Prefix Length — Defines the number of bits that comprise the source IP address prefix, or the network mask of the source IP address.

Action —Defines the action attached to the access rule. The possible field values are:

Permit — Permits access to the device.

Deny — Denies access to the device. This is the default.

3. Click . The access profile is saved and the device is updated.

5.1.1.2 Defining Profile Rules

Access profiles can contain up to 128 rules that determine which users can manage the switch module, and by which methods. Users can also be blocked from accessing the device. Rules are composed of filters including:

Rule Priority

Interface

Management Method

IP Address

Prefix Length

Forwarding Action

To define profile rules:

1.Click System > Management Security > Authentication > Profile Rules. The Profile Rules Page opens:

Figure 26: Profile Rules Page

The Profile Rules Page contains the following fields:

Access Profile Name — Displays the access profile to which the rule is attached.

Priority — Defines the rule priority. When the packet is matched to a rule, user groups are either granted per- mission or denied device management access. The

rule number is essential to matching packets to rules, as packets are matched on a first-fit basis.

Interface — Indicates the interface type to which the rule applies. The possible field values are:

Port — Attaches the rule to the selected port.

LAG — Attaches the rule to the selected LAG.

VLAN — Attaches the rule to the selected VLAN.

Management Method — Defines the management method for which the rule is defined. Users with this access profile can access the device using the management method selected. The possible field values are:

All — Assigns all management methods to the rule.

Telnet — Assigns Telnet access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.

Secure Telnet (SSH) — Assigns SSH access to the rule. If selected, users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device.

HTTP — Assigns HTTP access to the rule. If selected, users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device.

Secure HTTP (HTTPS) — Assigns HTTPS access to the rule. If selected, users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device.

SNMP — Assigns SNMP access to the rule. If selected, users accessing the device using SNMP meeting access profile criteria are permitted or denied access to the device.

Source IP Address — Defines the interface source IP address to which the rule applies.

2 3

Page 29 Page 31
Page 30
Image 30
TP-Link TL-SL3452, TL-SL3428, TL-SG3109 manual Defining Profile Rules
Page 29 Page 31

TL-SG3109, TL-SL3428, TL-SL3452 specifications

The TP-Link TL-SL3428 is a feature-rich Ethernet switch designed for small to medium-sized business environments. It is part of TP-Link’s JetStream series, which emphasizes reliability, performance, and robust management capabilities. Built with 28 10/100/1000 Mbps ports, the TL-SL3428 provides sufficient bandwidth to support a wide range of network applications.

One of the standout features of the TL-SL3428 is its support for Layer 2 management protocols. This allows for more granular control and optimized performance across network segments. The switch supports VLAN (Virtual Local Area Network) segmentation, which enhances network security and efficiency by isolating various types of traffic. This feature is particularly useful in larger organizations where different departments or teams may require separate network environments.

The TL-SL3428 also includes advanced QoS (Quality of Service) capabilities. This functionality prioritizes traffic based on predefined rules, which ensures that critical applications receive the necessary bandwidth to function optimally. With QoS implementation, users can experience minimized latency, leading to better performance in VoIP and video conferencing applications.

In terms of redundancy and reliability, the switch also supports Link Aggregation Control Protocol (LACP), enabling multiple connections to be combined for increased bandwidth and failover support. This feature significantly enhances network resilience, ensuring minimal downtime during failures.

Power over Ethernet (PoE) support is another important characteristic of the TL-SL3428. With PoE capabilities, this switch can deliver electrical power along with data over the same Ethernet cable, simplifying installation and reducing the need for additional wiring. This is especially advantageous for IP devices like cameras, access points, and VoIP phones.

Security features are abundant in the TL-SL3428 as well. It implements port security, storm control, and DHCP snooping, all of which contribute to a secure network infrastructure. The switch’s management capabilities can be accessed through a user-friendly web interface, making it easier for IT administrators to configure and monitor network activities.

Overall, the TP-Link TL-SL3428 is an exemplary choice for businesses looking to enhance their network performance with advanced management features, security protocols, and reliability. Its combination of speed, flexibility, and manageability make it a valuable tool for any growing organization.
Top Page Image Contents