VigorSwitch P2500 - Network switch Draytek - Free user manual and instructions

USER MANUAL VigorSwitch P2500 Draytek

PoE L2 Managed Gigabit Switch

Your reliable networking solutions partner

User's Guide

V1.1

VigorSwitch P2500

PoE L2 Managed Gigabit Switch

User's Guide

Version: 1.1

Firmware Version: V2.4.3

(For future update, please visit DrayTek web site)

Date: August 29, 2019

Copyrights

© All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.

Trademarks

The following trademarks are used in this document:

● Microsoft is a registered trademark of Microsoft Corp.
● Windows, Windows 95, 98, Me, NT, 2000, XP, Vista, 7, 8, 10 and Explorer are trademarks of Microsoft Corp.
● Apple and Mac OS are registered trademarks of Apple Inc.
● Other products may be trademarks or registered trademarks of their respective manufacturers.

Caution

Circuit devices are sensitive to static electricity, which can damage their delicate electronics. Dry weather conditions or walking across a carpeted floor may cause you to acquire a static electrical charge.

To protect your device, always:

• Touch the metal chassis of your computer to ground the static electrical charge before you pick up the circuit device.
• Pick up the device by holding it on the left and right edges only.

Warranty

We warrant to the original end user (purchaser) that the device will be free from any defects in workmanship or materials for a period of one (1) year from the date of purchase from the dealer. Please keep your purchase receipt in a safe place as it serves as proof of date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, we will, at our discretion, repair or replace the defective products or components, without charge for either parts or labor, to whatever extent we deem necessary tore-store the product to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be offered solely at our discretion. This warranty will not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. The warranty does not cover the bundled or licensed software of other vendors. Defects which do not significantly affect the usability of the product will not be covered by the warranty. We reserve the right to revise the manual and online documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes.

Be a Registered Owner

Web registration is preferred. You can register your Vigor router via http://www.DrayTek.com.

Firmware & Tools Updates

Due to the continuous evolution of DrayTek technology, all routers will be regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.

More update, please visit www.draytek.com.

Table of Contents

Part I Introduction....1

I-1 Introduction ...... 2

I-1-1 Key Features 2
I-1-2 Specifications 3
I-1-3 Packing List 4
I-1-4 LED Indicators and Connectors .... 4

I-2 Installation....6

I-2-1 Typical Applications....6
I-2-2 Installing Network Cables.... 10
I-2-3 Configuring the Management Agent of Switch.... 10
I-2-4 Managing VigorSwitch P2500 through Ethernet Port.... 10
I-2-5 IP Address Assignment 11

I-3 Accessing Web Page of VigorSwitch 15
I-4 Dashboard.... 16
I-5 Status 17

I-5-1 Port Bandwidth Utilization 17
I-5-2 LLDP Statistics 17
I-5-3 GVRP Statistics....18
I-5-4 MLD Snooping Statistics 18
I-5-5 Hardware Monitor....19

Part II Switch LAN....21

II-1 General Setup....22

II-1-1 IP Address 22
II-1-2 IPv6 Address 23
II-1-3 Management VLAN 24

II-2 Port Setting 25

II-2-1 General Setting.... 25
II-2-2 Protected Ports.... 27

II-3 Mirror 28

II-4 Link Aggregation 29

II-4-1 LAG Setting 29
II-4-2 LAG Management 30
II-4-3 LAG Port Setting.... 31
II-4-4 LACP Setting 32
II-4-5 LACP Port Setting 33

II-5 VLAN Management.... 34

II-5-1 Create VLAN 34
II-5-2 Interface Settings.... 35

II-5-3 Voice VLAN 37

II-5-3-1 Properties 37

II-5-3-2 Telephony OUI Setting 38

II-5-3-3 Port Setting 39

II-5-4 MAC VLAN 40

II-5-4-1 MAC Group 40

I-5-4-3 Group Binding 41

II-5-5 Protocol VLAN 42

II-5-5-1 Protocol Group 42

II-5-5-2 Group Binding 43

II-5-6 Surveillance VLAN....45

II-5-6-1 Property 45

II-5-6-1 Surveillance OUI....47

II-5-7 GVRP 48

II-5-7-1 Property 48

II-5-7-2 Membership....49

II-6 EEE 50

II-7 Multicast 51

II-7-1 Properties 51

II-7-2 IGMP Snooping 53

II-7-2-1 IGMP Setting 53

II-7-2-2 IGMP Querier Setting....55

II-7-2-3 IGMP Static Group 56

II-7-2-4 IGMP Group Table....57

II-7-2-5 IGMP Router Table....58

II-7-2-6 Forward All 59

II-7-2-7 Throttling 60

II-7-2-8 Filtering Profile....61

II-7-2-9 Filtering Binding 62

II-7-3 MVR....64

II-7-3-1 Property 64

II-7-3-2 Port Setting....65

II-7-3-3 Group Address....66

II-7-4 MLD Snooping....67

II-7-4-1 MLD Setting 67

II-7-4-2 MLD Static Group 69

II-7-4-3 MLD Group Table....71

II-7-4-4 MLD Router Table....72

II-7-4-5 Forward All 73

II-7-4-6 Throttling 74

II-7-4-7 Filtering Profile 75

II-7-4-8 Filtering Binding 76

II-8 Jumbo Frame 78

II-9 STP 79

II-9-1 Properties 79

II-9-2 Port Setting 80

II-9-3 Bridge Setting 82

II-9-4 Port Advanced Setting....83

II-9-5 Statistics 84

II-9-6 MST Instance 85

II-9-7 MST Port Setting 86

II-10 MAC Address Table....88

II-10-1 Static MAC Setting 88

II-10-2 Dynamic Address Setting 89

II-10-3 Dynamic Learned 89

II-11 Blocked Port Recover....91

Part III ONVIF Surveillance....93

III-1 Discovery 94

III-2 Topology 95

III-2-1 Status 95

III-2-2 Throughput Threshold 99

III-3 Video 101

III-4 Device Maintenance 102

III-4-1 General.... 102

III-4-1 Network 104

III-4-3 Security....105

Part IV Security ....107

IV-1 RADIUS 108

IV-2 TACACS+....110

IV-3 Management Access Authentication....111

IV-3-1 Method Profile.... 111

IV-3-2 Application Authentication.... 112

IV-4 Management Access Control....113

IV-4-1 Management Access Control Profile (ACL) 113

IV-4-2 Management Access Control Entries (ACE).... 114

IV-5 802.1X/MAC Authentication....116

IV-5-1 Properties.... 116

IV-5-1-1 Global Settings 116

IV-5-1-2 Port Authentication Setting.... 117

IV-5-2 Port Control/Settings 118

IV-5-3 MAC-Based Local Account 120

IV-5-4 Authenticated Hosts 121

IV-6 Port Security 122

IV-7 Storm Control....124

IV-7-1 Properties.... 124

IV-7-2 Port Setting 125

IV-8 DoS....126

IV-8-1 Properties.... 126

IV-8-2 DoS Port Setting 128

IV-9 Dynamic ARP Inspection 129

IV-9-1 Properties 129

IV-9-1-1 Global Property Settings.... 129

IV-9-1-2 Per Port Property Settings.... 130

IV-9-2 Statistics....131

IV-10 DHCP Snooping.... 132

IV-10-1 Properties.... 132

IV-10-1-1 Global Property Settings 132

IV-10-1-2 Per Port Property Settings 133

IV-10-2 Statistics.... 134

IV-10-3 Option82 Property 134

IV-10-3-1 Global Option82 Property Settings 134

IV-10-3-2 Per Port Option82 Property Settings 135

III-10-4 Option82 Circuit ID 136

IV-11 IP Source Guard 137

IV-11-1 Port Settings.... 137

IV-11-2 IMPV Binding 138

IV-12 IP Conflict Prevention 139

IV-13 Loop Protection.... 143

Part V ACL Configuration....145

V-1 Create ACL 146

V-1-1 MAC 146

V-1-2 IPv4 146

V-1-3 IPv6 147

V-2 Create ACE 149

V-2-1 MAC 149

V-2-2 IPv4 150

V-2-3 IPv6 152

V-3 ACL Binding 154

Part VI QoS Configuration....155

VI-1 General 156

VI-1-1 Properties.... 156

VI-1-1-1 QoS General Setting 156

VI-1-1-2 Trust Ports 157

VI-1-2 Port Settings.... 158

VI-1-3 Queue Settings 159

VI-1-4 CoS Mapping 160

VI-2-2 Egress Shaping Rate 164

VI-2-3 Egress Shaping Per Queue 165

Part VII PoE Configuration....167

VII-1 Properties 168

VII-2 Status....169

VII-3 Schedule....170

VII-3-1 Schedule Profile 170

VII-4-2 Port Scheduling.... 171

Part VIII System Maintenance....173

VIII-1 TR-069.... 174

VIII-2 OpenVPN.... 176

VIII-3 Webhook....177

VIII-4 LLDP 178

VIII-4-1 Properties.... 178

VIII-4-2 LLDP Port Setting 179

VIII-4-3 LLDP Local Device....181

VIII-4-4 MED Network Policy 182

VIII-4-5 LLDP MED Port Settings 183

VIII-4-6 LLDP Remote Device 184

VIII-4-7 LLDP Overloading.... 185

VIII-5 SNMP 186

VIII-5-1 View 187

VIII-5-2 Group 188

VIII-5-3 Community 190

VIII-5-4 User....191

VIII-5-5 Engine ID 193

VIII-5-5-1 Local Engine ID 193

VIII-5-5-2 Remote Engine ID.... 194

VIII-5-6 Trap Event.... 195

VIII-5-7 Notification 196

VIII-6 Access Manager 198

VIII-7 Time and Date 199

VIII-7-1 System Time Zone 199

VIII-7-2 Time 200

VIII-8 Backup Manager....201

VIII-9 Upgrade Manager....202

VIII-10 Firmware Information.... 203

VIII-11 Account Manager....204

VIII-12 Factory Default 206

VIII-13 Reboot Switch....207

Part IX Diagnostics....209

IX-1 Device Check....210

IX-2 Cable Diagnostics....211

IX-3 Ping Test 212

IX-4 SysLog 213

IX-4-1 SysLog Explorer 213

IX-4-2 SysLog Settings 214

IX-4-2-1 SysLog Service 214

IX-4-2-2 Local SysLog 215

IX-4-2-3 Remote SysLog 216

IX-4-2-4 SysLog Mail 217

IX-5 Fan Test....219

Part X Mail Alert 221

X-1 Alert Setting 222

Part XI Telnet Commands....225

XI-1 Accessing Telnet of VigorSwitch....226

XI-2 Available Commands.... 227

XI-2-1 Clear Configuration 228

XI-2-2 Clock Configuration.... 237

XI-2-3 Configure Configuration 238

XI-2-4 Copy Configuration 323

XI-2-5 Delete Configuration 324

XI-2-6 Disable Configuration.... 325

XI-2-7 End Configuration 325

XI-2-8 Exit Configuration.... 325

XI-2-9 Ping Configuration.... 326

XI-2-10 Reboot Configuration 327

XI-2-11 Renew Configuration.... 327

XI-2-12 Restore-defaults Configuration 327

XI-2-13 Save Configuration.... 328

XI-2-14 Show Configuration.... 328

XI-2-15 SSL Configuration.... 329

XI-2-16 Terminal Configuration.... 329

XI-2-17 Traceroute Configuration 330

XI-2-18 UDLD Configuration.... 330

Appendix: Reference....333

A-1 What's the Ethernet....333

A-2 Media Access Control (MAC) 336

A-3 Flow Control.... 340

Index 343

Part I Introduction

I-1 Introduction

VigorSwitch P2500, PoE L2 Managed Gigabit Switch, is a standard switch that meets all IEEE 802.3/ u/ x/ z Gigabit, Fast Ethernet specifications. The switch has 24 10/ 100/ 1000Mbps TP ports. It supports telnet, http, https, SSH and SNMP interface for switch management. The network administrator can login the switch to monitor, configure and control each port's activity. In addition, the switch implements the QoS (Quality of Service), VLAN, and Trunking. It is suitable for office application.

VigorSwitch supports IEEE 802.3az, Energy-Efficient Ethernet, and provides power saving feature. It can efficiently save the switch power with auto detect the client idle and cable length to provide different power.

1000Mbps SFP Fiber port fully complies with all IEEE 802.3z and 1000Base-SX/LX standards.

graph TD
    A["Head Office"] --> B["Vigor Router Series"]
    B --> C["Router"]
    C --> D["IT Dept. (VLAN 10)"]
    D --> E["PoE"]
    D --> F["Finance Dept. (VLAN 20)"]
    F --> G["PoE"]
    F --> H["Sales Dept. (VLAN 30)"]
    H --> I["PoE"]
    C --> J["Fiber Trunking"]
    J --> K["Warehouse (VLAN 40)"]
    K --> L["Pod Devices"]
    L --> M["Pod Devices"]
    M --> N["Pod Devices"]
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333
    style E fill:#cff,stroke:#333
    style F fill:#ffc,stroke:#333
    style G fill:#cfc,stroke:#333
    style H fill:#cfc,stroke:#333
    style I fill:#cfc,stroke:#333
    style J fill:#fcc,stroke:#333
    style K fill:#ffc,stroke:#333

I-1-1 Key Features

Below shows key features of this device:

QoS

The switch offers powerful QoS function. This function supports 802.1p VLAN tag priority and DSCP on Layer 3 of network framework.

VLAN

Support Port-based VLAN and IEEE802.1Q Tag VLAN. Support 24 active VLANs and VLAN ID 1\~4094.

Port Trunking

Allows one or more links to be aggregated together to form a Link Aggregation Group by the static setting.

Power Saving

The Power saving using the IEEE 802.3az, Energy-Efficient Ethernet to detect the client idle and cable length automatically and provides the different power. It could efficient to save the switch power and reduce the power consumption.

I-1-2 Specifications

The VigorSwitch P2500, a standalone off-the-shelf switch, provides the comprehensive features listed below for users to perform system network administration and efficiently and securely serve your network.

Hardware

44 10/100/1000Mbps Auto-negotiation Gigabit Ethernet TP ports with PoE+
◆ 4 TP/ SFP Combo Ethernet Ports
◆ 2 SFP Ports
❖ Jumbo frame support 9KB
◆ Programmable classifier for QoS (Layer 2/ Layer 3)
✿ 8K MAC address and support VLAN ID(1\~4094)
- Per-port shaping, policing, and Broadcast Storm Control
Power Saving with IEEE 802.3az, Energy-Efficient Ethernet
Full-duplex flow control (IEEE802.3x) and half-duplex backpressure
◆ Extensive front-panel diagnostic LEDs; Power, System, PoE fail and PoE/ link activity
Hardware reset button for resetting configuration to factory default by pressing over 5 seconds

Management

◆ Supports per port traffic monitoring counters
◆ Supports a snapshot of the system Information when you login
◆ Supports port mirror function
◆ Supports the static trunk function
◆ Supports 802.1Q VLAN
◆ Supports user management and limits three users to login
Maximal packet length can be up to 9600 bytes for jumbo frame application
◆ Supports Broadcasting Suppression to avoid network suspended or crashed
◆ Supports to send the trap event while monitored events happened
✿ Supports default configuration which can be restored to overwrite the current configuration which is working on via Web UI and Reset button of the switch
◆ Supports on-line plug/ unplug SFP modules
✿ Supports Quality of Service (QoS) for real time applications based on the information taken from Layer 2 to Layer 3
Built-in web-based management and CLI management, providing a more convenient UI for the user

I-1-3 Packing List

Before you start installing the switch, verify that the package contains the following:

VigorSwitch P2500
AC Power Cord
◆ Quick Start Guide
Rubber feet
◆ Rack mount kit

Please notify your sales representative immediately if any of the aforementioned items is missing or damaged.

I-1-4 LED Indicators and Connectors

Before you use the Vigor device, please get acquainted with the LED indicators and connectors first. There are 8 Ethernet ports and SFP ports on the front panel of the switch. LED display area, locating on the front panel, contains an ACT, Power LED and ports working status of the switch.

LED Explanation

Connector Explanation

Interface	Description
Port 1 ~ 44 (RJ45)	Port 1 to Port 44 can be used for Ethernet connection and PoE connection, depending on the device connected.
Port 1 ~ 44 (PoE)
Port 45 ~ 48(RJ45 or SFP)	Port 45 to Port 48 are used either for Ethernet or fiber connection.
Port 49 ~ 50 (SFP)	Port 49 to Port 50 are used for fiber connection.
Slide Switch(for P2500 only)	Switch the LED function.Right: PoE connection status.Left: LAN port connection status.
Console	Used to perform telnet command control.
	Power inlet for AC input (100~240V/ AC, 50/ 60Hz).

Note:

Power Output -

• IEEE 802.3af Max. 15.4W Output Supported
• IEEE 802.3at Max. 30W Output Supported

PoE Power Budget--

● 405 Watts (Max)

I-2 Installation

I-2-1 Typical Applications

The VigorSwitch implements 24 Gigabit Ethernet TP ports with auto MDIX and four slots for the removable module supporting comprehensive fiber types of connection, including LC and BiDi-LC SFP modules. The switch is suitable for the following applications:

Case 1: All switch ports are in the same local area network.

Every port can access each other. (*The switch image is sample only.)

If VLAN is enabled and configured, each node in the network that can communicate each other directly is bounded in the same VLAN area.

Here VLAN area is defined by what VLAN you are using. The switch supports both port-based VLAN and tag-based VLAN. They are different in practical deployment, especially in physical location. The following diagram shows how it works and what the difference they are.

Case 2: Port-based VLAN -1 (*The switch image is sample only.)

graph TD
    A["Switch"] --> B["VLAN1"]
    A --> C["VLAN2"]
    A --> D["VLAN3"]
    A --> E["VLAN4"]
    B --> F["Computer 1"]
    B --> G["Computer 2"]
    C --> H["Computer 3"]
    C --> I["Computer 4"]
    D --> J["Computer 5"]
    D --> K["Computer 6"]
    E --> L["Computer 7"]

The same VLAN members could not be in different switches.

• Every VLAN members could not access VLAN members each other.
  The switch manager has to assign different names for each VLAN groups at one switch.

Case 3: Port-based VLAN - 2

graph TD
    subgraph VLAN1
        A["Switch"] --> B["Computer"]
        C["Switch"] --> D["Computer"]
        E["Switch"] --> F["Computer"]
    end
    subgraph VLAN2
        G["Switch"] --> H["Computer"]
        I["Switch"] --> J["Computer"]
        K["Switch"] --> L["Computer"]
    end
    subgraph VLAN3
        M["Switch"] --> N["Computer"]
        O["Switch"] --> P["Computer"]
        Q["Switch"] --> R["Computer"]
        S["Switch"] --> T["Computer"]
    end
    subgraph VLAN4
        U["Switch"] --> V["Computer"]
        W["Switch"] --> X["Computer"]
        Y["Switch"] --> Z["Computer"]
    end

✿ VLAN1 members could not access VLAN2, VLAN3 and VLAN4 members.
✿ VLAN2 members could not access VLAN1 and VLAN3 members, but they could access VLAN4 members.
✿ VLAN3 members could not access VLAN1, VLAN2 and VLAN4.
✿ VLAN4 members could not access VLAN1 and VLAN3 members, but they could access VLAN2 members.

Case 4: The same VLAN members can be at different switches with the same VID

graph TD
    A["Router 1"] --> B["Computer"]
    C["Router 1"] --> D["Computer"]
    E["Router 1"] --> F["Computer"]
    G["Router 1"] --> H["Computer"]
    I["Router 1"] --> J["Computer"]
    K["Router 1"] --> L["Computer"]
    M["Router 1"] --> N["Computer"]
    O["Router 1"] --> P["Computer"]
    Q["Router 1"] --> R["Computer"]
    S["Router 1"] --> T["Computer"]
    U["Router 1"] --> V["Computer"]
    W["Router 1"] --> X["Computer"]
    Y["Router 1"] --> Z["Computer"]
    AA["Router 1"] --> AB["Computer"]
    AC["Router 1"] --> AD["Computer"]
    AE["Router 1"] --> AF["Computer"]
    AG["Router 1"] --> AH["Computer"]
    AI["Router 1"] --> AJ["Computer"]
    AK["Router 1"] --> AL["Computer"]
    AM["Router 1"] --> AN["Computer"]
    AO["Router 1"] --> AP["Computer"]
    AQ["Router 1"] --> AR["Computer"]
    AS["Router 1"] --> AT["Computer"]
    AU["Router 1"] --> AV["Computer"]
    AW["Router 1"] --> AX["Computer"]
    AY["Router 2"] --> Z
    AZ["Router 2"] --> AA
    BA["Router 2"] --> AB
    BB["Router 2"] --> AC
    BC["Router 2"] --> AD
    BD["Router 2"] --> AE
    BE["Router 2"] --> AF
    BF["Router 2"] --> AG
    BG["Router 2"] --> AH
    BH["Router 2"] --> AI
    BI["Router 2"] --> AJ
    BJ["Router 2"] --> AK
    BK["Router 2"] --> AL
    BL["Router 2"] --> AM
    BM["Router 2"] --> AN
    BN["Router 2"] --> AO
    BO["Router 2"] --> AP
    BP["Router 2"] --> AQ
    BQ["Router 2"] --> AA
    BR["Router 2"] --> AB
    BS["Router 2"] --> AC
    BT["Router 2"] --> AD
    BU["Router 2"] --> AE
    BV["Router 2"] --> AH
    BW["Router 2"] --> AX
    BX["Router 2"] --> AY
    BY["Router 2"] --> AZ
    CA["Router 2"] --> BA
    CB["Router 2"] --> BF
    CC["Router 2"] --> AD
    CD["Router 2"] --> AE
    CE["Router 2"] --> AF
    CF["Router 2"] --> AG
    GH["Router 2"] --> AH
    BIJ["VLAN1"] --> A
    BJV["VLAN1"] --> B
    BKV["VLAN1"] --> CA
    BLV["VLAN1"] --> B

Case 5: Desktop Installation

1. Install the switch on a level surface that can support the weight of the unit and the relevant components.
2. Plug the switch with the female end of the provided power cord and plug the male end to the power outlet.

Case 6: Rack-mount Installation

The switch may be standalone, or mounted in a rack. Rack mounting facilitate to an orderly installation when you are going to install series of networking devices.

Procedures to Rack-mount the switch:

1. Disconnect all the cables from the switch before continuing.
2. Place the unit the right way up on a hard, flat surface with the front facing you.
3. Locate a mounting bracket over the mounting holes on one side of the unit.
4. Insert the screws and fully tighten with a suitable screwdriver.
5. Repeat the two previous steps for the other side of the unit.
6. Insert the unit into the rack and secure with suitable screws.
7. Reconnect all the cables.

Case 7: Central Site/Remote site application is used in carrier or ISP

Case 8: Peer-to-peer application is used in two remote offices

graph TD
    A["Server"] --> B["Client 1"]
    A --> C["Client 2"]
    A --> D["Client 3"]
    A --> E["Client 4"]
    A --> F["Client 5"]
    A --> G["Client 6"]
    A --> H["Client 7"]
    A --> I["Client 8"]
    A --> J["Client 9"]
    A --> K["Client 10"]
    A --> L["Client 11"]
    A --> M["Client 12"]
    A --> N["Client 13"]
    A --> O["Client 14"]
    A --> P["Client 15"]
    A --> Q["Client 16"]
    A --> R["Client 17"]
    A --> S["Client 18"]
    A --> T["Client 19"]
    A --> U["Client 20"]
    A --> V["Client 21"]
    A --> W["Client 22"]
    A --> X["Client 23"]
    A --> Y["Client 24"]
    A --> Z["Client 25"]
    A --> AA["Client 26"]
    A --> AB["Client 27"]
    A --> AC["Client 28"]
    A --> AD["Client 29"]
    A --> AE["Client 30"]
    A --> AF["Client 31"]
    A --> AG["Client 32"]
    A --> AH["Client 33"]
    A --> AI["Client 34"]
    A --> AJ["Client 35"]
    A --> AK["Client 36"]
    A --> AL["Client 37"]
    A --> AM["Client 38"]
    A --> AN["Client 39"]
    A --> AO["Client 40"]
    A --> AP["Client 41"]
    A --> AQ["Client 42"]
    A --> AR["Client 43"]
    A --> AS["Client 44"]
    A --> AT["Client 45"]
    A --> AU["Client 46"]
    A --> AV["Client 47"]
    A --> AW["Client 48"]
    A --> AX["Client 49"]
    A --> AY["Client 50"]
    A --> AZ["Client 51"]
    A --> BA["Client 52"]
    A --> BB["Client 53"]
    A --> BC["Client 54"]
    A --> BD["Client 55"]
    A --> BE["Client 56"]
    A --> BF["Client 57"]
    A --> BG["Client 58"]
    A --> BH["Client 59"]
    A --> BI["Client 60"]
    A --> BJ["Client 61"]
    A --> BK["Client 62"]
    A --> BL["Client 63"]
    A --> BM["Client 64"]
    A --> BN["Client 65"]
    A --> BO["Client 66"]
    A --> BP["Client 67"]
    A --> BQ["Client 68"]
    A --> BR["Client 69"]
    A --> BS["Client 70"]
    A --> BT["Client 71"]
    A --> BU["Client 72"]
    A --> BV["Client 73"]
    A --> BW["Client 74"]
    A --> BX["Client 75"]
    A --> BY["Client 76"]
    A --> BZ["Client 77"]
    A --> CA["Client 78"]
    A --> CB["Client 79"]
    A --> CC["Client 80"]

Case 9: Office network

graph TD
    subgraph R & D
        A["Computer 1"] --> B["Switch"]
        C["Computer 2"] --> B
        D["Computer 3"] --> B
        B --> E["Server"]
    end
    subgraph Sales
        F["Computer 1"] --> G["Switch"]
        H["Computer 2"] --> G
        I["Computer 3"] --> G
        G --> J["Server"]
    end
    subgraph Financial
        K["Computer 1"] --> L["Switch"]
        M["Computer 2"] --> L
        N["Computer 3"] --> L
        L --> O["Server"]
    end
    subgraph MIS
        P["Computer 1"] --> Q["Switch"]
        R["Computer 2"] --> Q
        S["Computer 3"] --> Q
        Q --> T["Server"]
    end

I-2-2 Installing Network Cables

Crossover or straight-through cable: All the ports on the switch support Auto-MDI/ MDI-X functionality. Both straight-through or crossover cables can be used as the media to connect the switch with PCs as well as other devices like switches, hubs or router.

Category 3, 4, 5 or 5e, 6 UTP/STP cable: To make a valid connection and obtain the optimal performance, an appropriate cable that corresponds to different transmitting/receiving speed is required. To choose a suitable cable, please refer to the following table.

I-2-3 Configuring the Management Agent of Switch

Users can monitor and configure the switch through the following procedures.

Configuring the Management Agent of VigorSwitch P2500 through the Ethernet Port.

There are several ways to configure and monitor the switch through Ethernet port, includes Web-UI and SNMP.

VigorSwitch, for example:

IP Address: 192.168.1.224

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.1.254

I-2-4 Managing VigorSwitch P2500 through Ethernet Port

Before start using the switch, the IP address setting of the switch should be done, then perform the following steps:

1. Set up a physical path between the configured the switch and a PC by a qualified UTP Cat. 5e cable with RJ-45 connector.

Note: If PC directly connects to the switch, you have to setup the same subnet mask between them. But, subnet mask may be different for the PC in the remote site. Please refer to the above figure about the Web Smart Switch default IP address information.

1. After configuring correct IP address on your PC, open your web browser and access switch's IP address.

Default system account is "admin", with password "admin" in default. Switch IP address is "192.168.1.224" by default with DHCP client enabled.

I-2-5 IP Address Assignment

For IP address configuration, there are three parameters needed to be filled in. They are IP address, Subnet Mask, Default Gateway and DNS.

IP address:

The address of the network device in the network is used for internetworking communication. Its address structure looks is shown below. It is “classful” because it is split into predefined address classes or categories.

Each class has its own network range between the network identifier and host identifier in the 32 bits address. Each IP address comprises two parts: network identifier (address) and host identifier (address). The former indicates the network where the addressed host resides, and the latter indicates the individual host in the network which the address of host refers to. And the host identifier must be unique in the same LAN. Here the term of IP address we used is version 4, known as IPv4.

With the classful addressing, it divides IP address into three classes, class A, class B and class C. The rest of IP addresses are for multicast and broadcast. The bit length of the network prefix is the same as that of the subnet mask and is denoted as IP address/ X, for example, 192.168.1.0/ 24. Each class has its address range described below.

Class A:

Address is less than 126.255.255.255. There are a total of 126 networks can be defined because the address 0.0.0.0 is reserved for default route and 127.0.0.0/8 is reserved for loopback function.

Class B:

IP address range between 128.0.0.0 and 191.255.255.255. Each class B network has a 16-bit network prefix followed 16-bit host address. There are 16,384 (2^14)/ 16 networks able to be defined with a maximum of 65534 (2^16 -2) hosts per network.

Class C:

IP address range between 192.0.0.0 and 223.255.255.255. Each class C network has a 24-bit network prefix followed 8-bit host address. There are 2,097,152 (2^21)/24 networks able to be defined with a maximum of 254 (2^8 -2) hosts per network.

Class D and E:

Class D is a class with first 4 MSB (Most significance bit) set to 1-1-1-0 and is used for IP Multicast. See also RFC 1112. Class E is a class with first 4 MSB set to 1-1-1-1 and is used for IP broadcast.

According to IANA (Internet Assigned Numbers Authority), there are three specific IP address blocks reserved and able to be used for extending internal network. We call it Private IP address and list below:

Please refer to RFC 1597 and RFC 1466 for more information.

Subnet mask:

It means the sub-division of a class-based network or a CIDR block. The subnet is used to determine how to split an IP address to the network prefix and the host address in bitwise basis. It is designed to utilize IP address more efficiently and ease to manage IP network.

For a class B network, 128.1.2.3, it may have a subnet mask 255.255.0.0 in default, in which the first two bytes is with all 1s. This means more than 60 thousands of nodes in flat IP address will be at the same network. It's too large to manage practically. Now if we divide it into smaller network by extending network prefix from 16 bits to, say 24 bits, that's using its third byte to subnet this class B network. Now it has a subnet mask 255.255.255.0, in which each bit of the first three bytes is 1. It's now clear that the first two bytes is used to identify the class B network, the third byte is used to identify the subnet within this class B network and, of course, the last byte is the host number.

Not all IP address is available in the sub-netted network. Two special addresses are reserved. They are the addresses with all zero's and all one's host number. For example, an IP address 128.1.2.128, what IP address reserved will be looked like? All 0s mean the network itself, and all 1s mean IP broadcast.

128.1.2.128/25

In this diagram, you can see the subnet mask with 25-bit long, 255.255.255.128, contains 126 members in the sub-netted network. Another is that the length of network prefix equals the number of the bit with 1s in that subnet mask. With this, you can easily count the number of IP addresses matched. The following table shows the result.

Prefix Length No. of IP matched No. of Addressable IP

According to the scheme above, a subnet mask 255.255.255.0 will partition a network with the class C. It means there will have a maximum of 254 effective nodes existed in this sub-netted network and is considered a physical network in an autonomous network. So it owns a network IP address which may looks like 168.1.2.0.

With the subnet mask, a bigger network can be cut into small pieces of network. If we want to have more than two independent networks in a worknet, a partition to the network must be performed. In this case, subnet mask must be applied.

For different network applications, the subnet mask may look like 255.255.255.240. This means it is a small network accommodating a maximum of 15 nodes in the network.

For assigning an IP address to the switch, you just have to check what the IP address of the network will be connected with the switch. Use the same network address and append your host address to it.

First, IP Address: as shown above, enter "192.168.1.224", for instance. For sure, an IP address such as 192.168.1.x must be set on your PC.
Second, Subnet Mask: as shown above, enter "255.255.255.0". Choose a subnet mask suitable for your network.

Note: The DHCP Setting is enabled in default. Therefore, if a DHCP server presented on network connected to the switch, check before accessing your switch is essential.

I-3 Accessing Web Page of VigorSwitch

1. Open any browser (e.g., Firefox) and type "192.168.1.224" as URL.
2. Please type "admin/admin" as the Username/Password and click Login.

1. Now, the Main Screen will appear.

Info

The DHCP Setting is enabled in default. Therefore, if a DHCP server presented on network connected to VigorSwitch, checking before accessing VigorSwitch is essential.

1-4 Dashboard

Click Dashboard from the main menu on the left side of the main page.

A web page with default selections will be displayed on the screen. Refer to the following figure:

I-5 Status

I-5-1 Port Bandwidth Utilization

This page offers the traffic statistics including data information and data of interframe gap for each port (GE1 to GE28). In which, data of interframe gap can be displayed or hidden by choose Enable / Disable for IFG.

I-5-2 LLDP Statistics

This page offers the statistics of LLDP packets (in, out and error) of each port (GE1 to GE28).

I-5-3 GVRP Statistics

GVRP (Generic Attribute Registration Protocol) is used automatically for exchanging information for VLAN membership between switches. This page counts the GVRP information received on each port.

I-5-4 MLD Snooping Statistics

This page counts the MLD messages received or transmitted on the network.

I-5-5 Hardware Monitor

This page displays the temperature change and voltage of VigorSwitch.

This page is left blank.

Part II Switch LAN

II-1 General Setup

General setup is used to configure settings for the switch network interface and offers how the switch connects to a remote server to get services.

II-1-1 IP Address

Use the IP Address screen to configure the switch IP address and the default gateway device. The gateway field specifies the IP address of the gateway (next hop) for outgoing traffic.

The switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.224. The subnet mask specifies the network number portion of an IP address. The factory default subnet mask is 255.255.255.0.

Info

If VigorSwitch has connected to Vigor router, it will use the IP address obtained from the DHCP server on Vigor router. Thus, the user must type the assigned IP as URL for accessing into the web user interface of VigorSwitch. If not, 192.168.1.224 shall be the default IP.

Available settings are explained as follows:

II-1-2 IPv6 Address

Use the IPv6 Address screen to configure the switch IPv6 address and the default gateway device. The gateway field specifies the IPv6 address of the gateway (next hop) for outgoing traffic.

Available settings are explained as follows:

II-1-3 Management VLAN

This page allows the network administrator to change the VLAN ID of management access. Management access protocols such as http, https, SNMP and etc., are only accessible from the VLAN specified as management VLAN.

Available settings are explained as follows:

II-2 Port Setting

II-2-1 General Setting

Port Setting is used to configure settings for the switch ports, trunk, Layer 2 protocols and other switch features.

Available settings are explained as follows:

Item	Description
Ports Use the drop down I	st to select one or more LAN port(s).
Enable State Enable -Click	it to enable the port.Disable - Click it to disable the port.
Speed Port speed capabilities	Auto: Auto speed with all capabilities.Auto-10M: Auto speed with 10M ability only.Auto-100M: Auto speed with 100M ability only.Auto-1000M: Auto speed with 1000M ability only.Auto-10/100M: Auto speed with 10/ 100M ability.10M: Force speed with 10M ability.100M: Force speed with 100M ability.1000M: Force speed with 1000M ability.Selecting Auto (auto-negotiation) allows one port to negotiate with a peer port automatically to obtain the connection speed and duplex mode that both ends support. When auto-negotiation is turned on, a port on the switch negotiates with the peer automatically to determine the connection speed and duplex mode. If the peer port does not support auto-negotiation or turns off this feature, the switch determines the connection speed by detecting the signal on the cable and using half duplex mode. When the switch's auto-negotiation is turned off, a port uses the pre-configured speed and duplex mode when making a connection, thusrequiring you to make sure that the settings of the peer port are the same in order to connect.For SFP fiber module, you might need to manually configure the speed to match fiber module speed.
Duplex Port duplex capabilities:Auto: Auto duplex with all capabilities.Half: Auto speed with 10/100M ability only.Full: Auto speed with 10/100/1000M ability only.
Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in half duplex mode. IEEE802.3x flow control is used in full duplex mode to send a pause signal to the sending port, causing it to temporarily stop sending signals when the receiving port memory buffers fill. Back Pressure flow control is typically used in half duplex mode to send a "collision" signal to the sending port (mimicking a state of packet collision) causing the sending port to temporarily stop sending signals and resend later.Enable - Click it to enable such function.Disable - Click it to disable such function.
Apply Apply the settings to the switch.
Modify It is used to manually enter the description, state, speed, duplex, flow control for the port.

II-2-2 Protected Ports

This page allows the network administrator to configure protected port setting to prevent the selected ports from communication with each other. Protected port is only allowed to communicate with unprotected port.

For example, GE1 and GE3 are selected in Port List and Enable is clicked as Protected, then users behind GE1 and GE3 are separated and can not communicate with each other.

Available settings are explained as follows:

II-3 Mirror

This section provides ability to mirror packets coming in or going out on any port to a destination port. Through the packet duplication in the destination port, this feature is convenient for system administrator to monitor / understand the traffic operation.

Session ID 1 to 4 can be enabled simultaneously and operate independently.

Available settings are explained as follows:

II-4 Link Aggregation

LAG means Link Aggregation Group which groups some physical ports together to make a single high-bandwidth data path. Thus it can implement traffic load sharing among the member ports in a group to enhance the connection reliability.

II-4-1 LAG Setting

This page allows to configure Load Balance Algorithm for Link Aggregation.

Available settings are explained as follows:

II-4-2 LAG Management

There are eight LAG profiles allowed to group different physical ports (GE1 to GE28). The system will assign certain port(s) as Active Member and Standby Member according to the GE selections.

Available settings are explained as follows:

Item	Description
Description Display the port description.
Port Type Display the type of the LAG.
Link Status Display LAG port link status.
Active Member	Display active member ports of the LAG.
Standby Member	Display inactive or candidate member ports of the LAG.
Modify It is used to edit the name, type and port number for each link aggregation profile.
	Name- Enter a string as LAG name.Type - Use the drop down menu to specify the type for LAG.● Static- The static aggregated port sends packets over active member without detecting or negotiating with remote aggregated port.● LACP- The LACP aggregated ports place member into active only after negotiated with remote aggregated port

II-4-3 LAG Port Setting

This page defines port setting for each LAG profile (LAG1 to LAG8), including data speed and enabling/disabling the flow control.

Available settings are explained as follows:

II-4-4 LACP Setting

This page allows the network administrator to enable or disable the LACP function.

Available settings are explained as follows:

II-4-5 LACP Port Setting

This section provides few detailed configuration regarding to Ports under LACP protocol.

Available settings are explained as follows:

II-5 VLAN Management

A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the same network switch. VLAN membership can be configured through software instead of physically relocating devices or connections.

II-5-1 Create VLAN

This page allows a user to add, edit or delete VLAN settings.

Available settings are explained as follows:

Modify

- Modify the name of the selected VLAN ID.

● New Name - Type a name for such VLAN profile.
● OK - Apply the settings to the switch.
- Cancel - Close the page and return to previous page.

- Delete the selected VALN ID.

II-5-2 Interface Settings

This page allows a user to configure interface setting related to VLAN.

Available settings are explained as follows:

II-5-3 Voice VLAN

With such feature, a VLAN will be created temporarily and when the specified OUI device delivers protocol packets related to "VoIP", VigorSwitch will guide these packets into the specified Voice LAN with specified priority tag to speed up the packet transmission. Such voice VLAN is only active inside VigorSwitch for packet transmission. After these packets leave VigorSwitch, the Voice VLAN tag will be removed immediately.

II-5-3-1 Properties

This page allows a user to configure global and per interface setting of voice VLAN.

Available settings are explained as follows:

II-5-3-2 Telephony OUI Setting

This page allows a user to add, edit or delete OUI MAC addresses. Default has 8 pre-defined OUI MAC.

Available settings are explained as follows:

Item	Description
OUI Address Type OUI address.
Description Enter a description of the specified MAC address to the voice VLAN OUI table.
Add Click it to create a new voice OUI based on the settings configured above.
Edit	- Click it to remove the selected OUI entry.

II-5-3-3 Port Setting

This page allows a user to specify LAN port(s) as Voice LAN port.

Available settings are explained as follows:

II-5-4 MAC VLAN

II-5-4-1 MAC Group

The MAC VLAN allows you to statically assign a VLAN ID to a host with specific MAC address(es). VigorSwitch allows you to configure multiple groups with configured MAC address and mask to be active on ports and to be bound with VLAN ID. This page allows the network administrator to define groups with specific MAC addresses for later binding with VLAN and Port.

Available settings are explained as follows:

I-5-4-3 Group Binding

The MAC VLAN allows you to statically assign a VLAN ID to a host with specific MAC address(es). VigorSwitch allows you to configure multiple groups with configured MAC address and mask to be active on ports and to be bound with VLAN ID. This page allows the network administrator to bind the group of specified MAC addresses with VLAN and Port.

Available settings are explained as follows:

II-5-5 Protocol VLAN

VigorSwitch offers protocol VLANs which allows Network Administrator to filter out untagged traffic of certain protocol and then assign them a specific VLAN ID.

II-5-5-1 Protocol Group

Up to eight protocol groups can be defined, each of them can have a unique filtering criteria such as frame type and protocol value.

Available settings are explained as follows:

Edit

- Modify setting for selected group.

- Click it to remove the group.

II-5-5-2 Group Binding

This page is for setting up the ports and protocol group that we would like to filter, and the VLAN ID we would like to assign.

Available settings are explained as follows:

Item	Description
Ports Use the drop-down list to select one or more ports for applying protocol-based VLAN. Note that protocol-based VLAN can only be applied to the ports of which Interface VLAN Mode (at VLAN Management >> Interface Settings) is set to “Hybrid”.
Group ID Select the protocol group defined in Protocol Group setup.
VLAN	Use drop down list to choose a value as VLAN number.
Add Add the above settings to the switch.
	Before using Add, open Switch LAN>>VLAN Management>>Interface Settings to specify Hybrid as Interface VLAN Mode for the GE ports first. Otherwise, the following error message will appear.
Edit
	- Click it to remove the selected group.

II-5-6 Surveillance VLAN

Surveillance VLAN can be configured for VigorSwitch to identify the packets coming from an IP camera automatically and assign those traffics to a specific VLAN ID and CoS/ 802.1p value, this helps you to prioritize those traffics and improve video quality.

II-5-6-1 Property

This page is for setting up the VLAN to which the video traffic should be assigned and to enable/disable Surveillance VLAN on each port.

Available settings are explained as follows:

• State -Set it to enable surveillance VLAN function of interface.
  ● Mode -Select port surveillance VLAN mode.
  Auto: Surveillance VLAN auto detect packets that match OUI table and add received port into surveillance VLAN ID tagged member.
  ◆ Manual: User need add interface to VLAN ID tagged member manually.
  ● QoS Policy - Select port QoS Policy mode.
  ◆ Video Packet: QoS attributes are applied to packets with OUI in the source MAC address.
  ◆ All: QoS attributes are applied to packets that are classified to the Surveillance VLAN.
• OK - Apply the settings to the switch.
• Cancel - Abandon the changes and return to previous page.

II-5-6-1 Surveillance OUI

Filtering Surveillance traffic is based on the OUI of the IP cameras. Users can add, edit, and delete OUI on this page.

Available settings are explained as follows:

II-5-7 GVRP

II-5-7-1 Property

This page allows the network administrator to configure registration mode (e.g., Normal, Fixed or Forbidden) of GVRP (GARP VLAN Registration Protocol) for each GE port.

Such function can eliminate unnecessary network traffic and prevent any attempt to transmit information to unregistered users.

Available settings are explained as follows:

● State - Select Enabled or Disabled for such port.
● VLAN Creation -Select Enabled or Disabled.
● Mode - There are three modes to be specified.

◆ Normal - Default setting. All packets can pass through the selected GE port.
Fixed - The selected GE port only sends static VLAN information to neighboring device and allows static VLAN packet to pass through.
◆ Forbidden - The selected GE port only allows default VLAN packet to pass through.

II-5-7-2 Membership

This page display information about membership for GVRP.

This page allows a user to enable or disable port EEE (Energy Efficient Ethernet) function.

Available settings are explained as follows:

II-7 Multicast

IP multicast is a technique for one-to-many communication over an IP infrastructure in a network.

To avoid the incoming data broadcasting to all GE ports, multicast is useful to transfer the data/ message to specified GE ports for IGMP snooping. When VigorSwitch receives a message "subscribed" by the client, it must decide to transfer the data to specified GE ports according to the location of the client (subscribed member).

II-7-1 Properties

For the multicast packets, This page allows the network administrator to choose actions for processing the unknown multicast packets and for handling known packets with MAC address, IP address and VLAN ID.

Available settings are explained as follows:

II-7-2 IGMP Snooping

IGMP snooping is the process of listening to Internet Group Management Protocol (IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams. Multicasts may be filtered from the links which do not need them and thus controls which ports receive specific multicast traffic.

Multicast packets (IPv4) transmission without IGMP snooping

graph TD
    A["Source"] --> B["Vigor router"]
    B --> C["VigorSwitch"]
    C --> D["Host A"]
    C --> E["Host B"]
    C --> F["Host C"]
    B --> G["PIM (IPv4)"]

Multicast packets (IPv4) transmission with IGMP snooping

graph TD
    A["Source PIM (IPv4)"] --> B["Vigor router"]
    B --> C["IGMP Snooping"]
    C --> D["Receiver: Host A"]
    C --> E["Host B"]
    C --> F["Receiver: Host C"]
    B --> G["VigorSwitch"]
    C --> H["Return to Switch"]

II-7-2-1 IGMP Setting

This page allows the network administrator to enable/disable IGMP function, select snooping version, and enable/disable snooping report suppression.

Available settings are explained as follows:

Item	Description
IGMP Snooping State	● Enable - Click it to set enabling IGMP function.● Disable - Click it to disable IGMP function.
IGMP Snooping Version Set the IGMP snooping version.● v2 - Only support process IGMP v2 packet.● v3 (BISS) - Support v3 basic and v2.
IGMP Snoopign Report Suppression	Click Enable to allow the switch to handle IGMP reports between router and host, suppressing bandwidth used by IGMP.
Apply Apply the settings to the switch.
Modify	● - Click it to modify IGMP settings for selected profile. However, if IGMP Snooping State is not set as Enable, such option will be disabled.
	Edit VLAN ID 1IGMP Snooping StateDisableRouter Ports Auto LearnEnableQuery Robustness (Operational: 2)2 (1-7, default 2)Query Interval (Operational: 125)125 Sec (30-18000, default 125)Query Response Interval (Operational: 10)10 [2932] Sec (5-20, default 10)Last Member Query Counter (Operational: 2)2 [488C] Sec (1-7, default 2)Last Member Query Interval (Operational: 1)1 [X454] Sec (1-25, default 1)Immediate Leave:Enable Cancel
	● IGMP Snooping State -Choose Enable to enable IGMP snooping function.● Router Ports Auto Learn - Set the enabling status of IGMP router port learning. Choose Enable to learn router port by IGMP query.● Query Robustness - Set a number which allows tuning for the expected packet loss on a subnet.● Query Interval - Set the interval of querier send general

Edit VLAN ID 1

IGMP Snooping State

Router Ports Auto Learn

Query Robustness (Operational: 2)

Query Interval (Operational: 125)

Query Response Interval (Operational: 10)

Last Member Query Counter (Operational: 2)

Last Member Query Interval (Operational: 1)

Immediate Leave:

• IGMP Snooping State -Choose Enable to enable IGMP snooping function.
• Router Ports Auto Learn - Set the enabling status of IGMP router port learning. Choose Enable to learn router port by IGMP query.
• Query Robustness - Set a number which allows tuning for the expected packet loss on a subnet.
• Query Interval - Set the interval of querier send general

II-7-2-2 IGMP Querier Setting

This page allows a user to configure querier settings on specific VLAN of IGMP Snooping.

Available settings are explained as follows:

II-7-2-3 IGMP Static Group

The IGMP static group is allowed to assign a VLAN/ port as a specific IPv4 multicast member. Every IPv4 multicast stream that belongs to the specified group IP address will be forwarded to the specified port/ VLAN member.

Available settings are explained as follows:

II-7-2-4 IGMP Group Table

This page shows currently known and dynamically learned by IGMP snooping or shows the assigned IPv4 multicast address group in operation.

Available settings are explained as follows:

II-7-2-5 IGMP Router Table

This page shows the IGMP querier router known to this switch.

Available settings are explained as follows:

II-7-2-6 Forward All

This page is allowed to determine which port(s) would like to receive the data (multicast packets) that forwarded by VigorSwitch.

Available settings are explained as follows:

II-7-2-7 Throttling

The administrator can configure the user on a switch port (GE/LAG port) belonging to which multicast group and restrict the number of multicast group that the user on the switch can join. Then the administrator is able to control the network service (e.g, IP/TV service) that the user can enjoy.

The Throttling page is used for configuring the maximum number (0\~255) of IGMP group that a user on a switch port can join. After defined the maximum number, each switch port interface can be set to deny the IGMP join report or set to replace randomly selected multicast interface with received IGMP join report.

Available settings are explained as follows:

II-7-2-8 Filtering Profile

The administrator can configure the user on a switch port (GE/LAG port) belonging to which multicast group and restrict the number of multicast group that the user on the switch can join. Then the administrator is able to control the network service (e.g, IP/TV service) that the user can enjoy.

The filtering profile page allows to configure up to 128 IP-group (for multicast servie) profiles (starting and ending point within an IP range shall be specified). Each IP group profile can be set for permission of / denial of network service respectively.

In addition, such filtering profile is only effective for controlling the query for multicast. It has nothing to do with the general IGMP query.

Available settings are explained as follows:

II-7-2-9 Filtering Binding

This page allows the network administrator to select a filtering profile for LAN/GE port to process multicast traffic.

Available settings are explained as follows:

II-7-3 MVR

Multicast VLAN Registration (MVR) can route packets received in a multicast source VLAN to one or more desination VLANs. LAN users are in the destination VLANs and the multicast server is in the source VLAN.

MVR can continuously send multicast stream for traffic in the multicast VLAN, but isolate the streams from the source VLANs for bandwidth and security reasons.

In general, MVR is able to:

• Identify the MVR IP multicast streams and their associated IP multicast group.
• Intercept the IGMP messages

II-7-3-1 Property

This page allows the network administrator to configure general settings for MVR, such as enabling function, selecting VLAN ID (as source VLAN) and specify IP address(es) for receiver/LAN users.

Available settings are explained as follows:

II-7-3-2 Port Setting

It is necessary to specify destination port and source port (GE/LAG) for Vigor system to perform MVR operation.

Available settings are explained as follows:

II-7-3-3 Group Address

This page allows the network administrator to configure IP address and specify port member for VLAN selected in MVR>>Property page.

Available settings are explained as follows:

II-7-4 MLD Snooping

MLD snooping does the same thing as IGMP snooping. The difference is that IGMP snooping acts on IPv4 packets; MLD snooping acts on IPv6 packets. MLD snooping is the process of listening to Multicast Listener Discovery network traffic. It can examine IPv6 packets and forward these packets to designate location via VLAN port members.

graph TD
    A["Source"] --> B["Vigor router"]
    B --> C["VigorSwitch"]
    C --> D["Host A"]
    C --> E["Host B"]
    C --> F["Host C"]
    G["PIM (IPv6)"] --> B
    style G fill:#f9f,stroke:#333

graph TD
    A["Source"] --> B["Vigor router"]
    B --> C["MLD Snooping"]
    C --> D["Receiver: Host A"]
    C --> E["Host B"]
    C --> F["Receiver: Host C"]
    B --> G["VigorSwitch"]
    G --> C
    style A fill:#f9f,stroke:#333
    style B fill:#ccf,stroke:#333
    style C fill:#cfc,stroke:#333
    style D fill:#fcc,stroke:#333
    style E fill:#fcc,stroke:#333
    style F fill:#fcc,stroke:#333

II-7-4-1 MLD Setting

This page allows the network administrator to enable/disable MLD Snooping function, select snooping version, and enable/disable snooping report suppression.

Available settings are explained as follows:

Item	Description
State	Enabled- Click it to enable the MLD snooping function. Disabled- Click it to disable the MLD snooping function.
Version VigorSwitch supports two versions of MLD snooping.MLDv1- When it is selected, VigorSwitch will detect packets controlled by MLDv1 andbridgethe traffic to IPv6 destination defined with multicast address(es).MLDv2- When it is selected, VigorSwitch will detect packets controlled by MLDv1 andforwardthe traffic to destination defined with multicast address(es).
Report Suppression	Enabled- Click it to allow the switch to handle MLD reports between router and host, suppressing bandwidth used by MLD. Disabled- Click it to disable the function.
Apply Click it to display the result based on the settings configured above.
Edit	- Click it to modify the settings for the selected VLAN ID (GE/ LAG port).
	●MLD Snooping State- Enable/ disable the MLD snooping function for the selected port.●Router Ports Auto Learn-Set the enabling status of IGMProuter port learning. Choose Enable to learn router port by MLD query.Query Robustness - Set a number which allows tuning for the expected packet loss on a subnet.Query Interval - Specify the time interval for VigorSwitch to send out general MLD query to the host (responsible for responding). Later, based on the response, VigorSwitch can forward the traffic through ports in VLAN.Query Response Interval - Specify the time interval for VigorSwitch to receive the query response from the host. If time is up and no response received, the packets will be blocked and discarded.Last Member Query Counter - After quering for specified times (defined here) and still not receiving any response from the subscribed member, VigorSwitch will stop transmitting data to the related GE port(s).Last Member Query Interval - The maximum time interval between counting each member query message with no responses from any subscribed member.Immediate Leave - Click Enable to enable the function of immediate leave. When the GE/ LAG port receives the leave message, it will be removed from multicast group to speed up leave latency.OK - Apply the settings to the switch.Cancel - Close the page and return to previous page.

II-7-4-2 MLD Static Group

The MLD static group is allowed to assign a VLAN/ port as a specific IPv6 multicast member. Every IPv6 multicast stream that belongs to the specified group IP address will be forwarded to the specified port/ VLAN member.

Available settings are explained as follows:

II-7-4-3 MLD Group Table

This page shows currently known and dynamically learned by MLD snooping or shows the assigned IP6 multicast address group in operation.

Available settings are explained as follows:

II-7-4-4 MLD Router Table

This page is allowed to configure VLAN profile by specifying static/ forbidden ports for the router (MLD querier).

Available settings are explained as follows:

II-7-4-5 Forward All

This page is allowed to determine which port(s) would like to receive the data (multicast packets) that forwarded by VigorSwitch.

Available settings are explained as follows:

Item	Description
Available VLAN	To display all of the available VLAN, the State must be set as Enabled in MLD Setting first.Use the drop down list to specify a VLAN profile (created in Switch LAN>>VLAN Management>>Create Vlan) that multicast packets will be forwarded to.
Static Ports	Use the drop down list to specify LAN Port (GE/ LAG).Later, the multicast packets will be delivered to the network device connected by these ports.
Forbidden Ports Use the drop down list to specify forbidden LAN Port (GE/ LAG).Later, the multicast packets will not be delivered to the network device connected by these ports.
Add Click it to display the	result based on the settings configured above.
Edit	- Click it to modify port setting (static port and forbidden port).- Click it to remove the selected entry.

II-7-4-6 Throttling

The administrator can configure the user on a switch port (GE/LAG port) belonging to which multicast group and restrict the number of multicast group that the user on the switch can join. Then the administrator is able to control the network service (e.g, IP/TV service) that the user can enjoy.

The Throttling page is used for configuring the maximum number (0\~255) of MLD group that a user on a switch port can join. After defined the maximum number, each switch port interface can be set to deny the MLD join report or set to replace randomly selected multicast interface with received MLD join report.

Available settings are explained as follows:

Item	Description
Ports	Use the drop down list to specify LAN Port (GE/ LAG) for applying throttling feature.
Max Group Define the max	maximum number of MLD group profile that a user on the switch can join. If “0” is selected, then such interface (port) can join all of the MLD group profiles (defined in Filtering Profile).
Exceed Action VigorSwitch	will perform the action defined below when the number of MLD join report for the specified interface exceeds value defined in Max Group.·Deny - It is default setting. The MLD join report (for multicast service) received by such interface will be discarded.·Replace - When it is selected, a new group with MLD report received will replace the existing group.
Apply Apply the settings to the switch.
Edit	- Click it to modify the settings for the selected entry.

II-7-4-7 Filtering Profile

The administrator can configure the user on a switch port (GE/LAG port) belonging to which multicast group and restrict the number of multicast group that the user on the switch can join. Then the administrator is able to control the network service (e.g, IP/TV service) that the user can enjoy.

The filtering profile page allows to configure up to 128 IP-group (for multicast servie) profiles (starting and ending point within an IP range shall be specified). Each IP group profile can be set for permission of / denial of network service respectively.

In addition, such filtering profile is only effective for controlling the query for multicast traffic. It has nothing to do with the general MLD query.

Available settings are explained as follows:

II-7-4-8 Filtering Binding

This page allows the network administrator to select a filtering profile for LAN/GE port to process multicast traffic.

Available settings are explained as follows:

II-8 Jumbo Frame

This page allows a user to configure switch port jumbo frame settings.

Available settings are explained as follows:

II-9 STP

The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network.

Bridge Protocol Data Units (BPDUs) are frames that contain information about the Spanning Tree Protocol (STP). Switches send BPDUs using a unique MAC address from its origin port and a multicast address as destination MAC (01:80:C2:00:00:00, or 01:00:0C:CC:CC:CD for Per VLAN Spanning Tree).

For STP algorithms to function, the switches need to share information about themselves and their connections. What they share are bridge protocol data units (BPDUs).

BPDUs are sent out as multicast frames to which only other layer 2 switches or bridges are listening. If any loops (multiple possible paths between switches) are found in the network topology, the switches will co-operate to disable a port or ports to ensure that there are no loops; that is, from one device to any other device in the layer 2 network, only one path can be taken.

II-9-1 Properties

This page allows a user to configure and display Spanning Tree Protocol (STP) property configuration.

Available settings are explained as follows:

II-9-2 Port Setting

This page allows the user to configure and display Spanning Tree Protocol (STP) port settings.

Available settings are explained as follows:

II-9-3 Bridge Setting

This page allows the network administrator to configure required information to negotiate with other VigorSwitch for determining the bridge switch.

Available settings are explained as follows:

II-9-4 Port Advanced Setting

This page allows user to edit general setting of STP CIST port and browser CIST port status.

Available settings are explained as follows:

II-9-5 Statistics

This page displays STP statistics.

Available settings are explained as follows:

II-9-6 MST Instance

MSTP allows traffic of different VLAN to be mapped into different MST Instances. VigorSwitch supports up to 16 independent MST instances (0\~15) with which the VLAN can be associated.

Available settings are explained as follows:

Item	Description
MSTI Display the index number of MST Instance. Each MSTI can have one or multiple VLANs.
Edit	- Click it to modify the priority setting for the selected GE port / LAG port.
	● VLAN - Enter the ID (1-4094) of the VLAN which should be associated with this MSTI.● Priority - The switch priority for this MST instance. A lower number gives the switch higher chance to be chosen as the root bridge.● Bridge Identifier - Display the priority of MSTI instance number + MAC address of the switch.● Designated Root Bridge - Display the Bridge Identifier of the root bridge.● Root Port - Display the port toward the root.● Root Path Cost - Display the path cost toward the root.● Remaining Hop - Display the remaining hop count in BPDU.● VLAN - Display the range of VLAN ID numbers.● OK - Save the modifications.

II-9-7 MST Port Setting

MST Port Settings is used to configure the GE port / LAG group settings for each MST instance. The table displays the MST parameters for each port.

Available settings are explained as follows:

● MSTI - Display the selected MST instance.
- Path Cost - Set path cost value for the port. A port with lowest value will be used as the forwarding port by spanning tree. Default value was set according to the bandwidth of the port.
- Priority – Among the ports with same path cost, port with lower priority will have higher chance to be used as the forwarding port by spanning tree. Use the drop down list to choose desired priority value.

II-10 MAC Address Table

This section allows user to view the dynamic MAC address entries in the MAC table, change related setting, and assign MAC address into MAC table.

II-10-1 Static MAC Setting

This section allows user to manually assign MAC address into MAC table. The configuration result will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

II-10-2 Dynamic Address Setting

This page allows a user to configure aging time for dynamic MAC address.

Available settings are explained as follows:

II-10-3 Dynamic Learned

This page displays the MAC address and port number automatically learned by VigorSwitch.

Available settings are explained as follows:

II-11 Blocked Port Recover

This page is used for configuring settings to recover the port which is being blocked by the following functions after a defined period of time.

Available settings are explained as follows:

This page is left blank.

Part III ONVIF Surveillance

III-1 Discovery

ONVIF (Open Network Video Interface Forum), an International standard for current surveillance system industry, focuses on security products based on network IP address.

With this feature, VigorSwitch can:

● Integrate the ONVIF device and surveillance network
● Centralize management of IP video products
- Offer real-time video monitoring
● Offer remote IP video products maintenance

Available settings are explained as follows:

III-2 Topology

ONVIF devices can be centralized and managed remotely via VigorSwitch. With a hierarchy view, the administrator can manage several ONVIF devices and check abnormal traffic detected by Vigor system.

III-2-1 Status

The status (including port enabled, traffic, downlink, etc.) of the IP cameras and NVRs (Network Video Recorders) can be seen on this page.

Available settings are explained as follows:

Item	Description
Group Specify a group for	displaying group information and device information under the selected group.Or, choose the default setting, All, to display information for all groups.
PoE / PoE Error	PoE - Display the number of LAN PoE device(s) connected to VigorSwitch.PoE Error - Display the number of LAN PoE device(s) disconnected.
NVR Display the number of	NVR device(s) connected toVigorSwitch. The panel sketch on the screen will display which LAN port that the NVR device connected.
CAM	Display the number of IP camera(s) connected to VigorSwitch.The panel sketch on the screen will display which LAN port that the IP camera connected.
Group Information
Total Group Display the total number of groups.
+Add New Group A group	can contain one (IP camera or NVR, as group leader) to several devices (IP cameras as group devices).Click the button to create a new group for managing multiple devices.Step (1) - The first page allows you to configure general settings for a new group.Group Name - Enter the name of a group.All IPC Group - Check it to group all IP cameras within the group. However, if you want to specify an NVR device as the group leader, do NOT check this box.Available selections of devices (IP cameras or NVR devices) will vary according to the configuration of All IPC Group. If "All IPC Group" is disabled, the system will detect the NVR devices and list them on the field of NVR. If "All IPC Group" is enabled, the system will detect the IP cameras and list them on the field of Group Leader.NVR/Group Leader - Select an IP device. For the vedio from IP camera will be recorded on an NVR device, it is suggested to assign an NVR as the group leader.Group Device - This field lists all devices (IP cameras) not included by other group. Simply select one IP device

to multiple devices for managed by this group.

- Next - Click it to access into next page.

Step (2) - The second page allows you to configure throughput threshold for the group port. It is helpful for the system administrator to make the corresponding process if encountered abnormal situation.

• Apply to All Member Ports - Check the box to apply the throughput threshold setting to all member ports.
• GE# Ingress Threshold Alert - Click Enable to set the ingress limit value. When the incoming traffic (packet) of the GE port reaches the limit, the Vigor System will send an alert email to the system administrator.
  ■ GE# Ingress Rate - If enabling the ingress threshold alert, enter the ingress rate as a threshold to send mail alert.
• GE# Egress Threshold Alert - Click Enable to set the egress limit value. When the outgoing traffic (packet) of the GE port reaches the limit, the Vigor System will send an alert email to the system administrator.
  ■ GE# Egress Rate - If enabling the egress threshold alert, enter the egress rate as a threshold to send mail alert.
• OK - Save the configuration and exit the box.
• Cancel - Exit the box without saving the configuration.

Device Information

Modify Click it to modify the settings of the selected IP device.

III-2-2 Throughput Threshold

This page is used for set throughput threshold for multiple ONVIF devices managed by VigorSwitch.

Available settings are explained as follows:

III-3 Video

This page can offer a real-time video of specified IP camera for monitoring and control environments.

Available settings are explained as follows:

III-4 Device Maintenance

The system administrator can remotely configure time setting and reboot the devices (IP cameras or NVRs) managed by VigorSwitch.

III-4-1 General

This page displays the information (e.g., device online, device name, etc.), time and date and the device action for a selected IP device (e.g., IP camera). Meanwhile, this page allows configuring settings for ping check of IP camera or NVR.

Available settings are explained as follows:

Item	Description
Device List Search - Enter	a string to search the IP device you want.Usage / Password - Enter the username / password of the IP-based device.After entering the correct username and password of the IP camera, click the mouse on the device name under the Device List. Later, general information related to the IP device will be shown below.
Device Information Display	the information related to the selected device.- Click it to modify the device name.
Time and Date Display the	time and date information related to the selected device. - Click it to modify the time setting for the device.
Device Action Display the	action performed by IP-based device. Factory Default - Click the Apply button to rest the factory default to the IP device. Reboot - Click the Apply button to reboot the IP device immediately.
Device Ping Check -- Configure settings for ping check of IP camera or NVR.
Port Display the port number of the IP device
Enable	Enable - Click it to enable the device ping check function. Disable - Click it to disable the function.
Ping IP Address Add Device	- Click it to add an IP address of the device to be pinged by VigorSwitch. Up to 16 IP address(es) can be added and displayed in this field one by one (with the format of x.x.x.x, x.x.x.x, x.x.x.x...) Del Device - Click it to remove the selected IP address.
Interval Time (sec) Set a time interval (15, 30, 60, 120) for pinging action.
Retry Time Choose 1, 3, or 5 for Vigor system to retry the pinging action.
Failure Action	Configure the power behavior for each LAN port. Power Cycle - Once the device is offline, Vigorswitch will power off the device and then power on the device again. Power Off - When the device is offline, power off the device immediately. Nothing - When the device is offline, no action will be Note: When a PoE hub connecting to LAN port of VigorSwitch, the power behavior (on/off) to the PoE hub also will apply to all the devices connecting to the PoE hub.
Mail Alert Enable - When the device is offline, Vigor system will send an alert mail to notify the receptant.
Apply Save the settings or changes to the switch.

III-4-1 Network

This page displays the network settings of the specified device (IP CAM or NVR).

Available settings are explained as follows:

III-4-3 Security

This page displays the security settings of the specified IP device (IP CAM or NVR).

Available settings are explained as follows:

This page is left blank.

Part IV Security

IV-1 RADIUS

This page allows the network administrator to add and configure multiple RADIUS servers.

Available settings are explained as follows:

IV-2 TACACS+

This page allows the network administrator to add and configure multiple TACACS+ server.

Available settings are explained as follows:

IV-3 Management Access Authentication

IV-3-1 Method Profile

This page allows a user to create method list for applying on management service.

Available settings are explained as follows:

Item	Description
Method Profile	Name- Enter a name for creating a method.Optional Methods- Available methods include Local, RADIUS and TACACS+.Selected Methods- The method listed in this field will be applied for such method profile.Add- Click it to add a method from Optional Method onto Selected Method.
[YSCZ]under Edit	Click it to modify the optional methods/ selected methods for the selected profile.

IV-3-2 Application Authentication

This page allows the network administrator to select the customized Method List to apply to any management service, for management access control.

Available settings are explained as follows:

IV-4 Management Access Control

IV-4-1 Management Access Control Profile (ACL)

This page allows a user to add, edit, and delete Management Access Control profiles.

Available settings are explained as follows:

IV-4-2 Management Access Control Entries (ACE)

This page allows a user to add, edit, or remove Access Control Entries (ACE) of the Management Access Control profiles. However, only the ACE of inactive profiles can be modified, and before configuring ACE, at least one ACL profile should be created.

Available settings are explained as follows:

Edit

- click it to modify the settings for the selected entry.

- click it to remove the selected entry.

IV-5 802.1X/MAC Authentication

The authentication manager allows you to configure securely access from any host connected to physical ports. You may apply multiple ways of authentication to each port.

IV-5-1 Properties

IV-5-1-1 Global Settings

VigorSwitch P2500 supports 802.1x and MAC-based authentication methods. In Global Settings page, you can specify authentication type, enable Guest VLAN function, specify a VID and select format for MAC address entry.

Available settings are explained as follows:

IV-5-1-2 Port Authentication Setting

This page allows the network administrator to configure detailed authentication settings for each port.

Available settings are explained as follows:

IV-5-2 Port Control/Settings

This page allows the network administrator to controls port setting, based on 802.1X, for ethernet port authentication.

Available settings are explained as follows:

IV-5-3 MAC-Based Local Account

This page allows the network administrator to create profiles by entering MAC address of the hosts to be authenticated.

Available settings are explained as follows:

IV-5-4 Authenticated Hosts

This page displays information related to the host authenticated by VigorSwitch.

IV-6 Port Security

This page allows the network administrator to configure security settings for each port interface (GE port / LAG group). When port security is enabled for each interface, released action will be performed once detecting that the number of MAC address exceeds the limit.

Available settings are explained as follows:

Edit

- click it to modify the settings for the selected entry.

IV-7 Storm Control

Storm Control helps to suppress possible broadcast, unknown multicast or unknown unicast storm by applying a rate limit on those packets.

N-7-1 Properties

This page allows a user to configure general settings for Storm Control.

Available settings are explained as follows:

IV-7-2 Port Setting

This page allows the network administrator to configure port settings for Storm Control. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

IV-8 DoS

A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable to its users. DoS attacks saturate the device with external communication requests, so that it cannot respond to legitimate traffic. These attacks usually lead to a device CPU overload.

The DoS protection feature is a set of predefined rules that protect the network from malicious attacks. The DoS Security Suite Setting enables activating the security suite.

IV-8-1 Properties

This page allows a user to configure DoS setting to enable/disable DoS function for global setting.

Available settings are explained as follows:

IV-8-2 DoS Port Setting

This page allows a user to configure and display the state of DoS protection for interfaces. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

IV-9 Dynamic ARP Inspection

Dynamic ARP inspection (DAI) can prevent ARP spoofing attacks by validating ARP packet in a network. It can intercept, record, and discard ARP packets with invalid IP-to-MAC address bindings; and then protect the network against malicious attacks.

IV-9-1 Properties

IV-9-1-1 Global Property Settings

This page allows a user to configure global property settings for the function of Dynamic ARP Inspection.

Available settings are explained as follows:

IV-9-1-2 Per Port Property Settings

This page allows a user to configure detailed settings of DAI for each port (GE/LAG).

Available settings are explained as follows:

IV-9-2 Statistics

This page displays all statistics recorded by Dynamic ARP Inspection function.

IV-10 DHCP Snooping

DHCP snooping is able to validate DHCP messages obtained from untrusted sources and filter out invalid message.

For DHCP snooping to function properly, it is suggested to connect DHCP servers to VigorSwitch through trusted interfaces; because untrusted DHCP messages will be forwarded to trusted interfaces only.

IV-10-1 Properties

IV-10-1-1 Global Property Settings

This page allows a user to configure global property settings for the function of DHCP snooping Inspection.

In default, DHCP snooping is inactive on all VLANs. You can enable such feature on a single VLAN or a range of VLANs.

Available settings are explained as follows:

IV-10-1-2 Per Port Property Settings

This page allows a user to configure detailed settings of DHCP Snooping for each port (GE/ LAG).

Any device that is not in the service provider network will be regarded as an untrusted source (such as a customer switch). Host ports are untrusted sources. In VigorSwitch, you can assign a source as trusted device by configuring the trust state of its connecting port.

Available settings are explained as follows:

IV-10-2 Statistics

This page displays all statistics recorded by DHCP snooping function.

IV-10-3 Option82 Property

You can use information settings including Remote ID and Circuit ID for Option82 Property, also known as the DHCP relay agent, to protect VigorSwitch against spoofing attacks.

IV-10-3-1 Global Option82 Property Settings

This page allows a user to set string as remote ID for DHCP option82. For example, use a switch-configured hostname or specify an ASCII text string as remote ID.

Available settings are explained as follows:

IV-10-3-2 Per Port Option82 Property Settings

This page allows a user to configure detailed settings of DHCP Snooping, Option82 for each port (GE/LAG).

Available settings are explained as follows:

III-10-4 Option82 Circuit ID

This page allows a user to set string as circuit ID for DHCP option82 setting. Circuit ID shall be combined with VLAN name (or VLAN ID number) and interface name (GE/LAG port).

Available settings are explained as follows:

IV-11 IP Source Guard

By using the source IP address filtering function, IP source guard can prevent a malicious host from feigning a legal host with its IP address and performing malicious attack.

IV-11-1 Port Settings

IP source guard is a port-based feature. Therefore, it is necessary to configure detailed settings for each GE/LAG port interface separately.

Available settings are explained as follows:

IV-11-2 IMPV Binding

This page allows the network administrator to set the filtering conditions (binding type, MAC address, IPv4 address) for packets through the specified LAN port.

Available settings are explained as follows:

click it to remove the selected entry.

IV-12 IP Conflict Prevention

A user can configure IP addresses for network devices manually. However, it might result in conflict between different devices due to using the same IP address, and cause the devices not working correctly.

This page allows you to prevent IP conflict by binding the port with the specified IP address.

Available settings are explained as follows:

IP Conflict Prevention Setup Wizard

Quick Start Wizard - The system will guide to bind server port with an IP address step by step.

Step 1

Step 2

Step 3

Port Type - There are four selections - DHCP Client, Static Binding, Multiple Hosts and DHCP Server. Each type will bring out different IP address(es) settings.

OK - Click it to save the settings.

- Click it to remove the selected entry.

IV-13 Loop Protection

Loop event might be caused due to wrong hardware connection. VigorSwitch will periodically send packets out to check if they loopback or not. This page allows you to set conditions and perform an action when VigorSwitch detects the looped packet.

Available settings are explained as follows:

Item	Description
State	Enable- VigorSwitch detects the loop event of GE ports/ LAG ports automatically.Disable- VigorSwitch will not detect the loop event.
Transmission Time When the loop event occurred, VigorSwitch will perform the action after a period of time.
Action When the switch detects loop situation occurred to a port; it will perform the action selected in this field.Log- The switch will record such event as a log.Shutdown Port- The switch will shut down the port.Shutdown Port and Log- The switch will shut down the port and record the event as a log. The system administrator will view the content from system log.
Apply Apply the settings to the switch.

This page is left blank.

Part V ACL Configuration

V-1 Create ACL

An Access Control List (ACL) is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted.

V-1-1 MAC

The function is used to show the Access Control List (ACL) based on Layer 2 filtering, the MAC layer. The ACL is composed by many Access Control Element (ACE) rules. You can create a new ACL here; then add multiple ACEs.

Available settings are explained as follows:

V-1-2 IPv4

The function is used to show the Access Control List (ACL) based on Layer 2 to Layer 4 filtering, the IPv4. The ACL is composed by many Access Control Element (ACE) rules. You may create a new ACL here; then add multiple ACEs.

Available settings are explained as follows:

Item	Description
ACL Profile Name Enter a	name for creating a new ACL profile.
Add Add a new ACL entry using given ACL name.
Action	click it to remove the selected entry.

V-1-3 IPv6

The function is used to show the Access Control List (ACL) based on Layer 2 to Layer 4 filtering, the IPv6. The ACL is composed by many Access Control Element (ACE) rules. You may create a new ACL here; then add multiple ACEs.

Available settings are explained as follows:

Item	Description
ACL Profile Name Enter a	name for creating a new ACL profile.
Add Add a new ACL entry using given ACL name.
Action	- click it to remove the selected entry.

V-2 Create ACE

Since ACL based on MAC, IPv4 and/or IPv4 has been created on the section of IV-1, now you can add multiple ACE rules for each ACL.

V-2-1 MAC

This page shows ACE based on MAC address. You may choose ACL, permit, and deny particular packet or frame, even shutdown the port.

You may provide filtering/matching criteria for one or more of packet characteristic (such as Source/Destination MAC, Ethertype, VLAN, 802.1p) for this ACE to identify the packet.

Available settings are explained as follows:

Item	Description
ACL Profile Name Use the	drop down list to selected one of the user defined ACL profiles.
Sequence	Assign a sequence number to this ACE. The sequence is used to identify which one of ACEs in an ACL is firstly used to match ingress packets. The switch port bound with an ACL use the contained ACE rules, start with the one with lower sequence number to match the packet first.
Action Select the action applied to the packet matched this ACE. Permit or deny the packets into switch core, or shutdown the port for stopping further transmission.● Permit● Deny● Shutdown
Source MAC / Destination MAC	Specify the source and the destination MAC address for filtering.Any - All packets will be filtered.Or, enter the IP address to filter the packets coming from that address.
Ethertype Specify ethernet	type for filtering.Select Any.Or, enter the value with the format of “0x600 ~ 0xFFFF”.
VLAN Specify VLAN profile	for filtering.Select Any.Or, enter a VLAN number. The packets coming from the VLAN specified here will be filtered by Vigor device.
802.1p Specify the 802.1p	priority value for filtering. Select Any, or a number from 0 to 7.
Add Click it to create a new ACE rule.
Modify	GXGC- click it to modify the settings for the selected entry.- click it to remove the selected entry.

V-2-2 IPv4

This page shows ACE based on IPv4 address. You may choose ACL, permit, and deny particular packet or frame, even shutdown the port.

You may provide filtering/ matching criteria for one or more of following packet characteristic (such as Protocol over the IP layer, Source/ Destination IPv4 address, Type of Service, Source/ Destination port number, TCP flags, ICMP Type, if chosen protocol contains ICMP), for this ACE to identify the packet.

Available settings are explained as follows:

V-2-3 IPv6

This page allows the network administrator to create ACE based on IPv6 address.

Available settings are explained as follows:

Item	Description
ACL Profile Name Use the	drop down list to selected one of the user defined ACL profiles.
Sequence	Assign a sequence number to this ACE. The sequence is used to identify which one of ACEs in an ACL is firstly used to match ingress packets. The switch port bound with an ACL use the contained ACE rules, start with the one with lower sequence number to match the packet first.
Action Select the action applied to the packet matched this ACE. Permit or deny the packets into switch core, or shutdown the port for stopping further transmission.● Permit● Deny● Shutdown
Protocol Specify the protocol for filtering.● Any - All packets will be filtered.● Select - Choose one of the protocol (e.g., ICMP, TCP, EGP...) from the drop down list. Packets passing through the selected protocol will be filtered.● Define - Specify a type number (0 - 255) for ICMP code. For example, 0 means “Echo Reply”; 254 means “RFC3692-style Experiment 2”.
Source IP / Destination IP	Specify the source and the destination IPv6 address for filtering.Any - All packets will be filtered.Or, enter the IPv6 address to filter the packets coming from that address.
Service	Any - All packets will be filtered.DSCP - All IP traffic is mapped to queues based on the DSCP field in the IP header. If traffic is not IP traffic, it is mapped to the lowest priority queue.IP Precedence - All IP traffic is mapped to queues based on the IP Precedence field in the IP header. If traffic is not IP traffic, it is mapped to the lowest priority queue.
Source Port / Destination Port	Specify the source and destination port number for filtering the packets.Any - All packets will be filtered.Single - Only the packets passing through the number defined here will be filtered.Range - Only the packets passing through the port range defined here will be filtered.
ICMP Type	Any - All packets will be filtered.Select - Choose one of the type (e.g., Destination Unreachable Echo Reply, MLD Query....) from the drop down list.Define - Specify a type number (0 - 255) for ICMP code. For example, 0 means “Echo Reply”; 254 means “RFC3692-style Experiment 2”.
ICMP code Each ICMP type	can be defined with different codes. For example, if you define ICMP Type as “3”, then the available codes for Type 3 will be 0-15.Any - All packets will be filtered.Or, enter 0 to 255 based on the ICMP type specified.
Add Click it to create a new binding profile.
Modify	- Click it to modify the settings for the selected profile. - Click it to remove the selected entry.

V-3 ACL Binding

This section allows you to bind Access Control Lists created in previous section to an interface (physical port or aggregation).

A physical port can only be bound with one of the IPv4 and IPv6 ACL, not both.

Available settings are explained as follows:

Part VI QoS Configuration

VI-1 General

QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality.

VI-1-1 Properties

VI-1-1-1 QoS General Setting

This page allows the network administrator to specify Ingress Trust Mode for basic QoS mode.

Available settings are explained as follows:

Apply Apply the settings to the switch.

VI-1-1-2 Trust Ports

This page allows the network administrator to enable the trust mode of basic QoS on each port. Port that is trust disabled will be sent with lowest priority queue. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

VI-1-2 Port Settings

This page allows the network administrator to configure port settings for QoS. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

VI-1-3 Queue Settings

VigorSwitch supports multiple queues for each interface. The higher numbered queue represents the higher priority. The following lists the types of supported priority queue:

• Strict Priority (SP) - Egress traffic from the higher priority queue will be transmitted first, lower priority queue shall wait until all traffic in SP queue is transmitted.
  ● Weighted Round Robin (WRR) - The number of packets sent from the queue is proportional to the weight of the queue.

Available settings are explained as follows:

VI-1-4 CoS Mapping

This section allows user to configure how ingress frames with CoS/802.1p tag map to QoS queues, and QoS queues to CoS/802.1p on egress frames.

Actual effectiveness is based on how QoS is configured in previous QoS section. This page provides settings for user to configure mapping only.

Available settings are explained as follows:

VI-1-5 DSCP Mapping

This section allows user to configure how ingress packets with DSCP tag map to QoS queues, and QoS queues to DSCP on egress packets.

Actual effectiveness is based on how QoS is configured in previous QoS section. This page provides settings for user to configure mapping only.

Available settings are explained as follows:

This section allows user to configure how ingress packets with IP Precedence tag map to QoS queues, and QoS queues to IP Precedence on egress packets.

Actual effectiveness is based on how QoS is configured in previous QoS section. This page provides settings for user to configure mapping only.

Available settings are explained as follows:

VI-2 Bandwidth

Use the bandwidth setting pages to define values that determine how much traffic the switch can receive and send on specific port or queue.

VI-2-1 Ingress Rate Limit

This page allows a user to configure ingress port rate limit. The ingress rate limit is the number of bits per second that can be received from the ingress interface. Excess bandwidth above this limit is discarded. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

VI-2-2 Egress Shaping Rate

This page allows a user to configure egress port rate limit. The egress rate limit is the number of bits per second that can be received from the egress interface. Excess bandwidth above this limit is discarded.

Available settings are explained as follows:

VI-2-3 Egress Shaping Per Queue

This page allows user to configure the maximum egress bandwidth not only by port but also by specific QoS queues. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

This page is left blank.

Part VII PoE Configuration

VII-1 Properties

This page allows a user to configure general settings for PoE and configure priority of each port for supplying PoE power. While maximum power budget is reached, power will be served starting with critical priority.

If the priority setting for all GE ports is configured as the same value (e.g., High); then, GE1 will have the highest priority to obtain PoE power in actual operation.

Available settings are explained as follows:

VII-2 Status

This page displays the current PoE status (configured in Properties, Device Check and Schedule) for each PoE port.

Available settings are explained as follows:

VII-3 Schedule

VII-3-1 Schedule Profile

This page allows the network administrator to configure maximum 15 PoE schedule rules.

Available settings are explained as follows:

VII-4-2 Port Scheduling

This page allows the network administrator to specify the PoE port for applying the schedule. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

This page is left blank.

Part VIII System Maintenance

This page allows a user to configure TR-069 settings for connecting to VigorACS 2.

Available settings are explained as follows:

VIII-2 OpenVPN

Devices connecting to VigorSwitch can transmit data to remote end via OpenVPN to ensure the information security.

Available settings are explained as follows:

VIII-3 Webhook

Without getting any request, VigorSwitch will send the data (if available) that a user concerned to the specified URL (provided by remote client) automatically.

Available settings are explained as follows:

VIII-4 LLDP

LLDP is a one-way protocol; there are no request/response sequences. Information is advertised by stations implementing the transmit function, and is received and processed by stations implementing the receive function. The LLDP category contains LLDP and LLDP-MED pages.

VII-4-1 Properties

This page allows a user to set general settings for LLDP.

Available settings are explained as follows:

VII-4-2 LLDP Port Setting

This page allows a user to select specified port or all ports to configure LLDP state.

Available settings are explained as follows:

VIII-4-3 LLDP Local Device

This page displays information for LLDP Local Device.

Available settings are explained as follows:

VIII-4-4 MED Network Policy

This page allows the network administrator to set MED (Media Endpoint Discovery) network policy.

Available settings are explained as follows:

VIII-4-5 LLDP MED Port Settings

This page allows the network administrator to configure TLV (Type / Length / Value) settings for each port.

Available settings are explained as follows:

VIII-4-6 LLDP Remote Device

This page allows the network administrator to view the information sent from neighboring devices by LLDP protocol.

Available settings are explained as follows:

VIII-4-7 LLDP Overloading

This page allows user to review current size, overall size of LLDP packet and whether it is to exceed maximum allowed size of single LLDP packet.

Available settings are explained as follows:

VIII-5 SNMP

Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.

SNMP is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.

SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects.

An SNMP-managed network consists of three key components:

• Managed device
  ● Agent - software which runs on managed devices
  ● Network management station (NMS) - software which runs on the manager

A managed device is a network node that implements an SNMP interface that allows unidirectional (read-only) or bidirectional (read and write) access to node-specific information. Managed devices exchange node-specific information with the NMSs. Sometimes called network elements, the managed devices can be any type of device, including, but not limited to, routers, access servers, switches, bridges, hubs, IP telephones, IP video cameras, computer hosts, and printers.

An agent is a network-management software module that resides on a managed device. An agent has local knowledge of management information and translates that information to or from an SNMP-specific form.

A network management station (NMS) executes applications that monitor and control managed devices. NMSs provide the bulk of the processing and memory resources required for network management. One or more NMSs may exist on any managed network.

VIII-5-1 View

This page allows the network administrator to create MIB views (Management information base) and then include or exclude OID (Object Identifier) in a view.

Available settings are explained as follows:

VIII-5-2 Group

This page allows the network administrator to group SNMP users and assign different authorization and access privileges.

Available settings are explained as follows:

VIII-5-3 Community

This page allows a user to add/remove multiple communities of SNMP.

Available settings are explained as follows:

VIII-5-4 User

This page allows a user to configure SNMP user profile.

Available settings are explained as follows:

VIII-5-5 Engine ID

VIII-5-5-1 Local Engine ID

This page allows a user to configure and display SNMP local engine ID.

Available settings are explained as follows:

VIII-5-5-2 Remote Engine ID

This page allows a user to configure and display SNMP remote engine ID.

Available settings are explained as follows:

Item	Description
Address Type	Specify the address type for entering hostname or IPv4/ IPv6 address.
Server Address Enter the	IP address or the host name of the SNMP server.
Engine ID Specify the engine ID for remote SNMP server.The engine ID is range10 to 64 hexadecimal characters, and the hexadecimal number must be divided by 2.
Add Click it to create a new profile.
Edit	- click it to modify the settings for the selected server profile.- click it to remove the selected entry.

VIII-5-6 Trap Event

This page allows a user to add or delete SNMP trap receiver IP address and community name.

Available settings are explained as follows:

VIII-5-7 Notification

This page allows a user to configure a host to receive SNMPv1/ v2/ ve notification.

Available settings are explained as follows:

Item	Description
Address Type Choose IPv4/ IPv6/ Hostname to specify IP address or the hostname of the SNMP trap recipients.
Server Address Enter the	IP address of SNMP server based on the address type selected above.
Version Specify SNMP notification version (SNMPv1/ v2/ v3).
Type Specify Notification Type. Trap -Send SNMP traps to the host.Inform - Send SNMP informs to the host. If it is used, Timeout and Retry also shall be defined.
Community/user Use the drop down list to choose one of the community profiles.
Security Level	Specify SNMP security level for SNMP notification packet. It is available when SNMPv3 is selected.No Security - No authentication.Authentication - Authentication without encryption will be performed for packets.Authentication and Privacy - Authentication with encryption will be performed for packets.
Server Port Specify the UDP port number for the recipient's server.Use Default - If it is checked, the default number (162) will be used automatically.
Timeout	Specify the SNMP informs timeout. It is available whenInform is selected asType.Use Default - If it is checked, the default number (15) will be used automatically.
Retry Specify the SNMP informs retry count. It is available whenInformis selected as Type.Use Default- If it is checked, the default number (3) will be used automatically.
Add Click it to create a new notification profile.
Edit

VIII-6 Access Manager

This page allows the network administrator to control availability of management services such as HTTP, HTTPS, Telent and SSH.

Available settings are explained as follows:

VIII-7 Time and Date

VIII-7-1 System Time Zone

This page allows a user to specify where the time of VigorSwitch should be inquired from.

Available settings are explained as follows:

VII-7-2 Time

This page allows a user to specify time and activate SNTP server manually.

Available settings are explained as follows:

VIII-8 Backup Manager

Backup Manager allows a user to backup the firmware image or configuration file on the switch to remote TFTP server or host file system through HTTP protocol.

Available settings are explained as follows:

VIII-9 Upgrade Manager

Backup Manager allows a user to upgrade the firmware image or configuration file on the switch to remote TFTP server or host file system through HTTP protocol.

Available settings are explained as follows:

VIII-10 Firmware Information

This page allows a user to choose the active firmware and backup firmware.

Available settings are explained as follows:

VIII-11 Account Manager

This page allows a user to add or delete local user on switch database for authentication. The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

VIII-12 Factory Default

Click Apply to return to factory default settings for VigorSwitch.

If Keep my current IPv4 address settings is checked, after clicking Apply, the original configuration for IP address will be kept.

VIII-13 Reboot Switch

Click Apply to reboot VigorSwitch with current settings.

This page is left blank.

Part IX Diagnostics

IX-1 Device Check

After finished copper test, the results will be shown on the lower side of this web page.

This page is used to configure device check of PoE PD devices. It can be applied to PoE PD devices connected directly, check ping echo status, and forcibly reboot the device when meeting the preset health condition.

The configuration result for each port will be displayed on the table listed on the lower side of this web page.

Available settings are explained as follows:

IX-2 Cable Diagnostics

After finished copper test, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

IX-3 Ping Test

After finished the ping test, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

IX-4-1 SysLog Explorer

After clicking View, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

IX-4-2 SysLog Settings

IX-4-2-1 SysLog Service

This page allows user to enable system logging into local syslog and specific remote syslog server for storage.

Available settings are explained as follows:

IX-4-2-2 Local SysLog

This page allows user to enable logging into volatile memory or non-volatile memory.

Available settings are explained as follows:

IX-4-2-3 Remote SysLog

This page allows user to enable system logging into specific remote syslog server for storage.

After clicking Apply, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

IX-4-2-4 SysLog Mail

This page allows user to enable system logging into specific remote syslog server for storage. After clicking Apply, the results will be shown on the lower side of this web page.

Available settings are explained as follows:

Item	Description
State	Enable - Enable the function of Syslog Mail.Disable - Disable the function of Syslog Mail.
Category Vigor sytem will	send the e-mail related to the selected feature(s) to the recipient.
SMTP Server Enter IP address or URL of the SMTP server.
SMTP Port Enter the port number for the SMTP server.
Authentication	Enable - Click it to enable authentication mechanism.User Name - Enter a user name for authentication.Password - Enter a password for authentication.
Encryption After enabling	Authentication, choose one of the encryption servers for data encryption.StartTLS - The mail will be encrypted with StartTLS.SSL/TLS - The mail will be encrypted with SSL/ TLS.Disable - The mail sent out will not be encrypted.
Sender Enter the email address which will send the syslog mail out.
Email Address Enter the email address which will receive the syslog mail.
Apply Apply the settings to the switch.
Send test mail	After clicking this button, VigorSwitch system will send a test mail to the recipient.

IX-5 Fan Test

The built-in fan in the VigorSwitch can be tested if it runs normally or not. Simply click Start to perform the fan test.

This page is left blank.

Part X Mail Alert

X-1 Alert Setting

This page allows a user to configure settings for VigorSwitch to send alert mail when encountering certain situation.

Available settings are explained as follows:

This page is left blank.

Part XI Telnet Commands

XI-1 Accessing Telnet of VigorSwitch

This chapter also gives you a general description for accessing telnet and describes the firmware versions for the routers explained in this manual.

Info

For Windows 7 user, please make sure the Windows Features of Telnet Client has been turned on under Control Panel>>Programs.

Type cmd and press Enter. The Telnet terminal will be open later.

In the following window, type Telnet 192.168.1.224 as below and press Enter. Note that the IP address in the example is the default address of the router. If you have changed the default, enter the current IP address of the router.

Next, enter admin/ admin for Account/ Password.

For users using previous Windows system (e.g., XP), simply click Start >> Run and type Telnet 192.168.1.224 in the Open box.

Next, enter admin/ admin for Account/ Password.

XI-2 Available Commands

Enter ? to get a list of available commands.

The available commands contain - clear, clock, configure, copy, delete, disable, end, exit, ping, reboot, renew, restore-defaults, save, show, ssl, terminal, traceroute and udld. Each

command will be explained as follows.

Note: You can also enter ? to check if there are subcommands under current command.

XI-2-1 Clear Configuration

This command allows resetting the functions of ARP, interface, IP, IPv6, LACP, Line, LLDP, Logging, MAC, and Spanning Tree.

Telnet Command: clear arp

Use this command to clear entries in the ARP cache.

Syntax Items

clear arp

Description

Example

Telnet Command: clear authentication

Use this command to clear authentication sessions based on LAN port, MAC address, or authentication type for 802.1x/ MAC authentication.

Syntax Items

clear authentication sessions

clear authentication sessions interfaces gigabitethernet

clear authentication sessions mac

clear authentication sessions session-id

clear authentication sessions type

Description

Example

P2500# clear authentication sessions
No Auth Manager sessions currently exist
P2500# clear authentication sessions mac 48:5B:39:2F:A8:66
P2500# clear authentication sessions interfaces GigabitEthernet 2
P2500# clear authentication sessions session-id 0000000B002AFBE8 

Telnet Command: clear gvrp

Use this command to clear statistics or port error statistics for all interfaces or a specific interface (LAN or LAG).

Syntax Items

clear gvrp error-statistics

clear gvrp statistics

Description

Example

P2500# clear gvrp error-statistics interfaces GigabitEthernet 2
P2500#
P2500# clear gvrp error-statistics interfaces LAG 2
P2500# 

Telnet Command: clear interfaces

Use this command to clear statistics counters for all interfaces or a specific interface (LAN or LAG).

Syntax Items

clear interfaces GigabitEthernet

clear interfaces LAG

Description

Example

P2500# clear interfaces gigabitethernet 3 counters
P2500# clear interfaces
P2500# clear interfaces lag 2 counters
P2500# 

Telnet Command: clear ip

Use this command to clear ARP inspection information, DHCP snooping database agent, and IGMP snooping groups (dynamic or static) information for all interfaces or a specific interface (LAN or LAG) with IP address.

Syntax Items

clear ip arp

clear ip dhcp

clear ip igmp

Description

Example

P2500# clear ip igmp snooping groups dynamic
P2500# 

Telnet Command: clear ipv6

Use this command to clear MLD snooping configuration for dynamic / static group(s) with IPv6 address.

Syntax Items

clear ipv6 mld

Description

Example

P2500# clear ipv6
P2500# clear ipv6 mld snooping groups dynamic
P2500# clear ipv6 mld snooping groups dynamic?
<cr>
P2500# clear ipv6 mld snooping groups static 

Telnet Command: clear lacp

Use this command to clear LACP configuration for specified LAG interface or all LAG interfaces.

Syntax Items

clear lacp <1-8> counters

clear lacp counters

Description

Example

P2500# clear lacp 1 counters
No interfaces configured in the channel group
P2500# 

Telnet Command: clear line

Use this command to clear line settings including SSH (Secure Shell) configuration and telnet daemon configuration.

Syntax Items

clear line ssh

clear line telnet

Description

Example

P2500# clear line ssh
P2500# clear line telnet 

Telnet Command: clear lldp

Use this command to clear LLDP statistics or reset LLDP information.

Syntax Items

clear lldp global

clear lldp interfaces

Description

Example

Telnet Command: clear logging

Use this command to clear log messages from the internal logging buffer and flash.

Syntax Items

clear logging buffered

clear logging file

Description

Example

P2500# clear logging file
P2500# 

Telnet Command: clear mac

Use this command to clear MAC configuration related to VLAN, LAG, and LAN port.

Syntax Items

clear mac

Description

Example

P2500# clear mac address-table dynamic vlan 2038
P2500# clear mac address-table dynamic interfaces gigabitethernet 3
P2500# 

Telnet Command: clear mvr

Use this command to clear information for all members (including dynamic, static) of MVR.

Syntax Items

clear mvr members

Description

Example

P2500# clear mvr members dynamic
P2500# clear mvr members static
P2500# 

Telnet Command: clear spanning-tree

Use this command to clear running system information.

Syntax Items

clear spanning-tree

Description

Example

XI-2-2 Clock Configuration

This command allows managing the system clock.

Telnet Command: clock set

Use this command to configure the system clock manually.

Syntax Items

clock set

Description

Example

P2500# clock set 12:10:30 jan 1 2019
2019-01-01 12:10:30 UTC+8 

XI-2-3 Configure Configuration

This command allows configuring the settings related to VigorSwitch.

Available sub-commands under Configure include:

aaa, authentication, boot, clock, custom, dos, dot1x, do, dray_surveillance, enable, end, errdisable, exit, gvrp, hostname, interface, ip, ipv6, jumbo-frame, lacp, lag, line, lldp, logging, logmail, loop-protection, mac, mailalert, management, management-vlan, mirror, mvr, no, openvpn, poe, port-security, qos, radius, schedule, snmp, sntp, spanning-tree, start-up, storm-control, surveillance-vlan, system, tacacs, tr069, udld, username, vlan, voice-vlan, webhook

Before configuration, you have to enter "configure" to access into next phase.

To return to previous phase, enter "exit"

Example

P2500# configure
P2500(config)#
P2500(config)# exit
P2500# 

Telnet Command: aaa

Use this command to add a login authentication list to authenticate with local, tacacs+, radius, and none service.

Syntax Items

aaa authentication enable aaa authentication login

Description

Example

P2500# configure
P2500(config)#
P2500(config)# aaa authentication enable LISTNAME enable
P2500(config)#
P2500(config)# exit
P2500# show aaa authentication enable lists
Enable List Name Authentication Method List
----
default enable
LISTNAME enable
P2500# 

Telnet Command: authentication

Use this command to enable the global setting of 802.1x/MAC/WEB authentication network access control (default is disabled for all).

Syntax Items

authentication dot1x

authentication guest-vlan

authentication mac

authentication web

Description

Example

P2500# configure
P2500(config)# authentication dot1x
P2500(config)# vlan 3
P2500(config-vlan)# exit
P2500(config)# authentication guest-vlan 3
P2500(config)#
P2500(config)# exit
P2500# show authentication
Authentication dot1x state : enabled
Authentication mac state : disabled
Authentication web state : disabled
Guest VLAN : enabled (3)
Mac-auth Radius User ID Format : XXXXXXXXXXXXX
Mac-auth Local Entry :
Web-auth Local Entry :
Interface Configurations
Interface GigabitEthernet1
Admin Control : disable
Host Mode : multi-auth
Type dot1x State : disabled
Type mac State : disabled
Type web State : disabled
Type Order : dot1x
MAC/WEB Method Order : radius
Guest VLAN : disabled
Reauthentication : disabled
Max Hosts : 256
VLAN Assign Mode : static
--More-

Telnet Command: boot

Use this command to have a backup image in the flash partition. Select the active firmware image, and another firmware image will become a backup one.

Syntax Items

boot system

Description

Example

Telnet Command: clock

Use this command to configure time zone, summer-time and external time source for the system clock.

Syntax Items

clock auto timezone clock source local clock source sntp clock summer-time clock timezone

Description

Example

P2500# configure
P2500(config)# clock source sntp
P2500(config)# exit
P2500# show clock detail
2019-01-05 06:51:23 UTC+8
Time source is sntp
Time zone:
Acronym is
Offset is UTC+8
P2500# configure
P2500(config)# clock summer-time tw date jan 30 2019 23:30 feb 1 2019 20:50
P2500(config)# exit
P2500# show clock detail
2019-01-05 07:13:49 UTC+8
Time source is sntp

Time zone:
Acronym is ACRONYM
Offset is UTC-10:08

Summertime:
Acronym is tw
Starting and ending on a specific date.
Begins at 1 30 19 23:30 

Ends at 2 1 19 20:50
Offset is 60 minutes.
P2500# configure
P2500(config)# clock summer-time ACRONYM recurring eu 1200
P2500(config)# clock summer-time ACRONYM recurring first mon jan 10:10 first sun feb 10:10 1000
P2500(config)# exit
P2500# show clock detail
2019-01-05 11:37:18 UTC+8
Time source is sntp
Time zone:
Acronym is
Offset is UTC+8
Summertime:
Acronym is ACRONYM
Recurring every year.
Begins at 1 1 1 10:10
Ends at 1 0 2 10:10
Offset is 1000 minutes. 

Telnet Command: custom

Use this command to enable the module settings.

Syntax Items

custom enable

Description

Example

Telnet Command: dos

Use this command to enable specific Denial of Service (DoS) protection.

Syntax Items

dos daeqsa-deny

dos icmp-frag-pkts-deny

dos icmp-ping-max-length

dos icmpv4-ping-max-check

dos icmpv6-ping-max-check

dos ipv6-min-frag-size-check

dos ipv6-min-frag-size-length

dos land-deny

dos nullscan-deny

dos pod-deny

dos smurf-deny

dos smurf-netmask

dos syn-sportl1024-deny

dos synfin-deny

dos synrst-deny

dos tcp-frag-off-min-check

dos tcpblat-deny

dos tcphdr-min-check

dos tcphdr-min-length

dos udpblat-deny

dos xma-deny

Description

Example

P2500# configure
P2500(config)#
P2500(config)# dos icmp-ping-max-length 25252
P2500(config)# dos icmpv4-ping-max-check
P2500(config)# 

Telnet Command: dray\_surveillance

Use this command to enable / disable the ONVIF.

Syntax Items

dray_surveillance add

dray_surveillance direct-add

dray_surveillance set

Description

Example

Telnet Command: do

Use this command to execute a command immediately.

Syntax Items

do SEQUENCE

Description

Example

System Contact : Default
MAC Address : 00:1D:AA:43:D1:3E
IP Address : 192.168.1.238
Subnet Mask : 255.255.255.0
Loader Version : 1.0.4
Loader Date : Apr 18 2019 - 16:31:58
Firmware Version : 2.5.0
Firmware Date : May 22 2019 - 18:09:18
Firmware Revision : 1421
System Object ID : 1.3.6.1.4.1.7367
System Up Time : 0 days, 5 hours, 33 mins, 8 secs
PoE SW Version : 211
P2500(config)# 

Telnet Command: enable

Use this command to configure local password with encrypted string or not.

Syntax Items

enable password enable privilege enable secret

Description

Example

P2500# configure
P2500(config)# enable secret encrypted testtest
P2500(config)# exit
P2500# show running-config
P2500# ...
enable privilege 2 secret "OTE5ZTY4MmNhYzgyNWQ0MzBhNTgwZTg0MmZmMGJiYzQ="
enable secret "testtest"
vlan 2
    name "test0002"
vlan 3
    name "test0003"
vlan 5
    name "test_carrie"
voice-vlan oui-table 00:E0:BB "3COM"
voice-vlan oui-table 00:03:6B "Cisco"
voice-vlan oui-table 00:E0:75 "Veritel"
...... 

Telnet Command: end

Use this command to end current mode.

Syntax Items

end

Example

P2500# configure
P2500(config)#end
P2500# 

Telnet Command: errdisable

Use this command to enable the auto recovery timer for port error.

Syntax Items

errdisable recovery cause errdisable recovery interval

Description

Example

P2500# configure
P2500(config)#
P2500(config)# errdisable recovery interval 600
P2500(config)# 

Telnet Command: exit

Use this command to exit current mode and return to previous mode/ phase.

Syntax Items

exit

Example

P2500# configure
P2500(config)#
P2500(config)# exit 

P2500#

Telnet Command: gvrp

Use this command to enable the GVRP configuration. In default, the GVRP is disabled.

Syntax Items

gvrp

Example

P2500# configure
P2500(config)# gvrp
P2500(config)#
P2500(config)# exit
P2500# show gvrp
GVRP Status
----
GVRP : Enabled
Join time : 200 ms
Leave time : 600 ms
LeaveAll time : 10000 ms
P2500# 

Telnet Command: hostname

Use this command to modify the network name of VigorSwitch.

Syntax Items

hostname

Description

Example

P2500# configure
P2500(config)# hostname Switch_3F
Switch_3F(config)# 

Telnet Command: interface

Use this command to configure interface settings.

Before configuring, you have to access into next phase. See the following example:

P2500# configure
P2500(config)#
P2500(config)# interface GigabitEthernet 3
P2500(config-if)# 

Or

P2500# configure
P2500(config)#
P2500(config)# interface range LAG 3
P2500(config-if-range)# 

Syntax Items

interface GigabitEthernet interface LAG interface range

Description

Example

P2500# configure
P2500(config)# interface LAG 1
P2280x(config-if)# 

Under (config-if) #, available sub-commands for LAN or LAG will be different. Below shows the items under Ethernet LAN:

<config-if># authentication
<config-if># back-pressure
<config-if># custom
<config-if># description
<config-if># device-check
<config-if># dos
<config-if># dot1x
<config-if># do
<config-if># dray_surveillance
<config-if># duplex
<config-if># eee
<config-if># end
<config-if># exit
<config-if># flowcontrol
<config-if># gvrp
<config-if># ip
<config-if># ipv6
<config-if># lacp
<config-if># lag
<config-if># lldp
<config-if># mac
<config-if># mvr 

<config-if># no
<config-if># poe
<config-if># port-security
<config-if># power
<config-if># protected
<config-if># qos
<config-if># rate-limit
<config-if># shutdown
<config-if># spanning-tree
<config-if># speed
<config-if># storm-control
<config-if># surveillance-vlan
<config-if># switchport
<config-if># udld
<config-if># vlan
<config-if># voice-vlan 

Description

ip

Apply IP configuration to the specified interface (Ethernet port/LAG port).

acl - Specify an ACL for packets. Enter the name of the ACL. arp inspection rate-limit <1-50> - ARP inspection is to enable Dynamic ARP Inspection function. Set the rate limitation (1 - 50) on the interface. VigorSwitch will drop ARP packets after receives more than configured rate of packets per second.

arp inspection trust - Use it to set trusted interface.

arp inspection validate dst-mac - It means the switch will drop ARP reply packets if arp-target-mac and ethernet-dst-mac are not matched.

arp inspection validate ip allow-zeros - The "allow-zeros" means the switch will not drop all zero IP address.

arp inspection validate src-mac - It means the switch will drop ARP requests and reply packets if arp-sender-mac and ethernet-source-mac are not matched.

conflict prevention bind-ip -

conflict prevention port-type DHCP-Client -

conflict prevention port-type DHCP-Client has-server -

conflict prevention port-type DHCP-Server -

conflict prevention port-type DHCP-Server has-server -

conflict prevention port-type Multiple-Hosts -

conflict prevention port-type Multiple-Hosts has-server -

conflict prevention port-type Static-Binding -

conflict prevention port-type Static-Binding has-server -

dhcp snooping option - Use it to enable the function of inserting option82 content into the packet.

dhcp snooping option action - Use it to set the action (drop, keep or replace) when receiving packets with option82 content.

dhcp snooping option circuit-id - Use it to set user-defined circuit-id string (1 to 63 characters).

dhcp snooping rate-limit <1-300> - Use it to set rate limitation on the interface.

dhcp snooping trust - Use it to set trusted interface.

dhcp snooping verify mac-address - Use it to verify MAC address function on the interface.

dhcp snooping vlan <1-4094> option circuit-id - Set user-defined circuit-id string for specified VLAN ID.

igmp filter <1-128> - Use it to bind a profile for a port. Specify a profile ID.

igmp max-groups <0-256> - Use it to limit port learning max group number (0-256).

igmp max-groups action - Use it to set the action (deny or replace) when the number of groups reach the limitation. source binding max-entry <1-50> -

source binding max-entry no-limit -

source verify mac-and-ip - Use it to enable IP source guard function.

Related Syntax:

- # ip acl

- # ip arp inspection rate-limit <1-50>

- # ip arp inspection trust

- # ip arp inspection validate dst-mac

- # ip arp inspection validate ip allow-zeros

- # ip arp inspection validate src-mac

- # ip conflict prevention bind-ip

Example

P2500# configure
P2500(config)# interface LAG 1
P2500(config-if)# speed 100 

P2500(config-if)# backpressure
P2500(config-if)# lldp med location ecs-elin 112233445566778899AA
P2500(config-if)# vlan mac-vlan group 35 vlan 1000
P2500(config-if)# 

Telnet Command: ip

Use this command to create an IPv4 access list (ACL) which performs classification on layer 3 fields and enters ip-access configuration mode.

Syntax Items

ip acl

ip arp

ip conflict

ip dhcp

ip igmp

ip source

Description

Example

P2500# configure
P2500(config)# ip acl market_1
P2280(config-ip-acl)#
P2280(config-ip-acl)# deny 20 192.168.2.55/255.255.255.0 192.168.2.85/255
P2500(config)# ip dhcp snooping database tftp draytek carrie_backup 

Use the "do" command to run execution command in current mode. -

Related Syntax:

- #do

Use the "end" command to finish current mode. Any changes in current mode will be saved.

Related Syntax:

- #end

Use the "exit" command to close the current CLI session or return

precedence <0-7>shutdown
- # permit <0-255> /<0-128> any shutdown - permit icmp /<0-128> /<0-128> <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255/ any> dscp <0-63>
- # permit icmp /<0-128> /<0-128><0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255/ any> dscp <0-63> shutdown
- # permit icmp /<0-128> /<0-128><0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded><0-255/ any> precedence <0-7>
- # permit icmp /<0-128> /<0-128><0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255/ any> precedence <0-7> shutdown
- # permit icmp /<0-128> /<0-128><0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255/ any> shutdown
- # permit icmp /<0-128> any <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> dscp <0-63>
- # permit icmp /<0-128> any <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> dscp <0-63> shutdown
- # permit icmp /<0-128> any <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> precedence <0-7>
- # permit icmp / <0-128> any <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> precedence <0-7> shutdown
- # permit icmp /<0-128> any <0-255 / any / destination-unreachable / echo-reply / echo-request / nd-na / nd-ns / packet-too-big/ parameter-problem/ router-advertisement / router-solicitation / time-exceeded> <0-255 / any> shutdown
- # permit ipv6 /<0-128> /<0-128>
- # permit ipv6 /<0-128> /<0-128> dscp <0-63>
- # permit ipv6 /<0-128> /<0-128> dscp <0-63> shutdown

• # permit ipv6 /<0-128> /<0-128> precedence <0-7>
• # permit ipv6 /<0-128> /<0-128> precedence <0-7> shutdown
• # permit ipv6 /<0-128> /<0-128> shutdown
• # permit ipv6 /<0-128> any dscp <0-63>
• # permit ipv6 /<0-128> any dscp <0-63> shutdown
• # permit ipv6 /<0-128> any precedence <0-7>
• # permit ipv6 /<0-128> any precedence <0-7>shutdown
• # permit ipv6 /<0-128> any shutdown
• # permit ipv6 any /<0-128>
• # permit ipv6 any /<0-128> dscp <0-63>
• # permit ipv6 any /<0-128> dscp <0-63> shutdown
• # permit ipv6 any /<0-128> precedence <0-7>
• # permit ipv6 any /<0-128> precedence <0-7> shutdown
• # permit ipv6 any /<0-128> shutdown
• # permit ipv6 any any
• # permit ipv6 any any dscp <0-63>
• # permit ipv6 any any dscp <0-63> shutdown
• # permit ipv6 any any precedence <0-7>
• # permit ipv6 any any precedence <0-7> shutdown
• # permit ipv6 any any shutdown
• # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>
  # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www> dscp <0-63>
• # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>dscp <0-63> shutdown
• #deny tcp /<0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 /

smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www> / <0-128> <0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www> match-all dscp <0-63>

# permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www> match-all dscp <0-63> shutdown

# permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www> match-all precedence <0-7>

# permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www> match-all precedence <0-7> shutdown

- # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www> match-all shutdown

- # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www> precedence <0-7>

# permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www> precedence <0-7> shutdown

- # permit tcp /<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data / hostname / klogin / kshell / pop2 / pop3 / smtp / sunrpc / syslog / tacacs-ds / talk / telnet / time / whois / www>/<0-128><0-65535 / PORT_RANGE / any / daytime / discard / domain / drip / echo / ftp / ftp-data/

vlan <1-4094> - Use it to enable MLD on VLAN. Specify a VLAN ID for configuration.

forbidden-port GigabitEthernet <1-50> - Specify a physical port.

forbidden-port LAG <1-8> - Specify a LAG port.

forbidden-router-port GigabitEthernet <1-50> - Use it to add static forbidden router port. Specify a physical port.

forbidden-router-port LAG <1-8> - Use it to add static forbidden router port. Specify a LAG port.

immediate-leave - Use it to enable fastleave function.

last-member-query-count <1-7> - Use it to change how many query packets will send. Specify the last member query count. Default is 2.

last-member-query-interval <1-25> - Use it to set interval between each query packet. Specify the last member query interval. Default is 1.

query-interval <30-18000> - Use it to set interval between each query. Specify the query interval. Default is 125.

response-time <5-20> - Use it to set response time. Specify a time value. Default is 10.

robustness-variable <1-7> - Specify a robustness-variable value. Default is 2.

router learn pim-dvmrp - Use it to enable learning router port by routing protocol packets (DVMRP).

static-group interfaces gigabitethernet <1-50> - Use it to add a static group. Specify a physical port.

static-group interfaces LAG <1-8> - Use it to add a static group. Specify a LAG port.

static-port gigabitethernet <1-50>- Use it to add static forwarding port. Specify a physical port.

static-port LAG <1-8>- Use it to add static forwarding port. Specify a LAG port.

static-router-port GigabitEthernet <1-50> - Use it to add static router port. All query packets will forward to the specified port. Specify a physical port.

static-router-port LAG <1-8> - Use it to add static router port. All query packets will forward to the specified port. Specify a LAG port.

Related Syntax:

<config>#ipv6 mld profile <1-128>
    <config-mld-profile># do
    <config-mld-profile># end
    <config-mld-profile># exit
    <config-mld-profile># profile range ipv6 <X:X::X:X> action <deny/ permit>
    <config-mld-profile># profile range ipv6 <X:X::X:X> <X:X::X:X>
    <config-mld-profile># profile range ipv6 <X:X::X:X> <X:X::X:X> action <deny/ permit>
    <config-mld-profile># show 

- #ipv6 mld snooping

#ipv6 mld snooping forward-method

- #ipv6 mld snooping report-suppression

#ipv6 mld snooping unknown-multicast action

- #ipv6 mld snooping version <1/2>

- #ipv6 mld snooping vlan <1-4094>

#ipv6 mld snooping vlan <1-4094> forbidden-port GigabitEthernet <1-50>

Example

P2500# configure
P2500(config)#
P2500(config)# ipv6 mld snooping vlan 33
P2500(config)# ipv6 acl CA_v6
P2500(config-ipv6-acl)# deny 3 00:50::32:ff/24 00:50::78:aa/32 

Telnet Command: jumbo-frame

Use this command to modify the maximum frame size of jumbo frame.

Syntax Items

jumbo-frame

Description

Example

P2500# configure
P2500(config)#
P2500(config)# jumbo-frame 8000
P2500(config)# 

Telnet Command: Iacp

Use this command to set the system priority of the switch.

Syntax Items

Iacp

Iacp system-priority

Description

Example

P2500# configure
P2500(config)#
P2500(config)# lacp system-priority 1000
P2500(config)# 

Telnet Command: lag

LAG port can transmit packets to all ports for balancing the traffic loading. Use this command to change the load balance algorithm to src-dst-mac or src-dst-mac-ip as the Load Balance policy.

Syntax Items

lag load-balance

Description

Example

P2500# configure
P2500(config)# 

Telnet Command: line

Use this command to select line configuration mode.

Syntax Items

line console

line ssh

line telent

Description

Example

P2500# configure
P2500(config)#
P2500(config)# line telnet
P2280x(config-line)# 

Telnet Command: Ildp

Use this command to set LLDP function.

Syntax Items

Ildp

Ildp holdtime-multiplier

Ildp Ildpdu

Ildp med

lldp reinit-delay

Ildp tx-delay

Ildp tx-interval

Description

- # lldp tx-interval <5-32767>

Example

P2500# configure
P2500(config)#
P2500(config)# lldp med network-policy 30 app guest-voice vlan 30 vlan-type
untag priority 3 dscp
P2500(config)# 

Telnet Command: logging

Use this command to set logging service on VigorSwitch.

Syntax Items

logging

logging buffered

logging console

logging file

logging host

Description

Example

P2500# configure
P2500(config)#
P2500(config)# logging host aa:00::1a:FF facility local1 

Telnet Command: logmail

Use this command to configure log mail.

Syntax Items

logmail active logmail auth logmail category logmail encry logmail password logmail port logmail receiver logmail sender logmail server logmail username

Description

Example

P2500# configure
P2500(config)#
P2500(config)# logmail receiver carrie_ni@draytek.com
P2500(config)# 

Telnet Command: loop-protection

Use this command to set loop-protection.

Syntax Items

loop-protection action loop-protection periodicTime loop-protection state

Description

Example

P2500# configure
P2500(config)#
P2500(config)# loop-protection state enable
P2500(config)# 

Telnet Command: mac

Use this command to create a MAC access list.

Syntax Items

mac acl mac address-table

Description

Use the "do" command to run execution command in current mode. -

Related Syntax:

- #do

Use the "end" command to finish current mode. Any changes in current mode will be saved.

Related Syntax:

- #end

Use the "exit" command to close the current CLI session or return to the previous mode without saving the settings.

Related Syntax:

- #exit

Use the "no sequence" command to delete any entry in

management ACL.

<1-65535>- Specify an index number of the ACL.

Related Syntax:

- #no sequence <1-65535>

Use the "permit" command to add permit rules which bypass the packets meet the rule.

/ Specify the source and destination MAC addresses and subnet masks.

cos <0-7><0-7> - Set the cos value and the cos mask for a packet.

<0x0600-0xFFFF> - Set the EtherType of the packet.

Shutdown - Disable the Ethernet interface.

vlan <1-4094> - Specify the VLAN ID of the packet.

any - Any MAC address.

Related Syntax:

#permit /cos <0-7><0-7>
#permit / cos <0-7><0-7> ethtype <0x0600-0xFFFF>
#permit /
ethtype <0x0600-0xFFFF>
#permit / vlan <1-4094>
#permit / vlan <1-4094>cos <0-7><0-7>
#permit / vlan <1-4094>cos <0-7><0-7> ethtype <0x0600-0xFFFF>
#permit /vlan <1-4094>ethtype <0x0600-0xFFFF>
#permit any /cos <0-7><0-7>
#permit any /cos <0-7><0-7>ethtype <0x0600-0xFFFF>
#permit any /
ethtype <0x0600-0xFFFF>
#permit any /vlan <1-4094>
#permit any /vlan <1-4094> cos <0-7><0-7>
#permit any /vlan <1-4094> cos <0-7><0-7>ethtype <0x0600-0xFFFF>
#permit any /vlan <1-4094> ethtype <0x0600-0xFFFF>

Use the "sequence" command to deny or permit the ACL.

<1-2147483647> - Enter the sequence index ACE. The sequence represents the priority of the ACE in the ACL.

/ Specify the source and destination MAC addresses and subnet masks.

cos <0-7><0-7> - Set the cos value and the cos mask for a packet.

<0x0600-0xFFFF> - Set the EtherType of the packet.

shutdown - Disable the Ethernet interface.

vlan <1-4094> - Specify the VLAN ID of the packet.

any - Any MAC address.

Related Syntax:

- #sequence <1-2147483647>deny < A:B:C:D:E:F>// cos <0-7><0-7>

#sequence <1-2147483647>deny //

cos <0-7><0-7> ethtype <0x0600-0xFFFF>
- #sequence <1-2147483647>deny < A:B:C:D:E:F>/< A:B:C:D:E:F>// cos <0-7><0-7> ethtype <0x0600-0xFFFF> shutdown
#sequence <1-2147483647>deny /// cos <0-7><0-7> shutdown
#sequence <1-2147483647>deny /// ethtype <0x0600-0xFFFF>
#sequence <1-2147483647>deny /// ethtype <0x0600-0xFFFF> shutdown
- #sequence <1-2147483647>deny < A:B:C:D:E:F>/< A:B:C:D:E:F>/ shutdown
#sequence <1-2147483647>deny any // cos <0-7><0-7>
#sequence <1-2147483647>deny any // cos <0-7><0-7> ethtype <0x0600-0xFFFF>
- #sequence <1-2147483647>deny any < A:B:C:D:E:F>/// cos <0-7><0-7> ethtype <0x0600-0xFFFF> shutdown
#sequence <1-2147483647>deny any // cos <0-7><0-7> shutdown
- #sequence <1-2147483647>deny any any cos <0-7><0-7>
#sequence <1-2147483647>deny any any cos <0-7><0-7> ethtype <0x0600-0xFFFF>
#sequence <1-2147483647>deny any any cos <0-7><0-7> ethtype <0x0600-0xFFFF> shutdown
#sequence <1-2147483647>deny any any cos <0-7><0-7> shutdown
#sequence <1-2147483647>deny any any ethtype <0x0600-0xFFFF>
#sequence <1-2147483647>deny any any ethtype <0x0600-0xFFFF> shutdown
- #sequence <1-2147483647>deny any any shutdown
- #sequence <1-2147483647>deny any any vlan <1-4094>
#sequence <1-2147483647>deny any any vlan <1-4094> cos <0-7><0-7>
#sequence <1-2147483647>deny any any vlan <1-4094> cos <0-7><0-7> ethtype <0x0600-0xFFFF>
#sequence <1-2147483647>deny any any vlan <1-4094> cos <0-7><0-7> ethtype <0x0600-0xFFFF> shutdown
#sequence <1-2147483647>deny any any vlan <1-4094> ethtype <0x0600-0xFFFF>
#sequence <1-2147483647>deny any any vlan <1-4094> ethtype <0x0600-0xFFFF> shutdown
#sequence <1-2147483647>deny any any vlan <1-4094> shutdown
- #sequence <1-2147483647>permit < A:B:C:D:E:F>/< A:B:C:D:E:F> < A:B:C:D:E:F>/< A:B:C:D:E:F> cos <0-7><0-7>
#sequence <1-2147483647>permit // cos <0-7><0-7> ethtype <0x0600-0xFFFF>

Example

P2500# configure
P2500(config)# mac acl test_CA
P2500(config-mac-acl)# deny 00:50:00:7f:12:11/00:00:00:00:10:20
00:50:00:aa:bb:cc/00:00:00:00:12:00 cos 3 2 ethtype 0x0600
P2500(config-mac-acl)# deny any 00:50:00:7f:12:11/00:00:00:00:10:20 cos 5 6
ethtype 0x0600
P2500(config-mac-acl)# deny any
P2500(config)# mac address-table static 00:50:07:12:ff:aa vlan 300 drop 

Telnet Command: mail alert

Use this command to configure mail alert for various conditions.

Syntax Items

mailalert active

mailalert auth

mailalert devicecheck

mailalert encry

mailalert hwmon

mailalert interval

mailalert ipconflict

mailalert password

mailalert poestatus

mailalert port

mailalert portlink

mailalert portspeed

mailalert receiver

mailalert sender

mailalert server

mailalert sysrestart

mailalert throughputcheck

mailalert username

Description

Example

P2500# configure
P2500(config)#
P2500(config)# mailalert receiver carrie_ni@draytek.com 

Telnet Command: management

Use this command to create a management access list and set configuration mode.

Syntax Items

management access-list management access-class

Description

Example

P2500 # configure
P2500(config)#
P2500(config)# management access-list CA_ACL
P2500(config-macl)# deny ip 192.168.2.56/255.255.255.0 interfaces gigabitethernet 3 service telnet
P2500(config-macl)#
P2500(config-macl)# deny ipv6 00:50::7f:3b/24 

Telnet Command: management-vlan

Use this command to set VLAN ID for management VLAN.

Syntax Items

management-vlan vlan

Description

Example

P2500# configure
P2500(config)#
P2500(config)# management-vlan vlan 200
VLAN 200: VLAN does not exist
P2500(config)# 

Telnet Command: mirror

Use this command to set the source / destination interface of a port mirror session.

Syntax Items

mirror session

Description

Example

P2500# configure
P2500(config)#
P2500(config)# mirror session 3 destination interface GigabitEthernet 3 allow
P2500(config)#
P2500(config)# mirror session 3 source interfaces LAG 3 both
P2500(config)# 

Telnet Command: mvr

Use this command to enable MVR function and configure related settings.

Syntax Items

mvr

mvr group

mvr mode

mvr query-time

mvr vlan

Description

Example

P2500# configure
P2500(config)#
P2500(config)# mvr group 192.168.2.33
The operation will delete the MVR VLAN groups include static MVR groups.Continue
? [yes/no]:y
Input Parameter Error
P2500(config)# 

Telnet Command: no

Use this command to disable specific command.

Syntax Items

no

Example

P2500# configure
P2500(config)#
P2500(config)# no port-security
P2500(config)# 

Telnet Command: openvpn

Use this command to enable/ disable the OpenVPN tunnel.

Syntax Items

openvpn enable

openvpn disable

openvpn filename

Description

Example

Telnet Command: poe

Use this command configure settings for PoE device.

Syntax Items

poe mode

poe schedule

Description

Example

P2500# configure
P2500(config)#
P2500(config)# poe 

Telnet Command: port-security

Use this command to enable the function of port security.

Syntax Items

port-security

Example

P2500# configure
P2500(config)#
P2500(config)# port-security
P2500(config)# 

Telnet Command: qos

Use this command to configure QoS settings.

Syntax Items

qos qos map qos queue qos trust

Description

Example

P2500# configure
P2500(config)#
P2500(config)# qos map cos-queue SEQUENCE to 3
P2500(config)# 

Telnet Command: radius

Use this command to configure settings for RADIUS server.

Syntax Items

radius default-config

radius host

Description

Example

P2500# configure

P2500(config)#

P2500(config)# radius default-config key 123456789 retransmit 3 timeout 10

P2500(config)# radius host radius auth-port 3000

Telnet Command: schedule

Use this command to set schedule.

Syntax Items

schedule index

Description

Example

P2500# configure
P2500(config)#
P2500(config)# schedule index 1 how-often cycle-days 3 start-date jan 1 2019
start-time 08:01 duraton 17:30 action on
P2500(config)# schedule index 2 how-often weekdays sun start-date may 11 2019 

start-time 02:10 duration 12:10 action on P2500(config)#

Use this command to define SNMP community.

Syntax Items

snmp community snmp engineid snmp group snmp host snmp trap snmp user snmp view

Description

Example

P2500# configure
P2500(config)#
P2500(config)# snmp engineid remote 192.168.2.38 00036D001188
P2500(config)# snmp engineid remote 00:50::16:88 00036D002288
P2500(config)# snmp host 192.168.2.89 CAR_community udp-port 1500 timeout 200
P2500(config)# snmp host 192.168.2.88 informs version 2c CAR_community
udp-port 3000 timeout 180 retries 35
P2500(config)# snmp host 192.168.2.88 traps version 2c CAR_traps udp-port 6500
timeout 60 retries 2
P2500(config)# snmp host 192.168.2.88 version 2c CAR_version udp-port 3000
timeout 60 retries 2
P2500(config)# snmp host HOSTNAME CAR_host udp-port 3000 timeout 60 retries
P2500(config)# snmp host HOSTNAME informs HA_informs udp-port 3000 timeout 60
retries 2
P2500(config)# snmp host HOSTNAME version 2c HT_version udp-port 3000 timeout
60 retries 2
P2500(config)# snmp user CA_user_1 CA_group_1 auth md5 CA12345678 priv
PR12345678
P2500(config)# snmp view CAR_community subtree 10 oid-mask 9 viewtype included
P2500(config)# 

Telnet Command: sntp

Use this command to configure settings for remote SNTP server.

Syntax Items

sntp host

Description

Example

P2500# configure
P2500(config)#
P2500(config)# sntp host KEY1245 port 3000
P2500(config)# 

Telnet Command: spanning-tree

Use this command to configure settings for spanning-tree.

Syntax Items

spanning-tree spanning-tree bpdu spanning-tree forward-delay spanning-tree hello-time spanning-tree max-hops spanning-tree maximum-age spanning-tree mode spanning-tree mst spanning-tree pathcost spanning-tree priority spanning-tree tx-hold-count

Description

Example

Telnet Command: start-up

Use this command to restart ICP status after rebooting VigorSwitch.

Syntax Items

start-up icp

Description

Example

Telnet Command: storm-control

Use this command to configure settings for Storm Control.

Syntax Items

storm-control ifg exclude storm-control ifg include storm-control unit bps storm-control unit pps

Description

Example

P2500# configure
P2500(config)#
P2500(config)# storm-control ifg exclude
P2500(config)#
P2500(config)# storm-control unit bps
P2500(config)# 

Telnet Command: surveillance-vlan

Use this command to configure settings for surveillance-VLAN.

Syntax Items

surveillance-vlan surveillance-vlan aging-time surveillance-vlan cos surveillance-vlan oui-table surveillance-vlan vlan

Description

Example

P2500# configure
P2500(config)#
P2500(config)#
P2500(config)# surveillance-vlan aging-time 60
P2500(config)#
P2500(config)# surveillance-vlan oui-table 00:50:12 fortestonly
P2500(config)# 

Telnet Command: system

Use this command to modify the contact information of VigorSwitch.

Syntax Items

system contact

system location

system name

Description

Example

P2500# configure
P2500(config)#
P2500(config)# system contact callMIS
P2500(config)#
P2500(config)# system location DrayTek
P2500(config)# system name UPDATEFRIM
UPDATEFRIM(config)# 

Telnet Command: tacacs

Use this command to configure TACACS+ server.

Syntax Items

tacacs default-config

tacacs host

Description

Example

P2500# configure
P2500(config)#
P2500(config)# tacacs default-config key tce00056 timeout 25
P2500(config)#
P2500(config)# tacacs host carrie02 key TA012345 priority 3000 timeout 10
P2500(config)# 

Telnet Command: tr069

Use this command to configure parameter settings of TR-069.

Syntax Items

tr069 acsPwd

tr069 acsUsername

tr069 acsurl

tr069 cpeEnable

tr069 cpePwd

tr069 cpeUsername

tr069 cpeport

tr069 healthlinkstatus

tr069 healthpoewarning

tr069 healthspeedstatus
tr069 periodicInfo
tr069 periodicTime Time
tr069 ssl
tr069 stun
tr069 stunMAXkeepalive
tr069 stunMINkeepalive
tr069 stunaddr
tr069 stunport

Description

Example

P2500# configure
P2500(config)#
P2500(config)# tr069 stunaddr 192.168.3.99
P2500(config)# 

Telnet Command: udId

Use this command to set the time interval of UniDirectional Link Detection (UDLD) sent message.

Syntax Items

udld

Description

Example

Telnet Command: username

Use this command to add a new user account or edit an existing user account.

Syntax Items

username

Description

Example

P2500 (config)#

Telnet Command: vlan

Use this command to configure detailed settings for VLAN profile.

Before configuring, you have to access into next phase. See the following example:

P2500# configure
P2500(config)#
P2500(config)# vlan 3
P2280x(config-vlan)# 

Syntax Items

vlan vlan-list

vlan mac-vlan group

vlan protocol-vlan group

Description

Example

P2500# configure
P2500(config)# vlan 3
P2500(config-vlan)#
P2500(config-vlan)# name vlan_friends
P2500(config-vlan)#
...
P2500(config)# vlan mac-vlan group 33 00:50:17:22:12:ff mask 10
P2500(config)# vlan group 1 frame-type ethernet_ii protocol-value 0x0600
P2500(config)# 

Telnet Command: voice-vlan

Use this command to enable voice VLAN and configure settings for voice VLAN.

Syntax Items

voice-vlan aging-time

voice-vlan cos

voice-vlan oui-table

voice-vlan vlan

Description

Example

P2500# configure
P2500(config)# voice-vlan aging-time 1000
P2500(config)#
P2500(config)# voice-vlan oui-table 22:30:ff test_01
P2500(config)#
P2500(config)# voice-vlan oui-table 00:01:E2 STAMP
P2500(config)# exit
P2500# show voice-vlan interfaces gigabitEthernet 1
Voice VLAN Aging : 1000 minutes
Voice VLAN CoS : 6
Voice VLAN 1p Remark: disabled

OUI table
    OUI MAC | Description
----+----
    00:E0:BB | 3COM
    00:03:6B | Cisco
    00:E0:75 | Veritel
    00:D0:1E | Pingtel
    00:01:E3 | Siemens
    00:60:B9 | NEC/Philips
    00:0F:E2 | H3C
    00:09:6E | Avaya
    22:30:FF | test_01
    00:01:E2 | STAMP

Port | State | Port Mode | Cos Mode
----+----+----+----
gil | Disabled | Auto | Src
P2500# 

Telnet Command: webhook

Use this command to enable or disable the webhook service.

Syntax Items

webhook active

webhook host

webhook interval

webhook keep

Description

Example

P2500# configure
P2500(config)# webhook host service https
P2500(config)# webhook host url www.demo.com
P2500(config)# webhook host path Draytek/demo
P2500(config)# webhook host port 443
P2500(config)# webhook interval 2 

XI-2-4 Copy Configuration

Use this command to upgrade firmware image, configuration file, syslog file, language file and security certificate.

Syntax Items

copy flash://

copy tftp://

copy backup-config

copy running-config

copy startup-config

Description

- # copy tftp:// tftp://

Example

P2500# copy running-config tftp://172.16.3.8/test_carrie.cfg
Uploading file. Please wait...
Save configuration done.
P2500# copy startup-config tftp://172.16.3.8/test_da.cfg
Uploading file. Please wait...
Save configuration done.
P2500# 

XI-2-5 Delete Configuration

Use this command to delete a file from the FLASH file system or restore the factory default settings of VigorSwitch.

Syntax Items

delete backup-config

delete flash:// startup-config

delete startup-config

delete system

Description

Example

P2500# delet flash://startup-config
Delete flash://startup-config [y/n] y
Do you want to reload the system to take effect? [y/n] y 

XI-2-6 Disable Configuration

All commands used will be divided into EXEC mode and Privileged EXEC mode. This command is to turn off privileged mode command.