Home
/
Advantech
/
EKI-9228G-8CMI
/
User Manual

Advantech EKI-9228G-8CMI, User Manual

Share

Page: 186 / 324

Advantech EKI-9228G-8CMI User Manual Download Page 186

EKI-9228G Series User Manual

168

To DAI on a VLAN and configure the optional DAI settings:

Click Switching > Dynamic ARP Inspection > VLAN > Add.

Figure 4.180 Switching > Dynamic ARP Inspection > VLAN > Add

The following table describes the items in the previous figure.

ARP ACL Name

The name of the of ARP access control list (ACL) that the VLAN uses
as the filter for ARP packet validation. The ARP ACL must already
exist on the system to associate it with a DAI-enabled VLAN. ARP
ACLs include permit rules only.

Static

Determines whether to use the DHCP snooping database for ARP
packet validation if the packet does not match any ARP ACL rules. The
options are as follows:



Enable: The ARP packet will be validated by the ARP ACL rules
only. Packets that do not match any ARP ACL rules are dropped
without consulting the DHCP snooping database.



Disable: The ARP packet needs further validation by using the
entries in the DHCP Snooping database.

Refresh

Click Refresh to update the screen.

Add

Click Add to enable DAI on a VLAN and configure the optional DAI
settings.

Edit

Click Edit to edit the selected entries.

Remove

Click Remove to disable DAI for the selected entries.

Item

Description

VLAN ID

Lists each VLAN that has been enabled for DAI. After you click Add,
use the VLAN ID menu to select the VLAN on which to enable DAI. A
VLAN does not need to exist on the system to be enabled for DAI.

Log Invalid Packets

Indicates whether DAI logging is enabled on this VLAN. When logging
is enabled, DAI generates a log message whenever an invalid ARP
packet is discovered and dropped.

ARP ACL Name

The name of the of ARP access control list (ACL) that the VLAN uses
as the filter for ARP packet validation. The ARP ACL must already
exist on the system to associate it with a DAI-enabled VLAN. ARP
ACLs include permit rules only.

Static

Determines whether to use the DHCP snooping database for ARP
packet validation if the packet does not match any ARP ACL rules. The
options are as follows:



Enable: The ARP packet will be validated by the ARP ACL rules
only. Packets that do not match any ARP ACL rules are dropped
without consulting the DHCP snooping database.



Disable: The ARP packet needs further validation by using the
entries in the DHCP Snooping database.

Item

Description

«
...
184
185
186
187
188
...
»

Summary of Contents for EKI-9228G-8CMI

Page 1: ...User Manual EKI 9228G Series 16xRJ45 4xSFP 8xCombo Port Full Gigabit L2 Managed Switch...

Page 2: ...tion Advantech assumes no liability under the terms of this warranty as a consequence of such events Because of Advantech s high quality control standards and rigorous testing most of our customers ne...

Page 3: ...case the user will be required to correct the interference at his own expense FCC Class B Note This equipment has been tested and found to comply with the limits for a Class B digital device pursuant...

Page 4: ...this manual we would welcome comments and constructive criticism Please send all such in writing to support advan tech com Packing List Before setting up the system check that the items listed below...

Page 5: ...liquid into an opening This may cause fire or electrical shock 13 Never open the equipment For safety reasons the equipment should be opened only by qualified service personnel 14 If one of the follow...

Page 6: ...e einen Brand bzw elektrischen Schlag aus l sen 13 ffnen Sie niemals das Ger t Das Ger t darf aus Gr nden der elektrischen Sicherheit nur von authorisiertem Servicepersonal ge ffnet werden 14 Wenn fol...

Page 7: ...om damage To avoid electrical shock always disconnect the power from your PC chassis before you work on it Don t touch any components on the CPU card or other cards while the PC is on Disconnect power...

Page 8: ...Attaching a Fiber Optic Cable to a Transceiver 12 2 6 2 Removing SFP Modules 12 Figure 2 6 Removing a Fiber Optic Cable to a Transceiver 12 Figure 2 7 Removing an SFP Transceiver 12 2 7 Connecting the...

Page 9: ...ed Configuration 30 Figure 4 10 System Advanced Configuration DHCP Server Global 31 Figure 4 11 System Advanced Configuration DHCP Server Excluded Addresses 31 Figure 4 12 System Advanced Configuratio...

Page 10: ...tem Advanced Configuration Link Dependency Group Add 52 Figure 4 40 System Advanced Configuration Protection Denial of Service 53 Figure 4 41 System Advanced Configuration sFlow Agent 54 Figure 4 42 S...

Page 11: ...anges Configuration Add 76 Figure 4 70 System Advanced Configuration Time Ranges Entry Configuration 77 Figure 4 71 System Advanced Configuration Time Ranges Entry Configuration Add Absolute 77 Figure...

Page 12: ...ccess Serial 107 Figure 4 109System Management Access CLI Banner 108 Figure 4 110System Management Access HTTP 108 Figure 4 111System Management Access HTTPS 109 Figure 4 112System Management Access S...

Page 13: ...figuration 150 Figure 4 154Switching DHCP Snooping Base VLAN Configuration Add 150 Figure 4 155Switching DHCP Snooping Base Interface Configuration 151 Figure 4 156Switching DHCP Snooping Base Static...

Page 14: ...4 188Switching GARP Switch 174 Figure 4 189Switching GARP Port 175 4 4 8 IGMP Snooping 176 Figure 4 190Switching IGMP Snooping Configuration 176 Figure 4 191Switching IGMP Snooping Interface Configur...

Page 15: ...0 4 4 14 LLDP 200 Figure 4 223Switching LLDP Global 201 Figure 4 224Switching LLDP Interface 201 Figure 4 225Switching LLDP Interface Add 202 Figure 4 226Switching LLDP Local Devices 203 Figure 4 227S...

Page 16: ...te VLAN Configuration Add VLAN 237 Figure 4 266Switching Private VLAN Association 238 Figure 4 267Switching Private VLAN Interface 238 4 4 25 X Ring Pro 240 Figure 4 268Switching X Ring Pro Configurat...

Page 17: ...Access Control Lists Configuration 277 Figure 4 308QoS Access Control Lists Configuration Add Rule 278 Figure 4 309QoS Access Control Lists Interfaces 283 Figure 4 310QoS Access Control Lists Interfac...

Page 18: ...EKI 9228G Series User Manual xviii A 1 Troubleshooting 305...

Page 19: ...Chapter 1 1Product Overview...

Page 20: ...352 mm 17 4 x 1 73 x 13 85 LED Display System LED SYS Power 1 Power 2 CFG ALM Port LED Speed Link Activity Environment Operating Temperature 40 85 C 40 185 F Storage Temperature 40 85 C 40 185 F Ambie...

Page 21: ...for system soft reset 3 sec or factory default reset 5 sec 5 USB port 4 pin female port for FW backup access 6 ETH port 100 1000Base X SFP Port x 4 7 LNK ACT LED Link activity LED 8 SPEED LED Speed LE...

Page 22: ...on Defined major policies are detected Blink red 1Hz Defined minor policies are detected Blink red 3Hz TBD Blink red 5Hz TBD Off Power off or system alarm is cleared or masked 4 PWR1 Green on Power is...

Page 23: ...Chapter 2 2Switch Installation...

Page 24: ...EKI 9228G Series User Manual 6 2 1 Warnings Warning Before working on equipment that is connected to power lines remove any jewelry including rings necklaces and watches Metal objects can heat up when...

Page 25: ...t the power source from the DC circuit Caution Read the installation instructions before connecting the system to its power source Caution The device must be grounded Never defeat the ground conductor...

Page 26: ...feet Make sure airflow around the switch and respective vents is unrestricted With out proper airflow the switch can overheat To prevent performance degradation and damage to the switch make sure ther...

Page 27: ...plying with a flame spread rating of 5VA V2 V1 V0 or equivalent if nonmetallic The interior of the enclosure must be accessible only by the use of a tool Subsequent sections of this publication might...

Page 28: ...d Suppose that you are connecting devices I and II contrary to electrical signals optical signals do not require a circuit in order to transmit data Consequently one of the optical lines is used to tr...

Page 29: ...le is seated correctly before sliding the module into the slot A click sounds when it is locked in place Figure 2 4 Installing an SFP Transceiver 6 Remove the protective plug from the SFP transceiver...

Page 30: ...Modules To disconnect an LC connector use the following guidelines 1 Press down and hold the locking clips on the upper side of the optic cable 2 Pull the optic cable out to release it from the transc...

Page 31: ...Connector Pin Position Maximum cable length 100 meters 328 ft for 10 100 1000BaseT 2 8 Connecting the Switch to Console Port The industrial switch supports a secondary means of management By connectin...

Page 32: ...assis ground screw terminal should be tied to the panel or chassis ground A DB9 Connector RJ45 Connector NC 1 Orange White NC 2 Orange 2 3 Green White NC 4 Blue 5 5 Blue White 3 6 Green NC 7 Brown Whi...

Page 33: ...e paths Do not bundle together wiring with similar electrical characteristics Make sure to separate input and output wiring Label all wiring and cabling to the various devices for more effective manag...

Page 34: ...o not service equipment or cables during periods of lightning activity Caution Do not service any components unless qualified and authorized to do so Caution Do not block air ventilation holes RELAY2...

Page 35: ...V1 wire clamp screws and loosen the screws 2 Insert the negative positive DC wires into the V V terminals of PW1 If setting up power redundancy connect PW2 in the same manner 3 Tighten the wire clamp...

Page 36: ...Chapter 3 3Configuration Utility...

Page 37: ...f explanation of how RSTP works is given in the Spanning Tree section The switch is capable of communicating with other SNMP capable devices on the network to exchange management information This stat...

Page 38: ...for network access select Add Menu Address Here to reach the System Settings menu The settings in this menu control the switch s general net work configuration DHCP Enabled Disabled The switch can au...

Page 39: ...t cable between network interfaces The second local area network standard is 100BASE T which runs at 100Mbps over the same twisted pair Ethernet cable Lastly there is 100BASE F which enables fast Ethe...

Page 40: ...interface allows for local or remote switch configuration anywhere on the network The interface is designed for use with Internet Explorer 6 0 Chrome Firefox 3 3 1 Preparing for Web Configuration The...

Page 41: ...Chapter 4 4Managing Switch...

Page 42: ...e Figure 4 1 Login Screen 4 2 Recommended Practices One of the easiest things to do to help increase the security posture of the network infrastructure is to implement a policy and standard for secure...

Page 43: ...and port based IEEE 802 1X access to the system An authentication list specifies which authentication method s to use to vali date the credentials of a user who attempts to access the device Several a...

Page 44: ...s are as follows IAS Uses the local Internal Authentication Server IAS data base for 802 1X port based authentication Deny Denies authentication Enable Uses the locally configured Enable password to v...

Page 45: ...e default Enable authentication lists as well as any user configured Enable lists To access this page click System AAA Authentication Selection Figure 4 6 System AAA Authentication Selection Item Desc...

Page 46: ...ers who attempt to access the CLI by using a Telnet ses sion SSH The Login authentication list and the Enable authentication list to apply to users who attempt to access the CLI by using a secure shel...

Page 47: ...s Line The access method s that use the list for accounting user activity The settings for this field are configured on the Accounting Selection page Refresh Click Refresh to update the screen Add Cli...

Page 48: ...CLI based Console The Exec accounting list and the Commands account ing list to apply to users who access the CLI by using a connec tion to the console port Telnet The Exec accounting list and the Com...

Page 49: ...onfigurations for clients Conflict Logging Mode Enables or disables the logging mode for IP address conflicts When enabled the system stores information IP address conflicts that are detected by the D...

Page 50: ...nge of addresses If the excluded address is not part of a range this field shows the same value as the From field When adding a single IP address to exclude you can enter the same address specified in...

Page 51: ...ion has not been configured Network For a Manual pool indicates the host IP address to assign the client For a Dynamic pool indicates the network base address Lease Time The amount of time the informa...

Page 52: ...es the client identifier the Client ID field on the DHCP server must contain the same value and the Hardware Address Type field must be set to the appropriate value Otherwise the DHCP server will not...

Page 53: ...r dynamic pools only Client Name The system name of the client The Client Name should not include the domain name This field is optional Hardware Address Type The protocol type Ethernet or IEEE 802 us...

Page 54: ...t a TFTP server to download a new image file To configure this field click button in the row To reset the field to the default value click the Reset icon in the row To configure settings for one or mo...

Page 55: ...ast Domain Name The default domain name to configure for all clients in the selected pool Bootfile Name The name of the default boot image that the client should attempt to download from a specified b...

Page 56: ...ced Configuration DHCP Server Pool Options Configure Vendor Option The following table describes the items in the previous figure Item Description Option Code The number that uniquely identifies the o...

Page 57: ...eared To access this page click System Advanced Configuration DHCP Server Statistics Figure 4 20 System Advanced Configuration DHCP Server Statistics Submit Click Submit to save the values Cancel Clic...

Page 58: ...e message if the DHCP client detects that the IP address offered by the DHCP server is already in use on the network The server then marks the address as unavailable DHCPRELEASE The number of DHCP rel...

Page 59: ...which is one of the following Gratuitous ARP The DHCP client detected the conflict by broadcasting an ARP request to the address specified in the DHCP offer message sent by the server If the client re...

Page 60: ...Domain List The list of domain names that have been added to the DNS client s domain list If a DNS query that includes the default domain name is not resolved the DNS client attempts to use the domain...

Page 61: ...s only available for Dynamic entries Elapsed Time The number of seconds that have passed since the entry was added to the table When the Elapsed Time reaches the Total Time the entry times out and is...

Page 62: ...gure 4 26 System Advanced Configuration Email Alerts Global The following table describes the items in the previous figure Item Description Type The type of interface to use as the source interface No...

Page 63: ...g Duration Minutes Determines how frequently the non critical messages are sent to the SMTP server Submit Click Submit to save the values and update the screen Refresh Click Refresh to update the scre...

Page 64: ...fresh Click Refresh to update the screen Add Click Add to add a new Email server Edit Click Edit to edit the selected entries Remove Click Remove to remove the selected entries Item Description Securi...

Page 65: ...Time Since Last Email Sent The amount of time in days hours minutes and seconds that has passed since the last email alert was successfully sent Refresh Click Refresh to update the screen Clear Counte...

Page 66: ...ol CDP ISDP is used to share information between neighboring devices routers bridges access servers and switches To access this page click System Advanced Configuration ISDP Global Figure 4 34 System...

Page 67: ...interface that is connected to the neighbor The ISDP mes sage was received on this interface IP Address The first network layer address reported in the address TLV of the most recently received ISDP m...

Page 68: ...his page click System Advanced Configuration ISDP Statistics Figure 4 37 System Advanced Configuration ISDP Statistics The following table describes the items in the previous figure Item Description I...

Page 69: ...e total number of ISDP version 1 packets transmitted by the device ISDPv2 Packets Received The total number of ISDP version 2 packets received by the device ISDPv2 Packets Transmitted The total number...

Page 70: ...link up Down Link is down when the above conditions are not true Refresh Click Refresh to update the screen Add Click Add to add a new group Edit Click Edit to edit the selected entries Remove Click R...

Page 71: ...P Port Enable this option to allow the device to drop packets that have the TCP source port equal to the TCP destination port UDP Port Enable this option to allow the device to drop packets that have...

Page 72: ...ller than this configured value ICMP Settings ICMP Enable this option to allow the device to drop ICMP packets that have a type set to ECHO_REQ ping and a payload size greater than the ICMP payload si...

Page 73: ...r which data is displayed or configured Owner String The entity making use of this sFlow receiver table entry If this field is blank the entry is currently unclaimed Time Remaining The time in seconds...

Page 74: ...be associated with an active sFlow receiver If a receiver expires all pollers associated with the receiver will also expire Poller Interval The maximum number of seconds between successive samples of...

Page 75: ...sampling rate for packet sampling from this source A sampling rate of 0 disables sampling Maximum Header Size The maximum number of bytes that should be copied from a sampled packet Refresh Click Ref...

Page 76: ...MPv1 2 Community page When the community names are changed access rights are also changed SNMP Communities are defined only for SNMP v1 and SNMP v2 Use the SNMP Community Configuration page to enable...

Page 77: ...the group associated with this community entry IP Address Specifies the IP address that can connect with this community Refresh Click Refresh to update the screen Add Community Click Add Community to...

Page 78: ...d identifies the access the user may connect with Group Name Identifies the Group associated with this Community entry IP Address Specifies the IP address that can connect with this community Submit C...

Page 79: ...n Add Click Add to add a new SNMP trap receiver Remove Click Remove to remove the selected entries Item Description Host IP Address The IP address of the SNMP management host that will receive traps g...

Page 80: ...cation Notify Type The type of SNMP notification to send the SNMP management host Trap An SNMP message that notifies the host when a certain event has occurred on the device The message is not acknowl...

Page 81: ...The type of SNMP notification to send the SNMP management host Inform An SNMP message that notifies the host when a certain event has occurred on the device The message is acknowl edged by the SNMP m...

Page 82: ...ement system outside of its configured group but an agent can be a member of multiple groups at the same time to allow communication with SNMP managers from different groups Several default SNMP group...

Page 83: ...No Priv Authentication but no data encryption With this security level users send SNMP messages that use an MD5 key password for authentication but not a DES key password for encryption Auth Priv Aut...

Page 84: ...but not a DES key password for encryption Auth Priv Authentication and data encryption With this security level users send an MD5 key password for authentication and a DES key password for encryption...

Page 85: ...er name cannot contain any leading or embedded blanks Group Name A SNMP group is a group to which hosts running the SNMP service belong A group name parameter is simply the name of that group by which...

Page 86: ...contain any leading or embedded blanks Group Name A SNMP group is a group to which hosts running the SNMP service belong A group name parameter is simply the name of that group by which SNMP communiti...

Page 87: ...protocol to be used on encrypted messages on behalf of the specified user This parameter is only valid if the Authen tication method parameter is not NONE DES DES protocol will be used None No privac...

Page 88: ...cription Client Mode Specifies the mode of operation of SNTP Client An SNTP client may operate in one of the following modes Disable SNTP is not operational No SNTP requests are sent from the client n...

Page 89: ...t before attempting to use the next configured server when configured in unicast mode Number of Servers Configured Specifies the number of current valid unicast server entries configured for this clie...

Page 90: ...NTP message Server Kiss Of Death The SNTP server indicated that no further queries were to be sent to this server This is indicated by a stra tum field equal to 0 in a message received from a server S...

Page 91: ...er that they appear in the table Version Specifies the NTP version running on the server Refresh Click Refresh to update the screen Add Click Add to add a new SNTP server Edit Click Edit to edit the s...

Page 92: ...e the system clock Last Attempt Time Specifies the local date and time UTC that this SNTP server was last queried Last Attempt Status Specifies the status of the last SNTP request to this server If no...

Page 93: ...guration Use the Time Range Summary page to create a named time range Each time range can consist of one absolute time entry and or one or more periodic time entries To access this page click System A...

Page 94: ...r name that identifies this time range A time based ACL rule can reference the name configured in this field Time Range Status Shows whether the time range is Active or Inactive A time range is Inacti...

Page 95: ...even years Each time entry configuration can have only one Absolute entry Periodic Recurring entry that takes place at fixed intervals This type of entry occurs at the same time on one or more days o...

Page 96: ...on in the field or by using the scroll bar in the Choose Time window Click Now to use the current time of day Click Done to close the Choose Time window This field can be configured only if the Start...

Page 97: ...selected option in the Applicable Days field is Days of Week select one or more days on which the entry becomes active To select multiple days hold the CTRL key and select each desired start day Star...

Page 98: ...sable Summer time is not active and the time does not shift based on the time of year Recurring Summer time occurs at the same time every year The start and end times and dates for the time shift must...

Page 99: ...s this page click System Advanced Configuration Time Zone Sum mer Time Figure 4 75 System Advanced Configuration Time Zone Summer Time Item Description Time Zone Offset The system clock s offset from...

Page 100: ...To change the date click the calendar icon to the right of the field select the year from the menu browse to the desired month and click the date Starting Time of Day The time in hours and minutes to...

Page 101: ...ble describes the items in the previous figure Trap Log Use the System Trap Log page to view the entries in the trap log To access this page click System Advanced Configuration Event Manager Trap Log...

Page 102: ...overwrite the oldest entries Number of Traps Since Last Reset The number of traps the system has generated since the trap log entries were last cleared either by clicking Clear Log or by resetting th...

Page 103: ...nfigurable Configured The list has been added by a user Refresh Click Refresh to update the screen Add Click Add to add a new policy list Edit Click Edit to edit the selected entries Item Description...

Page 104: ...ch event To access this page click System Advanced Configuration Event Manager Severity Configuration Figure 4 81 System Advanced Configuration Event Manager Severity Configuration Item Description Al...

Page 105: ...te the screen Refresh Click Refresh to update the screen Cancel Click Cancel to restore default value Item Description 802 3x Flow Control Mode The 802 3x flow control mode on the switch IEEE 802 3x f...

Page 106: ...3 4 3 Erase Startup Use the Erase Startup page to delete the text based configuration file The file is stored in non volatile memory When you click Reset the Erase Startup action is initi ated To acce...

Page 107: ...l ports through which traffic is switched or routed Item Description Reset Click Reset to initiate the action to erase the text based configuration file stored in non volatile memory after displaying...

Page 108: ...ients in an administrative domain The Client Identifier string will be displayed beside the check box once DHCP is enabled on the port on which the Client Identifier option is selected This web page w...

Page 109: ...0 i e byte 0 must have a value of 2 6 A or E for its second digit Management VLAN ID The VLAN ID for the management VLAN Some network administra tors use a management VLAN to isolate system managemen...

Page 110: ...ntries from the list click button in the heading row Dynamic IPv6 Addresses Lists the IPv6 addresses on the network interface that have been dynamically configured through IPv6 auto configuration or D...

Page 111: ...following Reachable The neighbor is reachable through the network interface Stale The neighbor is not known to be reachable and the sys tem will begin the process to reach the neighbor Delay The neig...

Page 112: ...main The Client Identifier string will be displayed beside the check box once DHCP is enabled on the port on which the Client Identifier option is selected This web page will need to be refreshed once...

Page 113: ...Pv6 server IPv6 Gateway The default gateway for the IPv6 service port interface To configure this field click button in the row To reset the field to the default value click button in the row Static I...

Page 114: ...ghbor entry is dynamically resolved Local The neighbor entry is a local entry Other The neighbor entry is an unknown entry Is Router Identifies whether the neighbor device is a router The possible val...

Page 115: ...e up to two software images in permanent storage The dual image feature allows you to upgrade the device without deleting the older software image Item Description IPv6 Address The IPv6 address of a n...

Page 116: ...the switch Active The code file version of the active image Backup The code file version of the backup image Current Active The image version that is loaded and running on this unit Next Active The i...

Page 117: ...ose File to browse to the file to transfer After you select the appropriate file click Begin Transfer to launch the HTTP transfer process If a backup image already exists on the device it is overwritt...

Page 118: ...s experiencing conditions that could lead to system errors if no action is taken Notice 5 The device is experiencing normal but significant conditions Info 6 The device is providing non critical infor...

Page 119: ...reset The only correlation between any two entries in the event log is the relative amount of time after a system reset that the event occurred Refresh Click Refresh to update the screen Item Descript...

Page 120: ...to be actively logging or not Port The UDP port on the logging host to which syslog messages are sent Severity Filter Severity level threshold for log messages All log messages with a severity level a...

Page 121: ...immediately Critical 2 The device is experiencing primary system failures Error 3 The device is experiencing non urgent failures Warning 4 The device is experiencing conditions that could lead to syst...

Page 122: ...yslog file It also displays the number of messages that were successfully or unsuccessfully relayed to any remote syslog servers configured on the device Local UDP Port The UDP port on the local host...

Page 123: ...umber of Mes sages The number of log messages currently stored in persistent storage Syslog Messages Received The total number of messages received by the log process This includes messages that are d...

Page 124: ...is enabled the device command line interface CLI can be accessed through the telnet port Disabling this mode disconnects all existing telnet connections and shuts down the telnet port in the device A...

Page 125: ...device Maximum Number of Sessions The maximum number of telnet sessions that may be connected to the device simultaneously Allow New Sessions Controls whether new telnet sessions are allowed Setting t...

Page 126: ...tion in the CLI To create a line break carriage return in the message press the Enter key on the keyboard The line break in the text area will be at the same loca tion in the banner message when viewe...

Page 127: ...ption HTTPS Admin Mode Enables or disables the HTTPS administrative mode When this mode is enabled the device can be accessed through a web browser using the HTTPS protocol TLS Version 1 Enables or di...

Page 128: ...ration In Progress An SSL certificate is currently being generated Allows you to download an SSL certificate file from a remote system to the device Note that to download SSL certificate files SSL mus...

Page 129: ...ltaneously SSH Session Time out minutes The SSH session inactivity timeout value A connected user that does not exhibit any SSH activity for this amount of time is automatically disconnected from the...

Page 130: ...of characters The password characters are not displayed on the page but are dis guised in a browser specific manner Confirm Password Re enter the new password for the corresponding Line Mode in this f...

Page 131: ...Number of Lowercase Letters The minimum number of lower case letters that a valid password must contain Minimum Number of Numeric Characters The minimum number of numeric characters that a valid pass...

Page 132: ...are prohibited Use the plus and minus buttons to perform the following tasks To add a keyword to the list click button type the word to exclude in the Exclude Keyword Name field and click Submit To r...

Page 133: ...ic ingress egress or both to another port the probe port Probe The port is configured to receive mirrored traffic from one or more source ports Admin Mode The administrative mode of the interface If a...

Page 134: ...ort LACP When a port is added to a LAG as a static member it neither transmits nor receives LACP PDUs Link Status Indicates whether the link is up or down The link is the physical con nection between...

Page 135: ...estimated distance from the end of the cable to the failure loca tion NOTE This field displays a value only when the Cable Status is Open or Short otherwise this field is blank Cable Length Meters Th...

Page 136: ...on the Destination Configuration window opens The following information describes the additional fields avail able in this window Type The type of interface to use as the destination which is one of t...

Page 137: ...roring session or to select an ACL for flow based mirroring Configure Source Click Configure Source to configure one or more source ports or a VLAN for the mirroring session and to determine which tra...

Page 138: ...prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Unicast Packets The number of subnetwork unicast packets delivered...

Page 139: ...ify the interface when managing the device by using SNMP Time Since Counters Last Cleared The amount of time in days hours minutes and seconds that has passed since the statistics for this device were...

Page 140: ...s the Ethernet header CRC and payload Packet Lengths Received and Trans mitted The table shows how many packets of certain lengths have been received and transmitted by the interface Basic The table s...

Page 141: ...Since Counters Last Cleared The amount of time in days hours minutes and seconds that has passed since the statistics for this interface were last reset Refresh Click Refresh to update the screen Cle...

Page 142: ...the DHCPv6 client has sent to any avail able DHCPv6 server to request an extension of its addresses and an update to any other relevant information This message is sent only if the client does not re...

Page 143: ...istics are not reported to the console or an exter nal server They can be viewed only by using the web interface or by issuing a CLI command Console The statistics are displayed on the console E Mail...

Page 144: ...tal bandwidth used by the port within the specified time period Congestion The percentage of time within the specified time range that the ports experienced congestion Time Range The name of the perio...

Page 145: ...Mail The statistics are sent to an e mail address The SNTP server and e mail address information is configured by using the appropriate Email Alerts pages Syslog The statistics are sent to a remote s...

Page 146: ...gainst the rule Match Criteria Match All Select this option to indicate that all traffic matches the rule and is counted in the statistics This option is exclusive to all other match cri teria so if M...

Page 147: ...e to any value less than 1024 When multiple network interfaces are supported by a device as is typical of a router either a single ARP cache is used for all interfaces or a separate cache is maintaine...

Page 148: ...the switch port through which the connection was established or displays as Management if the connection occurred via a non net work port interface if applicable Refresh Click Refresh to update the s...

Page 149: ...stem Summary Dashboard 60 Seconds The percentage amount of CPU utilization consumed by the corre sponding task in the last 60 seconds 300 Seconds The percentage amount of CPU utilization consumed by t...

Page 150: ...rts and can not be switched or routed to the operational network Service Port MAC Address The device burned in universally administered media access control MAC address of the service port System Up T...

Page 151: ...cal interface that allows remote management of the device via any of the front panel switch ports Service Port IP Address The IP address assigned to the service port The service port provides remote m...

Page 152: ...l number used to identify the device Manufacturer The two octet code that identifies the manufacturer Burned In MAC Address The device burned in universally administered media access control MAC addre...

Page 153: ...entry and why it is in the table which can be one of the following Static The address has been manually configured and does not age out Learned The address has been automatically learned by the device...

Page 154: ...of the pass word Disable When configuring a password it is checked against the Strength Check rules configured for passwords Password Expiration Indicates the current expiration date if any of the pa...

Page 155: ...ers Auth Server Users Add The following table describes the items in the previous figure Password Strength Shows the status of password strength check Encrypted Password Specifies the password encrypt...

Page 156: ...user name Password Specify the password to associate with the user name if required Confirm Re enter the password to confirm the entry Encrypted Select this option to encrypt the password before it i...

Page 157: ...the ping packet in bytes Changing the size allows you to troubleshoot connectivity issues with a variety of packet sizes such as large or very large packets Source The source IP address or interface t...

Page 158: ...prefix of fe80 64 Interface Select the interface on which to issue the Link Local ping request Host Name or IPv6 Address Enter the global or link local IPv6 address or the DNS resolvable host name of...

Page 159: ...terminates after sending probes that can be layer 3 forwarded this number of times If the destination is further away the TraceRoute will not reach it InitTTL The initial Time To Live TTL This value...

Page 160: ...29 20 5 246 80 ms 80 ms 80 ms 7 198 20 90 26 70 ms 70 ms 70 ms 8 216 20 255 105 90 ms 70 ms 80 ms 9 63 20 216 155 80 ms 80 ms 90 ms Hop Count 9 Last TTL 9 Test attempt 27 Test Success 27 For each TTL...

Page 161: ...ils to receive a response for this number of consecutive probes the TraceRoute terminates Interval Seconds Specifies the time between probes in Seconds If a response is not received within this interv...

Page 162: ...P address of the router that responded to the probes and the response time for each probe If no response is received for probes with a particular TTL the IP address is reported as 0 0 0 0 An error cod...

Page 163: ...the last address conflict was detected provided the Clear His tory button has not yet been pressed Refresh Click Refresh to update the screen Run Detection Click Run Detection to activate the IP addre...

Page 164: ...system Trap Log Select this option to transfer the system trap records to a remote system Error Log Select this option to transfer the system error per sistent log which is also known as the event lo...

Page 165: ...sed user authentication SSH 1 RSA Key File Select this option to transfer an SSH 1 Rivest Shamir Adleman RSA key file to the device SSH key files contain information to authenticate SSH sessions for r...

Page 166: ...us traffic types e g data or voice based on their latency requirements and give preference to time sensitive traffic Select File If HTTP is the Transfer Protocol browse to the direc tory where the fil...

Page 167: ...dividually Priority The heading row lists each 802 1p priority value 0 7 and the data in the table shows which traffic class is mapped to the priority value Incoming frames containing the designated 8...

Page 168: ...Switching DHCP Snooping Base VLAN Configuration Add Figure 4 154 Switching DHCP Snooping Base VLAN Configuration Add The following table describes the items in the previous figure Interface Configurat...

Page 169: ...gs for one or more interfaces this field identifies each interface that is being configured Trust State The trust state configured on the interface The trust state is one of the following Disabled The...

Page 170: ...ived on untrusted interfaces If the incoming rate of DHCP packets exceeds the value of this object during the amount of time specified for the burst interval the port will be shutdown You must adminis...

Page 171: ...e describes the items in the previous figure Persistent Use the DHCP Snooping Persistent Configuration page to configure the persistent location of the DHCP snooping bindings database The bindings dat...

Page 172: ...y if Remote is selected in the Store field Remote File Name The file name of the DHCP snooping bindings database in which the bindings are stored This field is available only if Remote is selected in...

Page 173: ...e L2 DHCP relay on individual ports Note that L2 DHCP relay must also be enabled globally on the device To change the DHCP L2 relay settings for one or more interfaces select each entry to modify and...

Page 174: ...f the following Trusted A trusted interface usually connects to other agents or servers participating in the DHCP interaction e g other L2 or L3 relay agents or servers An interface in this mode alway...

Page 175: ...VLAN associated with the rest of the data in the row When config uring the settings for one or more VLANs this field identifies each VLAN that is being configured Circuit ID The administrative mode of...

Page 176: ...clients DHCPv6 server messages are forwarded only through trusted ports To access this page click Switching IPv6 DHCP Snooping Base Global Figure 4 166 Switching IPv6 DHCP Snooping Base Global Item D...

Page 177: ...es the items in the previous figure To enable a VLAN for IPv6 DHCP snooping Item Description DHCP Snooping Mode The administrative mode of IPv6 DHCP snooping on the device MAC Address Vali dation Enab...

Page 178: ...messages that pass the initial validation are checked to verify that the source MAC address and the DHCPv6 client hardware address match Where there is a mismatch IPv6 DHCP snooping logs the event wh...

Page 179: ...considered to be trusted and forwards DHCPv6 server messages without validation Log Invalid Packets The administrative mode of invalid packet logging on the interface When enabled the IPv6 DHCP snoopi...

Page 180: ...ace where the DHCPv6 client message was received Tentative bindings are completed when IPv6 DHCP snooping learns the client s IPv6 address from a REPLY message on a trusted port DHCP snooping removes...

Page 181: ...HCPv6 client that sent the message This is the key to the binding database VLAN ID The VLAN ID of the client interface IP Address The IPv6 address assigned to the client by the DHCPv6 server Lease Tim...

Page 182: ...to configure the same or different TPIDs for different ports 4 4 4 1 Configuration The DVLAN Configuration page allows you to configure the Tag Protocol Identifier TPID to include in frames transmitte...

Page 183: ...IDs can be selected as the Primary TPID To add Secondary TPIDs to the list click button and select one or more of the following options 802 1Q Tag IEEE 802 1Q customer VLAN tag type represented by the...

Page 184: ...miscreant sends ARP requests or responses mapping another station s IP address to its own MAC address DAI relies on DHCP snooping DHCP snooping listens to DHCP message exchanges and builds a binding d...

Page 185: ...e Destination MAC When this option is selected DAI verifies that the target hardware address in the ARP packet equals the destination MAC address in the Ethernet header If the addresses do not match t...

Page 186: ...the optional DAI settings Edit Click Edit to edit the selected entries Remove Click Remove to disable DAI for the selected entries Item Description VLAN ID Lists each VLAN that has been enabled for DA...

Page 187: ...ancel Click Cancel to close the window Item Description Item Description Interface The interface associated with the rest of the data in the row In the Edit Interface Configuration window this field i...

Page 188: ...C address of a system that is permitted to send ARP packets The ARP packet must match on both the Sender IP Address and Sender MAC Address values in the rule to be considered valid Refresh Click Refre...

Page 189: ...ts The ARP packet must match on both the Sender IP Address and Sender MAC Address values in the rule to be considered valid Sender MAC Address The MAC address of a system that is permitted to send ARP...

Page 190: ...because a matching DHCP snooping binding entry was found in the DHCP snooping database ACL Permits The number of ARP packets that were forwarded by DAI because the sender IP address and sender MAC ad...

Page 191: ...ter is received on a port in the Source Members list it is forwarded to a port in the Desti nation Members list If the frame that meets the filter criteria is received on a port that is not in the Sou...

Page 192: ...iated with the filter The VLAN ID is used with the MAC address to fully identify the frames to filter Source Members The port s included in the inbound filter If a frame with the MAC address and VLAN...

Page 193: ...ed with the rest of the data in the row When configuring one or more interfaces in the Edit GARP Port Configuration window this field identifies the interfaces that are being configured GVRP Mode The...

Page 194: ...flooded into net work segments where no node has any interest in receiving the packet While nodes will rarely incur any processing overhead to filter packets addressed to un requested group addresses...

Page 195: ...value Item Description Item Description Interface The interface associated with the rest of the data in the row When configuring IGMP snooping settings this field identifies the interface s that are b...

Page 196: ...be immediately removed from the layer 2 for warding table entry upon receiving an IGMP leave message for a mul ticast group without first sending out MAC based general queries Group Membership Interva...

Page 197: ...e VLAN should wait for a report for a particu lar group on the VLAN before the IGMP snooping feature deletes the VLAN from the group Max Response Time Seconds The number of seconds the VLAN should wai...

Page 198: ...h is an interface that faces a multicast router or IGMP querier and receives multicast traffic To access this page click Switching IGMP Snooping Multicast Router VLAN Status Figure 4 195 Switching IGM...

Page 199: ...LAN The Multicast Router VLAN Configuration Menu displays Click a VLAN ID to select it or CTRL click to select multiple VLAN IDs Click the appropriate arrow to move the selected VLAN ID or VLAN IDs to...

Page 200: ...sages from the switches that want to receive IP multicast traffic The IGMP snooping feature listens to these IGMP reports to establish appropriate forwarding IP Address The snooping querier address to...

Page 201: ...ng querier IP address Refresh Click Refresh to update the screen Add Click Add to enable the IGMP snooping querier feature on a VLAN Edit Click Edit to edit the selected entries Remove Click Remove to...

Page 202: ...hat have the snooping querier enabled State The operational state of the IGMP snooping querier on the VLAN which is one of the following Querier The snooping switch is the querier in the VLAN The snoo...

Page 203: ...o access this page click Switching MLD Snooping Interface Configuration Figure 4 202 Switching MLD Snooping Interface Configuration The following table describes the items in the previous figure Item...

Page 204: ...r of seconds the interface should wait to receive a query before it is removed from the list of interfaces with multicast routers attached Fast Leave Admin Mode The administrative mode of Fast Leave o...

Page 205: ...able to snoop MLD packets and determine which network segments should receive multicast packets directed to the group address Group Membership Interval The number of seconds the VLAN should wait for a...

Page 206: ...led for MLD snooping appear in the menu When modifying MLD snooping settings this field identifies the VLAN that is being configured Group Membership Interval Seconds The number of seconds the VLAN sh...

Page 207: ...tching MLD Snooping Multicast Router VLAN Status Figure 4 207 Switching MLD Snooping Multicast Router VLAN Status The following table describes the items in the previous figure Item Description Interf...

Page 208: ...es that are associated with an interface click the VLAN ID to select it or CTRL click to select multiple VLAN IDs Refresh Click Refresh to update the screen Add Click Add to enable VLANs as multicast...

Page 209: ...the switches that want to receive IP multicast traffic The MLD snooping feature listens to these MLD reports to establish appropriate forwarding IPv6 Address The snooping querier unicast link local IP...

Page 210: ...s other queriers of the same version in the VLAN the snooping querier moves to the non querier state and stops sending peri odic queries Querier VLAN IPv6 Address The MLD snooping querier unicast link...

Page 211: ...cal IPv6 address the VLAN uses as the source address in periodic MLD queries sent on the VLAN If this value is not configured the VLAN uses the global MLD snooping querier IPv6 address Submit Click Su...

Page 212: ...or more than one protocol To access this page click Switching Multicast Forwarding Database Sum mary Figure 4 213 Switching Multicast Forwarding Database Summary The following table describes the item...

Page 213: ...ator Dynamic The entry has been added to the MFDB as a result of a learning process or protocol Description A text description of this multicast table entry Interface s The list of interfaces that wil...

Page 214: ...ulticast MAC address associated with the entry in the MFDB Type The type of entry which is one of the following Static The entry has been manually added to the MFDB by an administrator Dynamic The ent...

Page 215: ...network avoiding duplication of multi cast streams for clients in different VLANs 4 4 13 1 Global Use the MVR Global Configuration page to view and configure the global settings for MVR To access this...

Page 216: ...on Multicast VLAN A dedicated VLAN used to transfer multicast traffic over the network avoiding duplication of multicast streams for clients in different VLANs Maximum Multicast Groups The maximum num...

Page 217: ...desired number of groups to be created starting with the entered group address The default contiguous group count is 1 Submit Click Submit to save the values Cancel Click Cancel to close the window I...

Page 218: ...VLAN Interface is a member of one or more VLANs Not In VLAN Interface is not a member of any VLAN Immediate Leave The MVR immediate leave mode on the interface It can only be con figured on the recei...

Page 219: ...LDP parameters that are applied to the switch To access this page click Switching LLDP Global Figure 4 223 Switching LLDP Global The following table describes the items in the previous figure 4 4 14 2...

Page 220: ...LDP Data Units LLDPDUs that advertise the mandatory TLVs and any optional TLVs that are enabled Receive The LLDP receive mode on the interface If the receive mode is enabled the device can receive LLD...

Page 221: ...tory TLVs and any optional TLVs that are enabled Receive The LLDP receive mode on the interface If the receive mode is enabled the device can receive LLDPDUs from other devices Notify The LLDP remote...

Page 222: ...The table that shows per interface statistics contains entries only for interfaces that have at least one LLDP setting enabled Item Description Interface The interface associated with the rest of the...

Page 223: ...liness interval has expired Interface The interface associated with the rest of the data in the row Transmit Total The number of LLDPDUs transmitted by the LLDP agent on the inter face Receive Total T...

Page 224: ...l Figure 4 229 Switching LLDP MED Global The following table describes the items in the previous figure 4 4 15 2 Interface Use the LLDP MED Interface Summary page to enable LLDP MED mode on an interfa...

Page 225: ...forward traffic MED Status LLDP MED Mode The administrative status of LLDP MED on the interface When LLDP MED is enabled the transmit and receive function of LLDP is effec tively enabled on the inter...

Page 226: ...g LLDP MED settings this field identifies the interfaces that are being configured MED Status LLDP MED Mode The administrative status of LLDP MED on the interface When LLDP MED is enabled the transmit...

Page 227: ...ed together This allows the device to treat the port channel as a single logical link The primary pur pose of a port channel is to increase the bandwidth between two devices Port chan nels can also pr...

Page 228: ...channel does not send and receive traffic STP Mode The spanning tree protocol STP mode of the port channel When enabled the port channel participates in the STP operation to help pre vent network loo...

Page 229: ...ysical port include the following Source MAC VLAN Ethertype Incoming Port Destination MAC VLAN Ethertype Incoming Port Source Destination MAC VLAN Ethertype Incoming Port Source IP and Source TCP UDP...

Page 230: ...nistra tive mode for the port security feature Port security which is also known as port MAC locking allows you to limit the number of source MAC address that can be learned on a port If a port reache...

Page 231: ...source MAC addresses that can be dynamically learned on an interface If an interface reaches the configured limit any other addresses beyond that limit are not learned and the frames are discarded Fra...

Page 232: ...amically learned addresses are cleared from the source MAC address table the feature maintains When the link is restored the inter face can once again learn addresses up to the specified limit If stic...

Page 233: ...unning and saved configura tion if it is not relearned Refresh Click Refresh to update the screen Add Click Add to associate a static MAC address with an interface Remove Click Remove to remove the se...

Page 234: ...ion The following table describes the items in the previous figure Item Description Interface The interface associated with the rest of the data in the row When converting dynamic addresses to static...

Page 235: ...t not the end effect chief among the effects is the rapid transitioning of the port to Forwarding The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and re...

Page 236: ...ntain topology infor mation Force Protocol Ver sion The STP version the device uses which is one of the following IEEE 802 1d Classic STP provides a single path between end stations avoiding and elimi...

Page 237: ...value increases the probability that the bridge is selected as the root bridge of Associated VLANs The number of VLANs that are mapped to the MSTI This number does not contain any information about th...

Page 238: ...istratively disabled and is not part of the spanning tree Port Forwarding State Blocking The port discards user traffic and receives but does not send BPDUs During the election process all ports are i...

Page 239: ...Bridge Priority The value that helps determine which bridge in the spanning tree is elected as the root bridge during STP convergence A lower value increases the probability that the bridge becomes th...

Page 240: ...hange is in progress on any port assigned to the CST If a change is in progress the value is True other wise it is False Designated Root The bridge identifier of the root bridge for the CST The identi...

Page 241: ...ves but does not send BPDUs During the election process all ports are in the blocking state The port is blocked to prevent network loops Listening The port sends and receives BPDUs and evaluates infor...

Page 242: ...ssociated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station may omit the tag or the VLAN portion of the tag in which case the first swi...

Page 243: ...N is configured Enabled as the Remote Switched Port Analyzer RSPAN VLAN The RSPAN VLAN is used to carry mirrored traffic from source ports to a destination probe port on a remote device Unknown Multic...

Page 244: ...y VLAN ID s Use to specify a range and to separate VLAN IDs or VLAN ranges in the list Submit Click Submit to save the values Cancel Click Cancel to close the window Item Description VLAN ID The menu...

Page 245: ...e in this VLAN unless it receives a GVRP or MVRP request and the device software supports the corresponding protocol This mode is equivalent to registration normal in the IEEE 802 1Q standard Tagging...

Page 246: ...mes The options include the following Enabled A tagged frame is discarded if this interface is not a member of the VLAN identified by the VLAN ID in the tag Disabled All tagged frames are accepted Unt...

Page 247: ...in General mode Promiscuous The interface belongs to a primary VLAN and can communicate with all interfaces in the private VLAN including other promiscuous ports community ports and isolated ports Hos...

Page 248: ...or traffic from mul tiple source ports or from all ports that are members of a VLAN from different net work devices and send the mirrored traffic to a destination port a probe port connected to a netw...

Page 249: ...VLAN Item Description RSPAN VLAN Click the drop down menu to select the VLAN to use as the RSAN VLAN Submit Click Submit to save the values and update the screen Refresh Click Refresh to update the s...

Page 250: ...coming untagged packets that have a source IP address within the defined subnetwork are placed in the same VLAN Subnet Mask The subnet mask that defines the network portion of the IP address VLAN ID T...

Page 251: ...ning multiple protocols PBVLANs can help opti mize network traffic patterns because protocol specific broadcast messages are sent only to hosts that use the protocols specified in the PBVLAN To access...

Page 252: ...ocol is included in the two byte EtherType field of the frame When adding a PBVLAN you can specify the EtherType hex value or for IP ARP and IPX the protocol keyword Interface The interfaces that are...

Page 253: ...group If a match is not found the frame is assigned the port VID PVID as its VLAN ID Protocol The protocol or protocols to use as the match criteria for an Ethernet frame The protocol is included in...

Page 254: ...e two byte EtherType field of ingress Ethernet frames on the PVBLAN Group Interfaces When adding a protocol you can specify the EtherType hex value or for IP ARP and IPX the protocol keyword To config...

Page 255: ...All ports within a private VLAN share the same primary VLAN Isolated A secondary VLAN that carries traffic from isolated ports to promiscuous ports Only one isolated VLAN can be configured per privat...

Page 256: ...7 Switching Private VLAN Interface Note Isolated VLANs and Community VLANs are collectively called Second ary VLANs Item Description Primary VLAN The VLAN ID of each VLAN configured as a primary VLAN...

Page 257: ...icate with other ports in the same community if the secondary VLAN is a community VLAN and with the promiscuous ports or is able to communicate only with the promiscuous ports if the secondary VLAN is...

Page 258: ...pology The X Ring Pro group denoted as Coupling means it is a switch that is used to inter connect two X Ring Pro networks Interface 1 Specifies the first member interface for the X Ring Pro group The...

Page 259: ...ical port or LAG Link Aggregation Group port For the X Ring Pro group denoted as Coupling the value is physical port or LAG Link Aggregation Group port or None The value None implies the X Ring Pro gr...

Page 260: ...t to which the intended recipient responds by unicasting an ARP reply containing its MAC address Once learned the MAC address is used in the destination address field of the layer 2 header prepended t...

Page 261: ...Summary The following table describes the items in the previous figure To add a new static ARP entry Item Description IP Address The IP address of a network host on a subnet attached to one of the dev...

Page 262: ...e of the device s routing interfaces MAC Address The unicast MAC address hardware address associated with the net work host Submit Click Submit to save the values Cancel Click Cancel to close the wind...

Page 263: ...page click Routing IP Configuration Figure 4 275 Routing IP Configuration Item Description Total Entry Count The total number of entries currently in the ARP table The number includes both dynamically...

Page 264: ...it Burst Size The number of ICMP error messages that can be sent during the burst interval configured in the ICMP Rate Limit Interval field Static Route Prefer ence The default distance preference for...

Page 265: ...physically up active link IP Address The IP address of the interface Subnet Mask The IP subnet mask for the interface also known as the network mask or netmask It defines the portion of the interface...

Page 266: ...ffic State The state of the interface which is either Active or Inactive An inter face is considered active if the link is up and the interface is in a for warding state Link Speed Data Rate The physi...

Page 267: ...network directed broadcast packets A network directed broadcast is a broadcast directed to a specific subnet If this option is selected network directed broadcasts are forwarded If this option is clea...

Page 268: ...ti nation address was not a local address IpFwdDatagrams The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route...

Page 269: ...be fragmented at this entity but could not be e g because their Don t Fragment flag was set IpFragCreates The number of IP datagram fragments that have been generated as a result of fragmentation at t...

Page 270: ...pOutParmProbs The number of ICMP Parameter Problem messages sent IcmpOutSrc Quenchs The number of ICMP Source Quench messages sent IcmpOutRedirects The number of ICMP Redirect messages sent For a host...

Page 271: ...tion of the address and not the host bits When adding a default route this field is not available Subnet Mask The IP subnet mask also known as the network mask or netmask associated with the network a...

Page 272: ...k portion of the address and not the host bits When adding a default route this field is not available Subnet Mask The IP subnet mask also known as the network mask or netmask associated with the netw...

Page 273: ...none of the route s next hops were on a local subnet Note that static routes can fail to be added to the routing table at startup because the routing interfaces are not yet up This counter gets incre...

Page 274: ...to enable or disable port access control on the system To access this page click Security Port Access Control Configuration Figure 4 283 Security Port Access Control Configuration The following table...

Page 275: ...RADIUS access reject from the RADIUS server RADIUS timeout or the client itself is 802 1X unaware the client is authenticated and is undisturbed by the failure condition s The reasons for failure are...

Page 276: ...h is one of the following Auto Force Unauthorized Force Authorized MAC Based N A If the mode is N A port based access control is not applicable to the port If the port is in detached state it cannot p...

Page 277: ...been redirected to this page this field is read only and displays the interface that was selected on the Port Access Control Port Summary page PAE Capabilities The Port Access Entity PAE role which is...

Page 278: ...iod Seconds The value in seconds of the timer used for guest VLAN authentica tion Unauthenticated VLAN ID The VLAN ID of the unauthenticated VLAN Hosts that fail the authen tication might be denied ac...

Page 279: ...nt When authenticating the supplicant provides the pass word associated with the selected User Name Authentication Period Seconds The amount of time the supplicant port waits to receive a challenge fr...

Page 280: ...ds The value in seconds of the timer used by the authenticator state machine on the port to determine when to send an EAPOL EAP Request Identity frame to the supplicant Guest VLAN ID The VLAN ID for t...

Page 281: ...ata in the row When viewing detailed information for an interface this field identifies the interface being viewed PAE Capabilities The Port Access Entity PAE role which is one of the following Authen...

Page 282: ...ewed Logical Interface The logical port number associated with the supplicant that is con nected to the port User Name The name the client uses to identify itself as a supplicant to the authen ticatio...

Page 283: ...ed Users field are allowed access To move a user from one field to the other click the user to move or CTL click to select multiple users and click the appropriate arrow Refresh Click Refresh to updat...

Page 284: ...at server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS server equals the sum of retransmit timeout for all configured server...

Page 285: ...he RADIUS server RADIUS authentication servers that are configured with the same name are members of the same named RADIUS server group RADIUS servers in the same group serve as backups for each other...

Page 286: ...is the Primary or a Secondary RADIUS authentication server When multiple RADIUS servers have the same Server Name value the RADIUS client attempts to use the primary server first If the primary serve...

Page 287: ...of RADIUS packets received from the server on the authentication port and dropped for some other reason Refresh Click Refresh to update the screen Details Click Details to open a window and display ad...

Page 288: ...n the RADIUS client on the device and the RADIUS accounting server The secret specified in this field must match the shared secret configured on the RADIUS accounting server Submit Click Submit to sav...

Page 289: ...owing table describes the items in the previous figure 4 6 3 TACACS 4 6 3 1 Configuration Use the TACACS Configuration page to setup accounting information and adminis tration control over authenticat...

Page 290: ...TACACS server The key must match the key configured on the TACACS server Connection Timeout The maximum number of seconds allowed to establish a TCP connec tion between the device and the TACACS serv...

Page 291: ...for TACACS commu nications between the device and the TACACS server The key must match the encryption used on the TACACS server Connection Timeout The amount of time that passes before the connection...

Page 292: ...which types of traffic are forwarded or blocked and above all pro vide security for the network There are three main steps to configuring an ACL 1 Create an ACL Use the current page 2 Add rules to th...

Page 293: ...4 Extended Match criteria can be based on the source and destination addresses source and destination Layer 4 ports and protocol type of IPv4 packets IPv4 Named Match criteria is the same as IPv4 Exte...

Page 294: ...ACLs classify Layer 3 and Layer 4 IPv4 traffic IPv6 ACLs classify Layer 3 and Layer 4 IPv6 traffic and MAC ACLs classify Layer 2 traffic The ACL types are as follows IPv4 Standard Match criteria is ba...

Page 295: ...rule in every ACL ACL Type The type of ACL The ACL type determines the criteria that can be used to match packets The type also determines which attributes can be applied to matching traffic IPv4 ACLs...

Page 296: ...t or frame matches the ACL rule Rule Attributes Each action beyond the basic Permit and Deny actions to perform on the traffic that matches the rule Refresh Click Refresh to update the screen Add Rule...

Page 297: ...inverse of a subnet mask With a subnet mask the mask has ones 1 s in the bit positions that are used for the network address and has zeros 0 s for the bit posi tions that are not used In contrast a wi...

Page 298: ...When Established is specified a match occurs if either RST or ACK bits are set in the TCP header This option is available only if the protocol is TCP The function is only available for IPv4 Extended...

Page 299: ...ss Than Greater Than or Range and specify the port number or keyword TCP port keywords include BGP Domain Echo FTP FTP Data HTTP SMTP Telnet WWW POP2 and POP3 UDP port keywords include Domain Echo NTP...

Page 300: ...sk specifies which bits in the destination MAC to compare against an Ethernet frame Use F s and zeros in the MAC mask which is in a wildcard format An F means that the bit is not checked and a zero in...

Page 301: ...sts and the ACL containing this ACL rule is associated with an interface the ACL rule is applied when the time range with specified name becomes active The ACL rule is removed when the time range with...

Page 302: ...IPv6 addresses source and desti nation Layer 4 ports and protocol type within IPv6 packets Extended MAC Match criteria can be based on the source and destination MAC addresses 802 1p user priority VL...

Page 303: ...the lowest sequence number is applied first and the other ACLs are applied in ascending numerical order ACL Type The type of ACL The ACL type determines the criteria that can be used to match packets...

Page 304: ...ation between a VLAN and an ACL Item Description VLAN ID The ID of the VLAN associated with the rest of the data in the row When associating a VLAN with an ACL use this field to select the desired VLA...

Page 305: ...is serviced depends on how the queue is configured and possibly the amount of traffic present in other queues for that port To access this page click QoS Class of Service Interface Figure 4 314 QoS C...

Page 306: ...e value the IP DSCP priority designation encoded within packets arriving on the port Shaping Rate The upper limit on how much traffic can leave a port The limit on max imum transmission bandwidth has...

Page 307: ...cessing Defining this value on a per queue basis allows you to create the desired service characteristics for differ ent types of traffic The options are as follows Weighted Weighted round robin assoc...

Page 308: ...ed on their priority DSCP or IP precedence This setting applies to the interface if it is configured with a WRED queue management type WRED Maximum Threshold The maximum queue threshold above which al...

Page 309: ...ribute entries in the table A policy attribute entry attaches various policy attributes to a pol icy class instance Service Table The current and maximum number of service entries in the table A servi...

Page 310: ...iffServ class Type The class type which is one of the following All All the various match criteria defined for the class should be satisfied for a packet match All signifies the logical AND of all the...

Page 311: ...ference Class Select this option to reference another class for criteria The match cri teria defined in the referenced class is as match criteria in addition to the match criteria you define for the s...

Page 312: ...ecimal number Note that this is not a wildcard mask which ACLs use Destination MAC Address Select this option to require a packet s destination MAC address to match the specified MAC address After you...

Page 313: ...t s destination port number is the same as any destination port number within the range After you select this option use the following fields to configure a destination port keyword destination port n...

Page 314: ...ocol number to match If you select a keyword you cannot configure a Protocol Value Protocol Value The IANA L4 protocol number value to match Flow Label Select this option to require an IPv6 packet s f...

Page 315: ...traffic Out The policy is specific to outbound traffic Submit Click Submit to save the values Cancel Click Cancel to close the window Item Description Policy The name of the policy To add a class to...

Page 316: ...the policy To add a class to the policy remove a class from the policy or configure the policy attributes you must first select its name from the menu Type The traffic flow direction to which the pol...

Page 317: ...t match the policy class Mirror Interface Select this option to copy the traffic stream to a specified egress port physical or LAG without bypassing normal packet forwarding This action can occur in a...

Page 318: ...s CoS IP DSCP IP Precedence or Secondary COS This field is available only if one or more classes that meets the color awareness criteria exist Color Exceed Class For color aware policing packets are m...

Page 319: ...vailable only if one or more classes that meets the color awareness criteria exist Color Exceed Class For color aware policing packets are metered against the PIR Committed Rate Kbps The maximum allow...

Page 320: ...s it enters the interface Outbound The policy is applied to traffic as it exits the interface Status The status of the policy on the interface A policy is Up if DiffServ is globally enabled and if the...

Page 321: ...p or Down Refresh Click Refresh to update the screen Item Description Interface The interface associated with the rest of the data in the row The table displays all interfaces that have a DiffServ pol...

Page 322: ...Appendix A ATroubleshooting...

Page 323: ...the length of any twisted pair connection does not exceed 100 meters 328 feet R replacement letter for Ohm symbol Diagnosing LED Indicators To assist in identifying problems the switch can be easily...

Page 324: ...tions are subject to change without notice No part of this publication may be reproduced in any form or by any means electronic photocopying recording or otherwise without prior written permis sion of...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands