L2 and L2+ Features • Link Aggregation - Static link aggregation - 802.3ad LACP - Up to 8 aggregation groups and up to 8 ports per group • Spanning Tree Protocol - 802.1d STP - 802.1w RSTP - 802.1s MSTP - STP Security: TC Protect, BPDU Filter, BPDU Protect, Root Protect, Loop Protect • Loopback Detection - Port-based - VLAN based • Flow Control - 802.3x Flow Control - HOL Blocking Prevention • Mirroring - Port Mirroring - CPU Mirroring - One-to-One - Many-to-One - Tx/Rx/Both
L2 Multicast • Supports 511 (IPv4, IPv6) IGMP groups • IGMP Snooping - IGMP v1/v2/v3 Snooping - Fast Leave - IGMP Snooping Querier - IGMP Authentication • IGMP Authentication • MVR • MLD Snooping - MLD v1/v2 Snooping - Fast Leave - MLD Snooping Querier - Static Group Config - Limited IP Multicast • Multicast Filtering: 256 profiles and 16 entries per profile
Access Control List • Time-based ACL • MAC ACL - Source MAC - Destination MAC - VLAN ID - User Priority - Ether Type • IP ACL - Source IP - Destination IP - Fragment - IP Protocol - TCP Flag - TCP/UDP Port - DSCP/IP TOS - User Priority • Combined ACL • Packet Content ACL • IPv6 ACL • Policy - Mirroring - Redirect - Rate Limit - QoS Remark • ACL apply to Port/VLAN
Security • IP-MAC-Port Binding - DHCP Snooping - ARP Inspection - IPv4 Source Guard • IPv6-MAC-Port Binding - DHCPv6 Snooping - ND Detection - IPv6 Source Guard • DoS Defend • Static/Dynamic Port Security - Up to 64 MAC addresses per port • Broadcast/Multicast/Unicast Storm Control - kbps/ratio/pps control mode • IP/Port/MAC based access control • 802.1X - Port based authentication - Mac based authentication - VLAN Assignment - MAB - Guest VLAN - Support Radius authentication and accountability • AAA (including TACACS+) • Port Isolation • Secure web management through HTTPS with SSLv3/TLS 1.2 • Secure Command Line Interface (CLI) management with SSHv1/SSHv2
最近想找个有 port security 的 switch,但又不想太贵。找了一圈,发现 TP-Link
的 TL-SG3210(或者 T2500G-10TS)不错。以上两个型号互为马甲,许多企业级的功能都有(如L2/L3 ACL、802.1x等)。有趣的是,命令行语法跟 Cisco 一模一样。
8个千兆口,另加两个 SFP 槽。在 eBay 上入了个 $50 的。比较适合喜欢折腾功能的
人,譬如配合 RADIUS 做端口安全认证。
自己家里用这个干嘛?
搞vlan?
我研究了一圈最后还是没搞pfSense,vlan,managed switch之类的了。买了个$20
unmanaged switch用的挺爽的。
Managed switch 这东西,面向不同人群。有用的觉得有用,没用的觉得没用。
另外,如果只是想要 VLAN,不一定要买 manage switch,现在许多 unmanaged switch,或者 smart switch,都有 VLAN 功能。但如果想玩一些企业级功能,但又不想买个
大家伙,$50块钱的小 switch,有以下功能,很良心了。
Quality of Service
• 8 priority queues
• 802.1p CoS/DSCP priority
• Queue scheduling
- SP (Strict Priority)
- WRR (Weighted Round Robin)
- SP+WRR
• Bandwidth Control
- Port/Flow based Rating Limiting
• Smoother Performance
• Action for Flows
- Mirror (to supported interface)
- Redirect (to supported interface)
- Rate Limit
- QoS Remark
L2 and L2+ Features
• Link Aggregation
- Static link aggregation
- 802.3ad LACP
- Up to 8 aggregation groups and up to 8 ports per group
• Spanning Tree Protocol
- 802.1d STP
- 802.1w RSTP
- 802.1s MSTP
- STP Security: TC Protect, BPDU Filter, BPDU Protect, Root Protect, Loop
Protect
• Loopback Detection
- Port-based
- VLAN based
• Flow Control
- 802.3x Flow Control
- HOL Blocking Prevention
• Mirroring
- Port Mirroring
- CPU Mirroring
- One-to-One
- Many-to-One
- Tx/Rx/Both
L2 Multicast
• Supports 511 (IPv4, IPv6) IGMP groups
• IGMP Snooping
- IGMP v1/v2/v3 Snooping
- Fast Leave
- IGMP Snooping Querier
- IGMP Authentication
• IGMP Authentication
• MVR
• MLD Snooping
- MLD v1/v2 Snooping
- Fast Leave
- MLD Snooping Querier
- Static Group Config
- Limited IP Multicast
• Multicast Filtering: 256 profiles and 16 entries per profile
VLAN
• VLAN Group
- Max 4K VLAN Groups
• 802.1q Tagged VLAN
• MAC VLAN: 12 Entries
• Protocol VLAN: Protocol Template 16, Protocol VLAN 16
• GVRP
• VLAN VPN (QinQ)
- Port-Based QinQ
- Selective QinQ
• Voice VLAN
Access Control List
• Time-based ACL
• MAC ACL
- Source MAC
- Destination MAC
- VLAN ID
- User Priority
- Ether Type
• IP ACL
- Source IP
- Destination IP
- Fragment
- IP Protocol
- TCP Flag
- TCP/UDP Port
- DSCP/IP TOS
- User Priority
• Combined ACL
• Packet Content ACL
• IPv6 ACL
• Policy
- Mirroring
- Redirect
- Rate Limit
- QoS Remark
• ACL apply to Port/VLAN
Security
• IP-MAC-Port Binding
- DHCP Snooping
- ARP Inspection
- IPv4 Source Guard
• IPv6-MAC-Port Binding
- DHCPv6 Snooping
- ND Detection
- IPv6 Source Guard
• DoS Defend
• Static/Dynamic Port Security
- Up to 64 MAC addresses per port
• Broadcast/Multicast/Unicast Storm Control
- kbps/ratio/pps control mode
• IP/Port/MAC based access control
• 802.1X
- Port based authentication
- Mac based authentication
- VLAN Assignment
- MAB
- Guest VLAN
- Support Radius authentication and accountability
• AAA (including TACACS+)
• Port Isolation
• Secure web management through HTTPS with SSLv3/TLS 1.2
• Secure Command Line Interface (CLI) management with SSHv1/SSHv2
IPv6
• IPv6 Dual IPv4/IPv6
• Multicast Listener Discovery (MLD) Snooping
• IPv6 ACL
• IPv6 Interface
• Static IPv6 Routing
• IPv6 neighbor discovery (ND)
• Path maximum transmission unit (MTU) discovery
• Internet Control Message Protocol (ICMP) version 6
• TCPv6/UDPv6
• IPv6 applications
- DHCPv6 Client
- Ping6
- Tracert6
- Telnet (v6)
- IPv6 SNMP
- IPv6 SSH
- IPv6 SSL
- Http/Https
- IPv6 TFTP
L3 Features
• 16 IPv4/IPv6 Interfaces
• Static Routing - 48 static routes
• Static ARP
• 316 ARP Entries
• Proxy ARP
• Gratuitous ARP
• DHCP Server
• DHCP Relay
• DHCP L2 Relay
Management
• Web-based GUI
• Command Line Interface (CLI) through console port, telnet
• SNMPv1/v2c/v3
- Trap/Inform
- RMON (1, 2, 3, 9 groups)
• SDM Template
• DHCP/BOOTP Client
• 802.1ab LLDP/LLDP-MED
• DHCP AutoInstall
• Dual Image, Dual Configuration
• CPU Monitoring
• Cable Diagnostics
• EEE
• Password Recovery
• SNTP
• System Log
Advanced Features
• Support Omada Hardware Controller (OC200/OC300), Software Controller, Cloud-Based Controller
• Automatic Device Discovery
• Batch Configuration
• Batch Firmware Upgrading
• Intelligent Network Monitoring
• Abnormal Event Warnings
• Unified Configuration
• Reboot Schedule
• ZTP (Zero-Touch Provisioning)*