QoS methods only affect the internal priority queue mapping for the
preferential treatment. Implementing QoS in your network makes network Switch. The Switch does not modify the IEEE 802.1p value for the egress frames. You can
choose one of these ways to alter the way incoming packets are prioritized or you can
performance more predictable and bandwidth utilization more effective.
choose not to use any QoS enhancement setting on the Switch.
The Switch supports 802.1p priority queuing. The Switch has 8 priority queues. These
802.1p Priority
priority queues are numbered from 7 (Class 7) — the highest priority queue — to 0 (Class
0) — the lowest priority queue. When using 802.1p priority mechanism, the packet is examined for the presence of a valid
802.1p priority tag. If the tag is present, the packet is assigned to a programmable egress
The eight priority tags specified in IEEE 802.1p (p0 to p7) are mapped to the Switch’s
queue based on the value of the tagged priority. The tagged priority can be designated to
priority queues as follows:
any of the available queues.
Priority : 0 1 2 3 4 5 6 7
Ethernet Packet:
Queue : 2 0 1 3 4 5 6 7
6 6 2 42-1496 4
DA SA Type / Length Data FCS

32
1 0 (lowest) Background
6 6 4 2 42-1496 4
0 1 Best Effort
DA SA 802.1Q Tag Type / Length Data FCS
2 2 Excellent Effort
3 3 Critical Applications
802.1Q Tag:
4 4 Video, <100ms latency
2 bytes 2 bytes
5 5 Video, < 10ms latency
Tag Protocol Identifier (TPID) Tag Control Information (TCI)
6 6 Internetwork Control
16 bits 3 bits 1 bit 12 bits
7 7 (highest) Network Control
TPID (0x8100) Priority CFI VID
DiffServ (DSCP)
 Tag Protocol Identifier (TPID): a 16-bit field set to a value of 0x8100 in order to
identify the frame as an IEEE 802.1Q-tagged frame. Differentiated Services or DiffServ is a computer networking architecture that specifies a
 Tag Control Information (TCI) simple, scalable and coarse-grained mechanism for classifying, managing network traffic
 Priority Code Point (PCP): a 3-bit field which refers to the IEEE 802.1p priority. and providing Quality of Service (QoS) guarantees on modern IP networks. DiffServ can,
It indicates the frame priority level from 0 (lowest) to 7 (highest), which can for example, be used to provide low-latency, guaranteed service (GS) to critical network
be used to prioritize different classes of traffic (voice, video, data, etc.). traffic such as voice or video while providing simple best-effort traffic guarantees to non-
 Canonical Format Indicator (CFI): a 1-bit field. If the value of this field is 1, the critical services such as web traffic or file transfers.
MAC address is in non-canonical format. If the value is 0, the MAC address is
in canonical format. It is always set to zero for Ethernet switches. CFI is used Differentiated Services Code Point (DSCP) is a 6-bit field in the header of IP packets for
for compatibility between Ethernet and Token Ring networks. If a frame packet classification purposes. DSCP replaces the outdated IP precedence, a 3-bit field in
received at an Ethernet port has a CFI set to 1, then that frame should not be the Type of Service byte of the IP header originally used to classify and prioritize types of
bridged to an untagged port. traffic.
 VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame
belongs. A value of 0 means that the frame doesn't belong to any VLAN; in
this case the 802.1Q tag specifies only a priority and is referred to as a priority When using the DiffServ priority mechanism, the packet is classified based on the DSCP
tag. A value of hex 0xFFF is reserved for implementation use. All other values field in the IP header. If the tag is present, the packet is assigned to a programmable
may be used as VLAN identifiers, allowing up to 4094 VLANs. On bridges, VLAN egress queue based on the value of the tagged priority. The tagged priority can be
1 is often reserved for management. designated to any of the available queues.
Priority Levels
PCP: Priority Code Point. Version IHL Type of Service Total Length
Identification Flags Fragment Offset
PCP Network Priority Traffic Characteristics Time to Live Protocol Header Checksum

33
Source Address 001 - Priority

000 - Routine
Destination Address
Options Padding The use of the Delay, Throughput, and Reliability indications may increase the cost (in
Example Internet Datagram Header some sense) of the service. In many networks better performance for one of these
parameters is coupled with worse performance on another. Except for very unusual cases
at most two of these three indications should be set.
IP Header Type of Service: 8 bits
The type of service is used to specify the treatment of the datagram during its
The Type of Service provides an indication of the abstract parameters of the quality of transmission through the internet system. Example mappings of the internet type of
service desired. These parameters are to be used to guide the selection of the actual service to the actual service provided on networks such as AUTODIN II, ARPANET, SATNET,
service parameters when transmitting a datagram through a particular network. Several and PRNET is given in "Service Mappings".
networks offer service precedence, which somehow treats high precedence traffic as
more important than other traffic (generally by accepting only traffic above certain
precedence at time of high load). The major choice is a three way tradeoff between low- The Network Control precedence designation is intended to be used within a network
delay, high-reliability, and high-throughput. only. The actual use and control of that designation is up to each network. The
Bits 0-2: Precedence. Internetwork Control designation is intended for use by gateway control originators only.
Bit 3: 0 = Normal Delay, 1 = Low Delay.

Bits 4: 0 = Normal Throughput, 1 = High Throughput. If the actual use of these precedence designations is of concern to a particular network,
it is the responsibility of that network to control the access to, and use of, those
Bits 5: 0 = Normal Reliability, 1 = High Reliability. precedence designations.
Bit 6-7: Reserved for Future Use.
DSCP Priority DSCP Priority DSCP Priority
0 1 2 3 4 5 6 7 0 0 1 0 2 0
+-----+-----+-----+-----+-----+-----+-----+-----+ 60 0 31 0 62 0
| PRECEDENCE | D | T | R | 0 | 0 | 63 0
+-----+-----+-----+-----+-----+-----+-----+-----+
Precedence
Example:
111 - Network Control IP Header
110 - Internetwork Control DSCP=50  45 C8 . . .
101 - CRITIC/ECP
100 - Flash Override
011 - Flash
010 - Immediate

34
Queuing Algorithms PRIO 7 ==> COSQ 7

Queuing algorithms allow switches to maintain separate queues for packets from each
individual source or flow and prevent a source from monopolizing the bandwidth. The DiffServ is disabled on the switch.
 Strict-Priority (SPQ) DSCP Priority DSCP Priority DSCP Priority DSCP Priority
The packets on the high priority queue are always service firstly. ---- -------- ---- -------- ---- -------- ---- --------
00 0 01 0 02 0 03 0
 Weighted round robin (WRR) 04 0 05 0 06 0 07 0
Round Robin scheduling services queues on a rotating basis and is activated only 08 0 09 0 10 0 11 0
when a port has more traffic than it can handle. A queue is given an amount of
12 0 13 0 14 0 15 0
bandwidth irrespective of the incoming traffic on that port. This queue then moves
to the back of the list. The next queue is given an equal amount of bandwidth, and 16 0 17 0 18 0 19 0
then moves to the end of the list; and so on, depending on the number of queues 20 0 21 0 22 0 23 0
being used. This works in a looping fashion until a queue is empty. 24 0 25 0 26 0 27 0
28 0 29 0 30 0 31 0
Weighted Round Robin (WRR) scheduling uses the same algorithm as round robin 32 0 33 0 34 0 35 0
scheduling, but services queues based on their priority and queue weight (the
36 0 37 0 38 0 39 0
number you configure in the queue Weight field) rather than a fixed amount of
bandwidth. WRR is activated only when a port has more traffic than it can handle. 40 0 41 0 42 0 43 0
Queues with larger weights get more service than queues with smaller weights. This 44 0 45 0 46 0 47 0
queuing mechanism is highly efficient in that it divides any available bandwidth 48 0 49 0 50 0 51 0
across the different traffic queues and returns to queues that have not yet emptied.
52 0 53 0 54 0 55 0
56 0 57 0 58 0 59 0
Default Settings
60 0 61 0 62 0 63 0
QoS mode : High First (SPQ)
The mappings of the Priority to Queue are:
Note: If the DiffServ is disabled, the 802.1p tag priority will be used.
PRIO 0 ==> COSQ 2
PRIO 1 ==> COSQ 0
PRIO 2 ==> COSQ 1
PRIO 3 ==> COSQ 3
PRIO 4 ==> COSQ 4
PRIO 5 ==> COSQ 5
PRIO 6 ==> COSQ 6

35
CLI Configuration configure diffserv dscp VALUE This command sets the DSCP-to-IEEE 802.1q
Node Command Description priority VALUE mappings.
enable show queue cos-map This command displays the current 802.1p
priority mapping to the service queue. Web Configuration
enable show qos mode This command displays the current QoS Port Priority
scheduling mode of IEEE 802.1p. Advanced Settings > Bandwidth Control > QoS
configure queue cos-map This command configures the 802.1p priority
PRIORITY QUEUE_ID mapping to the service queue.
configure no queue cos-map This command configures the 802.1p priority
mapping to the service queue to default.
configure qos mode high-first This command configures the QoS scheduling
mode to high_first, each hardware queue will
transmit all of the packets in its buffer before
permitting the next lower priority to transmit
its packets.
configure qos mode wrr-queue This command configures the QoS scheduling
weights VALUE VALUE mode to Weighted Round Robin.
VALUE VALUE VALUE
VALUE VALUE VALUE
interface default-priority This command allows the user to specify a
default priority handling of untagged packets
received by the Switch. The priority value
entered with this command will be used to
determine which of the hardware priority
queues the packet is forwarded to. Default: 0.
interface no default-priority This command configures the default priority
for the specific port to default (0). Use this field to set a priority for all ports.
All Ports 802.1p The value indicates packet priority and is added to the priority tag
enable show diffserv This command displays DiffServ
configurations. priority field of incoming packets. The values range from 0 (lowest
priority) to 7 (highest priority).
configure diffserv This command disables / enables the DiffServ
(disable|enable) function. Port This field displays the number of a port.

36
Select a priority for packets received by the port. Only packets Parameter Description
802.1p Priority without 802.1p priority tagged will be applied the priority you set
“Tag Over DSCP” or “DSCP Over Tag”. “Tag Over DSCP” means the 802.1p
here. Mode
tag has higher priority than DSCP.
Apply Click Apply to take effect the settings. This field displays each priority level. The values range from 0 (lowest
Priority
priority) to 7 (highest priority).
IP DiffServ (DSCP)
Advanced Settings > Bandwidth Control > IP DiffServ (DSCP)
Priority/Queue Mapping
Advanced Settings > Bandwidth Control > Priority/Queue Mapping
Click this button to reset the priority to queue mappings to the
Reset to Default
defaults.

37
This field displays each priority level. The values range from 0 the queue Weight field). Queues with larger weights get more
Priority service than queues with smaller weights.
(lowest priority) to 7 (highest priority).
Queue ID Select the number of a queue for packets with the priority level. This field indicates which Queue (0 to 7) you are configuring.
Queue ID
Queue 0 has the lowest priority and Queue 7 the highest priority.
You can only configure the queue weights when Weighted Round
Refresh Click Refresh to begin configuring this screen afresh. Weight Value Robin is selected. Bandwidth is divided across the different traffic
queues according to their weights.
Schedule Mode Apply Click Apply to take effect the settings.
Advanced Settings > Bandwidth Control > Schedule Refresh Click Refresh to begin configuring this screen afresh.
Rate Limitation
Storm Control
A broadcast storm means that your network is overwhelmed with constant broadcast or
multicast traffic. Broadcast storms can eventually lead to a complete loss of network
connectivity as the packets proliferate.
Storm Control protects the Switch bandwidth from flooding packets, including broadcast
packets, multicast packets, and destination lookup failure (DLF). The Rate is a threshold
that limits the total number of the selected type of packets. For example, if the broadcast
and multicast options are selected, the total amount of packets per second for those two
types will not exceed the limit value.
Broadcast storm control limits the number of broadcast, multicast and unknown unicast
(also referred to as Destination Lookup Failure or DLF) packets the Switch receives per
second on the ports. When the maximum number of allowable broadcast, multicast and
Select Strict Priority (SP) or Weighted Round Robin (WRR). unknown unicast packets is reached per second, the subsequent packets are discarded.
Note: Queue weights can only be changed when Weighted Round Enable this feature to reduce broadcast, multicast and unknown unicast packets in your
Schedule Mode Robin is selected. network.
Weighted Round Robin scheduling services queues on a rotating
basis based on their queue weight (the number you configure in Storm Control unit: 652pps.

38
Default Settings Web Configuration

Broadcast Storm Control : 652pps. Advanced Settings > Bandwidth Control > Rate Limitation > Storm Control
Multicast Storm Control : None.
DLF Storm Control : 652pps.
CLI Configuration
enable show storm-control This command displays the current
storm control configurations.
configure storm-control rate RATE_LIMIT This command enables the
type (bcast | mcast | DLF | bandwidth limit for broadcast or
bcast+mcast | bcast+DLF | multicast or DLF packets and set
mcast+DLF | bcast+mcast+DLF) the limitation.
ports PORTLISTS
configure no storm-control type (bcast | This command disables the
mcast | DLF | bcast+mcast | bandwidth limit for broadcast or
bcast+DLF | mcast+DLF | multicast or DLF packets.
bcast+mcast+DLF) ports
PORTLISTS Parameter Description
Select the port number for which you want to configure storm control
Port
Example: settings.
TI-PG1284I#configure terminal Select the number of packets (of the type specified in the Type field) per
Rate
TI-PG1284I(config)#storm-control rate 1 type broadcast ports 1-6 second the Switch can receive per second.
TI-PG1284I(config)#storm-control rate 1 type multicast ports 1-6 Select Broadcast - to specify a limit for the amount of broadcast packets
TI-PG1284I(config)#storm-control rate 1 type DLF ports 1-6 received per second.
Multicast - to specify a limit for the amount of multicast packets
Type
received per second.
DLF - to specify a limit for the amount of DLF packets received per
second.

39
Bandwidth Limitation Web Configuration

The rate limitation is used to control the rate of traffic sent or received on a network Advanced Settings > Bandwidth Control > Rate Limitation > Bandwidth Limitation
interface.
Rate Limitation unit: Mbs.
Default Settings
All ports’ Ingress and Egress rate limitation are disabled.
CLI Configuration
enable show bandwidth-limit This command displays the current rate
control configurations.
configure bandwidth-limit egress This command enables the bandwidth limit
RATE_LIMIT ports for outgoing packets and set the limitation.
PORTLISTS
configure no bandwidth-limit egress This command disables the bandwidth limit
ports PORTLISTS for outgoing packets. Parameter Description
configure bandwidth-limit ingress This command enables the bandwidth limit Port Selects a port that you want to configure.
RATE_LIMIT ports for incoming packets and set the limitation.
PORTLISTS Ingress Configures the rate limitation for the ingress packets.
configure no bandwidth-limit This command disables the bandwidth limit
Egress Configures the rate limitation for the egress packets.
ingress ports PORTLISTS for incoming packets.
Example:
TI-PG1284I(config)#bandwidth-limit egress 1 ports 1-8
TI-PG1284I(config)#bandwidth-limit ingress 1 ports 1-8

40
IGMP Snooping The switch uses IGMP snooping Immediate Leave to remove from the forwarding table
IGMP Snooping an interface that sends a leave message without the switch sending group-specific queries
to the interface. The VLAN interface is pruned from the multicast tree for the multicast
The IGMP snooping is for multicast traffic. The Switch can passively snoop on IGMP group specified in the original leave message. Immediate Leave ensures optimal
packets transferred between IP multicast routers/switches and IP multicast hosts to learn bandwidth management for all hosts on a switched network, even when multiple
the IP multicast group membership. It checks IGMP packets passing through it, picks out multicast groups are simultaneously in use.
the group registration information, and configures multicasting accordingly. IGMP
snooping allows the Switch to learn multicast groups without you having to manually
configure them. Fast Leave
The switch allow user to configure a delay time. When the delay time is expired, the
The Switch can passively snoop on IGMP packets transferred between IP multicast switch removes the interface from the multicast group.
routers/switches and IP multicast hosts to learn the IP multicast group membership. It
checks IGMP packets passing through it, picks out the group registration information, and Last Member Query Interval
configures multicasting accordingly. IGMP snooping allows the Switch to learn multicast
Last Member Query Interval: The Last Member Query Interval is the Max Response Time
groups without you having to manually configure them.
inserted into Group-Specific Queries sent in response to Leave Group messages, and is
The Switch forwards multicast traffic destined for multicast groups (that it has learned also the amount of time between Group-Specific Query messages.
from IGMP snooping or that you have manually configured) to ports that are members of
that group. IGMP snooping generates no additional network traffic, allowing you to
significantly reduce multicast traffic passing through your Switch. Without Immediate Leave, when the switch receives an IGMP leave message from a
subscriber on a receiver port, it sends out an IGMP specific query on that port and waits
for IGMP group membership reports. If no reports are received in a configured time
The Switch can perform IGMP snooping on up to 4094 VLANs. You can configure the period, the receiver port is removed from multicast group membership.
Switch to automatically learn multicast group membership of any VLANs. The Switch then
performs IGMP snooping on the first VLANs that send IGMP packets. Alternatively, you
can specify the VLANs that IGMP snooping should be performed on. This is referred to as IGMP Querier
fixed mode. In fixed mode the Switch does not learn multicast group membership of any There is normally only one Querier per physical network. All multicast routers start up as
VLANs other than those explicitly added as an IGMP snooping VLAN. a Querier on each attached network. If a multicast router hears a Query message from a
router with a lower IP address, it MUST become a Non-Querier on that network. If a
router has not heard a Query message from another router for [Other Querier Present
Immediate Leave
Interval], it resumes the role of Querier. Routers periodically [Query Interval] send a
When you enable IGMP Immediate-Leave processing, the switch General Query on each attached network for which this router is the Querier, to solicit
immediately removes a port when it detects an IGMP version 2 leave membership information. On startup, a router SHOULD send [Startup Query Count]
message on that port. You should use the Immediate-Leave feature only General Queries spaced closely together [Startup Query Interval] in order to quickly and
reliably determine membership information. A General Query is addressed to the all-
when there is a single receiver present on every port in the VLAN.
systems multicast group (224.0.0.1), has a Group Address field of 0, and has a Max
(Immediate Leave is only supported on IGMP Version 2 hosts). Response Time of [Query Response Interval].

41
Port IGMP Querier Mode Notices: There are a global state and per VLAN states. When the global state is disabled,
 Auto: the IGMP snooping on the Switch is disabled even per VLAN states are enabled. When the
global state is enabled, user must enable per VLAN states to enable the IGMP Snooping
The Switch uses the port as an IGMP query port if the port receives IGMP query
on the specific VLAN.
packets.
CLI Configuration
 Fixed:
The Switch always treats the port(s) as IGMP query port(s). This is for when Node Command Description
connecting an IGMP multicast server to the port(s). The Switch always forwards the enable show igmp-snooping This command displays the current IGMP
client’s report/leave packets to the port. snooping configurations.
Normally, the port is connected to an IGMP server.
enable show igmp-snooping This command displays the current IGMP
counters snooping counters.
 Edge:
enable show igmp-snooping This command displays the current IGMP
The Switch does not use the port as an IGMP query port. The IGMP query packets
querier Queriers.
received by this port will be dropped.
Normally, the port is connected to an IGMP client. enable show multicast This command displays the multicast group in
IP format.
Note: The Switch will forward the IGMP join and leave packets to the query port. configure clear igmp-snooping This command clears all of the IGMP
counters snooping counters.
Configurations: configure igmp-snooping (disable This command disables / enables the IGMP
| enable) snooping on the switch.
Users can enable/disable the IGMP Snooping on the Switch. Users also can enable/disable
the IGMP Snooping on a specific VLAN. If the IGMP Snooping on the Switch is disabled, configure igmp-snooping vlan This command enables the IGMP snooping
the IGMP Snooping is disabled on all VLANs even some of the VLAN IGMP Snooping are VLANID function on a VLAN or range of VLANs.
enabled.
configure no igmp-snooping vlan This command disables the IGMP snooping
VLANID function on a VLAN or range of VLANs.
Default Settings
configure igmp-snooping This command configures the process for
If received packets are not received after 400 seconds, all multicast entries will be unknown-multicast unknown multicast packets when the IGMP
deleted. (drop|flooding) snooping function is enabled.
The default global IGMP snooping state is disabled. drop: Drop all of the unknown multicast
The default VLAN IGMP snooping state is disabled for all VLANs. packets.
The unknown multicast packets will be dropped.
The default port Immediate Leave state is disabled for all ports.
The default port Querier Mode state is auto for all ports.
The IGMP snooping Report Suppression is disabled.

42
configure igmp-snooping report- This command disables / enables the IGMP if-range no igmp-immediate- This command disables the IGMP Snooping
suppression snooping report suppression function on the leave immediate leave function for the specific
(disable|enable) switch. ports.
configure clear igmp-counters This command clears the IGMP snooping if-range igmp-snooping group- This command configures the maximum
counters. limit VALUE groups for the specific ports.
configure clear igmp-counters This command clears the IGMP snooping if-range no igmp-snooping This command removes the limitation of the
(port|vlan) counters for port or vlan. group-limit maximum groups for the specific ports.
interface igmp-querier-mode This command specifies whether or not and if-range igmp-querier-mode This command specifies whether or not and
(auto|fixed|edge) under what conditions the port(s) is (are) (auto|fixed|edge) under what conditions the ports is (are) IGMP
IGMP query port(s). The Switch forwards query port(s). The Switch forwards IGMP join
IGMP join or leave packets to an IGMP query or leave packets to an IGMP query port,
port, treating the port as being connected to treating the port as being connected to an
an IGMP multicast router (or server). You IGMP multicast router (or server). You must
must enable IGMP snooping as well. enable IGMP snooping as well. (Default:auto)
(Default:auto)
interface igmp-immediate-leave This command enables the IGMP Snooping Example:
immediate leave function for the specific
TI-PG1284I(config)#igmp-snooping enable
interface.
TI-PG1284I(config)#igmp-snooping vlan 1
interface no igmp-immediate- This command disables the IGMP Snooping
TI-PG1284I(config)#igmp-snooping querier enable
leave immediate leave function for the specific
interface. TI-PG1284I(config)#igmp-snooping querier vlan 1
TI-PG1284I(config)#interface 1/0/1
interface igmp-snooping group- This command configures the maximum
limit VALUE groups for the specific interface. TI-PG1284I(config-if)#igmp-immediate-leave
TI-PG1284I(config-if)#igmp-querier-mode fixed
interface no igmp-snooping This command removes the limitation of the
group-limit maximum groups for the specific interface. TI-PG1284I(config-if)#igmp-snooping group-limit 20
configure interface range This command enters the interface configure

gigabitethernet1/0/ node.
PORTLISTS
if-range igmp-immediate-leave This command enables the IGMP Snooping
immediate leave function for the specific
ports.

43
Web Configuration more than one VLANs. Select Delete and enter VLANs on which
General Settings to have the Switch not perform IGMP snooping.
Advanced Settings > IGMP Snooping > IGMP Snooping > General Settings Specify the action to perform when the Switch receives an
Unknown Multicast
unknown multicast frame. Select Drop to discard the frame(s).
Packets
Select Flooding to send the frame(s) to all ports.
Apply Click Apply to configure the settings.
Refresh Click this to reset the fields to the last setting.
IGMP Snooping This field displays whether IGMP snooping is globally enabled
State or disabled.
Report Suppression This field displays whether IGMP snooping report suppression
State is enabled or disabled.
This field displays VLANs on which the Switch is to perform
IGMP Snooping
IGMP snooping. None displays if you have not enabled IGMP
VLAN State
snooping on any port yet.
Unknown Multicast This field displays whether the Switch is set to discard or flood
Packets unknown multicast packets.
Select Enable to activate IGMP Snooping to forward group
IGMP Snooping
multicast traffic only to ports that are members of that group.
State
Select Disable to deactivate the feature.
Report Suppression Select Enable/Disable to activate/deactivate IGMP Snooping
State report suppression function.
IGMP Snooping Select Add and enter VLANs upon which the Switch is to
VLAN State perform IGMP snooping. The valid range of VLAN IDs is
between 1 and 4094. Use a comma (,) or hyphen (-) to specify

44
Port Settings Port The port ID.

Advanced Settings > IGMP Snooping > IGMP Snooping > Port Settings
Querier Mode The Querier mode setting for the specific port.
Immediate Leave The Immediate Leave setting for the specific port.
Group Counts The current joining group count and the maximum group count.
Querier Settings
CLI Configuration
configure igmp-snooping This command disables / enables the IGMP
querier (disable | snooping querier on the Switch.
Parameter Description enable)
Select the desired setting, Auto, Fixed, or Edge. Auto means configure igmp-snooping This command enables the IGMP snooping querier
the Switch uses the port as an IGMP query port if the port querier vlan function on a VLAN or range of VLANs.
receives IGMP query packets. Fixed means the Switch always VLANIDs
treats the port(s) as IGMP query port(s). This is for when configure no igmp- This command disables the IGMP snooping querier
Querier Mode connecting an IGMP multicast server to the port(s). Edge means snooping querier function on a VLAN or range of VLANs.
the Switch does not use the port as an IGMP query port. In this vlan VLANIDs
case, the Switch does not keep a record of an IGMP router
being connected to this port and the Switch does not forward
IGMP join or leave packets to this port.
Immediate
Select individual ports on which to enable immediate leave.
Leave
Group Limit Configures the maximum group for the port or a range of ports.
Apply Click Apply to apply the settings.
Refresh Click this to reset the fields.

45
Web Configuration IGMP Filtering

Advanced Settings > IGMP Snooping > IGMP Snooping > Querier Settings The IGMP Snooping Filter allows users to configure one or some of range or multicast
address to drop or to forward them.
CLI Configuration
enable show igmp-snooping This command displays the IGMP
filtering snooping filtering configurations.
configure igmp-snooping filtering This command enables/disables the IGMP
(enable|disable) snooping filtering profiles on the Switch.
configure igmp-snooping filtering This command enters the IGMP snooping
profile filtering profiles configuration node.
configure no igmp-snooping This command removes all of the IGMP
filtering all snooping filtering profiles from the
Switch.
configure no igmp-snooping This command removes the IGMP
Parameter Description filtering STRINGS snooping filtering profiles by name from
the Switch.
Querier State This field configures the global Querier state. config-igmp Group GROUP_ID start- This command configures the group
address START-ADDR configurations, including group index and
Querier VLAN
This field enables the Querier state in a vlan or a range of vlan. end-address END-ADDR start multicast address and end multicast
State
address.
Apply Click Apply to apply the settings. config-igmp type (deny|permit) This command configures the type of
deny or permit for the group.
config-igmp no group GROUP-ID This command removes the group
Querier State This filed indicates the current global Querier status. configurations.
config-igmp no group all This command removes all of the group
Querier VLAN
This field indicates the Querier status in vlan. configurations.
State
config-igmp type (deny|permit) This command configures the type of
deny or permit for the group.

46
interface igmp-snooping filtering This command enables the IGMP Parameter Description
profile STRING snooping filtering profiles on the specific
IGMP Filtering
port. This field configures the global IGMP Filtering state.
State
interface no igmp-snooping This command disables the IGMP
filtering profile STRINGS snooping filtering profiles on the specific Profile This field creates the IGMP Filtering profile.
port.
Type The field configures the type of action for the profile.
gigabitethernet1/0/ configure node. Apply Click Apply to apply the settings.
PORTLISTS
if-config igmp-snooping filtering This command enables the IGMP
profile STRING snooping filtering profiles on the range of
IGMP Filtering Status
ports.
if-config no igmp-snooping This command disables the IGMP Profile The profile name.
filtering profile STRINGS snooping filtering profiles on the range of
ports. Type The type of action.
The field indicates the ports that the IGMP Filtering profile is
Web Configuration Ports activated.
General Settings
Action Click the “Delete” button to delete the profile.
Advanced Settings > IGMP Snooping > IGMP Snooping > General Settings

47
Group Settings Port Settings

Advanced Settings > IGMP Snooping > IGMP Snooping > Group Settings Advanced Settings > IGMP Snooping > IGMP Snooping > Port Settings
This field selects the profile which you want to configure the
Profile
group.
Group This field selects the group index. This field selects the profile which you want to activate on the
Profile
ports.
Start Address The field configures the first multicast address of the group.
Activate IGMP Selects the ports which you want to activate the IGMP Filtering
End Address The field configures the last multicast address of the group. Filtering on Ports profile.
Apply Click Apply to apply the settings. Apply Click Apply to apply the settings.
Refresh Click this to reset the fields to the last setting. Refresh Click this to reset the fields to the last setting.

48
Multicast Listener Discovery (MLD) Snooping snooping listens to these MLD reports to establish appropriate forwarding. You can
Multicast Listener Discovery Snooping is an IPv6 multicast constraining mechanism that enable the MLD snooping querier on all the switches in the VLAN, but for each VLAN that
runs on layer 2 switches to manage and control IPv6 multicast groups. With MLDS, IPv6 is connected to switches that use MLD to report interest in IP multicast traffic, you must
multicast data is selectively forwarded to a list of ports that want to receive the data, configure at least one switch as the MLD snooping querier.
instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6
multicast control packets. In general, significant bandwidth can be wasted by flooding. CLI Configuration
Functionality
enable show mld-snooping This command displays the current MLD
Presently our layer 2 switches support IGMP Snooping in IPV4. IGMP snooping to limit the
information configurations.
flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast
traffic is forwarded to only those interfaces associated with IP multicast devices. enable show mld-snooping group This command displays the current MLD
group information.
The functionality of IGMP Snooping in IPv4 version is same as MLD Snooping in IPv6 configure mld-snooping enable This command enables the MLD Snooping.
version.
configure no mld-snooping enable This command disables the MLD Snooping.
MLDS supports two versions: configure mld-snooping proxy enable This command enables the MLD Snooping
Proxy. (Default: disable)
 MLDv1 snooping detects MLDv1 control packets and sets up traffic bridging based on
IPv6 destination multicast addresses. configure no mld-snooping proxy This command disables the MLD Snooping
 MLDv2 basic snooping uses MLDv2 control packets to set up traffic forwarding based enable Proxy.
on IPv6 destination multicast addresses.
configure mld-snooping forward- This command configures the MLD
mode (ip|mac) Snooping forward mode.
Proxy reporting:
configure no mld-snooping forward- This command resets the MLD Snooping
All the hosts send their complete multicast group membership information to the mode forward mode to MAC base forward.
multicast router in response to queries. The switch snoops these responses, updates the
database and forwards the reports to the multicast router. To prevent the multicast configure mld-snooping router- This command configures the MLD
router from becoming overloaded with reports, MLD snooping does proxy reporting. interval <60-600> Snooping router interval.
Proxy reporting forwards only the first report for a multicast group to the router and configure no mld-snooping router- This command resets the MLD Snooping
suppresses all other reports for the same multicast group. interval router interval to 125 seconds.
configure mld-snooping port-interval This command configures the MLD
Report-suppression-interval
<130-1225> Snooping port interval.
Only one report is forwarded within the report forward interval for a particular group.
configure no mld-snooping port- This command resets the MLD Snooping
Querier: interval port interval to 260 seconds.
When enabled, the MLD snooping querier sends out periodic MLD queries that trigger
MLD report messages from the switch that wants to receive IP multicast traffic. MLD

49
configure mld-snooping report- This command configures the MLD mld_vlan no version This command resets the MLD Snooping
suppression-interval <1- Snooping report suppression interval. version to default v1.
25>
mld_vlan immediate-leave enable This command enables the MLD Snooping
configure no mld-snooping report- This command resets the MLD Snooping immediate leave. (Default: disable)
suppression-interval report suppression interval to 5 seconds.
mld_vlan no immediate-leave This command disables the MLD Snooping
configure mld-snooping group- This command configures the MLD enable immediate leave.
query-interva <2-5> Snooping group query interval.
mld_vlan querier enable This command enables the MLD Snooping
configure no mld-snooping group- This command resets the MLD Snooping Querier. (Default: disable)
query-interval group query interval to 2 seconds.
mld_vlan no querier enable This command disables the MLD Snooping
configure mld-snooping forward- This command configures the MLD Querier.
report-mode (all- Snooping forward report mode.
mld_vlan query-interval <60-600> This command configures the MLD
ports|router-ports)
Snooping query interval.
configure no mld-snooping forward- This command resets the MLD Snooping
mld_vlan no query-interval This command resets the MLD Snooping
report-mode forward report mode to router-ports.
query interval to default 125.
configure mld-snooping querier This command enables the MLD Snooping
mld_vlan router-port PORTID This command configures the MLD
enable querier. (Default: disable)
Snooping router port.
configure no mld-snooping querier This command disables the MLD Snooping
mld_vlan no router-port PORTID This command removes the MLD Snooping
enable querier.
router port.
configure mld-snooping vlan VLANID This command enters the MLD Snooping
configure node.
configure no mld-snooping vlan This command removes the MLD
VLANID Snooping.
mld_vlan end This command enables the MLD Snooping.
mld_vlan exit This command enables the MLD Snooping.
mld_vlan enable This command enables the MLD Snooping
on the vlan. (Default: enable)
mld_vlan no enable This command disables the MLD Snooping
on the vlan.
mld_vlan version (v1|v2) This command configures the MLD
Snooping version.

50
Web Configuration Group Querier

General Setting Interval Configures the MLD Snooping group querier interval.
Advanced Settings > IGMP Snooping > MLD Snooping > General Settings
VLAN Settings
Advanced Settings > IGMP Snooping > MLD Snooping > VLAN Settings
Global State Configures the global state of the MLD snooping on the Switch.
VLAN ID Select the vlan which you want to configure.
Router Interval Configures the MLD Snooping router interval.
Query Interval Configures the query interval for the vlan.
Proxy State Enables / Disables the MLD Snooping Proxy state on the Switch.
VLAN State Enables / Disables the MLD Snooping on the vlan.
Report
Suppression Configures the MLD Snooping report suppression interval. Version Selects the MLD Snooping version on the vlan.
Interval
Immediate Leave Enables / Disables the MLD Snooping immediate leave on the
Querier State Enables / Disables the MLD Snooping querier state on the Switch. vlan.
Querier Enables / Disables the MLD Snooping querier on the vlan.

Port Interval Configures the MLD Snooping port interval.
Add – add port(s) in the router port list for MLD Snooping on the
Forward Report all-ports - Report forwards on all existing ports.
vlan.
Mode router-ports - Report forwards on router ports only. Router Port
Remove – remove port(s) from the router port list for MLD
Snooping on the vlan.

51
MVR Subscriber sends an IGMP leave message to the switch to leave the multicast. The
MVR refers to Multicast VLAN Registration that enables a media server to transmit switch CPU sends an IGMP group-specific query through the receiver port VLAN. If
multicast stream in a single multicast VLAN while clients receiving multicast VLAN stream there is another subscriber in the VLAN, subscriber must respond within the max
can reside in different VLANs. Clients in different VLANs intend to join or leave the response time. If there is no subscriber, the switch would eliminate this receiver
multicast group simply by sending the IGMP Join/leave message to a receiver port. The port.
receiver port belonging to one of the multicast groups can receive multicast stream from
media server. Without support of MVR, the Multicast stream from media server and  Immediate Leave Operation:
subscriber must reside in the same VLAN.
Subscriber sends an IGMP leave message to the switch to leave the multicast.
Subscribers do not need to wait for the switch CPU to send an IGMP group-specific
 Source ports : The Stream source ports. query through the receiver port VLAN. The switch will immediately eliminate this
 Receiver ports : The Client ports. receiver port.
 Tagged ports : Configure the tagged ports for source ports or receiver ports.
MVR Mode
 Dynamic Mode:
If we select the dynamic mode in MVR setting, IGMP report message transmitted
from the receiver port will be forwarded to a multicast router through its source
port. Multicast router knows which multicast groups exist on which interface
dynamically.
 Compatible mode:
If we select the dynamic mode in MVR setting, IGMP report message transmitted
from the receiver port will not be transmitted to a multicast router.
Operation Mode
 Join Operation:
A subscriber sends an IGMP report message to the switch to join the appropriate
multicast. The next depends on whether the IGMP report matches the switch
configured multicast MAC address. If it matches, the switch CPU modifies the
hardware address table to include this receiver port and VLAN as a forwarding
destination of MVLAN.
 Leave Operation:

52
Figure-1: Default Settings

MOD Without MVR There is no MVR vlan.
Default configuration for a new MVR:
MVR VLAN Information
VLAN ID :2
Name : MVR2
Switch
Active : Enabled
MoD Server
Mode : Dynamic
Receiver Ports
Source Port(s) : None
Receiver Port(s) : None
Tagged Port(s) : None
The Switch allows user to create up to 250 groups.
The Switch allows user to create up to 16 MVRs.
VLAN1 VLAN2 VLAN3 VLAN4 VLAN5 VLAN6

Notices
Figure-2:  IGMP snooping and MVR can be independently enabled.
 IGMP snooping and MVR use the same IGMP timers.
MOD Support MVR
 MVR can recognize IGMPv3 reports.
 About the IGMPv3 report, switch doesn’t treat those group records with the
following group record types as membership reports. Those group record types
are MODE_IS_INCLUDE, CHANGE_TO_INCLUDE_MODE, ALLOW_NEW_SOURCES
and BLOCK_OLD_SOURCES.
Switch supports MVR  Don’t use the group address X.0.0.1 for your multicast stream. It is because the
MoD Server system detects and records the 224.0.0.1 for dynamic querier port. The group
address X.0.0.1 may conflict with 224.0.0.1.
Receiver Ports
 Because the lower 23 bits of the 28-bit multicast IP address are mapped into the
23 bits of available Ethernet address space. When you configure group address,
the Switch compares the lower 23 bits only.
 CLI command “group 1 start-address 224.1.1.1 6”, it creates 6 groups. That is,
one IP, one group.
 The MVR name should be the combination of the digit or the alphabet.
 The group name should be the combination of the digit or the alphabet.
VLAN1 VLAN2 VLAN3 VLAN4 VLAN5 VLAN6

53
CLI Configuration MVR receiver-port PORTLIST This command sets the receiver port(s).
Node Command Description Normally the source ports are connected to
the streaming client.
enable show mvr This command displays the current MVR
configurations. MVR no receiver-port This command removes a port or range of
PORTLIST ports from the receiver port(s).
enable show mvr vlan VLANID This command displays the current MVR
configurations of the specific VLAN. MVR source-port PORTLIST This command sets the source port(s).
Normally the source ports are connected to
enable show igmp-snooping This command displays the current IGMP the streaming server.
snooping configurations.
MVR no source-port This command removes a port or range of
configure mvr VLANID This command configures the MVR PORTLIST ports from the source port(s).
configurations for the specific VLAN.
MVR tagged PORTLIST This command sets the tagged port(s). Same
configure no mvr VLANID This command disables the MVR as the VLAN tagged port.
configurations for the specific VLAN.
MVR no tagged PORTLIST This command removes a port or range of
MVR group NAME This command configures a group ports from the tagged port(s).
configuration for the MVR.
MVR priority-override This command enables/disables the
MVR no group NAME This command removes the group (disable|enable) multicast priority override.
configurations from the MVR.
MVR inactive This command disables the MVR settings.
MVR no inactive This command enables the MVR settings.
MVR mode This command configures the mode for the
(dynamic|compatible) MVR.
 Dynamic : Sends IGMP report to all
MVR source ports in the multicast
VLAN.
 Compatible : Sets the Switch not to
send IGMP report.
MVR name STRING This command configures the name for the
MVR.
MVR no name This command configures the default name
for the MVR.

54
Web Configuration Tagged Configures the tagged port(s) for the MVR. Same as the VLAN tagged
MVR Settings Ports port.
Advanced Settings > IGMP Snooping > MVR > MVR Settings
Group Settings
Advanced Settings > IGMP Snooping > MVR > Group Settings
VLAN ID Configures a VLAN.
NAME Configures a name for the MVR.
Priority
Enable / Disable for the priority override. Parameter Description
Override
MVR VLAN Select a MVR VLAN.
State Enables / Disables the MVR.
Group
Configures the group name.
Mode Configures the mode for the MVR. Name
802.1p Start
The priority for these multicast group packets. Configures the multicast start address.
Priority Address
Source Configures the source port(s) for the MVR. Normally the source ports Quantity Configures the quantity of the multicast address.
Ports are connected to the streaming server.
Receive Configures the receive port(s) for the MVR. Normally the source ports
Ports are connected to the streaming client

55
Multicast Address
A multicast address is associated with a group of interested receivers. According to RFC
3171, addresses 224.0.0.0 to 239.255.255.255, the former Class D addresses, are
designated as multicast addresses in IPv4.
The IANA owns the OUI MAC address 01:00:5e, therefore multicast packets are delivered
by using the Ethernet MAC address range 01:00:5e:00:00:00 - 01:00:5e:7f:ff:ff. This is 23
bits of available address space.
The first octet (01) includes the broadcast/multicast bit. The lower 23 bits of the 28-bit
multicast IP address are mapped into the 23 bits of available Ethernet address space. This
means that there is ambiguity in delivering packets. If two hosts on the same subnet each
subscribe to a different multicast group whose address differs only in the first 5 bits,
Ethernet packets for both multicast groups will be delivered to both hosts, requiring the
network software in the hosts to discard the unrequired packets.
Class Address Range Supports
Supports 16 million hosts on each of 127 IP multicast

Class A 1.0.0.1 to 126.255.255.254 Description
networks. address
Supports 65,000 hosts on each of 16,000 224.0.0.0 Base address (reserved)

Class B 128.1.0.1 to 191.255.255.254
networks.
The All Hosts multicast group that contains all systems on the same
224.0.0.1
Supports 254 hosts on each of 2 million network segment
Class C 192.0.1.1 to 223.255.254.254
networks.
The All Routers multicast group that contains all routers on the same
224.0.0.2
Class D 224.0.0.0 to 239.255.255.255 Reserved for multicast groups. network segment
Reserved for future use, or Research and The Open Shortest Path First (OSPF) AllSPFRouters address. Used to
Class E 240.0.0.0 to 254.255.255.254 224.0.0.5
Development Purposes. send Hello packets to all OSPF routers on a network segment
The OSPF AllDRouters address. Used to send OSPF routing information

224.0.0.6
to OSPF designated routers on a network segment

56
The RIP version 2 group address, used to send routing information enable show mac-address-table This command displays the current
224.0.0.9 using the RIP protocol to all RIP v2-aware routers on a network multicast vlan VLANID static/dynamic multicast address
segment entries with a specific vlan.
configure mac-address-table multicast This command configures a static
EIGRP group address. Used to send EIGRP routing information to all
224.0.0.10 MACADDR vlan VLANID ports multicast entry.
EIGRP routers on a network segment
PORTLIST
224.0.0.13 PIM Version 2 (Protocol Independent Multicast) configure no mac-address-table This command removes a static
multicast MACADDR multicast entry from the address table.
224.0.0.18 Virtual Router Redundancy Protocol
224.0.0.19 - 21 IS-IS over IP Web Configuration

Advanced Settings > IGMP Snooping > Multicast Address
224.0.0.22 IGMP Version 3 (Internet Group Management Protocol)
224.0.0.102 Hot Standby Router Protocol Version 2
224.0.0.251 Multicast DNS address
224.0.0.252 Link-local Multicast Name Resolution address
224.0.1.1 Network Time Protocol address
224.0.1.39 Cisco Auto-RP-Announce address
224.0.1.40 Cisco Auto-RP-Discovery address

224.0.1.41 H.323 Gatekeeper discovery address VLAN ID Configures the VLAN that you want to configure.
MAC Configures the multicast MAC which will not be aged out.
Address Valid format is hh:hh:hh:hh:hh:hh.
CLI Configuration
Port Configures the member port for the multicast address.
enable show mac-address-table This command displays the current Apply Click Apply to save your changes back to the Switch.
multicast static/dynamic multicast address
entries. Refresh Click Refresh to begin configuring this screen afresh.

57
Explicit Host Tracking Web Configuration

This capability enables the Switch to track each individual host that is joined to a particular Advanced Settings > IGMP Snooping > Explicit Tracking
group or channel and to achieve minimal leave latencies when hosts leave a multicast
group or channel.
Notice:
 Before configuring the ip igmp explicit-tracking command, IGMP must be enabled.
 When explicit host tracking is enabled, the router uses more memory than if explicit
tracking is disabled because the router must store the membership state of all hosts
on the interface.
CLI Configuration
Explicit
enable show ip multicast This command shows the IGMP snooping The filed enables/disables the IGMP Snooping explicit host tracking
Tracking
membership information. state on the Switch.
state
enable show igmp-snooping This command shows the IGMP snooping
membership host membership information. IGMP Snooping Membership Table
configure igmp-snooping explicit- This command enables the IGMP Index This field indicates the index of the entry.
tracking snooping explicit host tracking on the
Switch. Port This field indicates the port of the entry.
configure no igmp-snooping explicit- This command disables the IGMP Multicast
tracking snooping explicit host tracking on the This field indicates the multicast address of the entry.
Group
Switch.
VID This field indicates the vlan of the entry.
Timeout This field indicates the remaining time in the table of the entry.
Host IP This field indicates the host IP which joins the multicast group.

58
VLAN “V” indicates the port’s packets can be sent

Port Isolation to that port.
The port isolation is a port-based virtual LAN feature. It partitions the switching ports into “-” indicates the port’s packets cannot be
virtual private domains designated on a per port basis. Data switching outside of the sent to that port.
port’s private domain is not allowed. It will ignore the packets’ tag VLAN information. interface port-isolation This command configures a port or a range of
ports PORTLISTS ports to egress traffic from the specific port.
This feature is a per port setting to configure the egress port(s) for the specific port to interface no port-isolation This command configures all ports to egress
forward its received packets. If the CPU port (port 0) is not an egress port for a specific traffic from the specific port.
port, the host connected to the specific port cannot manage the Switch.
Example:
If you wish to allow two subscriber ports to talk to each other, you must define the egress
port for both ports. CPU refers to the Switch management port. By default it forms a VLAN TI-PG1284I(config)#interface 1/0/2
with all Ethernet ports. If it does not form a VLAN with a particular port then the Switch TI-PG1284I(config-if)#port-isolation ports 3-10
cannot be managed from that port.
Web Configuration
Example: If you want to allow port-1 and port-3 to talk to each other, you must configure Advanced Settings > VLAN > Port Isolation
as below:
TI-PG1284I(config-if)#port-isolation ports 3
TI-PG1284I(config-if)#exit
; Allow the port-1 to send its ingress packets to port-3.
TI-PG1284I(config-if)#port-isolation ports 1
TI-PG1284I(config-if)#exit
; Allow the port-3 to send its ingress packets to port-1
CLI Configuration
enable show port- This command displays the current port isolation
isolation configurations.

59
Parameter Description A tagged VLAN uses an explicit tag (VLAN ID) in the MAC header to identify the VLAN
membership of a frame across bridges - they are not confined to the switch on which they
Select a port number to configure its port isolation settings. were created. The VLANs can be created statically by hand or dynamically through GVRP.
Port Select All Ports to configure the port isolation settings for all ports The VLAN ID associates a frame with a specific VLAN and provides the information that
on the Switch. switches need to process the frame across the network. A tagged frame is four bytes
longer than an untagged frame and contains two bytes of TPID (Tag Protocol Identifier,
An egress port is an outgoing port, that is, a port through which a residing within the type/length field of the Ethernet frame) and two bytes of TCI (Tag
data packet leaves. Control Information, starts after the source address field of the Ethernet frame).
Egress Port
Selecting a port as an outgoing port means it will communicate
with the port currently being configured.
The CFI (Canonical Format Indicator) is a single-bit flag, always set to zero for Ethernet
Click Select All to mark all ports as egress ports and permit traffic. switches. If a frame received at an Ethernet port has a CFI set to 1, then that frame should
Select All/ Click Deselect All to unmark all ports and isolate them. not be forwarded as it is to an untagged port. The remaining twelve bits define the VLAN
Deselect All ID, giving a possible maximum number of 4,096 VLANs. Note that user priority and VLAN
Deselecting all ports means the port being configured cannot
ID are independent of each other. A frame with VID (VLAN Identifier) of null (0) is called a
communicate with any other port.
priority frame, meaning that only the priority level is significant and the default VID of the
Apply Click Apply to configure the settings. ingress port is given as the VID of the frame. Of the 4096 possible VIDs, a VID of 0 is used
to identify priority frames and value 4095 (FFF) is reserved, so the maximum possible
Refresh Click this to reset the fields to the last setting. VLAN configurations are 4,094.
Port
“V” indicates the port’s packets can be sent to that port.
Isolation
“-” indicates the port’s packets cannot be sent to that port. TPID User Priority CFI VLAN ID
Status
2 bytes 3 bits 1 bit 12 bits
802.1Q VLAN
A virtual LAN, commonly known as a VLAN, is a group of hosts with a common set of  Forwarding Tagged and Untagged Frames
requirements that communicate as if they were attached to the Broadcast domain, Each port on the Switch is capable of passing tagged or untagged frames. To forward a
regardless of their physical location. A VLAN has the same attributes as a physical LAN, frame from an 802.1Q VLAN-aware switch to an 802.1Q VLAN-unaware switch, the Switch
but it allows for end stations to be grouped together even if they are not located on the first decides where to forward the frame and then strips off the VLAN tag. To forward a
same network switch. Network reconfiguration can be done through software instead of frame from an 802.1Q VLAN-unaware switch to an 802.1Q VLAN-aware switch, the Switch
physically relocating devices. first decides where to forward the frame, and then inserts a VLAN tag reflecting the
ingress port's default VID. The default PVID is VLAN 1 for all ports, but this can be changed.
VID- VLAN ID is the identification of the VLAN, which is basically used by the standard
802.1Q. It has 12 bits and allow the identification of 4096 (2^12) VLANs. Of the 4096 A broadcast frame (or a multicast frame for a multicast group that is known by the system)
possible VIDs, a VID of 0 is used to identify priority frames and value 4095 (FFF) is is duplicated only on ports that are members of the VID (except the ingress port itself),
reserved, so the maximum possible VLAN configurations are 4,094. thus confining the broadcast to a specific domain.
 802.1Q Port base VLAN

60
With port-based VLAN membership, the port is assigned to a specific VLAN independent CLI Configuration
of the user or system attached to the port. This means all users attached to the port
should be members of the same VLAN. The network administrator typically performs the
VLAN assignment. The port configuration is static and cannot be automatically changed enable show vlan VLANID This command displays the VLAN
to another VLAN without manual reconfiguration. configurations.
configure vlan <1~4094> This command enables a VLAN and enters
As with other VLAN approaches, the packets forwarded using this method do not leak into the VLAN node.
other VLAN domains on the network. After a port has been assigned to a VLAN, the port
cannot send to or receive from devices in another VLAN without the intervention of a configure no vlan <1~4094> This command deletes a VLAN.
Layer 3 device. vlan show This command displays the current VLAN
configurations.
The device that is attached to the port likely has no understanding that a VLAN exists. The vlan name STRING This command assigns a name for the
device simply knows that it is a member of a subnet and that the device should be able specific VLAN.
to talk to all other members of the subnet by simply sending information to the cable
The VLAN name should be the combination
segment. The switch is responsible for identifying that the information came from a
of the digit or the alphabet or hyphens (-) or
specific VLAN and for ensuring that the information gets to all other members of the
underscores (_).
VLAN. The switch is further responsible for ensuring that ports in a different VLAN do not
receive the information. The maximum length of the name is 16
characters.
This approach is quite simple, fast, and easy to manage in that there are no complex vlan no name This command configures the vlan name to
lookup tables required for VLAN segmentation. If port-to-VLAN association is done with default.
an application-specific integrated circuit (ASIC), the performance is very good. An ASIC Note: The default vlan name is
allows the port-to-VLAN mapping to be done at the hardware level. “VLAN”+vlan_ID, VLAN1, VLAN2,…
vlan add PORTLISTS This command adds a port or a range of
Default Settings ports to the vlan.
The default PVID is 1 for all ports. vlan fixed PORTLISTS This command assigns ports for permanent
The default Acceptable Frame is All for all ports. member of the vlan.
All ports join in the VLAN 1. vlan no fixed PORTLISTS This command removes all fixed member
from the vlan.
Notice: The maximum VLAN group is 4094. vlan tagged PORTLISTS This command assigns ports for tagged
member of the VLAN group. The ports
should be one/some of the permanent
members of the vlan.

61
vlan no tagged PORTLISTS This command removes all tagged member vlan-range no fixed PORTLISTS This command removes all fixed member
from the vlan. from the vlans.
vlan untagged PORTLISTS This command assigns ports for untagged vlan-range tagged PORTLISTS This command assigns ports for tagged
member of the VLAN group. The ports member of the VLAN group. The ports
should be one/some of the permanent should be one/some of the permanent
members of the vlan. members of the vlans.
vlan no untagged PORTLISTS This command removes all untagged vlan-range no tagged PORTLISTS This command removes all tagged member
member from the vlan. from the vlans.
interface acceptable frame type This command configures the acceptable vlan-range untagged PORTLISTS This command assigns ports for untagged
(all|tagged|untagged) frame type. member of the VLAN group. The ports
all - acceptable all frame types. should be one/some of the permanent
members of the vlans.
tagged - acceptable tagged frame only.
untagged – acceptable untagged frame only. vlan-range no untagged PORTLISTS This command removes all untagged
member from the vlans.
interface pvid VLANID This command configures a VLAN ID for the
port default VLAN ID.
Example:
interface no pvid This command configures 1 for the port
default VLAN ID. TI-PG1284I#configure terminal
TI-PG1284I(config)#vlan 2
gigabitethernet1/0/ configure node. TI-PG1284I(config-vlan)#fixed 1-6
PORTLISTS TI-PG1284I(config-vlan)#untagged 1-3
if-range pvid VLANID This command configures a VLAN ID for the
port default VLAN ID.
if-range no pvid This command configures 1 for the port
default VLAN ID.
configure vlan range STRINGS This command configures a range of vlans.
configure no vlan range STRINGS This command removes a range of vlans.
vlan-range add PORTLISTS This command adds a port or a range of
ports to the vlans.
vlan-range fixed PORTLISTS This command assigns ports for permanent
member of the VLAN group.

62
Web Configuration
VLAN Name This field displays the name of the VLAN.
VLAN Settings
Advanced Settings > VLAN > VLAN > VLAN Settings This field displays the status of the VLAN. Static or Dynamic
VLAN Status
(802.1Q VLAN).
This field displays which ports have been assigned as members of
Member Port
the VLAN. This will display None if no ports have been assigned.
Action Click Delete to remove the VLAN. The VLAN 1 cannot be deleted.
Tag Settings
Advanced Settings > VLAN > Tag Settings
Enter the VLAN ID for this entry; the valid range is between 1 and
VLAN ID
4094.
Enter a descriptive name for the VLAN for identification purposes.
The VLAN name should be the combination of the digit or the
VLAN Name
alphabet or hyphens (-) or underscores (_).
The maximum length of the name is 16 characters.
Enter the port numbers you want the Switch to assign to the VLAN
Member Port as members. You can designate multiple port numbers
individually by using a comma (,) and by range with a hyphen (-).
Apply Click Apply to save your changes back to the Switch.

VLAN List
VLAN ID Select a VLAN ID to configure its port tagging settings.
This field displays the index number of the VLAN entry. Click the
VLAN ID
number to modify the VLAN.

63
Selecting a port which is a member of the selected VLAN ID will Parameter Description
Tag Port make it a tag port. This means the port will tag all outgoing frames
Select a port number to configure from the drop-down box.
transmitted with the VLAN ID. Port
Select All to configure all ports at the same time.
Select All Click Select All to mark all member ports as tag ports.
PVID Select a PVID (Port VLAN ID number) from the drop-down box.
Deselect All Click Deselect All to mark all member ports as untag ports.
Specify the type of frames allowed on a port. Choices are All,
VLAN Untagged Only or VLAN Tagged Only.
Apply Click Apply to save your changes back to the Switch.
- Select All from the drop-down list box to accept all untagged or
Refresh Click Refresh to begin configuring this screen afresh. Acceptable tagged frames on this port. This is the default setting.
Frame - Select VLAN Tagged Only to accept only tagged frames on this
Tag Status port. All untagged frames will be dropped.
- Select VLAN Untagged Only to accept only untagged frames on
VLAN ID This field displays the VLAN ID. this port. All tagged frames will be dropped.
Tag Ports This field displays the ports that have been assigned as tag ports. Apply Click Apply to save your changes back to the Switch.
This field displays the ports that have been assigned as untag Refresh Click Refresh to begin configuring this screen afresh.
Untag Ports
ports.
Port Status
Port Settings Port This field displays the port number.

Advanced Settings > VLAN > VLAN > Port Settings
PVID This field displays the Port VLAN ID number.
Acceptable This field displays the type of frames allowed on the port. This will
Frame either display All or VLAN Tagged Only or VLAN Untagged Only.

64
GARP/GVRP GVRP Timer:

GARP and GVRP are industry-standard protocols that are described in IEEE 802.1p. GVRP Join Timer: Specifies the maximum number of milliseconds the interface waits before
is a GARP application that provides 802.1Q-compliant VLAN pruning and dynamic VLAN sending VLAN advertisements.
creation on 802.1Q trunk ports. Leave Timer: Specifies the number of milliseconds an interface waits after receiving a
leave message before the interface leaves the VLAN specified in the message.
With GVRP, the switch can exchange VLAN configuration information with other GVRP
switches, prune unnecessary broadcast and unknown unicast traffic, and dynamically Leaveall Timer: Specifies the interval in milliseconds at which Leave All messages are sent
create and manage VLANs on switches that are connected through 802.1Q trunk ports. on interfaces. Leave All messages help to maintain current GVRP VLAN membership
information in the network.
GVRP makes use of GID and GIP, which provide the common state machine descriptions The value for leave must be greater than three times the join value (leave >= join * 3).
and the common information propagation mechanisms defined for use in GARP-based The value for leaveall must be greater than the value for leave (leaveall > leave).
applications. GVRP prunes trunk links so that only active VLANs will be sent across trunk
connections. GVRP expects to hear join messages from the switches before it will add a
VLAN to the trunk. GVRP updates and hold timers can be altered. GVRP ports run in Default Settings
various modes to control how they will prune VLANs. GVRP can be configured to The default port Join Time is 20 for all ports.
dynamically add and manage VLANS to the VLAN database for trunking purposes. The default port Leave Time is 60 for all ports.
The default port Leaveall Time is 1000 for all ports.
In other words, GVRP allows the propagation of VLAN information from device to device. The default port Hold Time is 10 for all ports.
With GVRP, a single switch is manually configured with all the desired VLANs for the
CLI Configuration
network, and all other switches on the network learn those VLANs dynamically. An end-
node can be plugged into any switch and be connected to that end-node's desired VLAN. Node Command Description
For end-nodes to make use of GVRP, they need GVRP-aware Network Interface Cards
enable show gvrp This command displays the GVRP
(NICs). The GVRP-aware NIC is configured with the desired VLAN or VLANs, then
configuration configurations.
connected to a GVRP-enabled switch. The NIC communicates with the switch, and VLAN
connectivity is established between the NIC and switch. enable show gvrp statistics This command displays the GVRP
configurations on a port or all ports.
Registration Mode: enable show garp timer This command displays the timers for the
 Normal : The normal registration mode allows dynamic creation (if dynamic GARP.
VLAN creation is enabled), registration, and deregistration of VLANs on the trunk configure gvrp (disable | enable) This command disables / enables the GVRP
port. Normal mode is the default. on the switch.
 Forbidden: The forbidden registration mode deregisters all VLANs (except VLAN 1)
and prevents any further VLAN creation or registration on the trunk port. configure no gvrp configuration This command set GVRP configuration to its
 Fixed : The fixed registration mode allows manual creation and registration defaults.
of VLANs, prevents VLAN deregistration, and registers all known VLANs on other
interface gvrp (disable | enable) This command disables / enables the GVRP
ports on the trunk port. (Same as the static VLAN)
on the specific port.

65
interface gvrp registration This command configures the registration Parameter Description
(normal|forbidden) mode for the GVRP on the specific port.
Select Enable to activate GVRP function to exchange VLAN
interface no gvrp configuration This command set GVRP configuration to its GVRP State configuration information with other GVRP switches. Select
defaults for the specific port. Disable to deactivate the feature.
interface garp join-time VALUE This command configures the join time / Port Select the port that you want to configure the GVRP settings.
leave-time VALUE leaves time / leave all time for the GARP on
leaveall-time VALUE the specific port. Select Enable to activate the port GVRP function. Select Disable to
State
deactivate the port GVRP function.
interface no garp time This command configures the join time /
leaves time / leaves all time to default for the Select Normal to allows dynamic creation (if dynamic VLAN
GARP on the specific port. creation is enabled), registration, and deregistration of VLANs on
Registration the trunk port.
Mode Select Forbidden to deregister all VLANs (except VLAN 1) and
prevents any further VLAN creation or registration on the trunk
Web Configuration port.
GVRP Settings
Advanced Settings > VLAN > GVRP > GVRP
GARP Timer
Advanced Settings > VLAN > GVRP > GARP Timer

66
Parameter Description configure mac-vlan STRINGS This command creates a mac-vlan entry with the
vlan VLANID priority leading three or more bytes of mac address and
Specifies the maximum number of milliseconds the interface waits
Join Time <0-7> the VLAN and the priority.
before sending VLAN advertisements.
configure no mac-vlan entry This command deletes a mac-vlan entry.
Specifies the number of milliseconds an interface waits after receiving
STRINGS
Leave Time a leave message before the interface leaves the VLAN specified in the
message. configure no mac-vlan all This command deletes all of the mac-vlan
entries.
Specifies the interval in milliseconds at which Leave All messages are
Leaveall Time sent on interfaces. Leave All messages help to maintain current GVRP
VLAN membership information in the network. Example:
TI-PG1284I(config)#mac-vlan 00:01:02:03:04 vlan 111 priority 1
TI-PG1284I(config)#mac-vlan 00:01:02:22:04 vlan 121 priority 1
MAC-based VLAN TI-PG1284I(config)#mac-vlan 00:01:22:22:04:05 vlan 221 priority 1
The MAC base VLAN allows users to create VLAN with MAC address. The MAC address Web Configuration
can be the leading three or more bytes of the MAC address.
Advanced Settings > VLAN > MAC VLAN
For example, 00:01:02 or 00:03:04:05 or 00:01:02:03:04:05.
When the Switch receives packets, it will compare MAC-based VLAN configures. If the SA
is matched the MAC-based VLAN configures, the Switch replace the VLAN with user
configured and them forward them.
For example:
Configurations: 00:01:02, VLAN=23, Priority=2.
The packets with SA=00:01:02:xx:xx:xx will be forwarded to VLAN 22 member ports.
Notices: The 802.1Q port base VLAN should be created first. Parameter Description
MAC Address Configures the leading three or more bytes of the MAC address.
CLI Configuration
VLAN Configures the VLAN.
enable show mac-vlan This command displays the all of the mac-vlan Priority Configures the 802.1Q priority.
configurations.
Action Click the “Delete” button to delete the protocol VLAN profile.

67
Protocol-based VLAN configure no protocol-vlan frame-type LLC- This command deletes a protocol-
The Protocol based VLAN allows users to create VLAN with packet frame type. The packet SNAP vlan VLANID vlan entry with LLC-SNAP frame
frame type can be one of the three frame types: EthernetII, NonLLC-SNAP and LLC-SNAP. type and vlan.
If configuring the Ethernet II frame type, the configuration will be more detail with the
configure no protocol-vlan all This command deletes all of the
ethernet type.
protocol-vlan entries.
When the user configures the protocol VLAN as LLC-SNAP, VLAN:22, ports list: 1-3.
If the Switch receives packets with LLC-SNAP frame type from port 1 to 3, the packets’ Example:
VLAN will be replaced with VLAN 22 and be forwarded to VLAN 22 member ports. TI-PG1284I(config)#protocol-vlan frame-type LLC-SNAP vlan 12 ports 1-2
TI-PG1284I(config)#protocol-vlan frame-type nonLLC-SNAP vlan 13 ports 3-4
Notices: The 802.1Q port base VLAN should be created first. TI-PG1284I(config)#protocol-vlan frame-type ethernetII ether-type 0800 vlan 14 ports 1-
2

Advanced Settings > VLAN > Protocol VLAN
enable show protocol-vlan This command displays the all of
the protocol-vlan configurations.
configure protocol-vlan frame-type This command creates a protocol-
ethernetII ether-type STRINGS vlan entry with ethernetII frame
vlan VLANID ports PORTLISTS type.
configure protocol-vlan frame-type This command creates a protocol-
nonLLC-SNAP vlan VLANID ports vlan entry with nonLLC-SNAP frame
PORTLISTS type.
configure protocol-vlan frame-type LLC- This command creates a protocol-
SNAP vlan VLANID ports vlan entry with LLC-SNAP frame Select one of three frame types, “EthernetIU” and “NonLLC-SNAP”
Frame Type
PORTLISTS type. and “LLC-SNAP”.
configure no protocol-vlan frame-type This command deletes a protocol- Ethernet type Input the Ethernet type for the EthernetII frame type.
ethernetII ether-type STRINGS vlan entry with ethernetII frame
vlan VLANID type. VLAN Configure the VLAN ID.
configure no protocol-vlan frame-type This command deletes a protocol-
nonLLC-SNAP vlan VLANID vlan entry with nonLLC-SNAP frame Port List Configure the member ports.
type and vlan.
Action Click the “Delete” button to delete the protocol VLAN profile.

68
Q-in-Q VLAN (VLAN Stacking) TPID (Tag Protocol Identifier) is a standard Ethernet type code identifying the frame and
Q-in-Q tunneling is also known as VLAN stacking. Both of them use 802.1q double tagging indicates that whether the frame carries IEEE 802.1Q tag information. The value of this
technology. Q-in-Q is required by ISPs (Internet Service Provider) that need Transparent field is 0x8100 as defined in IEEE 802.1Q. Other vendors may use a different value, such
LAN services (TLS), and the service provider has their own set of VLAN, independent of as 0x9100.
customer VLANs. Typically, each service provider VLAN interconnects a group of sites
belonging to a customer. However, a service provider VLAN could also be shared by a set Tunnel TPID is the VLAN stacking tag type the Switch adds to the outgoing frames sent
of customers sharing the same end points and quality of service requirements of the through a Tunnel Port of the service provider's edge devices
VLAN. Double tagging is considered to be a relatively simpler way of implementing
transparent LAN. This is accomplished by encapsulating Ethernet Frame. A second or
outer VLAN tag is inserted in Ethernet frames sent over the ingress PE (Provider Edge). Priority refers to the IEEE 802.1p standard that allows the service provider to prioritize
This VLAN tag corresponds to the VLAN of the Service Provider (SP). When the frame traffic based on the class of service (CoS) the customer has paid for. "0" is the lowest
reaches the destination PE, the SP VLAN is stripped off. The DA of the encapsulated frame priority level and "7" is the highest.
and the VLAN ID are used to take further L2 decisions, similar to an Ethernet frame
arriving from a physical Ethernet port. The SP VLAN tag determines the VPLS (Virtual VID is the VLAN ID. SP VID is the VID for the second or outer (service provider’s) VLAN tag.
Private LAN Service) membership. Double tagging aggregates multiple VLANs within CVID is the VID for the first or inner (Customer’s) VLAN tag.
another VLAN and provides a private, dedicated Ethernet connection between customers
to reach their subnet transparently across multiple networks. Thus service providers can
create their own VLANs without interfering with customer VLANs by using double tagging. The frame formats for an untagged Ethernet frame; a single-tagged 802.1Q frame
This allows them to connect customers to ISPs and ASPs (Application Service Provider). (customer) and a “double-tagged” 802.1Q frame (service provider) are shown as
following.
The ports that are connected to the service provider VLANs are called tunnel ports, and
the ports that are connected to the customer VLANs are called access untagged DA SA Len or Data FCS
(subscriber/customer) ports. When a port is configured as tunnel port, all the outgoing frame Etype
packets on this port will be sent out with SPVLAN (SPVID and 1p priority) tag. The incoming
packet can have two tags (SPVLAN + CVLAN), one tag (SPVLAN or CVLAN), or no tag. In all single-tagged DA SA TPID P VID Len or Data FCS
cases, the packet is sent out with a SPVLAN tag. When a port is configured as an access frame Etype
port, the incoming traffic can have only a CVLAN (CVID and 1p priority) tag or no tag. double-tagged DA SA Tunnel P VID TPID P VID Le
Hence, all the packets that are being sent out of access ports will be untagged or single frame TPID Et
tagged (CVLAN). When a port is configured as a normal port, it will ignore the frames with
double tagging.
DA: Destination Address
Double Tagging Format SA: Source Address
A VLAN tag (service provider VLAN stacking or customer IEEE 802.1Q) consists of the Tunnel TPID: Tag Protocol Identifier added on a tunnel port
following three fields. P: 802.1p priority
VID: VLAN ID
TPID Priority VID Len or Etype: Length or Ethernet frame type

69
Data: Frame data

FCS: Frame Check Sequence
VLAN Stacking Port Roles

Each port can have three VLAN stacking “roles”, Normal, Access Port and Tunnel Port.
 Select Normal for “regular” (non-VLAN stacking) IEEE 802.1Q frame switching.
 Select Access Port for ingress ports on the service provider's edge devices. The
incoming frame is treated as "untagged", so a second VLAN tag (outer VLAN tag)
can be added.
 Select Tunnel Port for egress ports at the edge of the service provider's network.
All VLANs belonging to a customer can be aggregated into a single service provider's
VLAN (using the outer VLAN tag defined by SP VID).
NOTE: In order to have the double tagged frames switching correctly, user has to
configure a service provider’s VLAN (SPVLAN) on the Q-in-Q switch. Then, the double
tagged frames can be switched according to the SP VID. The SPVLAN should include all
the related Tunnel and Access ports. Also, user has to configure the Tunnel posts as
tagged ports and the Access ports as untagged ports.
Port-based Q-in-Q This example shows how to configure switch A with ports 1 on the Switch to tag incoming
Q-in-Q encapsulation is to convert a single tagged 802.1Q packet into a double tagged Q- frames with the service provider’s VID of 200 (ports are connected to customer X
in-Q packet. The Q-in-Q encapsulation can be based on port or traffic. Port-based Q-in-Q network) and configure port 7 to service provider’s VID of 100 (ports are connected to
is to encapsulate all the packets incoming to a port with the same SPVID outer tag. The customer Y network). This example also shows how to set the priority for port 1 to 3 and
mode is more inflexible. port 7 to 4.
In the following example figure, both X and Y are Service Provider’s Network (SPN) TI-PG1284I(config)# vlan-stacking port-based
customers with VPN tunnels between their head offices and branch offices respectively. TI-PG1284I(config)# vlan-stacking tpid-table index 2 value 88a8
Both have an identical VLAN tag for their VLAN group. The service provider can separate
TI-PG1284I(config)# vlan 10
these two VLANs within its network by adding tag 100 to distinguish customer X and tag
200 to distinguish customer Y at edge device A and then stripping those tags at edge TI-PG1284I(config-vlan)# fixed 7,8
device B as the data frames leave the network. TI-PG1284I(config-vlan)# tagged 7
TI-PG1284I(config-vlan)# exit
TI-PG1284I(config-vlan)# fixed 7,8

70
TI-PG1284I(config-vlan)# tagged 8 The traffic based Q-in-Q is also called Selective Q-in-Q. Selective Q-in-Q allows the Switch
TI-PG1284I(config-vlan)# exit to add different outer VLAN tags to the incoming frames received on one port according
to their inner VLAN tags. In the Selective Q-in-Q mode, switch performs traffic
classification for the traffic incoming to a port based on the VLAN ID. When a user uses
TI-PG1284I(config-vlan)# fixed 1,2 different VLAN IDs for different services, traffic can be classified according to the VLAN
TI-PG1284I(config-vlan)# tagged 1 ID. For example, the VLAN ID 20 for surfing on the internet by PC, VLAN ID 30 for IPTV and
TI-PG1284I(config-vlan)# exit VLAN ID 40 for VIP customers. After receiving user data, the switch labels the traffic of
surfing on the Internet by PC with 500 as a SPVID outer tag, IPTV with 600, and VIP
customers with 700.
TI-PG1284I(config-vlan)# fixed 1,2
TI-PG1284I(config-vlan)# tagged 2
TI-PG1284I(config-vlan)# exit
TI-PG1284I(config)# interface gigaethernet1/0/1
TI-PG1284I(config-if)# vlan-stacking port-based role access
TI-PG1284I(config-if)# vlan-stacking spvid 200
TI-PG1284I(config-if)# vlan-stacking priority 3
TI-PG1284I(config-if)# vlan-stacking port-based role tunnel
TI-PG1284I(config-if)# vlan-stacking tunnel-tpid index 2
TI-PG1284I(config-if)# vlan-stacking port-based role access
TI-PG1284I(config-if)# vlan-stacking spvid 100
TI-PG1284I(config-if)# vlan-stacking priority 4
This following example shows how to configure ports 3 on the Switch to tag incoming
TI-PG1284I(config-if)# vlan-stacking port-based role tunnel frames with the different service provider’s VID and priority.
TI-PG1284I(config-if)# vlan-stacking tunnel-tpid index 2 TI-PG1284I(config)# vlan-stacking selective
TI-PG1284I(config-if)# exite TI-PG1284I(config)# vlan-stacking tpid-table index 6 value 9100
TI-PG1284I(config)# exit TI-PG1284I(config)# vlan 20
TI-PG1284I# show vlan-stacking TI-PG1284I(config-vlan)# fixed 3,4
TI-PG1284I# show vlan-stacking tpid-table TI-PG1284I(config-vlan)# tagged 3
TI-PG1284I# show vlan-stacking portbased-qinq TI-PG1284I(config-vlan)# exit
Selective Q-in-Q TI-PG1284I(config-vlan)# fixed 3,4

71
TI-PG1284I(config-vlan)# tagged 3 TI-PG1284I(config-qinq)# access-ports 3

TI-PG1284I(config-vlan)# exit TI-PG1284I(config-qinq)# tunnel-ports 4
TI-PG1284I(config)# vlan 40 TI-PG1284I(config-qinq)# active
TI-PG1284I(config-vlan)# fixed 3,4 TI-PG1284I(config-qinq)# show
TI-PG1284I(config-vlan)# tagged 3 TI-PG1284I(config-qinq)# exit
TI-PG1284I(config-vlan)# exit TI-PG1284I(config)# vlan-stacking selective-qinq rule3
TI-PG1284I(config)# vlan 500 TI-PG1284I(config-qinq)# cvids 40
TI-PG1284I(config-vlan)# fixed 3,4 TI-PG1284I(config-qinq)# priority 7
TI-PG1284I(config-vlan)# tagged 4 TI-PG1284I(config-qinq)# spvid 700
TI-PG1284I(config-vlan)# exit TI-PG1284I(config-qinq)# access-ports 3
TI-PG1284I(config)# vlan 600 TI-PG1284I(config-qinq)# tunnel-ports 4
TI-PG1284I(config-vlan)# fixed 3,4 TI-PG1284I(config-qinq)# active
TI-PG1284I(config-vlan)# tagged 4 TI-PG1284I(config-qinq)# show
TI-PG1284I(config-vlan)# exit TI-PG1284I(config-qinq)# exit
TI-PG1284I(config)# vlan 700 TI-PG1284I(config)# interface interface 1/0/4
TI-PG1284I(config-vlan)# fixed 3,4 TI-PG1284I(config-if)# vlan-stacking tunnel-tpid index 6
TI-PG1284I(config-vlan)# tagged 4 TI-PG1284I(config-if)# exit
TI-PG1284I(config-vlan)# exit TI-PG1284I(config)# exit
TI-PG1284I(config)# vlan-stacking selective-qinq rule1 TI-PG1284I# show vlan-stacking
TI-PG1284I(config-qinq)# cvids 20 TI-PG1284I# show vlan-stacking tpid-table
TI-PG1284I(config-qinq)# priority 2 TI-PG1284I# show vlan-stacking selective-qinq
TI-PG1284I(config-qinq)# spvid 500
TI-PG1284I(config-qinq)# access-ports 3 Default Setting: VLAN Stacking is disabled.
TI-PG1284I(config-qinq)# tunnel-ports 4
TI-PG1284I(config-qinq)# active CLI Configuration
TI-PG1284I(config-qinq)# show Node Command Description
TI-PG1284I(config-qinq)# exit
enable show vlan-stacking This command displays the current vlan-
TI-PG1284I(config)# vlan-stacking selective-qinq rule2 stacking type.
TI-PG1284I(config-qinq)# cvids 30
enable show vlan-stacking selective- This command displays the selective Q-
TI-PG1284I(config-qinq)# priority 5 qinq in-Q configurations.
TI-PG1284I(config-qinq)# spvid 600

72
enable show vlan-stacking This command displays the port-based if-range vlan-stacking tunnel-tpid This command sets TPID for a Q-in-Q
portbased-qinq q-in-Q configurations. index <1-6> tunnel port.
enable show vlan-stacking tpid- This command displays the TPID qinq active This command enables the selective Q-
inform configurations. in-Q profile.
configure vlan-stacking (disable|port- This command disables the vlan stacking qinq inactive This command disables the selective Q-
based|selective) or enables the vlan-stacking with port- in-Q profile.
based or selective on the switch.
qinq cvid VLANID This command specifies the customer’s
configure vlan-stacking selective-qinq This command creates a selective Q-in- VLAN range on the incoming packets.
STRINGS Q profile with the name.
qinq spvid VLANID This command sets the service
configure no vlan-stacking selective- This command removes the selective Q- provider’s VLAN ID for outgoing packets
qinq STRINGS in-Q profile with the name. in selective Q-in-Q.
configure vlan-stacking tpid-table index This command configures TPID table. qinq priority <0-7> This command sets priority in selective
<2-6> value STRINGS Q-in-Q.
interface vlan-stacking port-based This command sets the priority in port qinq access-ports PORTLISTS This command specifies the access ports
priority <0~7> based Q-in-Q. to apply the rule.
interface vlan-stacking port-based role This command sets VLAN stacking port qinq tunnel-ports PORTLISTS This command specifies the tunnel ports
(tunnel|access|normal) role. to apply the rule.
interface vlan-stacking port-based This command sets the service qinq end The command exits the CLI Q-in-Q node
spvid <1~4096> provider’s VID of the specified port. and enters the CLI enable node.
interface vlan-stacking tunnel-tpid This command sets TPID for a Q-in-Q qinq exit The command exits the CLI Q-in-Q node
index <1-6> tunnel port. and enter the CLI configure node.
configure interface range This command enters the interface qinq show The command shows the current
gigabitethernet1/0/ configure node. selective Q-in-Q profile configurations.
ORTLISTS
if-range vlan-stacking port-based This command sets the priority in port gigabitethernet1/0/ configure node.
priority <0~7> based Q-in-Q. PORTLISTS
if-range vlan-stacking port-based role This command sets VLAN stacking port if-range vlan-stacking port-based This command sets the priority in port
(tunnel|access|normal) role. priority <0~7> based Q-in-Q.
if-range vlan-stacking port-based This command sets the service if-range vlan-stacking port-based role This command sets VLAN stacking port
spvid <1~4096> provider’s VID of the specified port. (tunnel|access|normal) role.

73
if-range vlan-stacking port-based This command sets the service Tunnel TPID Index Selects the table index.
spvid <1~4096> provider’s VID of the specified port.
TPID Configures the TPID.
if-range vlan-stacking tunnel-tpid This command sets TPID for a Q-in-Q
Configures the Port TPID:
index <1-6> tunnel port.
Port Selects a port or a range of ports which you want to configure.
Web Configuration Tunnel TPID Index Configures the index of the TPID Table for the specific ports.
VLAN Stacking
Advanced Settings > VLAN > Q-in-Q > VLAN Stacking
Select one of the three modes, Disable or Port-Based or Selective
Action
for the VLAN stacking.
Configures the TPID Table: The TPID table has 6 entries.

74
Port-Based Q-in-Q Selective Q-in-Q

Advanced Settings > VLAN > Q-in-Q > Port-based Q-in-Q Advanced Settings > VLAN > Q-in-Q > Selective Q-in-Q
Parameter Description Name Configures the selective Q-in-Q profile name.
Access Ports Configures a port or a range of ports for the access ports.
Selects one of the three roles, Normal and Access and Tunnel, for
Role
the specific ports. Tunnel Ports Configures a port or a range of ports for the tunnel ports.
SPVID Configures the service provider’s VLAN.
CVID Configures a customer’s VLAN.
Priority Configures the priority for the specific ports.
SPVID Configures a service provider’s VLAN.
Priority Configures an 802.1Q priority for the profile.
Action Enables / Disables the profile.

75
DHCP Option 82 such as restricting the number of IP addresses that can be assigned to a single
remote ID or circuit ID. Then the DHCP server echoes the option-82 field in the DHCP
DHCP Option 82 is the “DHCP Relay Agent Information Option”. Option 82 was designed reply.
to allow a DHCP Relay Agent to insert circuit specific information into a request that is  The DHCP server unicasts the reply to the switch if the request was relayed to the
being forwarded to a DHCP server. Specifically the option works by setting two sub- server by the switch. When the client and server are on the same subnet, the server
options: Circuit ID and Remote ID. broadcasts the reply. The switch verifies that it originally inserted the option-82
data by inspecting the remote ID and possibly the circuit ID fields. The switch
The DHCP option 82 is working on the DHCP snooping or/and DHCP relay. removes the option-82 field and forwards the packet to the switch port that
The switch will monitor the DHCP packets and append some information as below to the connects to the DHCP client that sent the DHCP request.
DHCPDISCOVER and DHCPREQUEST packets. The switch will remove the DHCP Option 82
from the DHCPOFFER and DHCPACK packets. The DHCP server will assign IP domain to the Option Frame Format:
client dependent on these information.
Code Len Agent Information Field
The maximum length of the information is 32 characters. 82 N i1 i2 i3 i4 ... iN
In residential, metropolitan Ethernet-access environments, DHCP can centrally manage The Agent Information field consists of a sequence of SubOpt/Length/Value tuples for
the IP address assignments for a large number of subscribers. When the DHCP option-82 each sub-option, encoded in the following manner:
feature is enabled on the switch, a subscriber device is identified by the switch port
through which it connects to the network (in addition to its MAC address). Multiple hosts
on the subscriber LAN can be connected to the same port on the access switch and are Sub-Option Len Sub-Option Value
uniquely identified. 1 N s1 s2 s3 s4 ... sN
When you enable the DHCP snooping information option 82 on the switch, this sequence
DHCP Agent Sub-Option Description
of events occurs:
Sub-option Code
 The host (DHCP client) generates a DHCP request and broadcasts it on the
network. --------------- ----------------------
 When the switch receives the DHCP request, it adds the option-82 information in 1 Agent Circuit ID Sub-option
the packet. The option-82 information contains the switch MAC address (the 2 Agent Remote ID Sub-option
remote-ID suboption) and the port identifier, vlan-mod-port, from which the packet
is received (the circuit-ID suboption).
 If the IP address of the relay agent is configured, the switch adds the IP address in Circuit ID Sub-option Format:
the DHCP packet. Suboption Length Information
 The switch forwards the DHCP request that includes the option-82 field to the DHCP Type
server.
 The DHCP server receives the packet. If the server is option-82 capable, it can use 0x01 Circuit Form
the remote ID, the circuit ID, or both to assign IP addresses and implement policies,

76
Remote ID Suboption Frame Format: The frame ID is configured with the CLI command, “dhcp-
options option82 circuit_frame VALUE”. Or GUI Circuit Frame.
Suboption Length Type Length MAC Address
Type SHELF - Add the shelf ID into the Circuit sub-option.
The shelf ID is configured with the CLI command, “dhcp-
0x02 8 0 6 6
options option82 circuit_shelf VALUE”. Or GUI Circuit
Shelf.
Circuit Form: SLOT - Add the slot ID into the Circuit sub-option.
The circuit form is a flexible architecture. It allows user to combine any information or the The slot ID is configured with the CLI command, “dhcp-
system configurations into the circuit sub-option. options option82 circuit_slot VALUE”. Or GUI Circuit Slot.
The Circuit Form is a string format. And its maximum length is 100 characters.
The keyword, %SPACE, will be replaced with a space character. For Example:
The other keywords get system configurations from the system and then replace the HOSTNAME=TI-PG1284I.
keyword and its leading code in the Circuit form. Eventually, the content of the circuit SVLAN=44.
form is part of the payload on the DHCP option 82 packet. CVLAN=32.
Circuit
Rules: Form=RD+%SPACE+Department+%SPACE+%HOSTNAME+%SPACE+%PORT+_+%SVLAN+.+%CVLAN
 The keyword must have a leading code ‘%’. For example: %HOSTNAME. The circuit sub-option result is: RD Department TI-PG1284I 1_44.32
 If there are any characters following the keywords, you must add ‘+’ between
the keyword and character. For example: %HOSTNAME+/.
 If there are any characters before the keyword, you must add ‘+’ between the Default Settings
character and the keyword. For example: Test+%HOSTNAME. DHCP Option 82 state : disabled.
Circuit Frame : 1.
Keyword: Circuit Shelf : 0.
HOSTNAME - Add the system name into the Circuit sub-option.. Circuit Slot : 0.
SPACE - Add a space character. Circuit ID String:
%HOSTNAME+%SPACE+eth/+%FRAME+/+%SHELF+/+%SLOT+:+%PORT+_+%SVLAN+:+%CVLAN
SVLAN - Add the service provider VLAN ID into the Circuit sub-option.
Remote ID String:
If the service provider VLAN is not defined, the system will return %HOSTNAME+%SPACE+eth/+%FRAME+/+%SHELF+/+%SLOT+:+%PORT+_+%SVLAN+:+%CVLAN
PVLAN.
CVLAN - Add the customer VLAN ID into the Circuit sub-option. CLI Configuration
If the CVLAN is not defined, the system returns 0.
PORT - Add the transmit port ID into the Circuit sub-option.
enable show dhcp-options This command displays the DHCP options
FRAME - Add the frame ID into the Circuit sub-option.
configurations.

77
configure dhcp-options option82 This command disables / enables the DHCP Web Configuration
(disable | enable) option 82 on the Switch. Advanced Settings > DHCP Options > Option 82
configure dhcp-options option82 This command configures the information of
circuit_id the circuit ID sub-option.
configure dhcp-options option82 This command configures the information of
remote_id the remote ID sub-option.
configure dhcp-options option82 This command configures the frame ID for the
circuit_frame VALUE circuit sub-option.
configure dhcp-options option82 This command configures the shelf ID for the
circuit_shelf VALUE circuit sub-option.
configure dhcp-options option82 This command configures the slot ID for the
circuit_slot VALUE circuit sub-option.
State Select this option to enable / disable the DHCP option 82 on

the Switch.
Circuit Frame The frame ID for the circuit sub-option.
Circuit Shelf The shelf ID for the circuit sub-option.
Circuit Slot The slot ID for the circuit sub-option.

78
Circuit-ID String The String of the circuit ID sub-option information. administrator uses DHCP relay agents to centralize DHCP servers, avoiding the need for a
DHCP server on each subnet.
Remote-ID String The String of the remote ID sub-option information.
Most of the time in small networks DHCP uses broadcasts however there are some
Apply Click Apply to save your changes to the Switch. circumstances where unicast addresses will be used. A router for such a subnet receives
the DHCP broadcasts, converts them to unicast (with a destination MAC/IP address of the
Refresh Click Refresh to begin configuring this screen afresh. configured DHCP server, source MAC/IP of the router itself). The field identified as the
GIADDR in the main DHCP page is populated with the IP address of the interface on the
DHCP Option 82 Port Settings router it received the DHCP request on. The DHCP server uses the GIADDR field to identify
the subnet the device and select an IP address from the correct pool. The DHCP server
Port The port ID. then sends the DHCP OFFER back to the router via unicast which then converts it back to
a broadcast and out to the correct subnet containing the device requesting an address.
The String of the circuit ID sub-option information for the
Circuit-ID String
specific port.
Configurations:
The String of the remote ID sub-option information for the Users can enable/disable the DHCP Relay on the Switch. Users also can enable/disable the
Remote-ID String
specific port. DHCP Relay on a specific VLAN. If the DHCP Relay on the Switch is disabled, the DHCP
Relay is disabled on all VLANs even some of the VLAN DHCP Relay are enabled.
DHCP Option 82 Port Status
Applications
The field displays all of the ports’ configurations.  Application-1 (Over a Router)
The DHCP cleint-1 and DHCP client-2 are located in different IP segments. But they
allocate IP address from the same DHCP server.
DHCP Relay DHCP Client-1 Switch Router Switch DHCP Client-2

Because the DHCPDISCOVER message is a broadcast message, and broadcasts only cross
other segments when they are explicitly routed, you might have to configure a DHCP
Relay Agent on the router interface so that all DHCPDISCOVER messages can be
forwarded to your DHCP server. Alternatively, you can configure the router to forward
DHCP messages and BOOTP message. In a routed network, you would need DHCP Relay
Agents if you plan to implement only one DHCP server.
The DHCP Relay that either a host or an IP router that listens for DHCP client messages
being broadcast on a subnet and then forwards those DHCP messages directly to a
configured DHCP server. The DHCP server sends DHCP response messages directly back
to the DHCP relay agent, which then forwards them to the DHCP client. The DHCP

79
DHCP Server CLI Configuration

 Application-2 (Local in different VLANs)
enable show dhcp relay This command displays the current
The DHCP cleint-1 and DHCP client-2 are located in different VLAN. But they allocate configurations for the DHCP relay.
IP address from the same DHCP server.
configure dhcp relay (disable | This command disables/enables the DHCP relay
enable) on the switch.
Switch DHCP Relay agent
configure dhcp relay vlan This command enables the DHCP relay function
VLAN_RANGE on a VLAN or a range of VLANs.
1 2 3 4 5 6 7 8
configure no dhcp relay vlan This command disables the DHCP relay function
VLAN_RANGE on a VLAN or a range of VLANs.
configure dhcp helper-address This command configures the DHCP server’s IP
IP_ADDRESS address.
configure no dhcp helper- This command removes the DHCP server’s IP
Server client client client client client client client address address.
VLAN 1: port 1, 2 (Management VLAN) Example:

VLAN 2: port 3, 4 TI-PG1284I#configure terminal
VLAN 3: port 5, 6 TI-PG1284I(config)# interface eth0
VLAN 4: port 7, 8 TI-PG1284I(config-if)# ip address 172.20.1.101/24
TI-PG1284I(config-if)# ip address default-gateway 172.20.1.1
DHCP Server  Port 1. TI-PG1284I(config)#dhcp relay enable
DHCP Client  Port 2, 3, 4, 5, 6, 7, 8. TI-PG1284I(config)# dhcp relay vlan 1
TI-PG1284I(config)# dhcp helper-address 172.20.1.1
Result: Hosts connected to port 2,3,4,5,6,7,8 can get IP from DHCP server.
Note: The DHCP Server must connect to the management VLAN member ports.
The DHCP Relay in management VLAN should be enabled.
Default Settings
The default global DHCP relay state is disabled.
The default VLAN DHCP relay state is disabled for all VLANs.
The default DHCP server is 0.0.0.0

80
Web Configuration How Dual-Homing Works?

Advanced Settings > DHCP Relay Assume the primary connection and secondary connections are connected to Internet by
different way. For example, primary connection is connected to a physical network but
secondary connection is connected to a wireless network. When enable dual homing
feature, device will default connect to Internet by primary connection and secondary
connection will be shutdown. If the port or all ports of primary connection are link-down,
the device will replace primary connection by secondary connection to connect to
Internet. At this situation, if secondary connection is also link-down, device will do
nothing. Secondary connection only works as primary connection disconnecting.
Default Settings
Dual-Homing Configurations:
State : Disable.
Primary Channel :-
Secondary Channel : -
----------------------------
Detail Status:
State Enables / disables the DHCP relay for the Switch. Primary Channel Status : -
Secondary Channel Status : -
VLAN State Enables / disables the DHCP relay on the specific VLAN(s).
DHCP Server IP Configures the DHCP server’s IP address. Notices

If the channel is a single port, then the port cannot add into any trunk group.
CLI Configuration
Dual Homing
enable show dual-homing This command displays the dual-homing
Dual Homing is a network topology in which a device is connected to the network by way
information.
of two independent access points (points of attachment). One access point is the primary
connection, and the other is a standby connection that is activated in the event of a failure configure dual-homing This command disables / enables the dual-
of the primary connection. (disable | enable) homing function for the system.

81
configure dual-homing This command sets the dual-homing primary Web Configuration
primary-channel channel for the system. The channel can be a Advanced Settings > Dual Homing
(port|trunk) VALUE single port or a trunk group.
configure no dual-homing This command removes the dual-homing
primary-channel primary channel for the system.
configure dual-homing This command sets the dual-homing secondary
secondary-channel channel for the system. The channel can be a
(port|trunk) VALUE single port or a trunk group.
configure no dual-homing This command removes the dual-homing
secondary-channel secondary channel for the system.
Example:
TI-PG1284I(config)# link-aggregation 1 ports 5-6
TI-PG1284I(config)# link-aggregation 1 enable
TI-PG1284I(config)# dual-homing primary-channel port 2
TI-PG1284I(config)# dual-homing secondary -channel trunk 1
TI-PG1284I(config)# dual-homing enable
State Enables / disables the Dual-Homing for the Switch.
Configures the primary channel. The channel can be single port

Primary channel
or a trunk group.
Configures the secondary channel. The channel can be single
Secondary channel
port or a trunk group.

82
ERPS 16 Ethernet ring nodes, the switch completion time (transfer time as defined in [ITU-T
G.808.1]) for a failure on a ring link shall be less than 50 ms.
The ITU-T G.8032 Ethernet Ring Protection Switching feature implements protection
switching mechanisms for Ethernet layer ring topologies. This feature uses the G.8032
Ethernet Ring Protection (ERP) protocol, defined in ITU-T G.8032, to provide protection The ring protection architecture relies on the existence of an APS protocol to coordinate
for Ethernet traffic in a ring topology, while ensuring that no loops are within the ring at ring protection actions around an Ethernet ring.
the Ethernet layer. The loops are prevented by blocking traffic on either a predetermined
link or a failed link. The Switch supports up to six rings.
The Ethernet ring protection functionality includes the following: Guard timer -- All ERNs use a guard timer. The guard timer prevents the possibility of
• Loop avoidance forming a closed loop and prevents ERNs from applying outdated R-APS messages. The
• The use of learning, forwarding, and Filtering Database (FDB) mechanisms guard timer activates when an ERN receives information about a local switching request,
such as after a switch fail (SF), manual switch (MS), or forced switch (FS). When this timer
Loop avoidance in an Ethernet ring is achieved by guaranteeing that, at any time, traffic expires, the ERN begins to apply actions from the R-APS it receives. This timer cannot be
may flow on all but one of the ring links. This particular link is called the ring protection manually stopped.
link (RPL) and under normal conditions this ring link is blocked, i.e., not used for service
traffic. One designated Ethernet ring node, the RPL owner node, is responsible to block Wait to restore (WTR) timer -- The RPL owner uses the WTR timer. The WTR timer applies
traffic at one end of the RPL. Under an Ethernet ring failure condition, the RPL owner node to the revertive mode to prevent frequent triggering of the protection switching due to
is responsible for unblocking its end of the RPL, unless the RPL has failed, allowing the RPL port flapping or intermittent signal failure defects. When this timer expires, the RPL
to be used for traffic. The other Ethernet ring node adjacent to the RPL, the RPL neighbour owner sends a R-APS (NR, RB) through the ring.
node, may also participate in blocking or unblocking its end of the RPL.
Wait to Block (WTB) timers -- This wait-to-block timer is activated on the RPL owner. The
The Ethernet rings could support a multi-ring/ladder network that consists of conjoined RPL owner uses WTB timers before initiating an RPL block and then reverting to the idle
Ethernet rings by one or more interconnection points. The protection switching state after operator-initiated commands, such as for FS or MS conditions, are entered.
mechanisms and protocol defined in this Recommendation shall be applicable for a multi- Because multiple FS commands are allowed to co-exist in a ring, the WTB timer ensures
ring/ladder network, if the following principles are adhered to: that the clearing of a single FS command does not trigger the re-blocking of the RPL. The
 R-APS channels are not shared across Ethernet ring interconnections; WTB timer is defined to be 5 seconds longer than the guard timer, which is enough time
 on each ring port, each traffic channel and each R-APS channel are controlled (e.g., to allow a reporting ERN to transmit two R-APS messages and allow the ring to identify
for blocking or flushing) by the Ethernet ring protection control process (ERP control the latent condition. When clearing a MS command, the WTB timer prevents the
process) of only one Ethernet ring; formation of a closed loop due to the RPL owner node applying an outdated remote MS
 Each major ring or sub-ring must have its own RPL. request during the recovery process.
Hold-off timer -- Each ERN uses a hold-off timer to delay reporting a port failure. When
In an Ethernet ring, without congestion, with all Ethernet ring nodes in the idle state (i.e., the timer expires, the ERN checks the port status. If the issue still exists, the failure is
no detected failure, no active automatic or external command and receiving only "NR, reported. If the issue does not exist, nothing is reported.
RB" R-APS messages), with less than 1200 km of ring fibre circumference and fewer than

83
ERPS revertive and non-revertive switching will get an error. If you still want to use this instance, you can change the Control VLAN to
ERPS considers revertive and non-revertive operation. In revertive operation, after the same as the control vlan of the instance first. And then configures the instance.
condition(s) causing a switch has cleared, the traffic channel is restored to the working
transport entity, i.e. blocked on the RPL. In the case of clearing of a defect, the traffic CLI Configuration
channel reverts after the expiry of a WTR timer, which is used to avoid toggling protection
states in case of intermittent defects. In non-revertive operation, the traffic channel Node Command Description
continues to use the RPL, if it is not failed, after a switch condition has cleared. enable show erps This command displays the ERPS
configurations.
Control VLAN: enable show erps instance This command displays the ERPS instance
The pure ERPS control packets domain only, no other packets are transmitted in this vlan configurations.
to guarantee no delay for the ERPS. So when you configure a Control VLAN for a ring, the
vlan should be a new one. The ERPS will create this control vlan and its member ports enable show erps instance This command displays the specific ERPS
automatically. The member port should have the Left and Right ports only. INSTANCE_ID instance configurations.
configure erps enable This command enables the global ERPS on
In ERPS, the control packets and data packets are separated in different vlans. the Switch.
The control packets are transmitted in a vlan which is called the Control VLAN. configure no erps enable This command disables the global ERPS on
the Switch.
Instance: configure erps ring-id VALUE This command creates an ERPS ring and its
For ERPS version 2, the instance is a profile specifies a control vlan and a data vlan or ID and enter ERPS node.
multiple data vlans for the ERPS. In ERPS, it can separate the control packets and data configure erps instance This command enters the instance
packets in different vlans. The control packets is in the Control VLAN and the data packets configure node.
can be in one or multiple data vlan. And then user can assign an instance to an ERPS ring
easily. configure no erps ring-id VALUE This command creates an ERPS ring and
enter ERPS node to configure detail ring
configurations.
In ERPS version 1, if a port is blocked by ERPS, all packets are blocked.
In ERPS version 2, if a port is blocked by a ring of ERPS, only the packets belong to the erps-ring show This command displays the configurations
vlans in the instance are blocked. of the ring.
erps-ring control-vlan This command configures a control-vlan
Notice: for the ERPS ring.
Control VLAN and Instance: erps-ring guard-timer This command configures the Guard Timer
In CLI or Web configurations, there are the Control VLAN and the Instance settings. for the ERPS ring. (default:500ms)
If the Control VLAN is configured for a ring and you want to configure an instance for the erps-ring holdoff-timer This command configures the Hold-off
ring. The control vlan of the instance must be same as the Control VLAN; otherwise, you Timer for the ERPS ring. (default:0 ms)

84
erps-ring left-port PORTID type This command configures the left port and Web configuration
[owner|neighbor|normal] type for the ERPS ring. Ring Settings
erps-ring mel VALUE This command configures a Control MEL Advanced Settings > ERPS > Ring Settings
for the ERPS ring.
erps-ring name STRING This command configures a name for the
ERPS ring.
erps-ring revertive This command configures the revertive
mode for the ERPS ring.
erps-ring no revertive This command configures the non-
revertive mode for the ERPS ring.
erps-ring right-port PORTID type This command configures the right port
[owner|neighbor|normal] and type for the ERPS ring.
erps-ring ring enable This command enables the ring.
erps-ring no ring enable This command disables the ring.
erps-ring version This command configures a version for the
ERPS ring.
erps-ring wtr-timer This command configures the WTR Timer
for the ERPS ring. (default: 5 minutes)
config- instance INSTANCE_ID This command configures a new instance
erps-inst control-vlan VLAN_ID and specifies its control vlan and data vlan. Global State Enables / disables the global ERPS state.
data-vlan VLAN_ID
Ring ID Configures the ring ID. The Valid value is from 1 to 255.
config- no instance INSTANCE_ID This command removes an instance.
erps-inst State Enables/ disables the ring state.
config- show This command displays all of the instance
erps-inst configurations. Ring Name Configures the ring name.(Up to 32 characters)
Revertive Enables / disables the revertive mode.
Configures the instance for the ring. The Valid value is from 0 to 30.
Instance 0-Disable means the ERPS is running in version 1. The control VLAN
of the instance should be same as below Control VLAN.

85
Configures the Control VLAN which is the ERPS control packets WTR Timer The WTR time.
Control VLAN
domain for the ring.
MEL The Control MEL.
Version Configures the version for the ring.
Guard Timer The Guard time.
Configures the Hold-off time for the ring. The Valid value is from 0
Hold-off Timer
to 10000 (ms). Left Port The left port.
Configures the WTR time for the ring. The Valid value is from 5 to Left Port Type The left port type.
WTR Timer
12 (min).
Right Port The right port.
Configures the Control MEL for the ring. The Valid value is from 0 to
MEL
7. The default is 7.
Right Port Type The right port type.
Configures the Guard time for the ring. The Valid value is from 10
Guard Timer WTB Timer The WTB time.
to 2000 (ms).
Configures the left port and its type for the ring. The valid port type Ring Status The current ring status.
Left Port
is one of Owner, Neighbor or Normal.
Left Port Status The current left port status.
Configures the right port and its type for the ring. The valid port
Right Port Right Port
type is one of Owner, Neighbor or Normal. The current right port status.
Status
ERPS Status
Ring ID The ring ID.
Ring Name The ring name.
State The ring state.
Revertive The ring revertive mode.
Control VLAN The ring Control VLAN.
Version The protocol version on the ring.
Holdoff Timer The Hold-off time.

86
Instance Settings Link Aggregation

Advanced Settings > ERPS > Instance Settings Static Trunk
Link Aggregation (Trunking) is the grouping of physical ports into one logical higher-
capacity link. You may want to trunk ports if for example, it is cheaper to use multiple
lower-speed links than to under-utilize a high-speed, but more costly, single-port link.
However, the more ports you aggregate then the fewer available ports you have. A trunk
group is one logical link containing multiple ports. The Switch supports both static and
dynamic link aggregation.
Note: In a properly planned network, it is recommended to implement static link

aggregation only. This ensures increased network stability and control over the trunk
Parameter Description groups on your Switch.
Instance Settings
Default Settings
Instance Configures the instance ID. The valid value is from 1 to 31. The default group Link Aggregation state is disabled for all groups.
The default group Link Aggregation load balance is source MAC and destination
Configures the control vlan for the instance. The valid value
Control VLAN MAC for all groups.
is from 1 to 4094.
Maximum link aggregation group: 6
Configures the data vlan for the instance. The valid value is Maximum port in link aggregation group: 8
Data VLAN
from 1 to 4094. It can be one or multiple vlans.
Instance Status CLI Configuration

Instance The instance ID.
enable show link-aggregation The command displays the current
Control VLAN The control vlan of the instance. trunk configurations.
configure link-aggregation [GROUP_ID] The command disables / enables the
Data VLAN The data vlan of the instance.
(disable | enable) trunk on the specific trunk group.
configure link-aggregation [GROUP_ID] The command adds ports to a
interface PORTLISTS specific trunk group.
configure no link-aggregation The commands delete ports from a
[GROUP_ID] interface specific trunk group.
PORTLISTS

87
Example:
Load Balance Configures the load balance algorithm for the specific trunk group.
TI-PG1284I(config)#link-aggregation 1 enable Member Ports Select the ports to be added to the static trunk group.
TI-PG1284I(config)#link-aggregation 1 ports 1-4
Web Configuration Refresh Click this to reset the fields to the last setting.
Advanced Settings > Link Aggregation > Static Trunk
Trunk Group Status
This field displays the group ID to identify a trunk group, that is,
Group ID
one logical link containing multiple ports.
State This field displays if the trunk group is enabled or disabled.
Load Balance This field displays the load balance policy for the trunk group.
This field displays the assigned ports that comprise the static trunk
Member Ports
group.
LACP
The Switch adheres to the IEEE 802.3ad standard for static and dynamic (LACP) port
trunking.
The IEEE 802.3ad standard describes the Link Aggregation Control Protocol (LACP) for
dynamically creating and managing trunk groups.
When you enable LACP link aggregation on a port, the port can automatically negotiate
with the ports at the remote end of a link to establish trunk groups. LACP also allows port
redundancy, that is, if an operational port fails, then one of the “standby” ports become
operational without user intervention.
Parameter Description Please note that:

Select the group ID to use for this trunk group, that is, one logical  You must connect all ports point-to-point to the same Ethernet switch and
link containing multiple ports. configure the ports for LACP trunking.
Group State
 LACP only works on full-duplex links.
Select Enable to use this static trunk group.
 All ports in the same trunk group must have the same media type, speed, and

88
duplex mode and flow control settings. CLI Configuration

 Configure trunk groups or LACP before you connect the Ethernet switch to
avoid causing network topology loops.
enable show lacp counters This command displays the LACP counters for
[GROUP_ID] the specific group or all groups.
System Priority:
The switch with the lowest system priority (and lowest port number if system priority is enable show lacp internal This command displays the LACP internal
the same) becomes the LACP “server”. The LACP “server” controls the operation of LACP [GROUP_ID] information for the specific group or all groups.
setup. Enter a number to set the priority of an active port using Link Aggregation Control enable show lacp neighbor This command displays the LACP neighbor’s
Protocol (LACP), the smaller the number, the higher the priority level. [GROUP_ID] information for the specific group or all groups.
enable show lacp This command c displays the port priority for the
System ID:
port_priority LACP.
The LACP system ID is the combination of the LACP system priority value and the MAC
address of the router. enable show lacp sys_id This command displays the actor’s and partner’s
system ID.
Administrative Key: configure lacp (disable | This command disables / enables the LACP on
enable) the switch.
The administrative key defines the ability of a port to aggregate with other ports. A port's
ability to aggregate with other ports is determined by these factors: configure lacp GROUP_ID This command disables / enables the LACP on
 Port physical characteristics, such as data rate, duplex capability, and point- (disable | enable) the specific trunk group.
to-point or shared medium. configure clear lacp counters This command clears the LACP statistics for the
 Configuration restrictions that you establish. [PORT_ID] specific port or all ports.
configure lacp system-priority This command configures the system priority for
<1-65535> the LACP. Note: The default value is 32768.
Port Priority:
configure no lacp system- This command configures the default for the
The port priority determines which ports should be put in standby mode when there is a
priority system priority for the LACP.
hardware limitation that prevents all compatible ports from aggregating.
interface lacp port_priority <1- This command configures the priority for the
65535> specific port.
Default Settings
Note: The default value is 32768.
The default System Priority is 32768.
The default group LACP state is disabled for all groups. interface no lacp port_priority This command configures the default for the
priority for the specific port.
PORTLISTS

89
if-range lacp port_priority <1- This command configures the priority for the LACP system priority is a number between 1 and 65,535. The switch
65535> specific ports. with the lowest system priority (and lowest port number if system
Note: The default value is 32768. priority is the same) becomes the LACP “server”. The LACP “server”
System Priority
controls the operation of LACP setup. Enter a number to set the
if-range no lacp port_priority This command configures the default for the priority of an active port using Link Aggregation Control Protocol
priority for the specific ports. (LACP). The smaller the number, the higher the priority level.
Select a trunk group ID and then select whether to Enable or Disable
Group LACP
Web Configuration Group Link Aggregation Control Protocol for that trunk group.
LACP Settings
Port Priority Select a port or a range of ports to configure its (their) LACP priority.
Advanced Settings > Link Aggregation > LACP
LACP Group Status
Group ID The field identifies the LACP group ID.
LACP State This field displays if the group has LACP enabled.
LACP Port Priority Status
Port The field identifies the port ID.
Priority The field identifies the port’s LACP priority.
Select Enable from the drop down box to enable Link Aggregation
State Control Protocol (LACP).
Select Disable to not use LACP.

90
LACP Info.
Port The LACP member port ID.
Advanced Settings > Link Aggregation > LACP Info.
Port Priority The port priority of the LACP member port.
Admin Key The Admin key of the LACP member port.
Oper Key The Oper key of the LACP member port.
Port State The port state of the LACP member port.
Group ID Select a LACP group that you want to view. Link Layer Discovery Protocol (LLDP)
The Link Layer Discovery Protocol (LLDP) specified in this standard allows stations
Neighbors Information attached to an IEEE 802® LAN to advertise, to other stations attached to the same IEEE
802 LAN, the major capabilities provided by the system incorporating that station, the
Port The LACP member port ID. management address or addresses of the entity or entities that provide management of
those capabilities, and the identification of the station’s point of attachment to the IEEE
LACP system priority is used to determine link aggregation group
802 LAN required by those management entity or entities.
System Priority (LAG) membership, and to identify this device to other switches
during LAG negotiations. (Range: 0-65535; Default: 32768)
The information distributed via this protocol is stored by its recipients in a standard
System ID The neighbor Switch’s system ID. Management Information Base (MIB), making it possible for the information to be
accessed by a Network Management System (NMS) using a management protocol such
Port The direct connected port Id of the neighbor Switch. as the Simple Network Management Protocol (SNMP).
The available time period of the neighbor Switch LACP
Age Default Settings
information.
The LLDP on the Switch is disabled.
Port State The direct connected port’s state of the neighbor Switch.
Tx Interval : 30 seconds.
Port Priority The direct connected port’s priority of the neighbor Switch. Tx Hold : 4 times.
Time To Live : 120 seconds.
Oper Key The Oper key of the neighbor Switch. Port Status Port Status
Internal Information ---- ------- ---- -------
1 Enable 2 Enable

91
3 Enable 4 Enable if-range lldp-agent This command configures the LLDP agent function.
5 Enable 6 Enable (disable|enable|rx- disable – Disable the LLDP on the specific port.
7 Enable 8 Enable only|tx-only)
enable – Transmit and Receive the LLDP packet on
9 Enable 10 Enable the specific port.
11 Enable 12 Enable tx-only – Transmit the LLDP packet on the specific
port only.
CLI Configuration rx-only – Receive the LLDP packet on the specific
port.
enable show lldp This command displays the LLDP configurations.
enable show lldp neighbor This command displays all of the ports’ neighbor
information.
configure lldp This command globally enables / disables the LLDP
(disable|enable) function on the Switch.
configure lldp tx-interval This command configures the interval to transmit
the LLDP packets.
configure lldp tx-hold This command configures the tx-hold time which
determines the TTL of the Switch’s message.
(TTL=tx-hold * tx-interval)
interface lldp-agent This command configures the LLDP agent function.
(disable|enable|rx- disable – Disable the LLDP on the specific port.
only|tx-only)
enable – Transmit and Receive the LLDP packet on
the specific port.
tx-only – Transmit the LLDP packet on the specific
port only.
rx-only – Receive the LLDP packet on the specific
port.
PORTLISTS

92
Web Configuration
LLDP Status
Advanced Settings > LLDP > Settings
Port The Port ID.
State The LLDP state for the specific port.
Neighbor
Advanced Settings > LLDP > Neighbor
Select the port(s) which you want to display the port’s neighbor
Port
Parameter Description information.
State Globally enables / disables the LLDP on the Switch. Local Port The local port ID.
Tx Interval Configures the interval to transmit the LLDP packets. Remote Port ID The connected port ID.
Configures the tx-hold time which determines the TTL of the Chassis ID The neighbor’s chassis ID.
Tx Hold
Switch’s message. (TTL=tx-hold * tx-interval)
System Name The neighbor’s system name.
Time To Live The hold time for the Switch’s information.
System
The neighbor’s system description.
Port The port range which you want to configure. Description
System
State Enables / disables the LLDP on these ports. The neighbor’s capability.
Capabilities

93
Management The loop detection on the Switch is disabled.

The neighbor’s management address.
Address Loop Detection Destination MAC=00:0b:04:aa:aa:ab
Time To Live The hold time for the neighbor’s information.
Recovery Recovery
Port State Status State Time Port State Status State Time
---- -------- ------- -------- ---- ---- -------- ------- -------- ----
Loop Detection 1 Disabled Normal Enabled 1 2 Disabled Normal Enabled 1
Loop detection is designed to handle loop problems on the edge of your network. This 3 Disabled Normal Enabled 1 4 Disabled Normal Enabled 1
can occur when a port is connected to a Switch that is in a loop state. Loop state occurs
as a result of human error. It happens when two ports on a switch are connected with the 5 Disabled Normal Enabled 1 6 Disabled Normal Enabled 1
same cable. When a switch in loop state sends out broadcast messages the messages loop 7 Disabled Normal Enabled 1 8 Disabled Normal Enabled 1
back to the switch and are re-broadcast again and again causing a broadcast storm.
9 Disabled Normal Enabled 1 10 Disabled Normal Enabled 1
11 Disabled Normal Enabled 1 12 Disabled Normal Enabled 1
The loop detection function sends probe packets periodically to detect if the port connect
to a network in loop state. The Switch shuts down a port if the Switch detects that probe
packets loop back to the same port of the Switch. CLI Configuration
Loop Recovery: enable show loop-detection This command displays the current loop
When the loop detection is enabled, the Switch will send one probe packets every two detection configurations.
seconds and then listen this packet. If it receives the packet at the same port, the Switch configure loop-detection (disable | This command disables / enables the loop
will disable this port. After the time period, recovery time, the Switch will enable this port enable) detection on the switch.
and do loop detection again.
configure loop-detection address This command configures the destination
MACADDR MAC for the loop detection special packets.
The Switch generates syslog, internal log messages as well as SNMP traps when it shuts
down a port via the loop detection feature. configure no loop-detection This command configures the destination
address MAC to default (00:0b:04:AA:AA:AB).
Default Settings interface loop-detection (disable | This command disables / enables the loop
The default global Loop-Detection state is disabled. enable) detection on the port.
The default Loop Detection Destination MAC is 00:0b:04:AA:AA:AB interface no shutdown This command enables the port. It can
The default Port Loop-Detection state is disabled for all ports. unblock port blocked by loop detection.
The default Port Loop-Detection status is unblocked for all ports. interface loop-detection recovery This command enables / disables the
(disable | enable) recovery function on the port.

94
interface loop-detection recovery This command configures the recovery Web Configuration
time VALUE period time. Advanced Settings > Loop Detection
gigabitethernet1/0/ configure node.
PORTLISTS
if-range loop-detection (disable | This command disables / enables the loop
enable) detection on the ports.
if-range loop-detection recovery This command enables / disables the
(disable | enable) recovery function on the port.
if-range loop-detection recovery This command configures the recovery
time VALUE period time.
Example:
TI-PG1284I(config)#loop-detection enable
TI-PG1284I(config-if)#loop-detection enable
State Select this option to enable loop guard on the Switch.
Enter the destination MAC address the probe packets will be sent
MAC Address to. If the port receives these same packets the port will be shut
down.
Port Select a port on which to configure loop guard protection.
State Select Enable to use the loop guard feature on the Switch.
Select Enable to reactivate the port automatically after the

Loop Recovery
designated recovery time has passed.
Specify the recovery time in minutes that the Switch will wait
Recovery Time
before reactivating the port. This can be between 1 to 60 minutes.

95
Apply Click Apply to save your changes to the Switch.
Refresh Click Refresh to begin configuring this screen afresh. MODBUS Data Map and Information Interpretation of IE Switches
Loop Guard Status

MODBUS base address of switches is 1001(decimal) for Function Code 4.
Port This field displays a port number.
Address Data Interpretation Description
State This field displays if the loop guard feature is enabled.
Offset Type
Status This field displays if the port is blocked. System Information
Loop Recovery This field displays if the loop recovery feature is enabled. 0x0000 1 word HEX Vendor ID = 0x0b04
0x0001 16 words ASCII Vendor Name = “ABCDEFG Corp.”
Recovery
This field displays the recovery time for the loop recovery feature. Word 0 Hi byte = ‘A’
Time (min)
Word 0 Lo byte = ‘B’
Word 1 Hi byte = ‘C’
Word 1 Lo byte = ‘D’
Modbus Word 2 Hi byte = ‘E’
MODBUS TCP supports different types of data format for reading. The primary four types Word 2 Lo byte = ‘F’
of them are: Word 3 Hi byte = ‘G’
Word 3 Lo byte = ‘ ’
Data Access Type Function Function Name Note Word 4 Hi byte = ‘C’
Code Word 4 Lo byte = ‘o’
Bit access Physical Discrete 2 Read Discrete Inputs Not support Word 5 Hi byte = ‘r’
Inputs now Word 5 Lo byte = ‘p’
Word 6 Hi byte = ‘.’
Internal Bits or 1 Read Coils Not support
Physical now Word 6 Lo byte = ‘\0’
Coils 0x0020 16 words ASCII Product Name = “SWITCH”
Word Physical Input 4 Read Input Word 0 Hi byte = ‘S’
access Registers Registers Word 0 Lo byte = ‘W’
(16-bit Physical Output 3 Read Holding Not support Word 1 Hi byte = ‘I’
access) Registers now Word 1 Lo byte = ‘T’
Registers

96
Word 2 Hi byte = ‘C’ Word 1 Hi byte = 0 x 02

Word 2 Lo byte = ‘H’ Word 1 Lo byte = 0 x 03
0x0040 7 words Product Serial Number Word 2 Hi byte = 0 x 04
Ex: Serial No=A000000000001 Word 2 Lo byte = 0 x 05
0x0050 12 words ASCII Firmware Version=” 8648-999- 0x0080 1 word HEX Power 1(PWR) Alarm, DIP switch 1
1.1.0.S0” need ON
Word 0 Hi byte = ‘8’ 0x0000: no alarm
Word 0 Lo byte = ‘6’ 0x0001: input voltage < 44V
Word 1 Hi byte = ‘4’ 0x0002: input voltage > 57V
Word 1 Lo byte = ‘8’ 0x0003: No PWR input
Word 2 Hi byte = ‘-’ 0x0081 1 word HEX Power 2(RPS) Alarm, DIP switch 1 need
Word 2 Lo byte = ‘9’ ON
Word 3 Hi byte = ‘9’ 0x0000: no alarm
Word 3 Lo byte = ‘9’ 0x0001: input voltage < 44V
Word 4 Hi byte = ‘-’ 0x0002: input voltage > 57V
Word 4 Lo byte = ‘1’ 0x0003: No RPSinput
Word 5 Hi byte = ‘.’ 0x0090 1 word HEX Fault LED Status
Word 5 Lo byte = ‘1’ 0x0000: No
Word 6 Hi byte = ‘.’ 0x0001: Yes
Word 6 Lo byte = ‘0’ Port Information
Word 7 Hi byte = ‘.’
0x0100 to 1 word HEX Port 1 to 10 Link Status
Word 7 Lo byte = ‘S’ 0x0109 0x0000: Link down
Word 8 Hi byte = ‘0’
0x0001: 10M-Full-FC_ON (FC: Flow
Word 8 Lo byte = ‘\0’ Control)
0x0060 16 words ASCII Firmware Release Date=” Mon Sep 30 0x0002: 10M-Full-FC_OFF
18:51:45 2013” 0x0003: 10M-Half-FC_ON
0x0070 3 words HEX Ethernet MAC Address 0x0004: 10M-Half-FC_OFF
Ex: MAC = 00-01-02-03-04-05 0x0005: 100M-Full-FC_ON
Word 0 Hi byte = 0 x 00 0x0006: 100M-Full-FC_OFF
Word 0 Lo byte = 0 x 01 0x0007: 100M-Half-FC_ON

97
0x0008: 100M-Half-FC_OFF (port 1 to Word 0 =8765

0x0009: 1000M-Full-FC_ON 10) Word 1 = 4321
0x000A: 1000M-Full-FC_OFF 0x04C0 to 2 words HEX Port 1 to 10 Rx Error Packets
0x000B: 1000M-Half-FC_ON 0x04D3 Ex: port 1 Rx Error Packet Amount =
0x000C: 1000M-Half-FC_OFF (port 1 to 0x123456
10)
0xFFFF: No port Word 0 = 0012
0x0200 to 20 words ASCII Port 1 to 10 Description Word 1 = 3456
0x0213 Port Description = “100TX,RJ45.” Or STP Information
(port 1) “1000TX,SFP.”
0x0500 1 word HEX STP Status:
0x0220 to Word 0 Hi byte = ‘1’
0x0000 : STP is disabled.
0x0233 Word 0 Lo byte = ‘0’
0x0001 : STP
(port 2) Word 1 Hi byte = ‘0’
0x0002 : RSTP
… Word 1 Lo byte = ‘T’
0x0003 : MSTP
0x0320 to …
0x0333 Word 4 Hi byte = ‘4’ Xpress Ring Information
(port 10) 0x0501 1 word HEX Xpress Ring Status on the Switch:
Word 4 Lo byte = ‘5’
Word 5 Hi byte = ‘.’ 0x0000 : Disabled.
Word 5 Lo byte = ‘\0’ 0x0001 : Enabled
0x0400 to 2 words HEX Port 1 to 10 Tx Packets 0x0510 1 word HEX Status of Xpress-ring1 of the Switch
0x0413 Ex: port 1 Tx Packet Amount = 0x0000 : Disabled
(port 1 to 0x87654321 0x0001 : Enabled
10)
Word 0 =8765
0x0511 1 word HEX Status of Xpress-ring2 of the Switch
Word 1 = 4321
0x0000 : Disabled
0x0440 to 2 words HEX Port 1 to 10 Rx Packets 0x0001 : Enabled
0x0453 Ex: port 1 Rx Packet Amount =
(port 1 to 0x0512 3 word HEX Destination MAC of the Xpress-ring1
0x123456
10) Word 0 Lo byte = MAC0
Word 0 = 0012
Word 0 Hi byte = MAC1
Word 1 = 3456
Word 1 Lo byte = MAC2
0x0480 to 2 words HEX Port 1 to 10 Tx Error Packets Word 1 Hi byte = MAC3
0x0493 Ex: port 1 Tx Error Packet Amount = Word 2 Lo byte = MAC4
0x87654321

98
Word 2 Hi byte = MAC5 0x0002 : blocking

0x0515 3 word HEX Destination MAC of the Xpress-ring2 0x0520 1 word HEX Primary Port Status of Xpress-ring2
Word 0 Lo byte = MAC0 0x0000 : link down
Word 0 Hi byte = MAC1 0x0001 : forwarding
Word 1 Lo byte = MAC2 0x0002 : blocking
Word 1 Hi byte = MAC3 0x0521 1 word HEX Secondary Port Status of Xpress-ring2
Word 2 Lo byte = MAC4 0x0000 : link down
Word 2 Hi byte = MAC5 0x0001 : forwarding
0x0518 1 word HEX Primary Port of the Xpress-ring1 0x0002 : blocking
Word 0 Hi byte = Port ID.
0x0519 1 word HEX Secondary Port of the Xpress-ring1 CLI Configuration
Word 0 Hi byte = Port ID. Node Command Description
0x051a 1 word HEX Primary Port of the Xpress-ring2 enable show modbus This command displays the current Modbus
Word 0 Hi byte = Port ID. configurations.
0x051b 1 word HEX Secondary Port of the Xpress-ring2 configure modbus This command disables / enables the Modbus
Word 0 Hi byte = Port ID. (disable|enable) on the switch.
0x051c 1 word HEX Role of Xpress-ring1

0x0000 : Forwarder Web Configuration
0x0001 : Arbiter Advanced Settings > Modbus
0x051d 1 word HEX Role of Xpress-ring2

0x0000 : Forwarder
0x0001 : Arbiter
0x051e 1 word HEX Primary Port Status of Xpress-ring1
0x0000 : link down
0x0001 : forwarding
0x0002 : blocking
0x051f 1 word HEX Secondary Port Status of Xpress-ring1
0x0000 : link down
0x0001 : forwarding

99
Parameter Description Standard PoE parameters and comparison
State Select this option to enable / disable the Modbus on the Switch.
Property 802.3af (802.3at Type 1) 802.3at Type 2
Apply Click Apply to save your changes to the Switch.
Power
Refresh Click Refresh to begin configuring this screen afresh. available at 12.95 W 25.50 W per mode
PD
Maximum
power
PoE (Power over Ethernet) delivered by
15.40 W 30.00 W per mode
Power over Ethernet or PoE technology describes a system to pass electrical power PSE
safely, along with data, on Ethernet cabling. PoE requires category 5 cable or higher for
high power levels, but can operate with category 3 cable for low power levels. Power can Voltage
come from a power supply within a PoE-enabled networking device such as an Ethernet range (at 44.0 - 57.0 V 50.0 - 57.0 V
switch or can be injected into a cable run with a midspan power supply. PSE)
Voltage
37.0 - 57.0 V 42.5 - 57.0 V
The original IEEE 802.3af-2003 PoE standard provides up to 15.4 W of DC power range (at PD)
(minimum 44 V DC and 350 mA) to each device. Only 12.95 W is assured to be available
at the powered device as some power is dissipated in the cable. Maximum
350 mA 600 mA per mode
current
The updated IEEE 802.3at-2009 PoE standard also known as PoE+ or PoE plus, provides Maximum
up to 25.5 W of power. Some vendors have announced products that claim to comply cable 20 Ω (Category 3) 12.5 Ω (Category 5)
with the 802.3at standard and offer up to 51 W of power over a single cable by utilizing resistance
all four pairs in the Cat.5 cable. Numerous non-standard schemes had been used prior to
PoE standardization to provide power over Ethernet cabling. Some are still in active use. Four power class levels negotiated at
Power Three power class levels
initial connection or 0.1 W steps
management negotiated at initial connection
negotiated continuously
PSE: Power sourcing equipment (PSE) is a device such as a switch that provides ("sources")
power on the Ethernet cable. Dreading of
maximum
5°C with one mode (two pairs) active,
cable
PD: A powered device (PD) is a device such as an access point or a switch, that supports None 10°C with two modes (four pairs)
ambient
PoE (Power over Ethernet) so that it can receive power from another device through a simultaneously active
operating
10/100 Mbps Ethernet port.
temperature

100
Supported
Category 3 and Category 5 Category 5
cabling Port State Status Priority
Supported Mode A (endspan), Mode B Mode A, Mode B, Mode A and Mode B ---- ----------- ---------- --------
modes (midspan) operating simultaneously 1 Disabled Disabled High
2 Disabled Disabled High
Power Devices 3 Disabled Disabled High
Power levels available
Classification current Power range 6 Disabled Disabled High
Class Usage Class description
[mA] [Watt]
0 Default 0-4 0.44 - 12.94 Classification unimplemented 8 Disabled Disabled High
1 Optional 9 - 12 0.44 - 3.84 Very Low power
CLI Configuration
2 Optional 17 - 20 3.84 - 6.49 Low power
3 Optional 26 - 30 6.49 - 12.95 Mid power
enable show poe This command displays the PoE
4 Reserved 36 - 44 12.95 - 25.50 High power configurations and status.
enable show poe schedule port This command displays the PoE port
For IEEE 802.3at (type 2) devices class 4 instead of Reserved has a power range of 12.95 - PORT_ID schedule configurations.
25.5 W. configure poe (disable | enable) This command disables or enables the
global PoE for the Switch.
PoE Specification configure poe total-power This command configures the total
 The port 1 ~ 8 supports the PoE function. power which the Switch can support.
 Total-power: The maximum power which the switch can support to the PDs.
interface poe (disable|enable) This command enables or disables the
Notice: You must reserve about 18 W for the system. That is, if you connect an
PoE function on the specific port.
external power supported 240W. The total power should be 222W only.
 Schedule: The Switch allows user to arrange a week schedule to enable or disable interface poe priority This command configures the priority
the PoE for the specific ports. (critical|high|low) of the PoE function for the specific
port.
Default Settings  critical : The highest priority.
 high : The middle priority.
State : Disabled  low : The lowest priority.
Total Power(W) :0

101
Web Configuration Apply Click Apply to take effect the settings.

Advanced Settings > PoE > Configuration
PoE Mode Displays the current PoE mode.
Total Power Displays the total power that the Switch supports.
Total Consuming
Displays the total consuming power for all of the PDs.
Power
External Power
Displays the status of the external power module.
Module
Port Display the Port No.
State Displays the PoE state for the specific port.
PD Priority Displays the PoE priority for the specific port.
The field displays the class mode which the PSE negotiate with
Class the PD on the specific port.
Consuming
Displays the consuming power for the specific port.
Power(mW)
Parameter Description Power
Displays the power allocated for the specific port.
Allocated(mW)
Selects the PoE mode, classification or consumption.
Current
Classification - Allocated power according to class (0 to 4). Displays the current status for the specific port.
PoE Mode Status(mA)
Consumption - Allocated power according to the actual need of
each PD.
Selects a port or a range of ports that you want to configure the PoE Schedule
Port
PoE function.
The function has a global state configuration. If the global state configuration is disabled.
Selects Enable to enable the PoE function on the specific port. The Switch will not perform the schedule function. If the global state is enabled, the
State Switch will check every port’s configurations.
Selects Disable to disable the PoE function on the specific port.
Priority Selects Critical / High / Low priority for the specific port. If the port’s check configuration is NO for a specific day, the Switch will not perform action
for the specific port. If the port’s check configuration is YES for a specific day, the Switch

102
will check the Start time and End Time. If the current time is in the interval between Start port. Users can enable or disable
time and End Time, the Switch will perform the action configuration. If the action is the PoE on the time period.
ENABLE, the Switch will send power to the port. If the current time is not in the interval
between Start time and End Time, the Switch will not send power to the port.
Web Configuration
Port:
Advanced Settings > PoE > Schedule
Schedule State: Disabled
Week Check Action Start Time(hour) End Time(hour)

------------- -------- --------- ------------------ --------------
Monday No Enable 0 24
Tuesday No Enable 0 24
Wednesday No Enable 0 24
Thursday No Enable 0 24
Friday No Enable 0 24
Saturday No Enable 0 24
Sunday No Enable 0 24
CLI Configuration
enable show poe schedule port PORT_ID This command displays the PoE
port schedule configurations.
interface poe schedule (disable|enable) This command disables or enables
the PoE schedule on the specific Selects a port that you want to configure the PoE schedule
port. Port
function.
interface poe schedule week This command enables or disables
Week Select a week day that you want to configure the schedule.
(Sun|Mon|Tue|Wed|Thu|Fri|Sat) the PoE schedule on the specific
check (yes|no) day.
Enables or Disables the PoE schedule on the specific port for a
Check
interface poe schedule week This command configures the PoE defined time period.
(Sun|Mon|Tue|Wed|Thu|Fri|Sat) schedule start-time and end-time
start-time VALUE end-time VALUE on a specific day on the specific Time (Hour)
action (enable|disable)

103
PD Alive Check CLI Configuration

The function has a global state configuration. If the global state configuration is enabled. Node Command Description
The Switch will check the configurations of every port.
enable show pd-alive This command displays the configuration
of the PD Alive Check.
If the port’s state is enabled, the Switch will send keep-a-live probe packet every interval
time. If the host cannot respond when the keep-a-live probe packet count is over the retry configure pd-alive (disable|enable) This command disables or enables the
times, the Switch performs the action, reboot/alarm/all to the Power Device, depending global PD Alive Check for the Switch.
on the port’s configuration. Interface pd-alive action This command configures the action
(reboot|alarm|all|none) when the system detects that the host
Power OFF Time (sec): cannot respond the keep-a-live probe
When PD has been rebooted, the PoE port restored power after the specified time. packet.
Default:15, range: 3-120 sec. Interface pd-alive interval VALUE This command configures the interval to
send the keep-a-live probe packets to
check if the host is still alive for the
Start up Time (sec):
specific port.
When PD has been start up, the Switch will wait Start up time to do PoE Auto Checking.
Default: 60, range: 30-600 sec. Interface pd-alive ip IP_ADDR This command configures the Host IP
address which connects to the specific
port.
Interval Time (sec):
Interface pd-alive retry-time VALUE This command configures the retry times
Device will send checking message to PD each interval time.
when no response from the host for the
Default: 30, range: 10-120 sec. keep-a-live probe packet for the specific
port.
Action: Interface pd-alive power-off-time This command configures the power-off
The action when the failure detection. VALUE startup-time VALUE time and startup time.
All: Send an alarm message to inform the administrator and then reboot the PD.
Alarm: Just send an alarm message to inform the administrator.
None: Keep Ping the remote PD but does nothing further.
Reboot: Cut off the power of the PoE port, make PD rebooted.

104
Web Configuration When PD has been rebooted, the PoE port restored power after
Power Off Time
Advanced Settings > PoE > PD Alive Check the Power Off Time time.
Start Up Time The Switch waits the Start Up Time to do PoE Auto Checking
when the PD is rebooting.
Power Delay
The Power Delay allows the user to setting the delay time of power providing after device
rebooted.
CLI Configuration
enable show poe power-delay This command displays the PoE power
Parameter Description delay configurations.
State Enables/Disables the PD Alive Check. interface poe power-delay This command enables / disables of the
(enable|disable) Power Delay function for the specific
Port Selects a port or a range of ports which you want to configure. port.
State Enables/Disables the PD Alive Check for the specific port(s).

interface poe power-delay time VALUE This command configures the delay
IP Address Specifies the Host IP address which connects to the port. time of the Power Delay for the specific
port.
Interval The interval to send the packet probes to check if the host is still
alive.
Retry Time The retry times when no response from the host for the keep-a- gigabitethernet1/0/ configure node.
live probe packet. PORTLISTS
The action to the Power Device when the system detects that the if-range poe power-delay This command enables / disables of the
Action Power Device cannot respond the keep-a-live probe packet. The (enable|disable) Power Delay function for the range of
options have Reboot / Alarm / All /None. ports.

105
Port The port ID.

if-range poe power-delay time VALUE This command configures the delay
time of the Power Delay for the range State The PoE power delay state for the port.
of ports.
Time The PoE power delay time for the port.
Web Configuration
Advanced Settings > PoE > Power Delay Notice: The high priority port should have low value for power delay.
PTP (IEEE-1588 v2)

PTP (Precision Time Protocol) is a distributed protocol to do time synchronization with
each other systems in the network.
There are 4 different clocks in PTP:

1. Ordinary Clock: Switch communicates with the network by using specified single
port. It will be same as grand master clock.
2. Boundary Clock: Switch can use multiple ports to communicate with network
and each port behaves as ordinary clock. Port is selected as either master or
member based on its local clock and data sets.
3. Transparent Clock: It forwards all received PTP messages and measures and
accumulate delay timers in correction field.
4. Forward Clock: It forward all received PTP messages in domain ports.

PTP works in 2 phases:
State Enables/Disables the PoE Power Delay for the specific ports. 1. Establishing hierarchy: Only ordinary or boundary clocks will have this phase.
a. Processes all received announce messages by using “Best Master
Time Clock (BMC)” algorithm and identifies itself as either master or
The delay time for the specific ports.
member.
Apply Click Apply to take effect the settings. 2. Clock Synchronization:
a. Master sends “Sync” message to member
Refresh Click Refresh to begin configuring this screen afresh. b. Member sends “DReq (Delay Request)” message to master
c. Master sends “Dresp (Delay Response)” message to member
Power Delay Status d. Member will adjust its clock by using parameters in above messages.

106
CLI Configuration configure no ptp domain <Domain-ID> This command

Node Command Description deletes a specified
domain ID from
Enable show ptp information This command PTP.
displays PTP global
configurations, PTP ptp_config domain enable This command
domain enables the PTP
configurations and domain.
PTP port ptp_config no domain enable This command
configurations. disables PTP
Enable show ptp domain <Domain-ID> This command domain.
displays specified ptp_config clock-mode This command
PTP domain <ordinary|boundary|transparent|forward> assigns specified
configurations. clock mode in PTP
Enable show ptp port <Domain-ID> <Port-ID> This command domain.
displays specified ptp_config no clock-mode This command
PTP domain and deletes existing
port configurations. clock mode of PTP
configure ptp enable This command domain and assigns
enables PTP. default clock mode
(Forward) in PTP
configure no ptp enable This command domain.
disables PTP.
ptp_config clock-priority1 <Value> This command
configure ptp primary-domain <Domain-ID> This command assigns specified
configures a priority for PTP
specified Domain ID domain dataset’s 1st
as the PTP’s primary priority.
domain.
ptp_config no clock-priority1 This command
configure no ptp primary-domain This command deletes existing 1st
resets the primary priority from PTP
domain ID default domain clock and
domain ID (0). assigns default
configure ptp domain <Domain-ID> This command priority value (128).
creates a specified ptp_config clock-priority2 <Value> This command
domain in PTP. assigns specified

107
priority for PTP clock mode and acts

domain dataset’s as one step clock as
2nd priority. default.
ptp_config no clock-priority2 This command ptp_config exit This command
deletes existing 2nd provides command
priority from PTP prompt one step as
domain clock and “config” node.
assigns default
ptp_config end This command
priority value (128).
provides command
ptp_config path-trace This command prompt as “enable”
enables path trace node.
TLV and adds TLV in
ptp_config port <Port-ID> This command
list.
creates port data
ptp_config no path-trace This command sets in PTP domain.
disables path trace
ptp_config no port <Port-ID> This command
TLV in domain and
deletes port data
deletes it from list.
sets from PTP
ptp_config slave This command domain.
enables PTP domain
ptp_config_port port enable This command
as slave. PTP
enables PTP port in
domain will be act
domain.
as member in PTP
network. ptp_config_port no port enable This command
disables PTP port in
ptp_config no slave This command
domain.
disables PTP domain
as slave only. Based ptp_config_port acceptable-master enable This command
on clock data sets it enables PTP port in
can be act as either domain as
slave or master. acceptable master.
ptp_config two-step-clk This command ptp_config_port no acceptable-master enable This command
enables two step deletes PTP port in
clock mode in PTP domain from
domain. acceptable master
list.
ptp_config no two-step-clk This command
disables two step

108
ptp_config_port announce interval <0-4> This command VLAN list to PTP

configures to send port.
periodical announce ptp_config_port no vlan <VLAN LIST> This command
messages in deletes specified
specified intervals in VLAN list from PTP
PTP port. port.
ptp_config_port no announce interval This command ptp_config_port exit This command
deletes existing provides command
announce interval prompt one step as
from PTP port and “ptp_config” node.
adds default
interval (1). ptp_config_port end This command
provides command
ptp_config_port announce timeout <2-10> This command prompt as “enable”
configures specified node.
value as announce
time in PTP port.
Example:
ptp_config_port no announce timeout This command
deletes existing  Enabling PTP: This command is used to enable PTP; by default PTP is disabled
announce timeout TI-PG1284I(config)#ptp enable
from PTP port and
adds default
 Disabling PTP: This command is used to disable PTP
timeout (3).
TI-PG1284I(config)#no ptp enable
ptp_config_port sync interval [-1, 1] This command
configures
synchronization  Adding Primary Domain: This command is used to add specified domain ID as
interval of PTP port primary domain in PTP; By default primary domain ID is 0.
as specified value. TI-PG1284I(config)#ptp primary-domain 1
ptp_config_port no sync interval This command
deletes existing  Deleting Primary Domain: This command is used to delete existing primary domain
synchronization ID from PTP and adds default domain ID (0) as primary domain ID.
interval from PTP TI-PG1284I(config)#no ptp primary-domain
port and adds
default value (0).
 Creating PTP Domain: This command is used to create a new PTP domain and
ptp_config_port vlan <VLAN LIST> This command provides us command prompt as “config-ptp” node.
configures specified TI-PG1284I(config)#ptp domain 1

109
TI-PG1284I(config-ptp)#  Adding 2nd Priority in PTP Domain: This command is used to add 2 nd priority in PTP
domain; by default domain’s 2nd priority is 128.
 Deleting Existing PTP Domain: This command is delete existing PTP domain from TI-PG1284I(config-ptp)#clk-priority2 30
domain list.
TI-PG1284I(config)#no ptp domain 1  Deleting 2nd Priority from PTP Domain: This command is used to delete existing 2nd
priority from PTP domain and adds domain’s 2nd priority as 128.
 Enabling PTP Domain: This command is used to enable PTP domain; by default PTP TI-PG1284I(config-ptp)#no clk-priority2
domain is enabled.
TI-PG1284I(config-ptp)#domain enable  Enabling Path Trace in PTP Domain: This command is used to enable path trace TLV
in PTP domain; by default path trace is disabled.
 Disabling PTP Domain: This command is used to disable PTP domain. TI-PG1284I(config-ptp)#path-trace
TI-PG1284I(config-ptp)#no domain enable
 Disabling Path Trace from PTP Domain: This command is used to disable path trace
from PTP domain.
 Adding Clock Mode in PTP Domain: This command is used to add clock mode in
domain; by default domain is in forward clock mode. TI-PG1284I(config-ptp)#no path-trace
TI-PG1284I(config-ptp)#clk-mode ordinary
TI-PG1284I(config-ptp)#clk-mode boundary  Enabling Slave Mode in PTP Domain: This command is used to enable PTP domain as
slave only. In PTP network it will be act as member (slave). By default slave mode is
TI-PG1284I(config-ptp)#clk-mode transparent
disabled in PTP domain.
TI-PG1284I(config-ptp)#clk-mode forward
TI-PG1284I(config-ptp)#slave
 Deleting Clock Mode from PTP Domain: This command is used to delete existing
 Disabling Slave Mode from PTP Domain: This command is used to disable slave mode
clock mode from PTP domain and adds “Forward” mode as domain’s clock mode.
from PTP domain. PTP domain will be act as either Master or Member based on
TI-PG1284I(config-ptp)#no clk-mode received data sets by using BMC (Best Master Clock) algorithm.
TI-PG1284I(config-ptp)#no slave
 Adding 1st Priority in PTP Domain: This command is used to add 1st priority in PTP
domain; by default domain’s 1st priority is 128.
 Enabling Two Step Clock in PTP Domain: This command is used to enable two step
TI-PG1284I(config-ptp)#clk-priority1 20 clock mode in PTP domain; by default two step clock is disabled in domain.
TI-PG1284I(config-ptp)#two-step-clk
 Deleting 1st Priority from PTP Domain: This command is used to delete existing 1 st
priority from PTP domain and adds 128 as domain’s first priority.
 Disabling Two Step Clock from PTP Domain: This command is used to disable two
TI-PG1284I(config-ptp)#no clk-priority1 step clock mode from PTP domain.
TI-PG1284I(config-ptp)#no two-step-clk

110
 Creating PTP Port in Domain: This command is used to create PTP port in domain  Adding Announce Timeout in PTP Port: This command is used to add specified value
with default values and it provides us “config-ptp-port” command prompt. as announce timeout in PTP port; by default announce timeout value is 3.
TI-PG1284I(config-ptp)#port 1 TI-PG1284I(config-ptp-port)#announce timeout 3
TI-PG1284I(config-ptp-port)#
 Deleting Announce Timeout from PTP Port: This command is used to delete existing
 Deleting PTP Port from Domain: This command is used to delete PTP port from announce timeout value from PTP port and adds 3 (default value) as announce
Domain. timeout in PTP port.
TI-PG1284I(config-ptp)#no port 1 TI-PG1284I(config-ptp-port)#no announce timeout
 Enabling PTP Port: This command is used to enable PTP port; by default PTP port is  Adding Synchronous Interval in PTP Port: This command is used to add specified
disabled. value synchronous interval in PTP port; by default synchronous interval is 0.
TI-PG1284I(config-ptp-port)#port enable TI-PG1284I(config-ptp-port)#sync interval 1
 Disabling PTP Port: This command is used to disable PTP port.  Deleting Synchronous Interval from PTP Port: This command is used to delete
existing synchronous interval from PTP port and adds 0 (default value) as
TI-PG1284I(config-ptp-port)#no port enable
synchronous interval.
TI-PG1284I(config-ptp-port)#no sync interval
 Enabling Acceptable Master in PTP Port: This command is used to enable acceptable
master mode in PTP port; by default it is disabled.
 Adding VLAN List into PTP Port: This command is used to add specified VLAN list into
TI-PG1284I(config-ptp-port)#acceptable-master enable
PTP port; by default there is no VLAN list in PTP port.
TI-PG1284I(config-ptp-port)#vlan 1-10
 Disabling Acceptable Master in PTP port: This command is used to disable acceptable
maser mode in PTP port.
 Deleting VLAN List from PTP Port: This command is used to delete specified VLAN
TI-PG1284I(config-ptp-port)#no acceptable-master enable
list from PTP port.
TI-PG1284I(config-ptp-port)#no vlan 5-6
 Adding Announce Interval in PTP port: This command is used to add announce
interval in PTP port; by default announce interval value in PTP port is 1
 Displays All PTP Configurations: This command is used to display all existing PTP
TI-PG1284I(config-ptp-port)#announce interval 2
configurations.
TI-PG1284I#show ptp information
 Deleting Announce Interval from PTP Port: This command is used to delete existing
PTP Status : Disable
announce interval from PTP port and adds 1 (default value) as announce interval in
PTP port. PTP Primary Domain : 0(Default)
TI-PG1284I(config-ptp-port)#no announce interval

111
Domain ID : 1 Port ID : 1
------------------------------------------ Port Status : Disabled
Domain Status : Disabled Announce Interval : 3
Slave Mode : Disabled Announce Timeout : 4
Path Trace Mode : Disabled Delay Interval : 0(Default)
Clock Mode : Forward(Default) Sync Interval : 1
Two Step Clock Mode : Disabled Acceptable Master Status : Enabled
Clock Priority_1 : 128(default) VLAN IDs : None
Clock Priority_2 : 128(default)
Port ID : 1  Displays PTP Port Configurations: This command is used to display specified PTP
Port Status : Disabled port configurations.
Announce Interval : 3 TI-PG1284I#show ptp port 1 1
Announce Timeout : 4 Port ID : 1
Delay Interval : 0(Default) Port Status : Disabled
Sync Interval : 1 Announce Interval : 3
Acceptable Master Status : Enabled Announce Timeout : 4
VLAN IDs : None Delay Interval : 0(Default)
Sync Interval : 1
 Displays PTP Domain Configurations: This command is used to display specified PTP Acceptable Master Status : Enabled
domain configurations. VLAN IDs : None
TI-PG1284I#show ptp domain 1
Domain ID : 1
------------------------------------------
Domain Status : Disabled
Slave Mode : Disabled
Path Trace Mode : Disabled
Clock Mode : Forward(Default)
Two Step Clock Mode : Disabled

112
Web Configuration Acceptable Master The priority of the acceptable master of the domain.
Advanced Settings > PTP > General Settings Priority
Domain Settings
Advanced Settings > PTP > Domain Settings
PTP State Enables / Disables the global PTP state.
Domain ID Creates / Removes a Domain.
Primary Domain Configure the primary domain.
PTP Status
PTP Status The current global PTP state.
Domain ID Selects a domain ID to configure.
PTP Primary Domain The primary domain.
Domain Enables / Disables the domain.
Domain ID The domain ID.
Enable - enables path trace TLV and adds TLV in list.
Domain Status The current state of the domain. Path Trace Disable - disables path trace TLV in domain and delete it from
Slave The current slave mode of the domain. list.
Path Trace The current path track mode of the domain. Enable - enables PTP domain as slave. PTP domain will be act as
member in PTP network.
Clock The current clock mode of the domain. Slave
Disable - disables PTP domain as slave only. Based on clock
Two Step Clock The current Two Step clock mode of the domain. data sets it can be act as either slave or master.
Clock Priority_1 The priority of the clock 1st priority of the domain. Two Step Clock Enable –enables two step clock mode in PTP domain.
Clock Priority_2 The priority of the clock priority2 of the domain.

113
Disable - disables two step clock mode and acts as one step Acceptable Master The priority of the acceptable master of the domain.
clock as default. Priority
Configures a priority for PTP domain dataset’s 1st priority.
Clock Priority_1
The default priority value is 128. Port Settings
nd Advanced Settings > PTP > Port Settings
Configures a priority for PTP domain dataset’s 2 priority.
Clock Priority_2
The default priority value is 128.
Ordinary Clock - Switch communicates with the network by
using specified single port. It will be same as grand master clock.
Boundary Clock - Switch can use multiple ports to communicate
with network and each port behaves as ordinary clock. Port is
selected as either master or member based on its local clock and
Clock data sets.
Transparent Clock - It forwards all received PTP messages and
measures and accumulate delay timers in correction field.
Forward Clock - It forward all received PTP messages in domain
ports.
Enable - enables PTP port in domain as acceptable master.
Acceptable Master
Priority Disable - deletes PTP port in domain from acceptable master
list.
Domain Status Parameter Description
Domain ID The domain ID. Domain ID
Domain Status The current state of the domain. Port
Slave The current slave mode of the domain. Enable - enables PTP port in domain as acceptable master.
Acceptable Master Disable - deletes PTP port in domain from acceptable master
Path Trace The current path track mode of the domain.
list.
Clock The current clock mode of the domain.
Add - configures synchronization interval of PTP port as
Two Step Clock The current Two Step clock mode of the domain. specified value.
Sync Interval
Clock Priority_1 The priority of the clock 1st priority of the domain. Default - deletes existing synchronization interval from PTP
port and adds default value (0).
Clock Priority_2 The priority of the clock priority2 of the domain.
Add - configures to send periodical announce messages in
Announce Interval
specified intervals in PTP port.

114
Default - deletes existing announce interval from PTP port and enable show ip routes This command displays the configurations of
adds default interval (1). (all|ipv4|ipv6) IPv4 or IPv6 or both routes from routing table.
Add - configures specified value as announce time in PTP port. enable show ip arp This command displays dynamic and static IPv4
Announce Timeout Default - deletes existing announce timeout from PTP port and (all|ipv4|ipv6) or IPv6 or both ARP entries in ARP table.
adds default timeout (3).
enable show ip hosts This command displays assigned IPv4 or IPv6
Add - configures specified VLAN list to PTP port. (all|ipv4|ipv6) or both addresses for interfaces in router.
Vlan ID
Remove - deletes specified VLAN list from PTP port. configure ip forwarding enable This command enables layer 3 IPv4 and IPv6
forwarding/routing globally.
configure no ip forwarding This command disables layer 3 IPv4 and IPv6
enable forwarding/routing globally.
Static Route
This will delete all assigned IP addresses and
Static routes, which define explicit paths between two routers, cannot be automatically static routes from interfaces.
updated; you must manually reconfigure static routes when network changes occur.
Static routes use less bandwidth than dynamic routes. No CPU cycles are used to calculate configure ip arp proxy enable This command enables route to act as an ARP
and analyze routing updates. proxy globally; It will be useful in InterVLAN
routing.
IP forwarding configure no ip arp proxy This command disables route to act as an ARP
IP forwarding provides on end to end delivery of IP packet between hosts with help of enable proxy.
routers. Routing database plays import role in forwarding the packets. Routers populate configure ipv4 arp <IPv4_ADDR> This command allows adding static IPv4 ARP
its routing database either by manual configurations or by using dynamic routing <MAC_ADDR> entry in ARP table.
protocols.
configure ip6 arp <IPv6_ADDR> This command allows adding static IPv6 ARP
IP forwarding works as router as well as Inter VLAN routing with trunk stick.
<MAC_ADDR> entry in ARP table.
Manual routing configurations are called as Static routes. Static routes are permanent
routes; we can delete those routes with manual configurations only. configure no ipv4 arp This command deletes a static IPv4 ARP entry
<IPv4_ADDR> from ARP table.
<MAC_ADDR>
Whenever an IP packet received by a router then it fetches destination IP address and it
will do the lookup in routing table to find the longest prefix match route. Packet is configure no ipv6 arp This command deletes a static IPv6 ARP entry
forwarded on the assigned next-hop in the route. <IPv6_ADDR> from ARP table.
<MAC_ADDR>
CLI Configuration configure interface vlan VLAN- This command enters the L3 interface node.
ID
L3 ipv4 address This command assigns a specified IPv4
enable show ip forwarding This command displays the current interface A.B.C.D/M interface route to the interface.
status configuration of the ip forwarding status.

115
We can assign multiple IPv4 interface route to L3 no ipv6 route This command deletes a specified IPv6 static
a single interface with different IP segment. interface <IPv6_ADDR>/M route from an interface vlan.
If this configuration is a first IP assigning to the <IPv6_ADDR>
interface then automatically interface is
Example:
enabled for routing.
 IP Forwarding Enable: This command is used to enable ip forwarding (routing).
L3 ipv6 address This command assigns a specified IPv6
TI-PG1284I(config)#ip forwarding enable
interface <IPv6_ADDR>/M interface route to the interface.
We can assign only one IPv6 interface route for
an interface vlan.  IP Forwarding Disable: This command is used to disable ip forwarding.
If this configuration is a first IP assigning to the TI-PG1284I(config)#no ip forwarding enable
interface then it automatically enables the
interface with routing.  ARP proxy enable: This command is used to enable ARP proxy.
L3 no ipv4 address This command deletes a specified IPv4 TI-PG1284I(config)#ip arp proxy enable
interface A.B.C.D/M interface route from the interface vlan.
This command deletes all dependent static  ARP proxy disable: This command is used to disable ARP proxy.
routes on the specified IPv4 interface route.
TI-PG1284I(config)#no ip arp proxy enable
If there is no assigned IP addresses for the
specified interface after deleting then it will
automatically disables routing in interface.  Add a static IPv4/IPv6 ARP entry: This command is used to add a static IPv4/IPv6
ARP entries.
L3 no ipv4 address This command deletes a specified IPv6 TI-PG1284I(config)#ipv4 arp 192.168.20.1 00:11:22:33:44:55
interface <IPv6_ADDR>/M interface route from the interface.
TI-PG1284I(config)#ipv6 arp 1234:ab::ccdd 00:11:22:33:44:55
This command deletes all dependent static
routes on the specified IPv6 interface route.
If there is no assigned IP addresses for the  Deletes a static IPv4/IPv6 ARP entry: This command is used to delete static IPv4/IPv6
specified interface after deleting then it will ARP entries
automatically disables routing in interface vlan. TI-PG1284I(config)#no ipv4 arp 192.168.20.1 00:11:22:33:44:55
L3 ipv4 route A.B.C.D/M This command configures an IPv4 static route TI-PG1284I(config)#no ipv6 arp 1234:ab::ccdd 00:11:22:33:44:55
interface A.B.C.D onto the specified interface vlan.
 Assigning a IPv4/IPv6 interface router: This command is used to add an IPv4/IPv6
L3 ipv6 route This command configures an IPv6 static route
interface route to a interface vlan.
interface <IPv6_ADDR>/M onto the specified interface vlan.
<IPv6_ADDR> TI-PG1284I(config)#interface vlan 1
TI-PG1284I(config-if-vlan-l3)#
L3 no ipv4 route This command deletes a specified IPv4 static
interface A.B.C.D/M A.B.C.D route from an interface vlan. TI-PG1284I(config-if-vlan-l3)#ipv4 address 192.168.20.1/24
TI-PG1284I(config-if-vlan-l3)#ipv6 address 1234:ab::ccdd/120

116
 Deleting IPv4/IPv6 address: This command is used to delete an IPv4/IPv6 interface Web Configuration
route from a interface vlan. Advanced Settings > Static Route
TI-PG1284I(config-if-vlan-l3)#no ipv4 address 192.168.20.1/24
TI-PG1284I(config-if-vlan-l3)#no ipv6 address 1234:ab::ccdd/120
 Adding static IPv4/IPv6 route: This command is used to add an IPv4/IPv6 static route
to a interface vlan.
TI-PG1284I(config-if-vlan-l3)#ipv4 address 192.168.20.1/24 192.168.20.1
TI-PG1284I(config-if-vlan-l3)#ipv6 address 1234:ab::ccdd/120 1234:ab::ccdd
 Deleting static IPv4/IPv6 route: This command is used to delete an IPv4/IPv6 static
route form an interface vlan.
TI-PG1284I(config-if-vlan-l3)#no ipv4 address 192.168.20.1/24 192.168.20.1
TI-PG1284I(config-if-vlan-l3)#no ipv6 address 1234:ab::ccdd/120 1234:ab::ccdd
Global Settings
IP Forwarding Enables / disables the IP forwarding globally.
IP ARP Proxy Enables / disables the route to act as an ARP proxy globally.

117
Adds a static IPv4 ARP entry in the ARP table. Status

IPv4 ARP Table
/ Deletes a static IPv4 ARP entry from the ARP table.
Shows the ARP table / Host table / Route configurations.
IP: The IP address for the entry.
MAC: The MAC address for the entry.
Adds a static IPv6 ARP entry in the ARP table.

STP
IPv6 ARP Table STP/RSTP
/ Deletes a static IPv6 ARP entry from the ARP table.
(R)STP detects and breaks network loops and provides backup links between switches,
IP: The IP address for the entry. bridges or routers. It allows a Switch to interact with other (R)STP compliant switches in
your network to ensure that only one path exists between any two stations on the
MAC: The MAC address for the entry. network.
Route Settings The Switch supports Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol
(RSTP) as defined in the following standards.
vlan Specifics an interface vlan.
 IEEE 802.1D Spanning Tree Protocol
 IEEE 802.1w Rapid Spanning Tree Protocol
Adds an IPv4 Interface Route / Static Route onto the interface
vlan. / Deletes an IPv4 Interface Route / Static Route from the
IPv4 interface vlan. The Switch uses IEEE 802.1w RSTP (Rapid Spanning Tree Protocol) that allows faster
convergence of the spanning tree than STP (while also being backwards compatible with
Selects the route type, Interface Route or Static Route.
STP-only aware bridges). In RSTP, topology change information is directly propagated
IP/M: The IP address and the netmask for the entry. throughout the network from the device that generates the topology change. In STP, a
longer delay is required as the device that causes a topology change first notifies the root
IP: The static route address for the Static Route type only. bridge and then the root bridge notifies the network. Both RSTP and STP flush unwanted
learned addresses from the filtering database.
Adds an IPv6 Interface Route / Static Route onto the interface In STP, the port states are Blocking, Listening, Learning, Forwarding.
vlan. / Deletes an IPv6 Interface Route / Static Route from the In RSTP, the port states are Discarding, Learning, and Forwarding.
IPv6 interface vlan.
Selects the route type, Interface Route or Static Route. Note: In this document, “STP” refers to both STP and RSTP.
IP/M: The IP address and the netmask for the entry.
STP Terminology
IP: The static route address for the Static Route type only.  The root bridge is the base of the spanning tree.
 Path cost is the cost of transmitting a frame onto a LAN through that port. The
recommended cost is assigned according to the speed of the link to which a

118
port is attached. The slower the media, the higher the cost. Hello Time:
This is the time interval in seconds between BPDU (Bridge Protocol Data Units)
configuration message generations by the root switch. The allowed range is 1 to 10
seconds.
PathCost:
Path cost is the cost of transmitting a frame on to a LAN through that port. It is
recommended to assign this value according to the speed of the bridge, the slower
the media, the higher the cost.
How STP Works?

After a bridge determines the lowest cost-spanning tree with STP, it enables the root port
 On each bridge, the bridge communicates with the root through the root port. and the ports that are the designated ports for connected LANs, and disables all other
The root port is the port on this Switch with the lowest path cost to the root ports that participate in STP. Network packets are therefore only forwarded between
(the root path cost). If there is no root port, then this Switch has been enabled ports, eliminating any possible network loops.
accepted as the root bridge of the spanning tree network.
 For each LAN segment, a designated bridge is selected. This bridge has the STP-aware switches exchange Bridge Protocol Data Units (BPDUs) periodically. When the
lowest cost to the root among the bridges connected to the LAN. bridged LAN topology changes, a new spanning tree is constructed. Once a stable network
topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data
Forward Time (Forward Delay): Units) transmitted from the root bridge. If a bridge does not get a Hello BPDU after a
predefined interval (Max Age), the bridge assumes that the link to the root bridge is down.
This is the maximum time (in seconds) the Switch will wait before changing states.
This bridge then initiates negotiations with other bridges to reconfigure the network to
This delay is required because every switch must receive information about
re-establish a valid network topology.
topology changes before it starts to forward frames. In addition, each port needs
time to listen for conflicting information that would make it return to a blocking
state; otherwise, temporary data loops might result. The allowed range is 4 to 30 802.1D STP
seconds. The Spanning Tree Protocol (STP) is a link layer network protocol that ensures a loop-free
topology for any bridged LAN. It is based on an algorithm invented by Radia Perlman while
Max Age: working for Digital Equipment Corporation. In the OSI model for computer networking,
STP falls under the OSI layer-2. Spanning tree allows a network design to include spare
This is the maximum time (in seconds) the Switch can wait without receiving a BPDU
(redundant) links to provide automatic backup paths if an active link fails, without the
before attempting to reconfigure. All Switch ports (except for designated ports)
danger of bridge loops, or the need for manual enabling/disabling of these backup links.
should receive BPDUs at regular intervals. Any port that age out STP information
Bridge loops must be avoided because they result in flooding the network.
(provided in the last BPDU) becomes the designated port for the attached LAN. If it
is a root port, a new root port is selected from among the Switch ports attached to
the network. The allowed range is 6 to 40 seconds. The Spanning Tree Protocol (STP) is defined in the IEEE Standard 802.1D. As the name
suggests, it creates a spanning tree within a mesh network of connected layer-2 bridges

119
(typically Ethernet switches), and disables those links that are not part of the tree, leaving Edge Port:
a single active path between any two network nodes. They are attached to a LAN that has no other bridges attached. These edge ports
transition directly to the forwarding state. RSTP still continues to monitor the port
STP switch port states for BPDUs in case a bridge is connected. RSTP can also be configured to
automatically detect edge ports. As soon as the bridge detects a BPDU coming to
 Blocking - A port that would cause a switching loop, no user data is sent or
an edge port, the port becomes a non-edge port.
received but it may go into forwarding mode if the other links in use were to
fail and the spanning tree algorithm determines the port may transition to the
forwarding state. BPDU data is still received in blocking state. Forward Delay:
 Listening - The switch processes BPDUs and awaits possible new information The range is from 4 to 30 seconds. This is the maximum time (in seconds) the root
that would cause it to return to the blocking state. device will wait before changing states (i.e., listening to learning to forwarding).
 Learning - While the port does not yet forward frames (packets) it does learn
source addresses from frames received and adds them to the filtering
database (switching database) Transmission Limit:
 Forwarding - A port receiving and sending data, normal operation. STP still This is used to configure the minimum interval between the transmissions of
monitors incoming BPDUs that would indicate it should return to the blocking consecutive RSTP BPDUs. This function can only be enabled in RSTP mode. The
state to prevent a loop. range is from 1 to 10 seconds.
 Disabled - Not strictly part of STP, a network administrator can manually
disable a port
Hello Time:
Set the time at which the root switch transmits a configuration message. The range
802.1w RSTP is from 1 to 10 seconds.
In 1998, the IEEE with document 802.1w introduced an evolution of the Spanning Tree
Protocol: Rapid Spanning Tree Protocol (RSTP), which provides for faster spanning tree
Bridge priority:
convergence after a topology change. Standard IEEE 802.1D-2004 now incorporates RSTP
and obsoletes STP. While STP can take 30 to 50 seconds to respond to a topology change, Bridge priority is used in selecting the root device, root port, and designated port.
RSTP is typically able to respond to changes within a second. The device with the highest priority becomes the STA root device. However, if all
devices have the same priority, the device with the lowest MAC address will become
RSTP bridge port roles:
the root device.
 Root - A forwarding port that is the best port from Nonroot-bridge to
Rootbridge
 Designated - A forwarding port for every LAN segment Port Priority:
 Alternate - An alternate path to the root bridge. This path is different than Set the port priority in the switch. Low numeric value indicates a high priority. A
using the root port. port with lower priority is more likely to be blocked by STP if a network loop is
 Backup - A backup/redundant path to a segment where another bridge port detected. The valid value is from 0 to 240.
already connects. Path Cost:
 Disabled - Not strictly part of STP, a network administrator can manually
The valid value is from 1 to 200000000. Higher cost paths are more likely to be
disable a port
blocked by STP if a network loop is detected.

120
BPDU Guard Per port BPDU filter : disabled.

This is a per port setting. If the port is enabled in BPDU guard and receive any BPDU, Per port BPDU guard : disabled.
the port will be set to disable to avoid the error environments. User must enable Per port BPDU Root guard: disabled.
the port by manual.
Per port Path Cost : depend on port link speed.
BPDU Filter
Example: Bandwidth -> STP Port Cost Value
It is a feature to filter sending or receiving BPDUs on a switch port. If the port
10 Mbps -> 100
receives any BPDUs, the BPDUs will be dropped.
100 Mbps-> 19
1 Gbps -> 4
Notice:
10 Gbps -> 2
If both of the BPDU filter and BPDU guard are enabled, the BPDU filter has the high
priority.
CLI Configuration
Root Guard Node Command Description
The Root Guard feature forces an interface to become a designated port to prevent enable show spanning-tree This command displays the spanning tree
surrounding switches from becoming a root switch. In other words, Root Guard active information for only active port(s)
provides a way to enforce the root bridge placement in the network. The Root Guard
feature prevents a Designated Port from becoming a Root Port. If a port on which the enable show spanning-tree This command displays the spanning tree
Root Guard feature receives a superior BPDU, it moves the port into a root- blockedports information for only blocked port(s)
inconsistent state (effectively equal to a listening state), thus maintaining the current enable show spanning-tree This command displays the spanning tree
Root Bridge status. The port can be moved to forwarding state if no superior BPDU port detail PORT_ID information for the interface port.
received by this port for three hello times.
enable show spanning-tree This command displays the spanning tree
statistics PORT_ID information for the interface port.
Default Settings
STP/RSTP : disabled. enable show spanning-tree This command displays the summary of port
summary states and configurations
STP/RSTP mode : RSTP.
Forward Time : 15 seconds. enable clear spanning-tree This command clears spanning-tree statistics
counters for all ports.
Hello Time : 2 seconds.
Maximum Age : 20 seconds. enable clear spanning-tree This command clears spanning-tree statistics
counters PORT_ID for a specific port.
System Priority : 32768.
Transmission Limit : 3 seconds. configure spanning-tree (disable This command disables / enables the
| enable) spanning tree function for the system.
Per port STP state : enabled.
Per port Priority : 128. configure spanning-tree This command configures the bridge times
Per port Edge port : disabled. algorithm-timer (forward-delay,max-age,hello-time).
forward-time TIME

121
max-age TIME hello- interface spanning-tree This command configures enables/disables

time TIME bpduguard the bpduguard function for the specific port.
configure no spanning-tree This command configures the default values (disable|enable)
algorithm-timer for forward-time & max-age & hello-time. interface spanning-tree This command enables/disables the BPDU
configure spanning-tree forward- This command configures the bridge forward rootguard Root guard port setting for the specific port.
time <4-30> delay time (sec). (disable|enable)
configure no spanning-tree This command configures the default values interface spanning-tree edge- This command enables/disables the edge
forward-time for forward-time. port (disable|enable) port setting for the specific port.
configure spanning-tree hello- This command configures the bridge hello interface spanning-tree cost This command configures the cost for the
time <1-10> time(sec). VALUE specific port.
Cost range:
configure no spanning-tree hello- This command configures the default values
time for hello-time. 16-bit based value range 1-65535,
32-bit based value range 1-200000000.
configure spanning-tree max-age This command configures the bridge message
<6-40> max-age time(sec). interface no spanning-tree cost This command configures the path cost to
default for the specific port.
configure no spanning-tree max- This command configures the default values
age for max-age time. interface spanning-tree port- This command configures the port priority for
priority <0-240> the specific port.
configure spanning-tree mode This command configures the spanning
(rstp|stp) mode. Default: 128.
configure spanning-tree pathcost This command configures the pathcost interface no spanning-tree port- This command configures the port priority to
method (short|long) method. priority default for the specific port.
configure spanning-tree priority This command configures the priority for the configure interface range This command enters the interface configure
<0-61440> system. gigabitethernet1/0/ node.
PORTLISTS
configure no spanning-tree This command configures the default values
priority for the system priority. if-range spanning-tree This command configures enables/disables
(disable|enable) the STP function for the specific port.
interface spanning-tree This command configures enables/disables
(disable|enable) the STP function for the specific port. if-range spanning-tree This command configures enables/disables
bpdufilter the bpdufilter function for the specific port.
interface spanning-tree This command configures enables/disables (disable|enable)
bpdufilter the bpdufilter function for the specific port.
(disable|enable) if-range spanning-tree This command configures enables/disables
bpduguard the bpduguard function for the specific port.
(disable|enable)

122
if-range spanning-tree This command enables/disables the BPDU Web Configuration

rootguard Root guard port setting for the specific port. General Settings
(disable|enable) Advanced Settings > STP > General Settings
if-range spanning-tree edge- This command enables/disables the edge
port (disable|enable) port setting for the specific port.
if-range spanning-tree cost This command configures the cost for the
VALUE specific port.
Cost range:
16-bit based value range 1-65535,
32-bit based value range 1-200000000.
if-range no spanning-tree cost This command configures the path cost to
default for the specific port.
if-range spanning-tree port- This command configures the port priority for
priority <0-240> the specific port.
Default: 128.
if-range no spanning-tree port- This command configures the port priority to
priority default for the specific port.
Select Enabled to use Spanning Tree Protocol (STP) or Rapid Spanning
State
Tree Protocol (RSTP).
Select to use either Spanning Tree Protocol (STP) or Rapid Spanning Tree
Mode
Protocol (RSTP).
This is the maximum time (in seconds) the Switch will wait before
changing states. This delay is required because every switch must receive
Forward information about topology changes before it starts to forward frames.
Time In addition, each port needs time to listen for conflicting information that
would make it return to a blocking state; otherwise, temporary data
loops might result. The allowed range is 4 to 30 seconds.
This is the maximum time (in seconds) the Switch can wait without
Max Age receiving a BPDU before attempting to reconfigure. All Switch ports
(except for designated ports) should receive BPDUs at regular intervals.

123
Any port that age out STP information (provided in the last BPDU) Port Parameters
becomes the designated port for the attached LAN. If it is a root port, a Advanced Settings > STP > Port Parameters
new root port is selected from among the Switch ports attached to the
network. The allowed range is 6 to 40 seconds.
This is the time interval in seconds between BPDU (Bridge Protocol Data
Hello Time Units) configuration message generations by the root switch. The
allowed range is 1 to 10 seconds.
Priority is used in determining the root switch, root port and designated
port. The switch with the highest priority (lowest numeric value)
becomes the STP root switch. If all switches have the same priority, the
switch with the lowest MAC address will then become the root switch.
Priority Enter a value from 0~61440.
The lower the numeric value you assign, the higher the priority for this
bridge.
Priority determines the root bridge, which in turn determines the Root
Hello Time, Root Maximum Age and Root Forwarding Delay.
Path cost is the cost of transmitting a frame on to a LAN through that
Pathcost port. It is recommended to assign this value according to the speed of the
bridge. The slower the media, the higher the cost.
Port Selects a port that you want to configure.
Active Enables/Disables the spanning tree function for the specific port.
Path Cost Configures the path cost for the specific port.
Priority Configures the priority for the specific port.
Edge Port Configures the port type for the specific port. Edge or Non-Edge.
BPDU Filter Enables/Disables the BPDU filter function for the specific port.
BPDU Guard Enables/Disables the BPDU guard function for the specific port.
ROOT Guard Enables/Disables the BPDU root guard function for the specific port.

124
STP Status
Port Status
Advanced Settings > STP > STP Status
Active The state of the STP function.
The port role. Should be one of the Alternated / Designated / Root /

Role
Backup / None.
The port’s status. Should be one of the Discarding / Blocking / Listening
Status
/ Learning / Forwarding / Disabled.
Path Cost The port’s path cost.
Priority The port’s priority.

Edge Port The state of the edge function.
Current Root Status
BPDU Filter The state of the BPDU filter function.
MAC address This is the MAC address of the root bridge.
BPDU Guard The state of the BPDU guard function.
Root refers to the base of the spanning tree (the root bridge). This
ROOT Guard The state of the BPDU Root guard function. Priority field displays the root bridge’s priority. This Switch may also be the
root bridge.
MAX Age receiving a configuration message before attempting to
reconfigure.
This is the time interval (in seconds) at which the root switch
Hello Time transmits a configuration message. The root bridge determines
Hello Time, Max Age and Forwarding Delay.
This is the time (in seconds) the root switch will wait before
Forward Delay
changing states.
Current Bridge Status
MAC address This is the MAC address of the current bridge.
Priority is used in determining the root switch, root port and

Priority designated port. The switch with the highest priority (lowest
numeric value) becomes the STP root switch. If all switches have

125
the same priority, the switch with the lowest MAC address will MSTP
then become the root switch. MSTP (IEEE 802.1S Multiple STP), which uses RSTP for rapid convergence, enables VLANs
Priority determines the root bridge, which in turn determines the to be grouped into a spanning-tree instance, with each instance having a spanning-tree
Root Hello Time, Root Maximum Age and Root Forwarding Delay. topology independent of other spanning-tree instances. This architecture provides
multiple forwarding paths for data traffic, enables load balancing, and reduces the
number of spanning-tree instances required to support a large number of VLANs.
receiving a BPDU before attempting to reconfigure. All Switch
ports (except for designated ports) should receive BPDUs at
regular intervals. Multiple Spanning-Tree Regions:
MAX Age
Any port that age out STP information (provided in the last BPDU) For switches to participate in multiple spanning-tree (MST) instances, you must
becomes the designated port for the attached LAN. If it is a root consistently configure the switches with the same MST configuration information. A
port, a new root port is selected from among the Switch ports collection of interconnected switches that have the same MST configuration comprises
attached to the network. an MST region. The MST configuration determines to which MST region each switch
belongs. The configuration includes the name of the region, the revision number, and the
This is the time interval in seconds between BPDU (Bridge Protocol MST instance-to-VLAN assignment map. You configure the switch for a region by using
Hello Time
Data Units) configuration message generations by the root switch. the spanning-tree mst configuration global configuration command, after which the
This is the maximum time (in seconds) the Switch will wait before switch enters the MST configuration mode. From this mode, you can map VLANs to an
changing states. This delay is required because every switch must MST instance by using the instance MST configuration command, specify the region name
receive information about topology changes before it starts to by using the name MST configuration command, and set the revision number by using the
Forward Delay revision MST configuration command.
forward frames. In addition, each port needs time to listen for
conflicting information that would make it return to a blocking
state; otherwise, temporary data loops might result. A region can have one member or multiple members with the same MST configuration;
Path cost is the cost of transmitting a frame on to a LAN through each member must be capable of processing RSTP BPDUs. There is no limit to the number
Path Cost that port. It is recommended to assign this value according to the of MST regions in a network, but each region can support up to 16 spanning-tree
speed of the bridge. The slower the media, the higher the cost. instances. You can assign a VLAN to only one spanning-tree instance at a time.
This is the number of the port on the Switch through which this
Root Cost Boundary Ports
Switch must communicate with the root of the Spanning Tree.
A boundary port is a port that connects an MST region to a single spanning-tree region
running RSTP, or to a single spanning-tree region running 802.1D, or to another MST
region with a different MST configuration. A boundary port also connects to a LAN, the
designated switch of which is either a single spanning-tree switch or a switch with a
different MST configuration.
At the boundary, the roles of the MST ports do not matter, and their state is forced to be
the same as the IST port state (MST ports at the boundary are in the forwarding state only
when the IST port is forwarding). An IST port at the boundary can have any port role
except a backup port role.

126
On a shared boundary link, the MST ports wait in the blocking state for the forward-delay CLI Configuration
time to expire before transitioning to the learning state. The MST ports wait another
forward-delay time before transitioning to the forwarding state.
 If the boundary port is on a point-to-point link and it is the IST root port, the MST enable show spanning-tree This command displays the MSTP
ports transition to the forwarding state as soon as the IST port transitions to the mst configuration configurations.
forwarding state. enable show spanning-tree This command displays all of the instance
 If the IST port is a designated port on a point-to-point link and if the IST port mst instance configurations of the MSTP.
transitions to the forwarding state because of an agreement received from its peer
port, the MST ports also immediately transition to the forwarding state. enable show spanning-tree This command displays specific instance
 If a boundary port transitions to the forwarding state in an IST instance, it is mst instance <0-63> configurations of the MSTP.
forwarding in all MST instances, and a topology change is triggered. If a boundary
enable show spanning-tree This command displays specific instance
port with the IST root or designated port role receives a topology change notice
mst instance <0-63> configurations on an interface of the MSTP.
external to the MST cloud, the MSTP switch triggers a topology change in the IST
interface IFNAME
instance and in all the MST instances active on that port.
enable show spanning-tree This command displays the configurations on
mst interface IFNAME an interface of the MSTP.
Interoperability with 802.1D STP:
A switch running MSTP supports a built-in protocol migration mechanism that enables it enable show spanning-tree This command displays the root bridge
to interoperate with legacy 802.1D switches. If this switch receives a legacy 802.1D mst root configurations.
configuration BPDU (a BPDU with the protocol version set to 0), it sends only 802.1D configure spanning-tree This command enables / disables the spanning
BPDUs on that port. An MSTP switch can also detect that a port is at the boundary of a (disable|enable) tree.
region when it receives a legacy BPDU, an MSTP BPDU (version 3) associated with a
different region, or an RSTP BPDU (version 2). configure spanning-tree mode This command configures the mode of the
mst spanning tree. (one of the three modes
STP/RSTP/MSTP.)
However, the switch does not automatically revert to the MSTP mode if it no longer
receives 802.1D BPDUs because it cannot determine whether the legacy switch has been configure spanning-tree mst This command configures the forward time for
removed from the link unless the legacy switch is the designated switch. Also, a switch forward-time the MSTP.
might continue to assign a boundary role to a port when the switch to which this switch configure no spanning-tree mst This command resets the forward time for the
is connected has joined the region. To restart the protocol migration process (force the forward-time MSTP.
renegotiation with neighboring switches), you can use the clear spanning-tree detected-
protocols privileged EXEC command. The default forward delay time is 15 seconds.
configure spanning-tree mst This command configures the hello time for
If all the legacy switches on the link are RSTP switches, they can process MSTP BPDUs as hello-time the MSTP.
if they are RSTP BPDUs. Therefore, MSTP switches send either a version 0 configuration configure no spanning-tree mst This command resets the hello time for the
and TCN BPDUs or version 3 MSTP BPDUs on a boundary port. A boundary port connects hello-time MSTP.
to a LAN, the designated switch of which is either a single spanning-tree switch or a switch
The default hello time is 2 seconds.
with a different MST configuration.

127
configure spanning-tree mst This command configures the maximum age mst apply This command applies configurations to
max-age time for the MSTP. current instant.
configure no spanning-tree mst This command resets the maximum age time mst instance This command configures the instance and
max-age for the MSTP. vlan map.
The default maximum age time is 20 seconds. mst name This command configures a region name for
configure spanning-tree mst This command configures the maximum hop the MSTP.
max-hops count. mst no name This command reset the region name for the
configure no spanning-tree mst This command resets the maximum hop count. MSTP.
max-hops The default maximum hop count is 20. mst revision This command configures the revision for the
MSTP.
configure spanning-tree mst This command resets the maximum hop count.
instance STRING The default maximum hop count is 20. mst no revision This command resets the revision for the
priority <0-61440> MSTP.
configure no spanning-tree mst This command resets the priority for the mst show (current | This command shows the MSTP configures.
instance STRING specific instance. pending) Current – the working configurations.
priority
Pending – the not applied configurations.
interface spanning-tree mst This command configures a cost on the specific
instance STRING cost port for the MSTP.
<1-200000000> Specifying the MST Region Configuration and Enabling MSTP
For two or more switches to be in the same MST region, they must have the same VLAN-
interface no spanning-tree mst This command resets the cost on the specific
to-instance mapping, the same configuration revision number, and the same name. A
instance STRING cost port for the MSTP.
region can have one member or multiple members with the same MST configuration;
interface spanning-tree mst This command configures a priority on the each member must be capable of processing RSTP BPDUs. There is no limit to the number
instance STRING port- specific port for the MSTP. of MST regions in a network, but each region can support up to 16 spanning-tree
priority <0-240> instances. You can assign a VLAN to only one spanning-tree instance at a time.
interface no spanning-tree mst This command resets the priority on the
instance STRING port- specific port for the MSTP. TI-PG1284I(config)#spanning-tree mst configuration
priority TI-PG1284I(config-mst)#name MSTP
configure spanning-tree mst This command enters the MSTP configure TI-PG1284I(config-mst)#revision 1
configuration node. TI-PG1284I(config-mst)#instance 1 vlan 1-10
configure no spanning-tree mst This command resets all of configurations for
configuration the MSTP.

128
Web Configuration Select one or more vlans which will join the instance.
General Settings VLAN
Note: the vlan will be removed from instance 0 automatically.
Advanced Settings > STP > General Settings
Instance and vlan map table
Instance The instance.
VLAN The vlan in the instance.
Action Click Delete button to delete this instance.
Bridge Parameters
Advanced Settings > STP > Bridge Parameters
Select Enabled to use Spanning Tree Protocol (STP) or Rapid
State Spanning Tree Protocol (RSTP) or Multiple Spanning Tree Protocol
(MSTP).
Selects the Spanning Tree running mode.

STP - Spanning Tree Protocol.
Mode
RSTP - Rapid Spanning Tree Protocol.
MSTP - Multiple Spanning Tree Protocol.
Configuration Parameters
Region Name Configures the region name for the Switch.
This is the maximum time (in seconds) the Switch will wait before
Revision Configures the revision for the Switch. changing states. This delay is required because every switch must
Forward Time receive information about topology changes before it starts to
Instance Selects an instance which you want to configure. forward frames. In addition, each port needs time to listen for
conflicting information that would make it return to a blocking

129
state; otherwise, temporary data loops might result. The allowed Port Parameters
range is 4 to 30 seconds. Advanced Settings > STP > Port Parameters
This is the time interval in seconds between BPDU (Bridge Protocol
Hello Time Data Units) configuration message generations by the root switch.
The allowed range is 1 to 10 seconds.
This is the maximum time (in seconds) the Switch can wait
without receiving a BPDU before attempting to reconfigure. All
Switch ports (except for designated ports) should receive BPDUs
at regular intervals.
Max Age
Any port that age out STP information (provided in the last BPDU)
becomes the designated port for the attached LAN. If it is a root
port, a new root port is selected from among the Switch ports
attached to the network. The allowed range is 6 to 40 seconds.
Max Hops
Instance Selects an instance which you want to configure.
Configures the priority for the instance.

Priority is used in determining the root switch, root port and
designated port. The switch with the highest priority (lowest
numeric value) becomes the STP root switch. If all switches have
the same priority, the switch with the lowest MAC address will Parameter Description
Priority then become the root switch.
Enter a value from 0~61440. Instance Selects a instance that you want to configure.
The lower the numeric value you assign, the higher the priority
Port Selects a port or a range of ports that you want to configure.
for this bridge.
Priority determines the root bridge, which in turn determines the Path Cost Configures the path cost for the specific port.
Root Hello Time, Root Maximum Age and Root Forwarding Delay.
Priority Configures the priority for the specific port.
Port Selects a port or a range of ports that you want to configure.
Active Enables/Disables the spanning tree function for the specific port.

130
Edge Port Configures the port type for the specific port. Edge or Non-Edge. STP Status
Advanced Settings > STP > STP Status
BPDU Filter Enables/Disables the BPDU filter function for the specific port.
BPDU Guard Enables/Disables the BPDU guard function for the specific port.
Enables/Disables the BPDU root guard function for the specific

ROOT Guard
port.
Port Status
Active The state of the STP function.

The port role. Should be one of the Alternated / Designated / Root
Role
/ Backup / None. Current Root Status
The port’s status. Should be one of the Discarding / Blocking / Instance The Instance ID.
Status
Listening / Learning / Forwarding / Disabled.
MAC address This is the MAC address of the root bridge.
Path Cost The port’s path cost.
Root refers to the base of the spanning tree (the root bridge). This
Priority The port’s priority. Priority field displays the root bridge’s priority. This Switch may also be the
root bridge.
Edge Port The state of the edge function.
Root Cost This is the path cost to the root bridge.
BPDU Filter The state of the BPDU filters function.
BPDU Guard The state of the BPDU guards function. MAX Age receiving a configuration message before attempting to
reconfigure.
ROOT Guard The state of the BPDU Root guard function.
This is the time interval (in seconds) at which the root switch
Hello Time transmits a configuration message. The root bridge determines
Hello Time, Max Age and Forwarding Delay.
This is the time (in seconds) the root switch will wait before
Forward Delay
changing states.
Root Port This is the port to the root bridge.

131
Current Bridge Status Secondary Port : None.

Ring 2: State : Disabled.
Instance This is the MAC address of the current bridge. Destination MAC : 01:80:c2:ff:ff:f1.
Role : Forwarder.
MAC address This is the MAC address of the bridge.
Primary Port : None.
Priority This is the priority of the Switch. Secondary Port : None.
CLI Configuration
Xpress Ring
enable show xpress-ring This command displays the current Xpress-
The Xpress-Ring is a fast-acting, self-healing ring recovery technology that enables
Ring configurations.
networks to recover from link failure within 10ms.
configure xpress-ring This command enables/disables the Xpress-
(disable|enable) Ring on the Switch.
Fast Link Recovery and Ring Redundancy are important features for increasing the
reliability of non-stop systems. configure xpress-ring ring This command enables/disables the ring on
(RING1|RING2) state the Switch.
(disable|enable)
If the network is planned correctly with an arbiter Switch and ring ports, the network will
recover from any segment failure within a very short time. configure xpress-ring ring This command configures the last byte of
(RING1|RING2) last-byte- the destination MAC for the ring on the
There are two roles (Forwarder and Arbiter) of the Switch in the Xpress-Ring. There is one destination-mac VALUE Switch.
and only one Switch is the Arbiter Switch and the others are the forwarder Switch. configure xpress-ring ring This command configures the role
(RING1|RING2) role (forwarder/arbiter) for the ring on the
One of the ring ports of the Arbiter Switch will be set to blocking state. When one of the (forwarder|arbiter) Switch.
ring connections is broken, the blocked port will be set to forwarding state. configure xpress-ring ring This command configures the primary port
(RING1|RING2) primary- for the ring on the Switch.
Default Settings port PORTID Notice: If the global xpress ring is disabled
Xpress-Ring Configurations: or ring state is disabled, you can input 0 to
reset the primary port.
The global Xpress Ring state is:Disabled.
Ring 1: State : Disabled. configure xpress-ring ring This command configures the secondary
(RING1|RING2) port for the ring on the Switch.
Destination MAC : 01:80:c2:ff:ff:f0.
secondary-port PORTID Notice: If the global xpress ring is disabled
Role : Forwarder.
or ring state is disabled, you can input 0 to
Primary Port : None. reset the primary port.

132
Web Configuration State The current state of the ring.

Advanced Settings > Xpress Ring
Destination MAC The destination MAC for the ring.
Role The current role of the ring.
Primary Port The current primary port and its status.
Secondary Port The current secondary port and its status.
Notices
 An Xpress Ring can have one Arbiter only.
 A Switch can join one or two Xpress Ring.
 Every Switch can be a Forwarder or Arbiter in an Xpress Ring.
 The two adjacent Xpress Rings should not use a same destination multicast
MAC.
 If you want to enable the STP(RSTP) and Xpress Ring on a Switch, you should
disable the STP (RSTP) on the Xpress Ring’s member ports.
Parameter Description  If you want to enable the Loop Detection and Xpress Ring on a Switch, you
should disable the Loop Detection on the Xpress Ring’s member ports.
Current Root Status  If you want to enable the Broadcast Storm and Xpress Ring on a Switch, you
should disable the Broadcast Storm on the Xpress Ring’s member ports.
Global State Enables/Disable the global Xpress ring function.  If there are old devices (for example: INS-803A) to join the Xpress-Ring, they
can join as a forwarder only.
State Enables / Disables the ring state.
Destination
Configures the last byte of the destination MAC for the ring.
MAC(Last byte)
Role Configures the role for the ring.
Primary Port Configures the primary port for the ring.
Secondary Port Configure the secondary port for the ring.
Xpress Ring
Status

133
The DHCP snooping binding database contains the MAC address, the IP address, the lease
Security time, the binding type, the VLAN number, and the interface information that corresponds
IP Source Guard to the local untrusted interfaces of a switch.
IP Source Guard is a security feature that restricts IP traffic on untrusted Layer 2 ports by
filtering traffic based on the DHCP snooping binding database or manually configured IP When a switch receives a packet on an untrusted interface and the interface belongs to a
source bindings. This feature helps prevent IP spoofing attacks when a host tries to spoof VLAN in which DHCP snooping is enabled, the switch compares the source MAC address
and use the IP address of another host. Any IP traffic coming into the interface with a and the DHCP client hardware address. If addresses match (the default), the switch
source IP address other than that assigned (via DHCP or static configuration) will be forwards the packet. If the addresses do not match, the switch drops the packet.
filtered out on the untrusted Layer 2 ports.
The switch drops a DHCP packet when one of these situations occurs:
The IP Source Guard feature is enabled in combination with the DHCP snooping feature
 A packet from a DHCP server, such as a DHCPOFFER, DHCPACK, DHCPNAK, or
on untrusted Layer 2 interfaces. It builds and maintains an IP source binding table that is
DHCPLEASEQUERY packet, is received from the untrusted port.
learned by DHCP snooping or manually configured (static IP source bindings). An entry in
 A packet is received on an untrusted interface, and the source MAC address
the IP source binding table contains the IP address and the associated MAC and VLAN
and the DHCP client hardware address do not match any of the current
numbers. The IP Source Guard is supported on Layer 2 ports only, including access and
bindings.
trunk ports.
Use DHCP snooping to filter unauthorized DHCP packets on the network and to build the
binding table dynamically. This can prevent clients from getting IP addresses from
The IP Source Guard features include below functions: unauthorized DHCP servers.
1. DHCP Snooping.
2. DHCP Binding table.
Trusted vs. Untrusted Ports
3. ARP Inspection.
4. Blacklist Filter. (arp-inspection mac-filter table) Every port is either a trusted port or an untrusted port for DHCP snooping. This setting is
independent of the trusted/untrusted setting for ARP inspection. You can also specify the
maximum number for DHCP packets that each port (trusted or untrusted) can receive
each second.
DHCP Snooping
DHCP snooping is a DHCP security feature that provides network security by filtering Trusted ports are connected to DHCP servers or other switches. The Switch discards DHCP
untrusted DHCP messages and by building and maintaining a DHCP snooping binding packets from trusted ports only if the rate at which DHCP packets arrive is too high. The
database, which is also referred to as a DHCP snooping binding table. Switch learns dynamic bindings from trusted ports.
Note: The Switch will drop all DHCP requests if you enable DHCP snooping and there are
DHCP snooping acts like a firewall between untrusted hosts and DHCP servers. You can no trusted ports.
use DHCP snooping to differentiate between untrusted interfaces connected to the end
user and trusted interfaces connected to the DHCP server or another switch.
Untrusted ports are connected to subscribers. The Switch discards DHCP packets from
untrusted ports in the following situations:
 The packet is a DHCP server packet (for example, OFFER, ACK, or NACK).
 The source MAC address and source IP address in the packet do not match any of

134
the current bindings.

 The packet is a RELEASE or DECLINE packet, and the source MAC address and source
port do not match any of the current bindings.
 The rate at which DHCP packets arrive is too high.
DHCP Snooping Database

The Switch stores the binding table in volatile memory. If the Switch restarts, it loads static
bindings from permanent memory but loses the dynamic bindings, in which case the
devices in the network have to send DHCP requests again.
Configuring DHCP Snooping The DHCP server connected to an un-trusted port will be filtered.
Follow these steps to configure DHCP snooping on the Switch.
1. Enable DHCP snooping on the Switch. Default Settings
2. Enable DHCP snooping on each VLAN. The DHCP snooping on the Switch is disabled.
3. Configure trusted and untrusted ports.
The DHCP snooping is enabled in VLAN(s): None.
4. Configure static bindings.
Maximum Maximum
Note:
Port Trusted Host Count Port Trusted Host Count
The Switch will drop all DHCP requests if you enable DHCP snooping and there are
no trusted ports. ---- --------- -------------- ------ ---------- -----------------
If the port link down, the entries learned by this port in the DHCP snooping binding 1 no 32 2 no 32
table will be deleted. 3 no 32 4 no 32
You must enable the global DHCP snooping and DHCP Snooping for vlan first. 5 no 32 6 no 32
7 no 32 8 no 32
The main purposes of the DHCP Snooping are: 9 no 32 10 no 32
1. Create and maintain binding table for ARP Inspection function. 11 no 32 12 no 32
2. Filter the DHCP server’s packets that the DHCP server connects to an untrusted
port.
Notices
 There are a global state and per VLAN states.
When the global state is disabled, the DHCP Snooping on the Switch is disabled even
per VLAN states are enabled.
When the global state is enabled, user must enable per VLAN states to enable the
DHCP Snooping on the specific VLAN.

135
5. If you configure a static host entry in the DHCP snooping binding table, and then
VLAN 1 : port 1-10. you want to change the host to DHCP client, the host will not get a new IP from
DHCP server, and then you must delete the static host entry first.
DHCP Client-1 : connect to port 3.
DHCP Server : connect to port 1.
CLI Configuration
Procedures: Node Command Description

1. Default environments: enable show dhcp-snooping This command displays the current DHCP
A. DHCP Client-1: ipconfig /release snooping configurations.
B. DHCP Client-1: ipconfig /renew
configure dhcp-snooping This command disables/enables the DHCP
 DHCP Client-1 can get an IP address. (disable|enable) snooping on the switch.
configure dhcp-snooping vlan This command enables the DHCP snooping
2. Enable the global DHCP Snooping. VLANID function on a VLAN or range of VLANs.
A. TI-PG1284I(config)#dhcp-snooping
B. DHCP Client-1: ipconfig /release configure no dhcp-snooping vlan This command disables the DHCP snooping
C. DHCP Client-1: ipconfig /renew VLANID function on a VLAN or range of VLANs.
 DHCP Client-1 can get an IP address. configure dhcp-snooping server This command configures a valid DHCP server.
IPADDR
3. Enable the global DHCP Snooping and VLAN 1 DHCP Snooping. interface dhcp-snooping host This command configures the maximum host
A. TI-PG1284I(config)#dhcp-snooping count for the specific port.
B. TI-PG1284I(config)#dhcp-snooping vlan 1
C. DHCP Client-1: ipconfig /release interface no dhcp-snooping host This command configures the maximum host
D. DHCP Client-1: ipconfig /renew count to default for the specific port.
 DHCP Client-1 cannot get an IP address. interface dhcp-snooping trust This command configures the trust port for
; Because the DHCP server connects to a un-trust port. the specific port.
interface no dhcp-snooping This command configures the un-trust port
4. Enable the global DHCP Snooping and VLAN 1 DHCP Snooping. trust for the specific port.
A. TI-PG1284I(config)#dhcp-snooping
B. TI-PG1284I(config)#dhcp-snooping vlan 1
C. TI-PG1284I(config)#interface gi1/0/1
PORTLISTS
D. TI-PG1284I(config-if)#dhcp-snooping trust
E. DHCP Client-1: ipconfig /release if-range dhcp-snooping host This command configures the maximum host
F. DHCP Client-1: ipconfig /renew count for the specific ports.
 DHCP Client-1 can get an IP address. if-range no dhcp-snooping host This command configures the maximum host
count to default for the specific ports.

136
if-range dhcp-snooping trust This command configures the trust port for Select Disable to not use DHCP snooping.
the specific ports.
Select Add and enter the VLAN IDs you want the Switch to
if-range no dhcp-snooping This command configures the un-trust port enable DHCP snooping on. You can designate multiple VLANs
trust for the specific ports. individually by using a comma (,) and by range with a hyphen (-
VLAN State ).
Example: Select Delete and enter the VLAN IDs you no longer want the
TI-PG1284I#configure terminal Switch to use DHCP snooping on.
TI-PG1284I(config)#dhcp-snooping enable Apply Click Apply to take effect the settings.
TI-PG1284I(config)#dhcp-snooping vlan 1
TI-PG1284I(config)#interface 1/0/1 Refresh Click Refresh to begin configuring this screen afresh.
TI-PG1284I(config-if)#dhcp-snooping trust
DHCP Snooping Status
Web Configuration DHCP Snooping This field displays the current status of the DHCP snooping
DHCP Snooping State feature, Enabled or Disabled.
Security > IP Source Guard > DHCP Snooping > DHCP Snooping This field displays the VLAN IDs that have DHCP snooping
Enabled on VLAN enabled on them. This will display None if no VLANs have been
set.
Select Enable to use DHCP snooping on the Switch. You still
have to enable DHCP snooping on specific VLANs and specify
State trusted ports.
Note: The Switch will drop all DHCP requests if you enable
DHCP snooping and there are no trusted ports.

137
Port Settings If you want to enable this feature, you must enable the DHCP Snooping function first. The
Security > IP Source Guard > DHCP Snooping > Port Settings Switch allows users to configure up to three valid DHCP servers.
If no DHCP servers are configured, it means all DHCP server are valid.
CLI Configuration
enable show dhcp-snooping This command displays the valid DHCP
server server IP.
configure dhcp-snooping server This command configures a valid DHCP
IPADDR server’s IP.
configure no dhcp-snooping This command removes a valid DHCP
server IPADDR server’s IP.
Web Configuration
Port Select a port number to modify its maximum host count.
Security > IP Source Guard > DHCP Snooping > Server Screening
Trust Configures the specific port if it is a trust port.
Maximum Host Enter the maximum number of hosts (1-32) that are permitted
Count to simultaneously connect to a port.
DHCP Server Screening
IP Address This field configures the valid DHCP server’s IP address.
The Switch supports DHCP Server Screening, a feature that denies access to rogue DHCP
servers. That is, when one or more DHCP servers are present on the network and both Apply Click Apply to configure the settings.
provide DHCP services to different distinct groups of clients, the valid DHCP server’s
packets will be passed to the client. Refresh Click Refresh to begin configuring this screen afresh.

138
Server Screening List TI-PG1284I#configure terminal

TI-PG1284I(config)#dhcp-snooping binding mac 00:11:22:33:44:55 ip 1.1.1.1 vlan 1 port
This field displays the index number of the DHCP server entry. 2
No.
Click the number to modify the entry. TI-PG1284I(config)#no dhcp-snooping binding mac 00:11:22:33:44:55
IP Address This field displays the IP address of the DHCP server. TI-PG1284I#show dhcp-snooping binding
Action Click Delete to remove a configured DHCP server.

Web Configuration
Static Entry Settings
Security > IP Source Guard > Binding Table > Static Entry Settings
Binding Table
The DHCP Snooping binding table records the host information learned by DHCP snooping
function (dynamic) or set by user (static). The ARP inspection will use this table to forward
or drop the ARP packets. If the ARP packets sent by invalid host, they will be dropped. If
the Lease time is expired, the entry will be removed from the table.
Static bindings are uniquely identified by the MAC address and VLAN ID. Each MAC
address and VLAN ID can only be in one static binding. If you try to create a static binding
with the same MAC address and VLAN ID as an existing static binding, the new static
binding replaces the original one.
CLI Configuration
enable show dhcp-snooping binding This command displays the current MAC Address Enter the source MAC address in the binding.
DHCP snooping binding table.
IP Address Enter the IP address assigned to the MAC address in the binding.
configure dhcp-snooping binding mac This command configures a static
MAC_ADDR ip IP_ADDR vlan host into the DHCP snooping VLAN ID Enter the source VLAN ID in the binding.
VLANID port PORT_NO binding table.
Port Specify the port in the binding.
configure no dhcp-snooping binding mac This command removes a static
MACADDR host from the DHCP snooping Static Binding Table
binding table.
This field displays a sequential number for each binding. Click it
No.
to update an existing entry.
Example:

139
MAC Address This field displays the source MAC address in the binding. Parameter Description
This field displays the IP address assigned to the MAC address in MAC Address This field displays the source MAC address in the binding.
IP Address
the binding.
This field displays the IP address assigned to the MAC address in the
IP Address
Lease (Hour) This field displays how long the binding is valid. binding.
VLAN This field displays the source VLAN ID in the binding. Lease This field displays how long the binding is valid.
Port This field displays the port number in the binding. VLAN This field displays the source VLAN ID in the binding.
This field displays the port number in the binding. If this field is blank,
This field displays how the Switch learned the binding. Port
the binding applies to all ports.
Static: This binding was learned from information provided
Type
manually by an administrator. This field displays how the Switch learned the binding.
Dynamic: This binding was learned by snooping DHCP packets. Static: This binding was learned from information provided
Type
manually by an administrator.
Action Click Delete to remove the specified entry.
Dynamic: This binding was learned by snooping DHCP packets.
Binding Table
Security > IP Source Guard > Binding Table > Binding Table ARP Inspection
Bindings are used by DHCP snooping and ARP inspection to distinguish between Dynamic ARP inspection is a security feature which validates ARP packet in a network by
authorized and unauthorized packets in the network. The Switch learns the dynamic performing IP to MAC address binding inspection. Those will be stored in a trusted
bindings by snooping DHCP packets and from information provided manually in the Static database (the DHCP snooping database) before forwarding. Dynamic ARP intercepts, logs,
Entry Settings screen. and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects
the network from certain man-in-the-middle attacks.
Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed.
The switch performs these activities:
 Intercepts all ARP requests and responses on untrusted ports.
 Verifies that each of these intercepted packets has a valid IP-to-MAC address
binding before it updates the local ARP cache or before it forwards the packet to
the appropriate destination.
Trusted and untrusted port

 This setting is independent of the trusted and untrusted setting of the DHCP

140
Snooping. CLI Configuration

 The Switch does not discard ARP packets on trusted ports for any reasons.
 The Switch discards ARP packets on un-trusted ports if the sender’s
information in the ARP packets does not match any of the current bindings. enable show arp-inspection This command displays the current ARP
 Normally, the trusted ports are the uplink port and the untrusted ports are Inspection configurations.
connected to subscribers.
configure arp-inspection This command disables/enables the ARP
(disable | enable) Inspection function on the switch.
Configuration:
configure arp-inspection vlan This command enables the ARP Inspection
Users can enable/disable the ARP Inspection on the Switch. Users also can enable/disable VLANID function on a VLAN or range of VLANs.
the ARP Inspection on a specific VLAN. If the ARP Inspection on the Switch is disabled, the
ARP Inspection is disabled on all VLANs even some of the VLAN ARP Inspection are configure no arp-inspection This command disables the ARP Inspection
enabled. vlan VLANID function on a VLAN or range of VLANs.
interface arp-inspection trust This command configures the trust port for the
Default Settings specific port.
The ARP Inspection on the Switch is disabled. interface no arp-inspection This command configures the un-trust port for
The age time for the MAC filter is 5 minutes. trust the specific port.
ARP Inspection is enabled in VLAN(s): None.
Example:
Port Trusted Port Trusted TI-PG1284I#configure terminal
---- ------- ---- ------- TI-PG1284I(config)#arp-inspection enable
1 no 2 no TI-PG1284I(config)#arp-inspection vlan 1
3 no 4 no TI-PG1284I(config)#interface 1/0/1
5 no 6 no TI-PG1284I(config-if)#arp-inspection trust
7 no 8 no
9 no 10 no
11 no 12 no
Notices
There are a global state and per VLAN states.
 When the global state is disabled, the ARP Inspection on the Switch is disabled even
per VLAN states are enabled.
 When the global state is enabled, user must enable per VLAN states to enable the
ARP Inspection on the specific VLAN.

141
Web Configuration
Deselect All Click this to set all ports to untrusted.
Security > IP Source Guard > ARP Inspection > ARP Inspection
Apply Click Apply to add/modify the settings.
ARP Inspection
Status
ARP Inspection This field displays the current status of the ARP Inspection feature,
State Enabled or Disabled.
This field displays the VLAN IDs that have ARP Inspection enabled
Enabled on VLAN
on them. This will display None if no VLANs have been set.
This field displays the ports which are trusted. This will display
Trusted Ports
None if no ports are trusted.
Filter Table
State Use this to Enable or Disable ARP inspection on the Switch.
Dynamic ARP inspections validates the packet by performing IP to MAC address binding
Enter the VLAN IDs you want the Switch to enable ARP Inspection inspection stored in a trusted database (the DHCP snooping database) before forwarding
VLAN State for. You can designate multiple VLANs individually by using a the packet. When the Switch identifies an unauthorized ARP packet, it automatically
comma (,) and by range with a hyphen (-). creates a MAC address filter to block traffic from the source MAC address and source
VLAN ID of the unauthorized ARP packet. The switch also periodically deletes entries if
Select the ports which are trusted and deselect the ports which
the age-time for the entry is expired.
are untrusted.
The Switch does not discard ARP packets on trusted ports for any
reason.  If the ARP Inspection is enabled and the system detects invalid hosts, the system
will create a filtered entry in the MAC address table.
The Switch discards ARP packets on untrusted ports in the
 When Port link down and ARP Inspection was disabled, Switch will remove the MAC-
Trusted Ports following situations:
filter entries learned by this port.
• The sender’s information in the ARP packet does not match any  When Port link down and ARP Inspection was enabled, Switch will remove the MAC-
of the current bindings. filter entries learned by this port.
• The rate at which ARP packets arrive is too high. You can specify  The maximum entry of the MAC address filter table is 256.
the maximum rate at which ARP packets can arrive on untrusted  When MAC address filter table of ARP Inspection is full, the Switch receives
ports. unauthorized ARP packet, and it automatically creates a SYSLOG and drop this ARP
packet. The SYSLOG event happens on the first time.
Select All Click this to set all ports to trusted.

142
Default Settings Enter how long (1-10080 minutes) the MAC address filter remains
The mac-filter age time : 5 minutes. (0 – No age) in the Switch after the Switch identifies an unauthorized ARP
packet. The Switch automatically deletes the MAC address filter
The maximum mac-filter entries : 256.
afterwards.
CLI Configuration Apply Click Apply to add/modify the settings.
Node Command Description Refresh Click Refresh to begin configuring this screen afresh.
enable show arp-inspection This command displays the current ARP
mac-filter Inspection filtered MAC. Filter Table
configure arp-inspection mac- This command configures the age time for the This field displays a sequential number for each MAC address
No.
filter age VALUE ARP inspection MAC filter entry. filter.
configure clear arp-inspection This command clears all of entries in the filter This field displays the source MAC address in the MAC address
MAC Address
mac-filter table. filter.
configure no arp-inspection This command removes an entry from the ARP VLAN This field displays the source VLAN ID in the MAC address filter.
mac-filter mac inspection MAC filter table.
MACADDR vlan Port This field displays the source port of the discarded ARP packet.
VLANID
This field displays how long (in minutes) the MAC address filter
Expiry (min)
remains in the Switch.
Web Configuration
Security > IP Source Guard > ARP Inspection > Filter Table Action Click Delete to remove the record manually.
This field displays the current number of MAC address filters that
Total were created because the Switch identified unauthorized ARP
packets.
Filter Age Time This setting has no effect on existing MAC address filters.

143
Access Control List (ACL) The second IPADDR is a mask, for example: 255.255.0.0
L2 Access control list (ACL) is a list of permissions attached to an object. The list specifies 4. Filter a range of destination IP address.
who or what is allowed to access the object and what operations are allowed to be Command: destination ip IPADDR IPADDR
performed on the object.
L4 ACL Support:
L2 ACL function allows user to configure a few rules to reject packets from the specific 1. Filter a UDP/TCP source port.
ingress ports or all ports. These rules will check the packets’ source MAC address and 2. Filter a UDP/TCP destination port.
destination MAC address. If packets match these rules, the system will do the actions
“deny”. “deny” means rejecting these packets.
Default Settings
The Action Resolution engine collects the information (action and metering results) from
the hit entries: if more than one rule matches, the actions and meter/counters are taken Maximum profile : 64.
from the policy associated with the matched rule with highest priority. Maximum profile name length : 16.
L2 ACL Support: Notices

1. Filter a specific source MAC address. The ACL name should be the combination of the digit or the alphabet.
Command: source mac host MACADDR
2. Filter a specific destination MAC address. CLI Configuration
Command: destination mac host MACADDR Node Command Description
3. Filter a range of source MAC address.
enable show access-list This command displays all of the access
Command: source mac MACADDR MACADDR control profiles.
The second MACADDR is a mask, for example: ffff.ffff.0000
configure access-list STRING ip- This command creates a new access control
4. Filter a range of destination MAC address.
type (ipv4|ipv6) profile.
Command: destination mac MACADDR MACADDR
Where the STRING is the profile name. And
The second MACADDR is a mask, for example: ffff.ffff.0000 you can specify the type, ipv4 or ipv6.
configure no access-list STRING This command deletes an access control
L3 ACL Support: profile.
1. Filter a specific source IP address.
acl show This command displays the current access
Command: source ip host IPADDR control profile.
2. Filter a specific destination IP address.
acl action This command actives this profile.
Command: destination ip host IPADDR (disable|drop|permit) disable – disable the profile.
3. Filter a range of source IP address.
drop – If packets match the profile, the
Command: source ip IPADDR IPADDR packets will be dropped.

144
permit – If packets match the profile, the acl source mac MACADDR This command configures the source AMC
packets will be forwarded. MACADDR and mask for the profile.
acl action dscp remarking This command actives this profile and acl no source mac This command removes the source MAC and
<0-63> specify that it is for DSCP remark. And mask from the profile.
configures the new DSCP value which will be
override to all packets matched this profile. acl source ip host IPADDR This command configures the source IP
address for the profile.
acl action 802.1p remarking This command actives this profile and
<0-7> specify that it is for 802.1p remark. And acl source ip IPADDR This command configures the source IP
configures the new 802.1p value which will IPMASK address and mask for the profile.
be override to all packets matched this acl no source ip This command removes the source IP
profile. address from the profile.
acl 802.1p VALUE This command configures the 802.1p value acl destination ip host This command configures a specific
for the profile. IPADDR destination IP address for the profile.
acl dscp VALUE This command configures the DSCP value for acl destination ip IPADDR This command configures the destination IP
the profile. IPMASK address and mask for the profile.
acl destination mac host This command configures the destination acl no destination ip This command removes the destination IP
MACADDR MAC and mask for the profile. address from the profile.
acl destination mac This command configures the destination acl l4-source-port IPADDR This command configures UDP/TCP source
MACADDR MACADDR MAC and mask for the profile. port for the profile.
acl destination mac This command configures the destination acl no l4-source-port This command removes the UDP/TCP source
MACADDR MACADDR MAC and mask for the profile. The second IPADDR port from the profile.
MACADDR parameter is the mask for the
profile. acl L4-destination-port This command configures the UDP/TCP
PORT destination port for the profile.
acl no destination mac This command removes the destination
MAC from the profile. acl no l4-destination-port This command removes the UDP/TCP
destination port from the profile.
acl ethertype STRING This command configures the ether type for
the profile. Where the STRING is a hex- acl vlan VLANID This command configures the VLAN for the
decimal value. e.g.: 08AA. profile.
acl no ethertype This command removes the limitation of the acl no vlan This command removes the limitation of the
ether type from the profile. VLAN from the profile.
acl source mac host This command configures the source MAC acl source interface This command configures the source
MACADDR and mask for the profile. PORT_ID interface for the profile.

145
acl no source interface This command removes the source interface Destination IP Address: any
PORT_ID from the profile. Source Application: any
Destination Application: any
Where the MAC mask allows users to filter a range of MAC in the packets’ source MAC or
destination MAC. Note: Any: Don’t care.
For example:
source mac 00:01:02:03:04:05 ff:ff:ff:ff:00 Web Configuration
Security > Access Control List
 The command will filter source MAC range from 00:01:02:03:00:00 to
00:01:02:03:ff:ff
Where the IPMASK mask allows users to filter a range of IP in the packets’ source IP or
destination IP.
For example:
source ip 172.20.1.1 255.255.0.0
 The command will filter source IP range from 172.20.0.0 to 172.20.255.255
Example:
TI-PG1284I(config)#access-list 111
TI-PG1284I(config-acl)#vlan 2 Parameter Description
TI-PG1284I(config-acl)#source interface 1
IP Type Selects IPv4 / IPv6 type for the profile.
TI-PG1284I(config-acl)#show
Profile Name: 111 Profile Name The access control profile name.
Activate: disabled
VLAN: 2 Action Selects Disables / Drop / Permits / DSCP action for the profile.
Source Interface: 1 Configures the Ethernet type of the packets that you want to
Ethernet Type
Destination MAC Address: any filter.
Source MAC Address: any
VLAN Configures the VLAN of the packets that you want to filter.
Ethernet Type: any
Source IP Address: any Source MAC Configures the source MAC of the packets that you want to filter.

146
Configures the bitmap mask of the source MAC of the packets Source Configures the source UDP/TCP ports of the packets that you want
that you want to filter. Application to filter.
Mask of Source
MAC If the Source MAC field has been configured and this field is
Destination Configures the destination UDP/TCP ports of the packets that you
empty, it means the profile will filter the one MAC configured in
Application want to filter.
Source MAC field.
Configures the destination MAC of the packets that you want to Source Configures one or a rage of the source interfaces of the packets
Destination MAC Interface(s) that you want to filter.
filter.
Configures the bitmap mask of the destination MAC of the packets Apply Click Apply to add/modify the settings.
that you want to filter.
Mask of Refresh Click Refresh to begin configuring this screen afresh.
If the Destination MAC field has been configured and this field is
Destination MAC
empty, it means the profile will filter the one MAC configured in
Destination MAC field.
DSCP Configure the DSCP for the profile.

802.1x
802.1p Configures the 802.1p for the profile. IEEE 802.1X is an IEEE Standard for port-based Network Access Control ("port" meaning a
single point of attachment to the LAN infrastructure). It is part of the IEEE 802.1 group of
Source IP Configures the source IP of the packets that you want to filter. networking protocols. It provides an authentication mechanism to devices wishing to
attach to a LAN, either establishing a point-to-point connection or preventing it if
Configures the bitmap mask of the source IP of the packets that authentication fails. It is used for most wireless 802.11 access points and is based on the
you want to filter. Extensible Authentication Protocol (EAP).
Mask of Source IP
If the Source IP field has been configured and this field is empty, it
means the profile will filter the one IP configured in Source IP field.
802.1X provides port-based authentication, which involves communications between a
Destination IP Configures the destination IP of the packets that you want to filter. supplicant, authenticator, and authentication server. The supplicant is often software on
a client device, such as a laptop, the authenticator is a wired Ethernet switch or wireless
Configures the bitmap mask of the destination IP of the packets access point, and an authentication server is generally a RADIUS database. The
that you want to filter. authenticator acts like a security guard to a protected network. The supplicant (i.e., client
Mask of device) is not allowed access through the authenticator to the protected side of the
If the Destination IP field has been configured and this field is
Destination IP network until the supplicant’s identity is authorized. An analogy to this is providing a valid
empty, it means the profile will filter the one IP configured in
Destination IP field. passport at an airport before being allowed to pass through security to the terminal. With
802.1X port-based authentication, the supplicant provides credentials, such as user
Configures the IP protocol type. The setting will be used for Source name/password or digital certificate, to the authenticator, and the authenticator
IP Protocol Application and Destination Application. forwards the credentials to the authentication server for verification. If the credentials
are valid (in the authentication server database), the supplicant (client device) is allowed
TCP:0x06. UDP:0x11.
to access resources located on the protected side of the network.

147
Upon detection of the new client (supplicant), the port on the switch (authenticator) is Guest VLAN:
enabled and set to the "unauthorized" state. In this state, only 802.1X traffic is allowed; The Guest VLAN in IEEE 802.1x port authentication on the switch to
other traffic, such as DHCP and HTTP, is blocked at the network layer (Layer 3). The
authenticator sends out the EAP-Request identity to the supplicant, the supplicant provide limited services to clients, such as downloading the IEEE 802.1x
responds with the EAP-response packet that the authenticator forwards to the client. These clients might be upgrading their system for IEEE 802.1x
authenticating server. If the authenticating server accepts the request, the authenticator authentication.
sets the port to the "authorized" mode and normal traffic is allowed. When the supplicant
logs off, it sends an EAP-logoff message to the authenticator. The authenticator then sets
the port to the "unauthorized" state, once again blocking all non-EAP traffic. When you enable a guest VLAN on an IEEE 802.1x port, the switch assigns
clients to a guest VLAN when the switch does not receive a response to its
The following figure illustrates how a client connecting to an IEEE 802.1x authentication EAP request/identity frame or when EAPOL packets are not sent by the
enabled port goes through a validation process. The Switch prompts the client for login client.
information in the form of a user name and password. Port Parameters:
 Admin Control Direction:
both - drop incoming and outgoing packets on the port when a user has not
passed 802.1x port authentication.
in - drop only incoming packets on the port when a user has not passed
802.1x port authentication.
 Re-authentication:
Specify if a subscriber has to periodically re-enter his or her username and password
to stay connected to the port.
 Reauth-period:
When the client provides the login credentials, the Switch sends an authentication Specify how often a client has to re-enter his or her username and password to stay
request to a RADIUS server. The RADIUS server validates whether this client is allowed connected to the port. The acceptable range for this field is 0 to 65535 seconds.
access to the port.
 Port Control Mode:

Local User Accounts
auto : Users can access network after authenticating.
By storing user profiles locally on the Switch, your Switch is able to authenticate users
without interacting with a network authentication server. However, there is a limit on the force-authorized : Users can access network without authentication.
number of users you may authenticate in this way. force-unauthorized : Users cannot access network.
 Quiet Period:

148
Specify a period of the time the client has to wait before the next re-authentication CLI Configuration
attempt. This will prevent the Switch from becoming overloaded with continuous
re-authentication attempts from the client. The acceptable range for this field is 0
to 65535 seconds. enable show dot1x This command displays the current 802.1x
configurations.
 Server Timeout: enable show dot1x username This command displays the current user
The server-timeout value is used for timing out the Authentication Server. accounts for the local authentication.
enable show dot1x This command displays the local accounting
 Supp-Timeout: accounting-record records.
The supp-timeout value is the initialization value used for timing out a Supplicant. configure dot1x authentication This command enables/disables the 802.1x
(disable|enable) authentication on the switch.
 Max-req Time: configure dot1x authentic- This command configures the authentic
Specify the amount of times the Switch will try to connect to the authentication method (local|radius) method of 802.1x.
server before determining the server is down. The acceptable range for this field is
configure no dot1x authentic- This command configures the authentic
1 to 10 times.
method method of 802.1x to default.
configure dot1x radius primary- This command configures the primary radius
Default Settings
server-ip <IP> port server.
The default global 802.1x state is disabled. PORTID
The default 802.1x Authentication Method is local.
configure dot1x radius primary- This command configures the primary radius
The default port 802.1x state is disabled for all ports. server-ip <IP> port server.
The default port Admin Control Direction is both for all ports. PORTID key KEY
The default port Re-authentication is disabled for all ports. configure dot1x radius This command configures the secondary
The default port Control Mode is auto for all ports. secondary-server-ip radius server.
The default port Guest VLAN is 0 for all ports. (Guest VLAN is disabled). <IP> port PORTID
The default port Max-req Time is 2 times for all ports. configure dot1x radius This command configures the secondary
The default port Reauth period is 3600 seconds for all ports. secondary-server-ip radius server.
The default port Quiet period is 60 seconds for all ports. <IP> port PORTID key
KEY
The default port Supp timeout is 30 seconds for all ports.
The default port Server timeout is 30 seconds for all ports. configure no dot1x radius This command removes the secondary radius
secondary-server-ip server.

149
configure dot1x username This command configures the user account for interface dot1x timeout supp- This command configures the supp-timeout
<STRING> passwd local authentication. timeout value on the port.
<STRING>
interface dot1x guest-vlan This command configures the 802.1x state on
configure no dot1x username This command deletes the user account for (disable|enable) the port.
<STRING> local authentication.
configure dot1x accounting This command enables/disables the dot1x
(disable|enable) local accounting records.
configure dot1x guest-vlan This command configures the guest vlan.
VLANID
configure no dot1x guest-vlan This command removes the guest vlan.
interface dot1x admin-control- This command configures the control direction
direction (both|in) for blocking packets.
interface dot1x default This command sets the port configuration to
default settings.
interface dot1x max-req <1-10> This command sets the max-req times of a
port. (1~10).
interface dot1x port-control This command configures the port control
(auto | force- mode on the port.
authorized | force-
unauthorized)
interface dot1x authentication This command enables/disables the 802.1x on
(disable|enable) the port.
interface dot1x reauthentication This command enables/disables re-
(disable|enable) authentication on the port.
interface dot1x timeout quiet- This command configures the quiet-period
period value on the port.
interface dot1x timeout server- This command configures the server-timeout
timeout value on the port.
interface dot1x timeout reauth- This command configures the re-auth-period
period value on the port.

150
Web Configuration RADIUS is a security protocol used to authenticate users by means

Global Settings of an external server instead of an internal device user database
that is limited to the memory capacity of the device. In essence,
Security > 802.1x > Global Settings
RADIUS allows you to validate an unlimited number of users from a
central location.
Guest VLAN Configure the guest vlan.
Primary Radius When RADIUS is selected as the 802.1x authentication method, the
Server Primary Radius Server will be used for all authentication attempts.
Enter the IP address of an external RADIUS server in dotted decimal
IP Address
notation.
UDP Port The default port of a RADIUS server for authentication is 1812.
Specify a password (up to 32 alphanumeric characters) as the key

to be shared between the external RADIUS server and the Switch.
Share Key
This key is not sent over the network. This key must be the same on
the external RADIUS server and the Switch.
Second Radius This is the backup server used only when the Primary Radius Server
Server is down.
Global Status
State This field displays if 802.1x authentication is Enabled or Disabled.

Authentication
Select Enable to permit 802.1x authentication on the Switch. This field displays if the authentication method is Local or RADIUS.
Method
State Note: You must first enable 802.1x authentication on the Switch
before configuring it on each port. Guest VLAN The field displays the guest vlan.
Select whether to use Local or RADIUS as the authentication Primary Radius This field displays the IP address, UDP port and shared key for the
method. Server Primary Radius Server. This will be blank if nothing has been set.
Authentication The Local method of authentication uses the “guest” and “user” Secondary This is the backup server used only when the Primary Radius Server
Method user groups of the user account database on the Switch itself to Radius Server is down.
authenticate.
However, only a certain number of accounts can exist at one time. Apply Click Apply to add/modify the settings.

151
Refresh Click Refresh to begin configuring this screen afresh. Select Auto to require authentication on the port.
Select Force Authorized to always force this port to be
Port Control Mode authorized.
Port Settings Select Force Unauthorized to always force this port to be
Security > 802.1x > Port Settings unauthorized. No packets can pass through this port.
Select Disable to disable Guest VLAN on the port.
Guest VLAN
Select Enable to enable Guest VLAN on the port.
Specify the amount of times the Switch will try to connect to the
Max-req Time authentication server before determining the server is down.
The acceptable range for this field is 1 to 10 times.
Specify how often a client has to re-enter his or her username
Reauth period and password to stay connected to the port. The acceptable
range for this field is 0 to 65535 seconds.
Specify a period of the time the client has to wait before the next
re-authentication attempt. This will prevent the Switch from
Quiet period becoming overloaded with continuous re-authentication
attempts from the client. The acceptable range for this field is 0
to 65535 seconds.
Specify how long the Switch will wait before communicating
Supp timeout with the server. The acceptable range for this field is 0 to 65535
Parameter Description seconds.
Port Select a port number to configure. Specify how long the Switch to time out the Authentication
Server timeout
Server. The acceptable range for this field is 0 to 65535 seconds.
Select Enable to permit 802.1x authentication on the port.
Select this and click Apply to reset the custom 802.1x port
802.1x State You must first enable 802.1x authentication on the Switch Reset to Default
authentication settings back to default.
before configuring it on each port.
Select Both to drop incoming and outgoing packets on the port Apply Click Apply to add/modify the settings.
Admin Control when a user has not passed 802.1x port authentication.
Direction Select In to drop only incoming packets on the port when a user
has not passed 802.1x port authentication. Port Status
Specify if a subscriber has to periodically re-enter his or her
Re-authentication Port This field displays the port number.
username and password to stay connected to the port.

152
802.1x State
This field displays if 802.1x authentication is Enabled or Port Security
Disabled on the port. The Switch will learn the MAC address of the device directly connected to a particular
This field displays the Admin Control Direction. port and allow traffic through. We will ask the question: “How do we control who and
how many can connect to a switch port?” This is where port security can assist us. The
Admin Control Both will drop incoming and outgoing packets on the port when
Switch allow us to control which devices can connect to a switch port or how many of
a user has not passed 802.1x port authentication.
Direction them can connect to it (such as when a hub or another switch is connected to the port).
In will drop only incoming packets on the port when a user has
not passed 802.1x port authentication.
Let’s say we have only one switch port left free and we need to connect five hosts to it.
This field displays if the subscriber must periodically re-enter his What can we do? Connect a hub or switch to the free port! Connecting a switch or a hub
Re-authentication
or her username and password to stay connected to the port. to a port has implications. It means that the network will have more traffic. If a switch or
This field displays the port control mode. a hub is connected by a user instead of an administrator, then there are chances that
loops will be created. So, it is best that number of hosts allowed to connect is restricted
Auto requires authentication on the port.
at the switch level. This can be done using the “port-security limit” command. This
Port Control Mode Force Authorized forces the port to be authorized. command configures the maximum number of MAC addresses that can source traffic
Force Unauthorized forces the port to be unauthorized. No through a port.
packets can Pass through the port.
This field displays the Guest VLAN setting for hosts that have not Port security can sets maximum number of MAC addresses allowed per interface. When
Guest VLAN the limit is exceeded, incoming packets with new MAC addresses are dropped. It can be
passed authentication.
use MAC table to check it. The static MAC addresses are included for the limit.
This field displays the amount of times the Switch will try to
Max-req Time connect to the authentication server before determining the
server is down. Note: If you configure a port of the Switch from disabled to enabled, all of the MAC
learned by this port will be clear.
This field displays how often a client has to re-enter his or her
Reauth period
username and password to stay connected to the port.
Default Settings
This field displays the period of the time the client has to wait The port security on the Switch is disabled.
Quiet period
before the next re-authentication attempt.
The Maximum MAC per port is 5.
This field displays how long the Switch will wait before The port state of the port security is disabled.
Supp timeout
communicating with the server.
This field displays how long the Switch will wait before CLI Configuration
Server timeout
communicating with the client.
enable show port-security This command displays the current port
security configurations.

153
configure port-security This command enables / disables the global Port Select a port number to configure.
(disable|enable) port security function.
interface port-security This command enables / disables the port State Select Enable/Disable to permit Port Security on the port.
(disable|enable) security function on the specific port. The maximum number of MAC addresses allowed per interface.
Maximum MAC The acceptable range is 1 to 30.
interface port-security limit This command configures the maximum MAC
VALUE entries on the specific port.
Port Security Status
gigabitethernet1/0/ node. Port This field displays a port number.
PORTLISTS
State This field displays if Port Security is Enabled or Disabled
if-range port-security This command enables / disables the port
(disable|enable) security function for the specified ports
Maximum MAC This field displays the maximum number of MAC addresses
if-range port-security limit This command configures the maximum MAC
VALUE entries for the specified ports.
Web Configuration TACACS+

Security > IP Source Guard > Port Security The purpose of this enhancement is to support TACACS+ on the Switch platforms.
Terminal Access Controller Access Control System Plus is a security application that
provides centralized validation of users attempting to gain access to a router, network
access server etc. In order for the TACACS+ feature work it would need a TACACS+ server,
which would typically be a daemon running on a centralized UNIX or windows NT
authentication, authorization and accounting facilities for managing network access
points from a single management service.
Product Features
The TACACS+ implementation will support the following features:
 The implementation will conform to version 1.78 of the TACACS+ draft RFC.
 Authentication, Authorization and Accounting can be run as well as disabled
Parameter Description independently of each other.
 In case TACACS+ authentication fails on account of the server being
Port Security Settings unreachable the box can be made to default to a local authentication policy.
 TACACS+ packet body encryption will be supported.
Port Security Select Enable/Disable to permit Port Security on the Switch.  Single Tacacs+ server will be support.

154
 Multiple connect mode will be support.

 Syslog messages will be support.
Functional Description
The Tacacs+ implementation will provide the following services:
 Authentication:
Complete control of authentication through login and password dialog, challenge and
response, messaging support etc.
 Authorization:
Control over user capabilities for the duration of the user session, like setting auto
commands, enforcing restrictions on what configuration commands a user may execute,
session duration etc.
 Accounting :
Collecting and sending information used for billing, auditing, and reporting to the
TACACS+ daemon.
Each of the above mentioned services can be configured and run independent of the
others. The TACACS+ implementation will provide authentication and confidentiality
Notices
between the router and the TACACS+ daemon. It runs on TCP port 49.
 Tacacs+ service must be enabled before configuring the authentication,
authorization and accounting parameters, otherwise it will return error as Tacacs+
Appliction: service is not enabled.
Remote network access is witnessing a major paradigm shift that from terminal access to  Not allowed to disable the Authentication login mode when both enabled login-
LAN access. Single users want to connect to the corporate network in the same way that mode and login local.
they connect at work i.e. as a LAN user. This places increased emphasis on network access  Not allowed to disable the Authentication enable mode when both enabled enable-
security. As a result of this network managers are concerned with 3 parameters: mode and enable local.
authentication, authorization and accounting. This is where TACACS+ enters into the  Not allowed to enable the login-mode local when login-mode is in disable.
picture. A typical deployment using TACACS+ could be as follow:  Not allowed to enable the enable-mode local when enable-mode is in disable.
 For input CLI, user must supply full command or partial command with TAB
(command must be completed). The reason is only the command after user HIT the
ENTER is only send to TACACS+ server for authorization or accounting. So if this
command is partial then subsequently authorization or accounting fails.

155
CLI Configuration configure no tacacs-plus authentication To disable the authentication enable

Mode Command Description enable-mode local enable local mode
configure tacacs-plus authorization To enable the authorization show
Enable show tacacs-plus To show the Tacacs+ Statistics.
commands enable commands.
configure tacacs-plus server-host To set the Tacacs+ Server ip address configure no tacacs-plus authorization To disable the authorization show
<ipaddr> commands enable commands.
configure tacacs-plus authorization To enable the authorization
configure no tacacs-plus server-host To reset the Tacacs+ Server ip address as exec enable configuration commands.
0.0.0.0 configure no tacacs-plus authorization To disable the authorization
configure tacacs-plus server-key <key> To set the Tacacs+ server key exec enable configuration commands.
configure tacacs-plus accounting To enable the level 1 commands for
configure no tacacs-plus server-key To reset the Tacacs+ server key as
commands enable accounting.
default key( NULL means no key)
configure no tacacs-plus accounting To disable the level 1 commands for
configure tacacs-plus enable To enable the Tacacs+ service
commands enable accounting.
configure no tacacs-plus enable To disable the Tacacs+ service configure tacacs-plus accounting exec To enable the level 15 commands for
enable accounting.
configure tacacs-plus authentication To enable the authentication login mode
login-mode enable configure no tacacs-plus accounting To disable the level15 commands for
exec enable accounting
configure no tacacs-plus authentication To disable the authentication login mode
login-mode enable configure tacacs-plus line-console To enable TACACSP on the console port.
enable
configure tacacs-plus authentication To enable the authentication login local
configure no tacacs-plus line-console To disable TACACSP on the console port.
login-mode local enable mode
enable
configure no tacacs-plus authentication To disable the authentication login local
login-mode local enable mode
Example:
configure tacacs-plus authentication To enable the authentication in enable
TI-PG1284I#show tacacs-plus
enable-mode enable mode.
Tacacs+ Server Host :0.0.0.0
configure no tacacs-plus authentication To disable the authentication in enable
Tacacs+ State :disabled
enable-mode enable mode.
Tacacs+ line-console mode :disabled
configure tacacs-plus authentication To enable the authentication enable
Authentication Login mode :disabled Local: disabled
enable-mode local enable local mode

156
Authentication Enable mode :disabled Local: disabled Authentication

Authorization :Command:disabled Exec : disabled Enable Mode Enables / Disables the authentication in Enable mode.
Accounting :Command:disabled Exec : disabled
Authorization
Authentication Sessions :0 Command Enables / Disables the authorization with show commands.
Authorization Sessions :0
Accounting Sessions :0 Authorization Enables / Disables the authorization with configuration
Exec commands.
Web Configuration Accounting

Enables / Disables the level 1 command for the Accounting.
Security > IP Source Guard > TACACS+ Command
Accounting Exec Enables / Disables the level 15 command for the Accounting.
TACACS Server IP Configures the TACACS server’s IP.
TACACS Server
Server Key Configures the server key for the TACACS server.
State Enables / Disables the Tacacs+ service.
Authentication
Login Mode Enables / Disables the authentication in login mode.

157
Monitor Parameter Description

Alarm Information
Alarm Alarm Status This field indicates if there is any alarm events.
The feature displays if there are any abnormal situation need process immediately. Alarm Reason(s) This field displays all of the detail alarm events.
Alarm DIP Switch Settings
Notice: The Alarm DIP Switch allow users to configure if send alarm message when the DIP Switch The field displays the DIP Switch name.
corresponding event occurs.
Status The field indicates the DIP Switch current status.
For Example:
P1: ON, The Switch will send alarm message when port 1 is link down. Hardware Information
PWR: ON, The Switch will send alarm message when the main power supply disconnect. The feature displays some hardware information to monitor the system to guarantee the
RPS: ON, The Switch will send alarm message when the redundant power supply network correctly.
disconnect. A. Displays the board’s and CPU’s and MAC chip’s temperature.
B. Displays the 1.0V and 2.5V and 3.3V input status.
CLI Configuration
Node Command Description CLI Configuration
enable show alarm-info This command displays alarm information. Node Command Description
enable show hardware-monitor This command displays hardware working
(C|F) information.
Web Configuration
Monitor > Alarm
Example:
TI-PG1284I#show hardware-monitor C
Temperature(C) Crent MAX MIN Threshold Status
-------------- ------- ------- -------- ------------- ---------
BOARD 44.0 44.2 24.0 80.0 Normal
CPU 49.2 49.2 26.5 80.0 Normal
PHY 57.5 57.5 30.0 80.0 Normal
Voltage(V) Current MAX MIN Threshold Status

-------------- --------- ------- -------- ------------ --------

158
1.0V IN 1.009 1.009 1.009 +/-5% Normal Port Rx Tx Rx Tx Rx Tx Rx Tx

1.8V IN 1.768 1.778 1.755 +/-5% Normal ---- -------- -------- -------- -------- -------- -------- -------- --------
3.3V IN 3.264 3.264 3.259 +/-5% Normal 7 1154 2 108519 1188 0 0 0 0
Web Configuration Web Configuration

Monitor > Hardware Information Monitor > Port Statistics
Port Select a port or a range of ports to display their statistics.
Rx Packets The field displays the received packet count.
Tx Packets The field displays the transmitted packet count.

Port Statistics
This feature helps users to monitor the ports’ statistics, to display the link up ports’ traffic Rx Bytes The field displays the received byte count.
utilization only.
Tx Bytes The field displays the transmitted byte count.
CLI Configuration Rx Errors The field displays the received error count.
Tx Errors The field displays the transmitted error count.
enable show port-statistics This command displays the link up ports’
statistics. Rx Drops The field displays the received drop count.
Tx Drops The field displays the transmitted drop count.

Example:
TI-PG1284I#show port-statistics Refresh Click this button to refresh the screen quickly.
Packets Bytes Errors Drops

159
Port Utilization RMON Statistics

This feature helps users to monitor the ports’ traffic utilization, to display the link up This feature helps users to monitor or clear the port’s RMON statistics.
ports’ traffic utilization only. CLI Configuration
CLI Configuration
enable show rmon statistics This command displays the RMON statistics.
configure clear rmon statistics This command clears one port’s or all ports’
enable show port-utilization This command displays the link up ports’ traffic [IFNAME] RMON statistics.
utilization.
Web Configuration
Web Configuration
Monitor > RMON Statistics
Monitor > Port Utilization
Port Select a port or a range of ports to display their RMON statistics.
Speed The current port speed.
Utilization The port traffic utilization.
Refresh Click this button to refresh the screen quickly.
Port Select a port or a range of ports to display their RMON statistics.
Show Show them.
Clear Clear the RMON statistics for the port or a range of ports.

160
SFP Information Vendor Name SFP vendor name.

The SFP information allows user to know the SFP module’s information, such as vendor Vendor PN Part Number.
name, connector type, revision, serial number, manufacture date, and to know the DDMI
information if the SFP modules have supported the DDMI function. Vendor rev Revision level for part number.
Vendor SN Serial number (ASCII).
CLI Configuration Date Code Manufacturing date code.
enable show sfp info port This command displays the SFP Notice: If the fiber cable is not connected, the Rx Power fields are not available.
PORT_ID information.
enable show sfp ddmi port This command displays the SFP DDMI
PORT_ID status.
Traffic Monitor
The function can be enabled / disabled on a specific port or globally be enabled disabled
Web Configuration on the Switch.
Monitor > SFP Information The function will monitor the broadcast / multicast / broadcast and multicast packets
rate. If the packet rate is over the user’s specification, the port will be blocked. And if the
recovery function is enabled, the port will be enabled after recovery time.
Default Settings
Packet Packet Recovery
Port State Status Type Rate(pps) State Time(min)
---- -------- ------- ----------- --------- -------- ---------
1 Disabled Normal Bcast 1000 Enabled 1
Parameter Description 5 Disabled Normal Bcast 1000 Enabled 1
Port Select a port number to configure. 6 Disabled Normal Bcast 1000 Enabled 1
Apply Click Apply to display the SFP information.
Fiber Cable To indicate if the fiber cable is connected. 9 Disabled Normal Bcast 1000 Enabled 1
Connector Code of optical connector type. 10 Disabled Normal Bcast 1000 Enabled 1

161
11 Disabled Normal Bcast 1000 Enabled 1 if-range traffic-monitor recovery This command enables / disables the
12 Disabled Normal Bcast 1000 Enabled 1 (disable|enable) recovery function for the traffic monitor on
the port.
CLI Configuration if-range traffic-monitor recovery This command configures the recovery
time VALUE time for the traffic monitor on the port.
enable show traffic-monitor This command displays the traffic monitor
configurations and current status. Web Configuration
Monitor > Traffic Monitor
configure traffic-monitor This command enables / disables the traffic
(disable|enable) monitor on the Switch.
interface traffic-monitor This command enables / disables the traffic
(disable|enable) monitor on the port.
interface traffic-monitor rate This command configures the packet rate
RATE_LIMIT type and packet type for the traffic monitor on
(bcast|mcast|bcast+mcast) the port.
bcast – Broadcast packet.
mcast – Multicast packet.
interface traffic-monitor recovery This command enables / disables the
(disable|enable) recovery function for the traffic monitor on
the port.
interface traffic-monitor recovery This command configures the recovery
time VALUE time for the traffic monitor on the port.
gigabitethernet1/0/ configure node.
PORTLISTS
if-range traffic-monitor This command enables / disables the traffic Parameter Description
(disable|enable) monitor on the port.
State Globally enables / disables the traffic monitor function.
if-range traffic-monitor rate This command configures the packet rate
RATE_LIMIT type and packet type for the traffic monitor on Port The port range which you want to configure.
(bcast|mcast|bcast+mcast) the port.
bcast – Broadcast packet. State Enables / disables the traffic monitor function on these ports.
mcast – Multicast packet.

162
Action Unblock these ports. Management

Packet Type Specify the packet type which you want to monitor.
SNMP
Packet Rate Specify the packet rate which you want to monitor. Simple Network Management Protocol (SNMP) is used in network management systems
Enables / disables the recovery function for the traffic monitor to monitor network-attached devices for conditions that warrant administrative
Recover State attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet
function on these ports.
Engineering Task Force (IETF). It consists of a set of standards for network management,
Configures the recovery time for the traffic monitor function on including an application layer protocol, a database schema, and a set of data objects.
Recovery Time
these ports.(Range: 1 – 60 minutes) SNMP exposes management data in the form of variables on the managed systems, which
describe the system configuration. These variables can then be queried (and sometimes
set) by managing applications.
Support below MIBs:

 RFC 1157 A Simple Network Management Protocol
 RFC 1213 MIB-II
 RFC 1493 Bridge MIB
 RFC 1643 Ethernet Interface MIB
 RFC 1757 RMON Group 1,2,3,9
SNMP community act like passwords and are used to define the security parameters of
SNMP clients in an SNMP v1 and SNMP v2c environments. The default SNMP community
is “public” for both SNMP v1 and SNMP v2c before SNMP v3 is enabled. Once SNMP v3 is
enabled, the communities of SNMP v1 and v2c have to be unique and cannot be shared.
Network ID of Trusted Host:

The IP address is a combination of the Network ID and the Host ID.
Network ID = (Host IP & Mask).
User need only input the network ID and leave the host ID to 0. If user has
input the host ID, such as 192.168.1.102, the system will reset the host ID,
such as 192.168.1.0
Note: Allow user to configure the community string and rights only.

163
User configures the Community String and the Rights and the Network ID of Trusted configure snmp trap-receiver This command configures the trap receiver’s
Host=0.0.0.0, Subnet Mask=0.0.0.0. It means that all hosts with the community string IPADDR VERSION configurations, including the IP address,
can access the Switch. COMMUNITY version (v1 or v2c) and community.
Default Settings
Example:
 SNMP : disabled.
 System Location : TI-PG1284I. (Maximum length 64 characters)
 System Contact : None. (Maximum length 64 characters) TI-PG1284I(config)#snmp enable
 System Name : None. (Maximum length 64characters) TI-PG1284I(config)#snmp community public rw trusted-host 192.168.200.106/24
 Trap Receiver : None. TI-PG1284I(config)#snmp trap-receiver 192.168.200.106 v2c public
 Community Name : None.
TI-PG1284I(config)#snmp system-contact IT engineer
 The maximum entry for community : 3.
 The maximum entry for trap receiver : 5. TI-PG1284I(config)#snmp system-location Branch-Office

SNMP Setting
Management > SNMP > SNMP > SNMP Settings
enable show snmp This command displays the SNMP
configurations.
configure snmp community This command configures the SNMP
STRING (ro|rw) community name.
trusted-host IPADDR
configure snmp This command disables/enables the SNMP on
(disable|enable) the switch.
configure snmp system-contact This command configures contact information
STRING for the system.
configure snmp system-location This command configures the location
STRING information for the system.
configure snmp system-name This command configures a name for the
STRING system.
(The System Name is same as the host name)
SNMP State Select Enable to activate SNMP on the Switch.

164
Select Disable to not use SNMP on the Switch. Select Read-Only to allow the SNMP manager using this string to
collect information from the Switch.
Type a System Name for the Switch. Rights
System Name Select Read-Write to allow the SNMP manager using this string to
(The System Name is same as the host name) create or edit MIBs (configure settings on the Switch).
System Location Type a System Location for the Switch. Network ID of Type the IP address of the remote SNMP management station in
Trusted Host dotted decimal notation, for example 192.168.1.0.
System Contact Type a System Contact for the Switch.
Type the subnet mask for the IP address of the remote SNMP
Apply Click Apply to configure the settings. Mask management station in dotted decimal notation, for example
255.255.255.0.
Community Name Refresh Click Refresh to begin configuring this screen afresh.
Management > SNMP > SNMP > Community Name
Community Name List
This field indicates the community number. It is used for

No. identification only. Click on the individual community number to
edit the community settings.
Community This field displays the SNMP community string. An SNMP
String community string is a text string that acts as a password.
This field displays the community string’s rights. This will be Read
Right
Only or Read Write.
Network ID of This field displays the IP address of the remote SNMP
management station after it has been modified by the subnet
Trusted Host mask.
Enter a Community string, this will act as a password for requests
This field displays the subnet mask for the IP address of the
from the management station. Subnet Mask
remote SNMP management station.
An SNMP community string is a text string that acts as a password.
Community It is used to authenticate messages that are sent between the Action Click Delete to remove a specific Community String.
String management station (the SNMP manager) and the device (the
SNMP agent). The community string is included in every packet
that is transmitted between the SNMP manager and the SNMP
agent.

165
SNMP Trap Community This field displays the community string used with this remote trap
Web Configuration String station.
Management > SNMP > SNMP Trap > Trap Receiver Settings
Action Click Delete to remove a configured trap receiver station.
SNMPv3
CLI Configuration
This command displays all snmp v3
enable show snmp user
users.
This command displays all snmp v3
enable show snmp group
groups.
Parameter Description This command displays all snmp v3
enable show snmp view
Enter the IP address of the remote trap station in dotted decimal view.
IP Address
notation. snmp user USERNAME Configures v3 user of non-
configure
GROUPNAME noauth authentication.
Select the version of the Simple Network Management Protocol snmp user USERNAME
Version
to use. v1 or v2c. configure GROUPNAME auth Configures v3 user of authentication.
(MD5|SHA) STRINGS
Community
Specify the community string used with this remote trap station. snmp user USERNAME
String Configures v3 user of authentication
configure GROUPNAME priv (MD5|SHA)
and encryption.
Apply STRINGS des STRINGS
Click Apply to configure the settings.
snmp group GROUPNAME
Configures v3 group of non-
Refresh configure noauth (read STRINGS write
Click Refresh to begin configuring this screen afresh. authentication.
STRINGS notify STRINGS)
Trap Receiver List snmp group GROUPNAME
configure auth (read STRINGS write Configures v3 group of authentication.
This field displays the index number of the trap receiver entry. STRINGS notify STRINGS)
No. snmp group GROUPNAME
Click the number to modify the entry. Configures v3 group of authentication
configure priv (read STRINGS write
and encryption.
IP Address This field displays the IP address of the remote trap station. STRINGS notify STRINGS)
snmp view VIEWNAME
This field displays the version of Simple Network Management configure To identify the subtree.
Version STRINGS (included|excluded)
Protocol in use. v1 or v2c.

166
no snmp user USERNAME This command removes a v3 user from Auth Algorithm Select MD5 or SHA Algorithm when security level is auth or priv.
configure
GROUPNAME switch.
This command removes a v3 group Set the password for this user when security level is auth or priv.
configure no snmp group GROUPNAME Auth Password
from switch. (pass phrases must be at least 8 characters long!)
no snmp view VIEWNAME This command removes a v3 view from
configure Priv Algorithm Select DES encryption when security level is priv.
STRINGS switch.
Priv Password Set the password for this user when security level is priv. (pass
Web Configuration phrases must be at least 8 characters long!)
SNMPv3 User
Management > SNMP > SNMPv3 > SNMPv3 User
SNMPv3 User Status
User Name This field displays the v3 user name.
Group Name This field displays the group name which the v3 user mapping.
Auth Protocol
These fields display the security level to this v3 user.
Priv Protocol
Rowstatus This field displays the v3 user rowstatus.
Action Click Delete to remove a v3 user.
User Name Enter the v3 user name.
Group Name Map the v3 user name into a group name.
Select the security level of the v3 user to use.

noauth means no authentication and no encryption.
Security Level
auth means messages are authenticated but not encrypted.
priv means messages are authenticated and encrypted.

167
SNMPv3 Group Group Name This field displays the v3 user name.
Management > SNMP > SNMPv3 > SNMPv3 Group
This field displays the security model of the group.
Security Model
Always displayed v3: User-based Security Model (USM)
Security Level This field displays the security level to this group.
Read View
Write View These fields display the View list of this group.
Notify View
Action Click Delete to remove a v3 group.
SNMPv3 View
Management > SNMP > SNMPv3 > SNMPv3 View
Group Name Enter the v3 user name.
Security Level Select the security level of the v3 group to use.
Read View Note that if a group is defined without a read view than all
objects are available to read. (default value is none.)
if no write or notify view is defined, no write access is granted
Write View and no objects can send notifications to members of the group.
(default value is none.)
Notify View By using a notify view, a group determines the list of notifications
its users can receive. (default value is none.)
Apply Click Apply to configure the settings. Parameter Description

Refresh Click Refresh to begin configuring this screen afresh. Enter the v3 view name for creating an entry in the SNMPv3 MIB
View Name
view table.
SNMPv3 Group Status
The OID defining the root of the subtree to add to (or exclude
View Subtree
from) the named view.

168
Select included or excluded to define subtree adding to the view Firmware_Image_File=8648P-999-1.1.0.S0.fw

View Type
or not. Firmware_Reboot=1
Global_Configuration_State=0
Global_Configuration_File=8648P-999-1.1.0.S0.save
Refresh Click Refresh to begin configuring this screen afresh. Global_Configuration_Reboot=0
Specific_Configuration_State=0
SNMPv3 View Status
Specific_Configuration_Reboot=0
View Name This field displays the v3 view name.
2. If AUTO_PROVISION_VER is biggest than current auto provision version, do step 3;
View Subtree This field displays the subtree. otherwise, wait 24 hours and go back to step 1.
View Type This field displays the subtree adding to the view or not.
3. If the Firmware_Upgrade_State =1, do step 4; otherwise, do step 6.
Action Click Delete to remove a v3 view.
4. If the Firmware_Version is difference than current firmware version, download the
Firmware_Image_File and upgrade firmware.
5. If upgrade firmware succeeded and Firmware_Reboot=1, let reboot_flag=1.

Auto Provision
Auto provision is a service that service provider can quickly, easily and automatically 6. If the Global_Configuration_State =1, download the Global_Configuration_File and
configure remote device or doing firmware upgrade at remote side. upgrade configuration; otherwise, do step 8.
1. When the Auto Provision is enabled, the Switch will download the auto provision 7. If upgrade configutation succeeded and Global_Configuration_Reboot =1, let
information file from the auto provision server first. reboot_flag=1.
The file name is followed below naming rule: 8. If the Specific_Configuration_State =1, download the specific configuration file and
Model_Name_Autoprovision.txt upgrade configuration; otherwise do step 10. The naming is “Model_Name _” with
12-bit MAC digits ,example for following is “INS-8648P_00e04c8196b9.txt”
For Example: SWITCH_Autoprovision.txt
9. If upgrade configutation succeeded and Specific_Configuration_Reboot =1, let

The contents of the file are listed below: reboot_flag=1.
AUTO_PROVISION_VER=1
Firmware_Upgrade_State=1 10. If reboot_flag=1, save running configuration and reboot the switch; otherwise, wait
Firmware_Version=8648P-999-1.1.0.S0 24 hours and go back to step 1.

169
Default Settings auto-provision no FTP-user The command configurations the username

Auto provision configuration profile: and password to default.
Active : Disable
Version :0
Protocol : FTP Web Configuration
FTP user/pwd :/ Management > Auto Provision
Folder :
Server address :
CLI Configuration
enable show auto-provision This command displays the current auto
provision configurations.
configure auto-provision This command enters the auto-provision
node.
auto-provision show This command displays the current auto
provision configurations.
auto-provision active This command enables/disables the auto
(enable|disable) provision function.
auto-provision server-address This command configures the auto
IPADDR provision server’s IP.
auto-provision protocol The command configurations the upgrade Mail Alarm
(tftp|http|ftp) protocol. The feature sends an e-mail trap to a predefined administrator when some events
auto-provision FTP-user username The command configurations the username occur. The events are listed below:
STRING password and password for the FTP server.  System Reboot : The system warn start or cold start.
STRING  Port Link Change : A port link up or down.
 Configuration Change : The system configurations in the NV-RAM
auto-provision folder STRING The command configurations the folder for
have
the auto provision server.
been updated.
auto-provision no folder The command configurations the folder to  Firmware Upgrade : The system firmware image has
default. been updated.
 User Login : A user login the system.

170
 Port Blocked : A port is blocked by looping Googlemail - Gmail Server: Authentication: Port:
detection or BPDU
Guard. SMTP Server (Outgoing smtp.gmail.com SSL 465
Default Settings Messages) smtp.gmail.com StartTLS 587
Mail-Alarm Configuration: POP3 Server (Incoming
----------------------------------------------- pop.gmail.com SSL 995
Messages)
State : Disabled.
Outlook.com Server: Authentication: Port:
Server IP : 0.0.0.0
SMTP Server (Outgoing
Server Port : 25 smtp.live.com StartTLS 587
Messages)
Mail From :
POP3 Server (Incoming
Mail To : pop3.live.com SSL 995
Messages)
Yahoo Mail Server: Authentication: Port:
Trap Event Status:
----------------------------------------------- SMTP Server (Outgoing
smtp.mail.yahoo.com SSL 465
System Reboot : Disabled. Messages)
Port Link Change : Disabled. POP3 Server (Incoming

pop.mail.yahoo.com SSL 995
Configuration Change : Disabled. Messages)
Firmware Upgrade : Disabled. Yahoo Mail Plus Server: Authentication: Port:
User Login : Disabled. SMTP Server (Outgoing
plus.smtp.mail.yahoo.com SSL 465
Port Blocked : Disabled. Messages)
Alarm : Disabled. POP3 Server (Incoming
plus.pop.mail.yahoo.com SSL 995
Messages)
Reference
Default Ports Server Authentication Port CLI Configuration
25 (or Node Command Description
Non-Encrypted AUTH
587)
SMTP Server (Outgoing enable show mail-alarm This command displays the Mail Alarm
Messages) Secure (TLS) StartTLS 587 configurations.
Secure (SSL) SSL 465 configure mail-alarm (disable|enable) This command disables / enables the
Mail Alarm function.
POP3 Server (Incoming Non-Encrypted AUTH 110
Messages) configure mail-alarm auth-account This command configures the Mail
Secure (SSL) SSL 995
server authentication account.

171
configure mail-alarm mail-from This command configures the mail Server IP Specifies the mail server’s IP address.
sender.
configure mail-alarm mail-to This command configures the mail Server Port Specifies the TCP port for the SMTP.
receiver.
Account Name Specifies the mail account name.
configure mail-alarm server-ip This command configures the mail
IPADDR server-port VALUE server IP address and the TCP port. Account Password Specifies the mail account password.
configure mail-alarm server-ip This command configures the mail
Mail From Specifies the mail sender.
IPADDR server-port Default server IP address and configures 25 as
the server’s TCP port.
Mail To Specifies the mail receiver.
configure mail-alarm trap-event This command disables / enables mail
(reboot|link- trap events. Trap State Enables / disables the mail trap event states.
change|config.|
firmware|login|port-
blocked| alarm)
(disable|enable)
Maintenance
CLI Configuration
Web Configuration
Management > Mail Alarm
enable show config- This command displays the configurations status if
change-status there are default values.
configure reboot This command reboots the system.
configure reload default- This command copies a default-config file to
config replace the current one.
Note: The system will reboot automatically to take
effect the configurations.
configure write memory This command writes current operating
configurations to the configuration file.
configure archive download- This command downloads a new copy of
Parameter Description config <URL PATH> configuration file from TFTP server.
Where <URL PATH> can be:
State Enable / disable the Mail Alarm function.
ftp://user:[email protected]/file
http://192.168.1.1/file

172
tftp://192.168.1.1/file Web Configuration

configure archive upload- This command uploads the current configurations Management > Maintenance > Configuration
config <URL PATH> file to a TFTP server. Save Configuration
configure archive download- This command downloads a new copy of firmware
fw <URL PATH> file from TFTP / FTP / HTTP server.
Where <URL PATH> can be:
ftp://user:[email protected]/file
http://192.168.1.1/file
tftp://192.168.1.1/file
Example: Press the Save button to save the current settings to the NV-RAM (flash).
TI-PG1284I(config)#interface eth0 Upload / Download Configuration to /from a your server
TI-PG1284I(config-if)#ip address 172.20.1.101/24
TI-PG1284I(config-if)#ip address default-gateway 172.20.1.1
TI-PG1284I(config-if)#management vlan 1
Enable the DHCP client function for the switch.

 TI-PG1284I#configure terminal
 TI-PG1284I(config)#interface eth0
 TI-PG1284I(config-if)#ip dhcp client enable
TI-PG1284I#show config-change-status
Follow the steps below to save the configuration file to your PC.
The user configuration file is default.
 Select the “Press “Download” to save configurations file to your PC”.
The configurations have been modified.  Click the “Download” button to start the process.
Follow the steps below to load the configuration file from your PC to the Switch.
 Select the “Upload configurations file to your Switch”.
 Select the full path to your configuration file.
 Click the Upload button to start the process.

173
Reset the factory default settings of the Switch Firmware

Management > Maintenance > Firmware
Type the path and file name of the firmware file you wish to upload to the Switch in the
File path text box or click Browse to locate it. Click Upgrade to load the new firmware.
Press the Reset button to set the settings to factory default configuration.
The configuration status
Reboot
Management > Maintenance > Reboot
Reboot allows you to restart the Switch without physically turning the power off.
Follow the steps below to reboot the Switch.
Display the configuration status of recorded in the NV-RAM.
Notice:
If the user has changed any configurations, the message displays “The configurations have
been modified!” Otherwise, the message “The configurations are default values.”
There are two conditions will change message from “The configurations have been
modified!” to “The configurations are default values.”
1. Click “Reset configuration” in web management or do cli command, reload
default-config.
2. Click “Upload configuration” in web management or do cli command,  In the Reboot screen, click the Reboot button. The following screen displays.
“archive download-config xxx”.

174
Web Configuration
Management > Maintenance > Server
 Click OK again and then wait for the Switch to restart. This takes up to two minutes.
This does not affect the Switch’s configuration.
Server Control
The function allows users to enable or disable the SSH or Telnet or Web service individual
using the CLI or GUI.
CLI Configuration Parameter Description

Node Command Description Server Settings
enable show server status This command displays the current server
status. Web Server State Selects Enable or Disable to enable or disable the Web service.
configure ssh server This command enables the ssh on the Switch. Telnet Server
Selects Enable or Disable to enable or disable the Telnet service.
State
configure no ssh server This command disables the ssh on the Switch.
configure telnet server This command enables the telnet on the Switch. SSH Server State Selects Enable or Disable to enable or disable the SSH service.
configure no telnet server This command disables the telnet on the Switch.
configure web server This command enables the web on the Switch.
configure no web server This command disables the web on the Switch.
Server Status

175
Web Server Status Displays the current Web service status. configure syslog-server ipv6-ip The command configures the syslog server’s IP
IPADDR address in IPv6 format.
Telnet Server
Displays the current Telnet service status. configure syslog-server facility The command configures the syslog facility
Status
level.
SSH Server Status Displays the current SSH service status.
Example:
TI-PG1284I(config)#syslog-server ipv4-ip 192.168.200.106
System Log TI-PG1284I(config)#syslog-server enable
The syslog function records some of system information for debugging purpose. Each log
message recorded with one of these levels, Alert / Critical / Error / Warning / Notice /
Information. The syslog function can be enabled or disabled. The default setting is Web Configuration
disabled. The log message is recorded in the Switch file system. If the syslog server’s IP Management > System Log
address has been configured, the Switch will send a copy to the syslog server.
The log message file is limited in 4KB size. If the file is full, the oldest one will be
replaced.
CLI Configuration
enable show syslog The command displays the entire log message
recorded in the Switch.
enable show syslog level The command displays the log message with
LEVEL the LEVEL recorded in the Switch.
enable show syslog server The command displays the syslog server
Enter the Syslog server IP address in dotted decimal notation.
configurations.
For example, 192.168.1.1. Select Enable to activate switch sent
Server IP
configure clear syslog The command clears the syslog message. log message to Syslog server when any new log message
occurred.
configure syslog-server The command disables / enables the syslog
(disable|enable) server function. Select Alert/Critical/Error/Warning/Notice/Information to
Log Level
choose which log message to want see.
configure syslog-server ipv4-ip The command configures the syslog server’s IP
IPADDR address in IPv4 format. Apply Click Apply to add/modify the settings.

176
Refresh Click Refresh to begin configuring this screen afresh. The maximum length of the username and password is 32 characters.
CLI Configuration
User Account
The Switch allows users to create up to 6 user account. The user name and the password enable show user account This command displays the current user
should be the combination of the digit or the alphabet. The last admin user account accounts.
cannot be deleted. Users should input a valid user account to login the CLI or web configure add user USER_ACCOUNT This command adds a new user account.
management. PASSWORD
(normal|admin)
User Authority: configure delete user This command deletes a present user
The Switch supports two types of the user account, admin and normal. The default user’s USER_ACCOUNT account.
account is username (admin) / password (admin).
 admin - read / write.
Example:
 normal - read only.
; Cannot enter the privileged mode in CLI.
TI-PG1284I(config)#add user q q admin
; Cannot apply any configurations in web.
TI-PG1284I(config)#add user 1 1 normal
The Switch also supports backdoor user account. In case of that user forgot their user
name or password, the Switch can generate a backdoor account with the system’s MAC.
Users can use the new user account to enter the Switch and then create a new user Web Configuration
account. Management > User Account
Default Settings
Maximum user account : 6.
Maximum user name length : 32.
Maximum password length : 32.
Default user account for privileged mode : admin / admin.
Notices
The Switch allows users to create up to 6 user account.
The user name and the password should be the combination of the digit or the
alphabet.
The last admin user account cannot be deleted.

177
User Name Type a new username or modify an existing one.
Type a new password or modify an existing one. Enter up to 32

User Password
alphanumeric or digit characters.
Select with which group the user associates: admin (read and
User Authority
write) or normal (read only) for this user account.
Apply Click Apply to add/modify the user account.
User Account List
No. This field displays the index number of an entry.
User Name This field displays the name of a user account.

User
This field displays the password.
Password
User
This field displays the associated group.
Authority
Click the Delete button to remove the user account.
Action
Note: You cannot delete the last admin accounts.

178
Performance
Technical Specifications
 Switch fabric: 24 Gbps
Standards
 RAM buffer: 128 MB
 IEEE 802.1d
 MAC address table: 16K entries
 IEEE 802.1p
 Jumbo frames: 10 KB
 IEEE 802.1Q
 Forwarding rate: 17.86 Mpps (64-byte packet size)
 IEEE 802.1s
 IEEE 802.1w Management
 IEEE 802.1X  CLI (Console, Telnet, SSH)
 IEEE 802.1ab  HTTP/HTTPS (SSL) web based GUI
 IEEE 802.3  SNMP v1, v2c, 3
 IEEE 802.3u  SNMP trap
 IEEE 802.3x  RMON groups 1, 2, 3, 9
 IEEE 802.3z  LLDP
 IEEE 802.3ab  SNTP
 IEEE 802.3ad  SMTP alert
 IEEE 802.3af  Syslog
 IEEE 802.3at  Port statistics/utilization
 Traffic monitor
Device Interface
 Port mirror (Ingress, Egress, Both)
 8 x Gigabit PoE+ ports
 Storm control (Multicast, DLF, Broadcast)
 4 x Gigabit SFP slots
 Modbus/TCP
 1 x Console port (RJ-45)
 IPv6 static IP address, DHCPv6 client
 6-pin removable terminal block (Primary/RPS power inputs & alarm relay
 Dual Image
output)
 Auto Provision via FTP/TFTP/HTTP Server
 DIP switch (Alarm for primary/RPS power and ports/slots failure)
 Xpress Ring
 LED indicators
 ERPS (Ethernet Ring Protection Switching) G8032v2
Data Transfer Rate  SFP DDMI (Digital Diagnostic Monitoring Interface)
 Ethernet: 10 Mbps (half-duplex), 20 Mbps (full-duplex)
MIB
 Fast Ethernet: 100 Mbps (half-duplex), 200 Mbps (full-duplex)
 MIB II RFC 1213
 Gigabit Ethernet: 2000 Mbps (full-duplex)
 Bridge MIB RFC 1493
 SX/LX: 2000 Mbps (full-duplex)
 Ethernet Interface MIB RFC 1643

179
 RMON MIB RFC 1757 Access Control

 802.1X port-based network access control RADIUS
Spanning Tree
 Local dial-in user authentication
 STP (Spanning Tree protocol)  DHCP snooping/screening
 RSTP (Rapid Spanning Tree protocol)  Loopback detection
 MSTP (Multiple Spanning Tree protocol)  ARP inspection
Link Aggregation  IP Source Guard
 IP-MAC-Port binding
 Static link aggregation
 Trusted host
 802.3ad dynamic LACP
 MAC address learning
 Up to 6 link aggregation groups
ACL IPv4
Quality of Service (QoS)
 MAC Address
 802.1p Class of Service (CoS)
 VLAN ID
 DSCP (Differentiated Services Code Point)
 Ethernet Type
 Bandwidth control per port
 IP Protocol 0-255
 Queue Scheduling: Strict Priority (SP), Weighted Round Robin (WRR)
 TCP/UDP Port 1-65535
VLAN  DSCP
 802.1Q tagged VLAN
Layer 3 Features
 MAC-based VLAN
 IPv4/IPv6 static routing
 Dynamic GVRP
 IPv4/IPv6 proxy ARP
 Protocol-based (Ethernet II, Non-LLC-SNAP, LLC-SNAP)
 IP interfaces: Up to 16
 Q-in-Q VLAN stacking/double VLAN (port-based, selective)
 Routing table entries: Up to 500 (IPv4: 400 / IPv6: 100)
 Port isolation
 DHCP Server/Relay/Option 82
 Up to 256 VLAN groups, ID range 1-4094
Special Features
Multicast
 CLI & web based management
 IGMP snooping v1, v2, v3
 Full power PoE+
 MVR
 Wide operating temperature range
 MLD v1, v2
 Dual redundant power inputs
 IGMP filtering/querier/proxy
 Alarm relay triggered by power and ports/slots failure
 Static multicast address
 Surge/ESD protection
 Up to 256 multicast entries

180
 L2+ management features Operating Humidity

 Max. 95% non-condensing
Power
 PWR (Primary) terminal input: 48 – 57V DC (TI-S24048 sold separately) Dimensions
 RPS (Redundant) terminal input: 48 – 57V DC (TI-S24048 sold separately)  170 x 132 x 50 mm (6.69 x 5.2 x 1.97 in.)
 Consumption: 18 W (max.), 260 W (max.) with PoE+ fully loaded
Weight
Optional Power Supply (TI-S24048 sold separately)  920 g (2.03 lbs.)
 Input: 100-240 V AC, 50/60 Hz, 1.8 A 125-370 V DC Certifications
 Output: 240 Watts, 48 V, 5 A
 CE
 DIN-rail: TS-35/7.5 or 15
 FCC
 Operating Temperature: - 25 to 70 °C (- 13 to 158 °F)
 Shock (IEC 60068-2-27)
 Freefall (IEC 60068-2-32)
PoE
 PoE budget: 240W  Vibration (IEC 60068-2-6)
 Up to 15W per port for PoE
 Up to 30W per port for PoE+
 Mode A: Pins 1, 2 (V+) and pins 3, 6 (V-)
 PoE enable/disable per port setting, priority, scheduling, power delay, and PD
alive check
Enclosure
 IP30 rated metal enclosure
 DIN-Rail mount
 Grounding point
 ESD (Ethernet) Protection: 8KV DC
 Surge (Power) Protection: 6KV DC
MTBF
 99,992 hrs @ 75 °C
 322,805 hrs @ 25 °C
Operating Temperature
 - 40 to 75 °C (-40 to 167 °F)

181
Q: If my switch IP address is different than my network’s subnet, what should I do?

Troubleshooting Answer:
You should still configure the switch first. After all the settings are applied, go to the
Q: I typed http://192.168.10.200 in my Internet Browser Address Bar, but an error switch configuration page, click on System, click IPv4 Setup and change the IP address of
message says “The page cannot be displayed.” How can I access the switch the switch to be within your network’s IP subnet. Click Apply, then click OK. Then click
management page? Save Settings to Flash (menu) and click Save Settings to Flash to save the IP settings to
Answer: the NV-RAM.
1. Check your hardware settings again. See “Switch Installation” on page 7.
2. Make sure the Power and port Link/Activity and WLAN lights are lit.
3. Make sure your network adapter TCP/IP settings are set to Use the following IP
address or Static IP (see the steps below).
4. Make sure your computer is connected to one of the Ethernet switch ports.
5. Since the switch default IP address is 192.168.10.200, make sure there are no other
network devices assigned an IP address of 192.168.10.200
Windows 7/8.1/10
a. Go into the Control Panel, click Network and Sharing Center.
b. Click Change Adapter Settings, right-click the Local Area Connection icon.
c. Then click Properties and click Internet Protocol Version 4 (TCP/IPv4).
d. Then click Use the following IP address, and make sure to assign your
network adapter an IP address in the subnet of 192.168.10.x. Click OK
Windows Vista
a. Go into the Control Panel, click Network and Internet.
b. Click Manage Network Connections, right-click the Local Area Connection
icon and click Properties.
c. Click Internet Protocol Version (TCP/IPv4) and then click Properties.
Windows XP/2000
a. Go into the Control Panel, double-click the Network Connections icon
b. Right-click the Local Area Connection icon and the click Properties.
c. Click Internet Protocol (TCP/IP) and click Properties.
Note: If you are experiencing difficulties, please contact your computer or operating
system manufacturer for assistance.

182
Appendix system manufacturer for assistance.
How to find your IP address?
Note: Please note that although the following procedures provided to follow for your How to configure your network settings to use a static IP address?
operating system on configuring your network settings can be used as general
guidelines, however, it is strongly recommended that you consult your computer or Note: Please note that although the following procedures provided to follow for your
operating system manufacturer directly for assistance on the proper procedure for operating system on configuring your network settings can be used as general
configuring network settings. guidelines, however, it is strongly recommended that you consult your computer or
operating system manufacturer directly for assistance on the proper procedure for
configuring network settings.
Command Prompt Method
Windows 2000/XP/Vista/7/8.1/10 Windows 7/8.1/10
1. On your keyboard, press Windows Logo+R keys simultaneously to bring up the Run a. Go into the Control Panel, click Network and Sharing Center.
dialog box. b. Click Change Adapter Settings, right-click the Local Area Connection icon.
2. In the dialog box, type cmd to bring up the command prompt. c. Then click Properties and click Internet Protocol Version 4 (TCP/IPv4).
3. In the command prompt, type ipconfig /all to display your IP address settings. d. Then click Use the following IP address, and assign your network adapter a
MAC OS X static IP address. Click OK
1. Navigate to your Applications folder and open Utilities. Windows Vista
2. Double-click on Terminal to launch the command prompt. a. Go into the Control Panel, click Network and Internet.
3. In the command prompt, type ipconfig getifaddr <en0 or en1> to display the wired b. Click Manage Network Connections, right-click the Local Area Connection
or wireless IP address settings. icon and click Properties.
Note: en0 is typically the wired Ethernet and en1 is typically the wireless Airport c. Click Internet Protocol Version (TCP/IPv4) and then click Properties.
interface. d. Then click Use the following IP address, and assign your network adapter a
static IP address. Click OK
Graphical Method Windows XP/2000
a. Go into the Control Panel, double-click the Network Connections icon
MAC OS 10.6/10.5
b. Right-click the Local Area Connection icon and the click Properties.
1. From the Apple menu, select System Preferences.
c. Click Internet Protocol (TCP/IP) and click Properties.
2. In System Preferences, from the View menu, select Network.
3. In the Network preference window, click a network port (e.g., Ethernet, AirPort, d. Then click Use the following IP address, and assign your network adapter a
modem). If you are connected, you'll see your IP address settings under "Status:" static IP address. Click OK
MAC OS 10.4/10.5/10.6
MAC OS 10.4 a. From the Apple, drop-down list, select System Preferences.
1. From the Apple menu, select Location, and then Network Preferences. b. Click the Network icon.
2. In the Network Preference window, next to "Show:", select Network Status. You'll see c. From the Location drop-down list, select Automatic.
your network status and your IP address settings displayed. d. Select and view your Ethernet connection.

183
In MAC OS 10.4, from the Show drop-down list, select Built-in How do I use the ping tool to check for network device connectivity?
Ethernet and select the TCP/IP tab. Windows 2000/XP/Vista/7/8.1/10
In MAC OS 10.5/10.6, in the left column, select Ethernet.
1. On your keyboard, press Windows Logo+R keys simultaneously to bring up the Run
e. Configure TCP/IP to use a static IP.
dialog box.
In MAC 10.4, from the Configure IPv4, drop-down list, select Manually
and assign your network adapter a static IP address. Then click the 2. In the dialog box, type cmd to bring up the command prompt.
Apply Now button. 3. In the command prompt, type ping <ip_address> with the <ip_address> being the IP
In MAC 10.5/10.6, from the Configure drop-down list, select Manually address you want ping and check for connectivity.
and assign your network adapter a static IP address . Then click the Example: Usage of ping command and successful replies from device.
Apply button.
C:\Users>ping 192.168.10.100
f. Restart your computer.
Pinging 192.168.10.100 with 32 bytes of data:
Reply from 192.168.10.100: bytes=32 time<1ms TTL=64
system manufacturer for assistance. Reply from 192.168.10.100: bytes=32 time<1ms TTL=64
Reply from 192.168.10.100: bytes=32 time<1ms TTL=64
How to find your MAC address? Reply from 192.168.10.100: bytes=32 time<1ms TTL=64
In Windows 2000/XP/Vista/7/8.1/10,
Your computer MAC addresses are also displayed in this window, however, you can type Ping statistics for 192.168.10.100:
getmac –v to display the MAC addresses only. Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
In MAC OS 10.4, Minimum = 0ms, Maximum = 0ms, Average = 0ms
1. Apple Menu > System Preferences > Network
2. From the Show menu, select Built-in Ethernet. MAC OS X
3. On the Ethernet tab, the Ethernet ID is your MAC Address. 1. Navigate to your Applications folder and open Utilities.
2. Double-click on Terminal to launch the command prompt.
In MAC OS 10.5/10.6, 3. In the command prompt, type ping –c <#> <ip_address> with the <#> ping being the
1. Apple Menu > System Preferences > Network number of time you want to ping and the <ip_address> being the IP address you want
ping and check for connectivity.
2. Select Ethernet from the list on the left.
Example: ping –c 4 192.168.10.100
3. Click the Advanced button.
3. On the Ethernet tab, the Ethernet ID is your MAC Address.

184
Federal Communication Commission Interference Statement RoHS

This equipment has been tested and found to comply with the limits for a Class B digital device, This product is RoHS compliant.
pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference in a residential installation. This equipment generates,
uses and can radiate radio frequency energy and, if not installed and used in accordance with
the instructions, may cause harmful interference to radio communications. However, there is
no guarantee that interference will not occur in a particular installation. If this equipment does
cause harmful interference to radio or television reception, which can be determined by
turning the equipment off and on, the user is encouraged to try to correct the interference by Europe – EU Declaration of Conformity
one of the following measures:
This device complies with the essential requirements of the R&TTE Directive 2004/108/EC
 Reorient or relocate the receiving antenna. and 2006/95/EC.
 Increase the separation between the equipment and receiver.
 Connect the equipment into an outlet on a circuit different from that to which
the receiver is connected.  EN 55011: 2009 + A1: 2010 (Group 1, Class A)
 Consult the dealer or an experienced radio/TV technician for help.  EN 55022: 2010 + AC: 2011 (Class A)
FCC Caution: Any changes or modifications not expressly approved by the party responsible  EN 55024: 2010
for compliance could void the user's authority to operate this equipment.  EN 61000-3-2: 2014
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two  EN 61000-3-3: 2013
conditions: (1) This device may not cause harmful interference, and (2) this device must accept
any interference received, including interference that may cause undesired operation.
Directives:
IMPORTANT NOTE:
EMC Directive 2004/108/EC and EN 2014/30/EU
Radiation Exposure Statement:
RoHS Directive 2011/65/EU
This equipment complies with FCC radiation exposure limits set forth for an uncontrolled
environment. This equipment should be installed and operated with minimum distance REACH Regulation (EC) No. 1907/2006
20cm between the radiator & your body.
This transmitter must not be co-located or operating in conjunction with any other antenna
or transmitter.
Country Code selection feature to be disabled for products marketed to the US/CANADA CE Mark Warning
This is a Class A product. In a domestic environment, this product may cause radio
interference, in which case the user may be required to take adequate measures.

185
Česky [Czech] TRENDnet tímto prohlašuje, že tento TI-PG1284I je ve shodě se reikalavimus ir kitas 2014/30/EU ir 2004/108/EB Direktyvos
základními požadavky a dalšími příslušnými ustanoveními nuostatas.
směrnice 2014/30/EU a 2004/108/ES.
Nederlands Hierbij verklaart TRENDnet dat het toestel TI-PG1284I in
Dansk [Danish] Undertegnede TRENDnet erklærer herved, at følgende udstyr TI- [Dutch] overeenstemming is met de essentiële eisen en de andere
PG1284I overholder de væsentlige krav og øvrige relevante krav i relevante bepalingen van richtlijn 2014/30/EU en 2004/108/EG.
direktiv 2014/30/EU og 2004/108/EF.
Malti [Maltese] Hawnhekk, TRENDnet, jiddikjara li dan TI-PG1284I jikkonforma
Deutsch Hiermit erklärt TRENDnet, dass sich das Gerät TI-PG1284I in mal-ħtiġijiet essenzjali u ma provvedimenti oħrajn relevanti li
[German] Übereinstimmung mit den grundlegenden Anforderungen und den hemm fid-Dirrettiva 2014/30/EU u 2004/108/KE.
übrigen einschlägigen Bestimmungen der Richtlinie 2014/30/EU,
Magyar Alulírott, TRENDnet nyilatkozom, hogy a TI-PG1284Imegfelel a
und 2004/108/EG befindet.
[Hungarian] vonatkozó alapvetõ követelményeknek és az 2014/30/EU, irányelv
Eesti [Estonian] Käesolevaga kinnitab TRENDnet seadme TI-PG1284I vastavust és a 2004/108/EK irányelv egyéb elõírásainak.
direktiivi 2014/30/EU ja 2004/108/EÜ põhinõuetele ja nimetatud
Polski [Polish] Niniejszym TRENDnet oświadcza, że TI-PG1284I jest zgodny z
direktiivist tulenevatele teistele asjakohastele sätetele.
zasadniczymi wymogami oraz pozostałymi stosownymi
English Hereby, TRENDnet, declares that this TI-PG1284I is in compliance postanowieniami Dyrektywy 2014/30/EU i 2004/108/WE.
with the essential requirements and other relevant provisions of
Português TRENDnet declara que este TI-PG1284I está conforme com os
Directive 2014/30/EU and 2004/108/EC.
[Portuguese] requisitos essenciais e outras disposições da Directiva 2014/30/EU,
Español Por medio de la presente TRENDnet declara que el TI-PG1284I e 2004/108/CE.
[Spanish] cumple con los requisitos esenciales y cualesquiera otras
Slovensko TRENDnet izjavlja, da je ta TI-PG1284I v skladu z bistvenimi
disposiciones aplicables o exigibles de la Directiva 2014/30/EU,
[Slovenian] zahtevami in ostalimi relevantnimi določili direktive 2014/30/EU,
2004/108/CE y.
in 2004/108/ES.
Ελληνική ΜΕ ΤΗΝ ΠΑΡΟΥΣΑTRENDnet ΔΗΛΩΝΕΙ ΟΤΙTI-
Slovensky TRENDnettýmtovyhlasuje, že TI-PG1284Ispĺňazákladnépožiadavky
[Greek] PG1284IΣΥΜΜΟΡΦΩΝΕΤΑΙ ΠΡΟΣ ΤΙΣ ΟΥΣΙΩΔΕΙΣ ΑΠΑΙΤΗΣΕΙΣ ΚΑΙ
[Slovak] a všetkypríslušnéustanoveniaSmernice 2014/30/EU a
ΤΙΣ ΛΟΙΠΕΣ ΣΧΕΤΙΚΕΣ ΔΙΑΤΑΞΕΙΣ ΤΗΣ ΟΔΗΓΙΑΣ, 2014/30/EU,
2004/108/ES.
2004/108/ΕΚ και.
Suomi [Finnish] TRENDnet vakuuttaa täten että TI-PG1284I tyyppinen laite on
Français Par la présente TRENDnet déclare que l'appareil TI-PG1284I est
direktiivin 2014/30/EU ja 2004/108/EY oleellisten vaatimusten ja
[French] conforme aux exigences essentielles et aux autres dispositions
sitä koskevien direktiivin muiden ehtojen mukainen.
pertinentes de la directive 2014/30/UE et 2004/108/CE.
Svenska Härmed intygar TRENDnet att denna TI-PG1284I står I
Italiano[Italian] Con la presente TRENDnet dichiara che questo TI-PG1284I è
[Swedish] överensstämmelse med de väsentliga egenskapskrav och övriga
conforme ai requisiti essenziali ed alle altre disposizioni pertinenti
relevanta bestämmelser som framgår av direktiv 2014/30/EU, och
stabilite dalla direttiva 2014/30/EU e 2004/108/CE.
2004/108/EG.
Latviski AršoTRENDnetdeklarē, ka TI-PG1284I atbilstDirektīvas 2014/30/EU
[Latvian] un 2004/108/EK būtiskajāmprasībām un citiemar to
saistītajiemnoteikumiem.
Lietuvių Šiuo TRENDnet deklaruoja, kad šis TI-PG1284I atitinka esminius

[Lithuanian]

186
TRENDnet User’s Guide Limited Warranty
Limited Warranty In the event that, after evaluation, TRENDnet cannot replace the defective product or
there is no comparable model available, we will refund the depreciated value of the
TRENDnet warrants only to the original purchaser of this product from a TRENDnet product.
authorized reseller or distributor that this product will be free from defects in material
and workmanship under normal use and service. This limited warranty is non-
If a product does not operate as warranted during the applicable warranty period,
transferable and does not apply to any purchaser who bought the product from a
TRENDnet shall reserve the right, at its expense, to repair or replace the defective
reseller or distributor not authorized by TRENDnet, including but not limited to
product or part and deliver an equivalent product or part to the customer. The
purchases from Internet auction sites.
repair/replacement unit's warranty continues from the original date of purchase. All
products that are replaced become the property of TRENDnet. Replacement products
Limited Warranty may be new or reconditioned. TRENDnet does not issue refunds or credit. Please
TRENDnet warrants its products against defects in material and workmanship, under contact the point-of-purchase for their return policies.
normal use and service. Specific warranty periods are listed on each of the respective
product pages on the TRENDnet website. TRENDnet shall not be responsible for any software, firmware, information, or memory
 AC/DC Power Adapter, Cooling Fan, and Power Supply carry a one-year data of customer contained in, stored on, or integrated with any products returned to
warranty. TRENDnet pursuant to any warranty.
Limited Lifetime Warranty

There are no user serviceable parts inside the product. Do not remove or attempt to
TRENDnet offers a limited lifetime warranty for all of its metal-enclosed network
service the product by any unauthorized service center. This warranty is voided if (i) the
switches that have been purchased in the United States/Canada on or after 1/1/2015.
product has been modified or repaired by any unauthorized service center, (ii) the
 Cooling fan and internal power supply carry a one-year warranty product was subject to accident, abuse, or improper use, or (iii) the product was subject
to conditions more severe than those specified in the manual.
To obtain an RMA, the ORIGINAL PURCHASER must show Proof of Purchase and return
the unit to the address provided. The customer is responsible for any shipping-related
costs that may occur. Replacement goods will be shipped back to the customer at Warranty service may be obtained by contacting TRENDnet within the applicable
TRENDnet’s expense. warranty period and providing a copy of the dated proof of the purchase. Upon proper
submission of required documentation, a Return Material Authorization (RMA) number
Upon receiving the RMA unit, TRENDnet may repair the unit using refurbished parts. In will be issued. An RMA number is required in order to initiate warranty service support
the event that the RMA unit needs to be replaced, TRENDnet may replace it with a for all TRENDnet products. Products that are sent to TRENDnet for RMA service must
refurbished product of the same or comparable model.
have the RMA number marked on the outside of return packages and sent to TRENDnet
prepaid, insured and packaged appropriately for safe shipment. International customers

187
TRENDnet User’s Guide Limited Warranty
shipping from outside of the USA and Canada are responsible for any return shipping CONTRACT OR TORT (INCLUDING NEGLIGENCE), FOR INCIDENTAL, CONSEQUENTIAL,
and/or customs charges, including but not limited to, duty, tax, and other fees. INDIRECT, SPECIAL, OR PUNITIVE DAMAGES OF ANY KIND, OR FOR LOSS OF REVENUE OR
PROFITS, LOSS OF BUSINESS, LOSS OF INFORMATION OR DATE, OR OTHER FINANCIAL
LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE, INSTALLATION,
Refurbished product: Refurbished products carry a 90-day warranty after date of
MAINTENANCE, USE, PERFORMANCE, FAILURE, OR INTERRUPTION OF THE POSSIBILITY
purchase. Please retain the dated sales receipt with purchase price clearly visible as
OF SUCH DAMAGES, AND LIMITS ITS LIABILITY TO REPAIR, REPLACEMENT, OR REFUND
evidence of the original purchaser's date of purchase. Replacement products may be
OF THE PURCHASE PRICE PAID, AT TRENDNET'S OPTION. THIS DISCLAIMER OF LIABILITY
refurbished or contain refurbished materials. If TRENDnet, by its sole determination, is
FOR DAMAGES WILL NOT BE AFFECTED IF ANY REMEDY PROVIDED HEREIN SHALL FAIL
unable to replace the defective product, we will offer a refund for the depreciated value
OF ITS ESSENTIAL PURPOSE.
of the product.
Governing Law: This Limited Warranty shall be governed by the laws of the state of
WARRANTIES EXCLUSIVE: IF THE TRENDNET PRODUCT DOES NOT OPERATE AS
California.
WARRANTED ABOVE, THE CUSTOMER'S SOLE REMEDY SHALL BE, AT TRENDNET'S
OPTION, REPAIR OR REPLACE. THE FOREGOING WARRANTIES AND REMEDIES ARE
EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESSED OR IMPLIED, Some TRENDnet products include software code written by third party developers.
EITHER IN FACT OR BY OPERATION OF LAW, STATUTORY OR OTHERWISE, INCLUDING These codes are subject to the GNU General Public License ("GPL") or GNU Lesser
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. General Public License ("LGPL").
TRENDNET NEITHER ASSUMES NOR AUTHORIZES ANY OTHER PERSON TO ASSUME FOR
IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE, INSTALLATION,
Visit http://www.trendnet.com/gpl or the support section on
MAINTENANCE, OR USE OF TRENDNET'S PRODUCTS.
http://www.trendnet.com and search for the desired TRENDnet product to access to
the GPL Code or LGPL Code. These codes are distributed WITHOUT WARRANTY and are
TRENDNET SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND subject to the copyrights of the developers. TRENDnet does not provide technical
EXAMINATION DISCLOSE THAT THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST support for these codes. Please visit http://www.gnu.org/licenses/gpl.txt or
OR WAS CAUSED BY CUSTOMER'S OR ANY THIRD PERSON'S MISUSE, NEGLECT, http://www.gnu.org/licenses/lgpl.txt for specific terms of each license.
IMPROPER INSTALLATION OR TESTING, UNAUTHORIZED ATTEMPTS TO REPAIR OR PWP07172015v3 2016/04/15
MODIFY, OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE, OR BY
ACCIDENT, FIRE, LIGHTNING, OR OTHER HAZARD.
LIMITATION OF LIABILITY: TO THE FULL EXTENT ALLOWED BY LAW, TRENDNET ALSO
EXCLUDES FOR ITSELF AND ITS SUPPLIERS ANY LIABILITY, WHETHER BASED IN

188

Trendnet TI-PG1284 Manual

Uploaded by

Copyright:

Available Formats

Trendnet TI-PG1284 Manual

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Trendnet TI-PG1284 Manual

Uploaded by

Copyright:

Available Formats

TRENDnet User’s Guide Cover Page

TRENDnet User’s Guide Table of Contents

Port Settings ................................................................................................................ 28

General Settings .......................................................................................................... 14 DHCP Option 82 ........................................................................................................... 76

System ............................................................................................................... 14 DHCP Relay .................................................................................................................. 79

© Copyright 2016 TRENDnet. All Rights Reserved.

Static Route ............................................................................................................... 115 User Account ............................................................................................................. 177

© Copyright 2016 TRENDnet. All Rights Reserved.

Product Overview Features

Industrial Hardened Design

TI-PG1284i Fault Tolerance

Please note power supply is sold separately (model: TI-24048).

© Copyright 2016 TRENDnet. All Rights Reserved.

Full PoE+ Power Budget Redundant Power

Network Ports and Capacity Alarm Output

Integrated DIN-Rail Mount Jumbo Frame

Full PoE Control Per Port Wide Temperature

Traffic Management Electro Magnetic Compliance

© Copyright 2016 TRENDnet. All Rights Reserved.

Product Hardware Features LED Indicators

LED State Status

 Ports 1-8 – Designed to operate at 10Mbps, 100Mbps, or Gigabit speed in both

© Copyright 2016 TRENDnet. All Rights Reserved.

6-pin Removable Terminal Block ALM DIP Switches

DIP No Name State Status

Note: Turn off the power before connecting modules or wires.

© Copyright 2016 TRENDnet. All Rights Reserved.

SFP Transceiver/Optical Cable Installation

1. Remove the rubber plug from the SFP slot.

© Copyright 2016 TRENDnet. All Rights Reserved.

© Copyright 2016 TRENDnet. All Rights Reserved.

Install power supply connections Basic IP Configuration

2. Assign a static IP address to your computer’s network adapter in the subnet of

© Copyright 2016 TRENDnet. All Rights Reserved.

9. When confirmation message appears click OK.

© Copyright 2016 TRENDnet. All Rights Reserved.

Connect additional devices to your switch

© Copyright 2016 TRENDnet. All Rights Reserved.

Accessing switch management interfaces Parity None

Setting Default Value

Setting Default Value

© Copyright 2016 TRENDnet. All Rights Reserved.

CLI Command Modes TI-PG1284I(config)#interface eth0

© Copyright 2016 TRENDnet. All Rights Reserved.

2. Enter the user name and password. By default:

© Copyright 2016 TRENDnet. All Rights Reserved.

Host name This field displays the name of the Switch.

Firmware Version This field displays the firmware version.

© Copyright 2016 TRENDnet. All Rights Reserved.

Serial Number The serial number assigned by manufacture for identification of

© Copyright 2016 TRENDnet. All Rights Reserved.

count. The default range: 0 ~ 1047

© Copyright 2016 TRENDnet. All Rights Reserved.

© Copyright 2016 TRENDnet. All Rights Reserved.

Global Address Configure a global IPv6 address for the Switch.

Set – Set an IPv6 default gateway for the Switch.

Apply Click this button to take effect the settings.

© Copyright 2016 TRENDnet. All Rights Reserved.

© Copyright 2016 TRENDnet. All Rights Reserved.