Home
/
AirLive
/
POE-GSH1008R-130
/
User Manual

AirLive POE-GSH1008R-130, User Manual, Page: 197 / 270

Share

Page: 197 / 270

AirLive POE-GSH1008R-130 User Manual Download Page 197

4.Web Management: System of POE-GSH1008R-130

193

AirLive POE-GSH1008R-130 User Manual

Now, if the supplicant
retransmits EAPOL Start
frames at a rate faster than
X seconds, then it will never
get authenticated, because
the switch will cancel
on-going backend
authentication server
requests whenever it
receives a new EAPOL Start
frame from the supplicant.

And since the server hasn't
yet failed (because the X
seconds haven't expired),
the same server will be
contacted upon the next
backend authentication
server request from the
switch. This scenario will
loop forever. Therefore, the
server timeout should be
smaller than the supplicant's
EAPOL Start frame
retransmission rate.

19. Single 802.1X :

In port-based 802.1X authentication, once a supplicant is successfully
authenticated on a port, the whole port is opened for network traffic. This allows
other clients connected to the port (for instance through a hub) to piggy-back on
the successfully authenticated client and get network access even though they
really aren't authenticated. To overcome this security breach, use the Single
802.1X variant. Single 802.1X is really not an IEEE standard, but features many of
the same characteristics as does port-based 802.1X. In Single 802.1X, at most
one supplicant can get authenticated on the port at a time. Normal EAPOL frames
are used in the communication between the supplicant and the switch. If more
than one supplicant is connected to a port, the one that comes first when the port's
link comes up will be the first one considered. If that supplicant doesn't provide
valid credentials within a certain amount of time, another supplicant will get a
chance. Once a supplicant is successfully authenticated, only that supplicant will
be allowed access. This is the most secure of all the supported modes. In this
mode, the Port Security module is used to secure a supplicant's MAC address
once successfully authenticated.

20. Multi 802.1X :

In port-based 802.1X authentication, once a supplicant is successfully
authenticated on a port, the whole port is opened for network traffic. This allows
other clients connected to the port (for instance through a hub) to piggy-back on
the successfully authenticated client and get network access even though they
really aren't authenticated. To overcome this security breach, use the Multi 802.1X
variant.

«
...
195
196
197
198
199
...
»

Summary of Contents for POE-GSH1008R-130

Page 1: ...POE GSH1008R 130 8 Port RJ45 with 2 Port SFP Topology POE Switch User Manual ...

Page 2: ...nical photocopying or recording without the written consent of OvisLink Corp OvisLink Corp has made the best effort to ensure the accuracy of the information in this user s guide However we are not liable for the inaccuracies or errors in this guide Please use with caution All information is subject to change without notice All Trademarks are properties of their respective holders ...

Page 3: ...wing your POE GSH1008R 130 5 2 5 Hardware Installation 5 2 6 LED Table 7 3 Introduce the POE GSH1008R 130 9 3 1 Important Information 9 3 2 Prepare your PC 9 3 3 Management Interface 9 3 4 Introduction to Web Management 10 4 Web Management System of POE GSH1008R 130 13 4 1 System 13 4 2 Port Management 53 4 3 PoE Management 73 4 4 VLAN Management 81 4 5 Quality of Service 104 4 6 Spanning Tree 119...

Page 4: ...ification 229 4 14 Diagnostics 230 4 15 Maintenance 235 5 Web Management Device of POE GSH1008R 130 245 5 1 Graphic Monitoring 245 5 2 Management 250 5 3 Maintenance 252 6 Trouble Shooting 256 6 1 Incorrect Connections 256 6 2 Cabling 257 7 Specifications 258 8 Network Glossary 261 8 1 Cabling 266 ...

Page 5: ...ctions such as QoS Spanning Tree VLAN Port Trunking Bandwidth Control Port Security SNMP RMON IGMP Snooping capability via the intelligent software Moreover it build in the device manager function to monitor control AirLive Access Point and Cameras Furthermore topology view function let system integrator or MIS to monitor the Network environment easier It is suitable for IP cameras and VoIP applic...

Page 6: ...re chapter Chapter 3 3 1 Important Information This section has information of default setting such as IP Username and Password 3 3 Management Interface This section introduces Web management and Console management 3 4 Introduction to Web Management This section tells you how to get into the WebUI using HTTP 1 3 Firmware Upgrade and Tech Support If you encounter a technical issue that cannot be re...

Page 7: ...ortant to read through this section before you install the POE GSH1008R 130 The maximum cabling distance is 100 meters by Cat5e RJ45 cable Do not create a network loop Always check the LED lights for troubleshooting 2 2 Package Content Unpack the contents of the POE GSH1008R 130 Plus and verify them against the checklist below One unit of POE GSH1008R 130 Power Cord Four Rubber Feet User Guide CD ...

Page 8: ...R 130 has the following optional accessories which you can purchase from AirLive 1000Base SX MiniGBIC Transceiver Model SFP SX v2 or 1000Base LX MiniGBIC Transceiver Model SFP LX v2 is for your SFP slots of POE GSH1008R 130 it allows you to use fiber cable for extending transmission distance Note While installing MiniGBIC into SFP slot of POE GSH1008R 130 please notice the direction of MiniGBIC is...

Page 9: ...t your POE GSH1008R 130 should be clean smooth level and sturdy Make sure there is enough clearance around the POE GSH1008R 130 to allow attachment of cables power cord and allow air circulation 2 5 1 Attaching Rubber Feet A Make sure mounting surface on the bottom of the POE GSH1008R 130 is grease and dust free B Remove adhesive backing from your Rubber Feet C Apply the Rubber Feet to each corner...

Page 10: ... Perform the following steps to rack mount the POE GSH1008R 130 A Position one bracket to align with the holes on one side of the POE GSH1008R 130 and secure it with the smaller bracket screws Then attach the remaining bracket to the other side of the POE GSH1008R 130 B After attached mounting brackets position the POE GSH1008R 130 in the rack by lining up the holes in the brackets with the approp...

Page 11: ... power cord to the power socket on the rear panel of the POE GSH1008R 130 The other side of power cord connects to the power outlet The internal power supply of the POE GSH1008R 130 works with voltage range of AC in the 100 240VAC frequency 50 60Hz Check the power indicator on the front panel to see if power is properly supplied 2 6 LED Table The LED Indicators gives real time information of syste...

Page 12: ...OE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 8 LED Status Description System Green Power is ON Link ACT Speed Green On Link up 1000M Yellow On Link up 100M Blinking Data activating PoE Green PoE device connecting ...

Page 13: ...t password is airlive 3 2 Prepare your PC The POE GSH1008R 130 can be managed remotely by a PC through RJ 45 cable The default IP address of the POE GSH1008R 130 is 192 168 2 1 with a subnet mask of 255 255 255 0 This means the IP address of the PC should be in the range of 192 168 2 2 to 192 168 2 253 To prepare your PC for management with the POE GSH1008R 130 please do the following 1 Connect yo...

Page 14: ...me is admin and password is airlive 3 4 Introduction to Web Management The POE GSH1008R 130 offers Web Management interfaces for users Users can easily access and control POE GSH1008R 130 via web browsers The Web Based Management supports Internet Explorer 10 or later version If you want to check the cameras stream please use Firefox because other browser does not support the plug in for video 3 4...

Page 15: ...r Manual 5 Click Enter or Login then the home screen of the Web based management appears 3 4 2 Menu Structure of POE GSH1008R 130 The web management menu of POE GSH1008R 130 is divided into 3 parts Top Bar Side Menu Bar and Main Screen Side Menu Main Screen Top Bar ...

Page 16: ...ist it means you turn on the Auto Logout function and the system will be logged out automatically when no action on the device 3 minutes later If OFF is chosen the screen will keep as it is Default is ON Side Menu All management functions will show in Side Menu you can choose any one of them to configure its setting The detailed introduction for all management function will explain in below chapte...

Page 17: ...NTP 4 1 1 System Information You can identify the system by configuring the contact information name and location of the switch 4 1 1 1 Information The switch system information is provided here Web interface To configure System Information in the web interface 1 Click Monitor System and Information 2 Check the contact information for the system administrator as well as the name and location of th...

Page 18: ...re Mechanical Version The hardware and mechanical version of this switch 4 Firmware Version The software version of this switch 5 MAC Address The MAC Address of this switch 6 Series Number The serial number of this switch 7 Platform Name Displays the user defined system name that configured in System System Information Configuration System Name 8 Location The system location configured in Configur...

Page 19: ... be obtained via DHCP Server for VLAN 1 To manually configure an address you need to change the switch s default settings to values that are compatible with your network You may also need to establish a default gateway between the switch and management stations that exist on another network segment Configure the switch managed IP information on this page Configure IP basic settings control IP inte...

Page 20: ...ted From any DHCP interfaces The first DNS server offered from a DHCP lease to a DHCP enabled interface will be used No DNS server No DNS server will be used Configured Explicitly provide the IP address of the DNS Server in dotted decimal notation From this DHCP interface Specify from which DHCP enabled interface a provided DNS server should be preferred IP Interfaces 1 Delete Select this option t...

Page 21: ...ase For DHCP interfaces with an active lease this column show the current interface address as provided by the DHCP server 6 IPv4 Address The IPv4 address of the interface in dotted decimal notation If DHCP is enabled this field is not used The field may also be left blank if IPv4 operation on the interface is not desired 7 IPv4 Mask The IPv4 network mask in number of bits prefix length Valid valu...

Page 22: ...to qualify for this route Valid values are between 0 and 32 bits respectively 128 for IPv6 routes Only a default route will have a mask length of 0 as it will match anything 4 Gateway The IP address of the IP gateway Valid format is dotted decimal notationor a valid IPv6 notation Gateway and Network must be of the same type 5 Next Hop VLAN Only for IPv6 The VLAN ID VID of the specific IPv6 interfa...

Page 23: ...ocally and revert to previously saved values 4 1 2 2 IP Status This page displays the status of the IP protocol layer The status is defined by the IP interfaces the IP routes and the neighbor cache ARP cache status Web Interface To display the log configuration in the web interface 1 Click Monitor System and IP Status 2 Display the IP address information ...

Page 24: ...4 Web Management System of POE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 20 ...

Page 25: ...entry This may be LINK or IPv4 3 Address Show the current address of the interface of the given type 4 Status Show the status flags of the interface and or address IP Routes 1 Network Show the destination IP network or host address of this route 2 Gateway Show the gateway address of this route 3 Status Show the status flags of the route Neighbour cache 1 IP Address Show the IP address of the entry...

Page 26: ...ry 3 seconds Refresh Click to refresh the page immediately 4 1 3 System Time This sector is to set and check the switch s Time 4 1 3 1 Time The switch provides manual and automatic ways to set the system time via NTP Manual setting is simple and you just input Year Month Day Hour and Minute within the valid value range indicated in each item Web Interface To configure Time in the web interface 1 C...

Page 27: ... how the Clock Source from Select Use Local Settings Clock Source from Local Time Select Use NTP Server Clock Source from NTP Server 2 System Date Show the current time of the system The year of system date limits between 2011 and 2037 Time Zone Configuration 1 Time Zone Lists various Time Zones worldwide Select appropriate Time Zone from the drop down and click Apply to set ...

Page 28: ...he Daylight Saving Time duration to repeat the configuration every year Select Non Recurring and configure the Daylight Saving Time duration for single time configuration Default Disabled Recurring Configuration 1 Start time settings Week Select the starting week number Day Select the starting day Month Select the starting month Hours Select the starting hour Minutes Select the starting minute 2 E...

Page 29: ...ify an user defined NTP server as well as Time Zone the switch will sync the time in a short after pressing Apply button Though it synchronizes the time automatically NTP does not update the time periodically without user s processing Time Zone is an offset time off GMT You have to select the time zone first and then perform time sync via NTP because the switch will combine this time zone offset a...

Page 30: ...28 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It can also represent a legally valid IPv4 address For example 192 1 2 34 3 Buttons These buttons a...

Page 31: ... log configuration in the web interface 1 Click Configuration System and log 2 Specify the syslog parameters include IP Address of Syslog server and Port number 3 Evoke the Syslog to enable it 4 Click Apply Parameter description 1 Server Mode Indicate the server mode operation When the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP c...

Page 32: ...rmation on your switch model The Link Layer Discovery Protocol LLDP provides a standards based method for enabling switches to advertise themselves to adjacent devices and to learn about adjacent LLDP devices The Link Layer Discovery Protocol LLDP is a vendor neutral Link Layer protocol in the Internet Protocol Suite used by network devices for advertising their identity capabilities and neighbors...

Page 33: ...08R 130 29 AirLive POE GSH1008R 130 User Manual 2 Modify LLDP timing parameters 3 Set the required mode for transmitting or receiving LLDP messages 4 Specify the information to include in the TLV field of advertised messages 5 Click Apply ...

Page 34: ...e network discovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds 2 Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricte...

Page 35: ...flected by the page header 1 Port The switch port number of the logical LLDP port 2 Mode Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP informat...

Page 36: ...If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch NOTE When CDP awareness on a port is disabled the CDP information isn t removed immediately but gets when the hold time is exceeded 4 Port Descr Optional TLV When checked the port description is included in...

Page 37: ...ase of Voice over Internet Protocol VoIP Enhanced 911 services Extended and automated power management of Power over Ethernet PoE end points Inventory management allowing network administrators to track their network devices and determine their characteristics manufacturer software and hardware versions serial or asset number This page allows you to configure the LLDP MED This function applies to ...

Page 38: ...4 Web Management System of POE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 34 ...

Page 39: ... LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbor has been detected in order share LLDP MED information as fast as possible to new neighbors Because there is a risk of an LLDP frame being lost during transmission between neighbors it is recommended to repeat the fast start transmis...

Page 40: ... building 0 0 represents the floor level associated with ground level at the main entrance 4 Map Datum The Map Datum is used for the coordinates given in these options WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is the North American Vert...

Page 41: ...od block 7 Street Street Example Poppelvej 8 Leading street direction Leading street direction Example N 9 Trailing street suffix Trailing street suffix Example SW 10 Street suffix Street suffix Example Ave Platz 11 House no House number Example 21 12 House no suffix House number suffix Example A 1 2 13 Landmark Landmark or vanity address Example Columbia University 14 Additional location info Add...

Page 42: ... by TIA or NENA 26 Emergency Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling Policies Network Policy Discovery enables the efficient discovery and diagno...

Page 43: ...media types above A large network may support multiple VoIP policies across the entire organization and different policies per application type LLDP MED allows multiple policies to be advertised per port each corresponding to a different application type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port...

Page 44: ...ce application policy 5 Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not support multiple VLANs if at all and are typically configured to use an untagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with an untagged VLAN see Tagged flag below then the L2 priori...

Page 45: ...ied application type L2 Priority may specify one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 A value of 0 represents use of the default priority as defined in IEEE 802 1D 2004 7 DSCP DSCP value to be used to provide Diffserv node behaviour for the specified application type as defined in IETF RFC 2474 DSCP may contain one of 64 code point values 0 through 63 A value of 0 re...

Page 46: ...o show LLDP neighbors 1 Click Monitor LLDP Neighbors 2 Click Refresh for manual update web screen 3 Click Auto refresh for auto update web screen Figure 4 1 6 3 The LLDP Neighbors information NOTE If your network without any device supports LLDP then the table will show No LLDP neighbour information found Parameter description 1 Local Port The port on which the LLDP frame was received 2 Chassis ID...

Page 47: ...bled the capability is followed by 7 Management Address Management Address is the neighbour unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbour s IP address 8 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 4 1 5...

Page 48: ...MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supp...

Page 49: ...defined in this class include LAN configuration device location network policy power management and inventory management LLDP MED Media Endpoint Class II The LLDP MED Media Endpoint Class II definition is applicable to all endpoint products that have IP media capabilities however may or may not be associated with a particular end user Capabilities include all of the capabilities defined for the pr...

Page 50: ...ated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications 2 Voice Signalling for use in network topologies that require a different policy for the voice signalling than for the voice media 3 Guest Voice to support a separate li...

Page 51: ...sing a tagged or an untagged VLAN Can be Tagged or Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 Tagged The device is using the IEEE 802 1Q tagged frame format 7 VLAN ID VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A...

Page 52: ...ion Capabilities shows the link partners MAC PHY capabilities 13 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 4 1 5 5 LLDP Statistics Two types of counters are shown Global counters are counters that refer to the whole switch while local counters refer to per port counters for the currently selected...

Page 53: ...AirLive POE GSH1008R 130 User Manual Parameter description Global Counters 1 Neighbor entries were last changed at It also shows the time when the last entry was last deleted or added It also shows the time elapsed since the last change was detected ...

Page 54: ...nsmitted 2 Tx Frames The number of LLDP frames transmitted on the port 3 Rx Frames The number of LLDP frames received on the port 4 Rx Errors The number of received LLDP frames containing some kind of error 5 Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbours in ...

Page 55: ... occurs every 3 seconds Clear Clears the counters for the selected port Refresh Click to refresh the page 4 1 6 UPNP UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer ...

Page 56: ...rtising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive an SSDP advertisement message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it is recommended that such refreshing of ad...

Page 57: ...gure to enable or disable the Port of the switch Monitor the ports content or status in the function 4 2 1 1 Ports This page displays current port configurations Ports can also be configured here Web Interface To configure a Current Port Configuration in the web interface 1 Click Configuration Ports Configuration and Ports 2 Specify the Speed Configured Flow Control Maximum Frame size Excessive Co...

Page 58: ... the link is up and red that it is down 3 Current Link Speed Provides the current link speed of the port 4 Configured Link Speed Selects any available link speed for the given switch port Only speeds supported by the specific port is shown Possible speeds are Disabled Disables the switch port operation Auto Port auto negotiating speed with the link partner and selects the highest speed that is com...

Page 59: ...0 X SFP port in 1000 X speed Cu port disabled 1000 X_AMS Port in AMS mode SFP port in 1000 X speed Cu port in Auto mode Ports in AMS mode with 1000 X speed has Cu port preferred Ports in AMS mode with 100 FX speed has fiber port preferred 5 Flow Control When Auto Speed is selected on a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed...

Page 60: ...he switch Others you could using the Port configure to enable or disable the Port of the switch Monitor the ports content or status in the function 4 2 2 1 Traffic Overview The section describes to the Port statistics information and provides overview of general traffic statistics for all switch ports Web Interface To Display the Port Statistics Overview in the web interface 1 Click Monitor Port t...

Page 61: ...iption 1 Port The logical port for the settings contained in the same row 2 Packets The number of received and transmitted packets per port 3 Bytes The number of received and transmitted bytes per port 4 Errors The number of frames received in error and the number of incomplete transmissions per port ...

Page 62: ...c statistics for a specific switch port Use the port select box to select which switch port details to display The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit Web Interface To Display the per Port detailed Statistics Overview in the web interface 1 Click Monitor Ports then Detailed Port Statis...

Page 63: ... Web Management System of POE GSH1008R 130 59 AirLive POE GSH1008R 130 User Manual Parameter description 1 Auto refresh To evoke the auto refresh to refresh the Port Statistics information automatically ...

Page 64: ...ulticast packets 7 Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets 8 Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive and Transmit Size Counters The number of received and transmitted good and bad packets split into categories based on their respective frame size...

Page 65: ...hat are longer than the configured maximum frame length for this port Transmit Error Counters 1 Tx Drops The number of frames dropped due to output buffer congestion 2 Tx Late Exc Coll The number of frames dropped due to excessive or late collisions 3 Auto refresh To evoke the auto refresh to refresh the Queuing Counters automatically 4 Upper right icon Refresh clear You can click them for refresh...

Page 66: ...he information includes Connector type Fiber type wavelength baud rate and Vendor OUI etc Web Interface To Display the SFP information in the web interface 1 Click Monitor then SFP Information 2 To display the SFP Information Parameter description 1 Connector Type Display the connector type for instance UTP SC ST LC and so on 2 Fiber Type Display the fiber mode for instance Multi Mode Single Mode ...

Page 67: ...how the date this SFP module was made 11 Temperature Show the current temperature of SFP module 12 Vcc Show the working DC voltage of SFP module 13 Mon1 Bias mA Show the Bias current of SFP module 14 Mon2 TX PWR Show the transmit power of SFP module 15 Mon3 RX PWR Show the receiver power of SFP module 4 2 4 Energy Efficient Ethernet EEE is a power saving option that reduces the power usage when th...

Page 68: ...EE for When a port is powered down for saving power outgoing traffic is stored in a buffer until the port is powered up again Because there are some overhead in turning the port down and up more power can be saved if the traffic can be buffered up until a large burst of traffic can be transmitted Buffering traffic will give some latency in the traffic 4 2 4 1 Configuration Web Interface To configu...

Page 69: ...08R 130 65 AirLive POE GSH1008R 130 User Manual Parameter description Optimize EEE for The switch can be set to optimize EEE for either best power saving or least traffic latency 1 EEE Controls whether EEE is enabled for this switch port ...

Page 70: ...time 4 2 5 Link Aggregation 4 2 5 1 LACP Setting This page allows the user to inspect the current LACP port configurations and possibly change them as well An LACP trunk group with more than one ready member ports is a real trunked group An LACP trunk group with only one or less than one ready member ports is not a real trunked group Web Interface To configure the Trunk Aggregation LACP parameters...

Page 71: ...130 67 AirLive POE GSH1008R 130 User Manual Parameter description 1 Port The switch port number 2 Method Controls whether LACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner ...

Page 72: ... transmit LACP packets each second while Passive will wait for a LACP packet from a partner speak if spoken to 5 Timeout The Timeout controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a LACP packet 6 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously sav...

Page 73: ...irLive POE GSH1008R 130 User Manual Parameter description 1 Aggregator The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id 2 Method 3 Member Ports 4 Ready Ports 5 Lacp Detail ...

Page 74: ...information then you need to evoke the Auto refresh 3 Click Refresh to refresh the LACP Port Status Parameter description 1 Hash Code Contributors src mac dst mac src ip dst ip src dst ip 2 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 2 5 4 LACP System Priority The Priority controls the priority of the port If the LACP par...

Page 75: ...p Protection happens The port will be locked when it received the looping Proection frames If you want to resume the locked port please find out the looping path and take off the looping path then select the resume the locked port and click on Resume to turn on the locked ports 4 2 6 1 Configuration This section displays the loop protection port status the ports of the currently selected switch We...

Page 76: ...4 Web Management System of POE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 72 ...

Page 77: ... af Power Over Ethernet PoE Each port can provide up to 30W power with Data on RJ45 cable The PoE detect function is follow the table Stages of Powering up a PoE Link Stage Action Volts specified V 802 3af 802 3at Detection PSE detects if the PD has the correct signature resistance of 19 26 5 kΩ 2 7 10 1 Classification PSE detects resistor indicating power range 14 5 20 5 Mark 1 Signals PSE is 802...

Page 78: ...onal 15 4 Mid power 4 Valid for 802 3at Type 2 devices not allowed for 802 3af devices 30 High power 4 3 1 PoE Configuration This page allows the user to inspect and configure the current PoE port settings and show all PoE Supply Web Interface To configure Power Over Ethernet in the web interface 1 Click configuration PoE and configuration 2 Specify the Reserved Power determined and Power Manageme...

Page 79: ...vels of power priority named Low High and Critical The priority is used in the case where the remote devices requires more power than the power supply can deliver In this case the port with the lowest priority will be turn off starting from the port with the highest port number 5 Maximum Power The Maximum Power value contains a numerical value that indicates the maximum power in watts that can be ...

Page 80: ...he PDs class Five Classes are defined Class 0 Max power 15 4 W Class 1 Max power 4 0 W Class 2 Max power 7 0 W Class 3 Max power 15 4 W Class 4 Max power 30 0 W 3 Power Allocated The Power Allocated shows the amount of power the switch has allocated for the PD 4 Power Used The Power Used shows how much power the PD currently is using 5 Current Used The Power Used shows how much current the PD curr...

Page 81: ...PD detected for the port PoE turned OFF PD overload The PD has requested or used more power than the port can deliver and is powered down PoE turned OFF PD is off Invalid PD PD detected but is not working correctly 8 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 4 3 3 PoE Power Delay This page allows...

Page 82: ...l start to provide power to the PD when it out of delay time default 0 range 0 300 sec 4 3 4 PoE Auto Checking Config This page allows the user to specify the auto detection parameters to check the linking status between PoE ports and PDs When it detected the fail connect will reboot remote PD automatically Web Interface To Display Power Over Ethernet Device Guard in the web interface 1 Click Conf...

Page 83: ...off the detection 2 Port This is the logical port number for this row 3 Ping IP Address The PD s IP Address the system should ping 4 Interval Time sec Device will send checking message to PD each interval time default 30 range 10 120 sec 5 Retry Time When PoE port can t ping the PD it will retry to send detection again When the third time it will trigger failure action default 3 range 1 5 6 Failur...

Page 84: ...as been rebooted the PoE port restored power after the specified time default 15 range 3 120 sec 9 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 5 PoE Scheduling Profile Web Interface To Display Power Over Ethernet Device Guard in the web interface 1 Click Configuration PoE Scheduling Profile 2 Setting star time and end t...

Page 85: ... default the active management VLAN is VLAN 1 but you can designate any VLAN as the management VLAN using the Management VLAN window Only one management VLAN can be active at a time When you specify a new management VLAN your HTTP connection to the old management VLAN is lost For this reason you should have a connection between your management station and a port in the new management VLAN or conne...

Page 86: ...4 Web Management System of POE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 82 Parameter description Global VLAN Configuration ...

Page 87: ...this row 2 Mode The port mode default is Access determines the fundamental behavior of the port in question A port can be in one of three modes as described below Whenever a particular mode is selected the remaining fields in that row will be either grayed out or made changeable depending on the mode in question Grayed out fields show the value that the port will get when the mode is applied Acces...

Page 88: ...ess filtering can be controlled ingress acceptance of frames and configuration of egress tagging can be configured independently 3 Port VLAN Determines the port s VLAN ID a k a PVID Allowed VLANs are in the range 1 through 4095 default being 1 On ingress frames get classified to the Port VLAN if the port is configured as VLAN unaware the frame is untagged or VLAN awareness is enabled on the port b...

Page 89: ...on egress they will be tagged with the custom S tag 5 Ingress Filtering Hybrid ports allow for changing ingress filtering Access and Trunk ports always have ingress filtering enabled If ingress filtering is enabled checkbox is checked frames classified to a VLAN that the port is not a member of get discarded If ingress filtering is disabled frames classified to a VLAN that the port is not a member...

Page 90: ...rames whether classified to the Port VLAN or not are transmitted with a tag Untag All All frames whether classified to the Port VLAN or not are transmitted without a tag This option is only available for ports in Hybrid mode 9 Allowed VLANs Ports in Trunk and Hybrid mode may control which VLANs they are allowed to become members of Access ports can only be member of one VLAN the Access VLAN The fi...

Page 91: ...state Parameter description 1 VLAN USER VLAN User module uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configurations such as PVID and UVID Currently we support the following VLAN user types CLI Web SNMP These are referred to as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an ...

Page 92: ...ip Status Page shall show the current VLAN port members for all VLANs configured by a selected VLAN User selection shall be allowed by a Combo Box When ALL VLAN Users are selected it shall show this information for all the VLAN Users and this is by default VLAN membership allows the frames classified to the VLAN ID to be forwarded on the respective VLAN member ports Navigating the VLAN Monitor pag...

Page 93: ... status and reports it by the order of Static NAS MVRP MVP Voice VLAN MSTP GVRP Combined Web Interface To Display VLAN Port Status in the web interface 1 Click Monitor VLAN Port Status 2 Specify the Static NAS MVRP MVP Voice VLAN MSTP GVRP Combined 3 Display Port Status information Parameter description VLAN USER VLAN User module uses services of the VLAN management functionality to configure VLAN...

Page 94: ...oop free environment 1 Port The logical port for the settings contained in the same row 2 Port Type Shows the Port Type Port type can be any of Unaware C port S port Custom S port If Port Type is Unaware all frames are classified to the Port VLAN ID and tags are not removed C port is Customer Port S port is Service port Custom S port is S port with Custom TPID 3 Ingress Filtering Shows the ingress...

Page 95: ...ged 7 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 4 4 4 VLAN Selective QinQ 1 Add New Entry Setting CVID SPID and choose port member 2 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 96: ... the next time it accesses the network As a result it will not be able to use the resources in the old VLAN On the other hand if Port A and Port B belong to the same VLAN after terminal devices access the network through Port B they will have access to the same resources as those accessing the network through Port A do which brings security issues To provide user access and ensure data security in...

Page 97: ...N entry is enabled on the selected stack switch unit when you click on Save A MAC based VLAN without any port members on any stack unit will be deleted when you click Save The button can be used to undo the addition of new MAC based VLANs 6 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 4 6 Protocol based VLAN This section d...

Page 98: ...ping entries as well as allow you to see and delete already mapped entries for the selected stack switch unit switch Web Interface To configure Protocol based VLAN configuration in the web interface 1 Click Protocol based VLAN configuration and add new entry 2 Specify the Ethernet LLC SNAP Protocol and Group Name 3 Click Apply Parameter description 1 Delete To delete a Protocol to Group Name map e...

Page 99: ...d is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than 00 00 00 then valid value of PID will be any value from 0x0000 to 0xffff 4 Group Name A valid Group Name is a unique 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integers 0 9 NOTE Special character and underscore _ are not allowed 5 Adding a New Grou...

Page 100: ...oup name you try map to a VLAN must be present in Protocol to Group mapping table and must not be preused by any other existing mapping entry on this page 3 VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 4 Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box T...

Page 101: ...ing and deleting IP subnet based VLAN entries and assigning the entries to different ports This page shows only static entries Web Interface To Display IP subnet based VLAN Membership to configured in the web interface 1 Click VCL Group Name VLAN configuration and add new entry 2 Specify the VCE ID IP Address Mask Length VLAN ID and select Port Members 3 Click Apply Parameter description 1 Delete ...

Page 102: ...ry will be deleted during the next save 2 PVLAN ID Indicates the ID of this particular private VLAN 3 Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked 4 Adding a New VLAN Click to add a new VLAN...

Page 103: ...ng map which is responsive to a destination address of a data packet The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non protected port A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destina...

Page 104: ...s attached to voice VLAN we can perform QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality 4 4 9 1 Configuration The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN then the switch can classify and schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connectin...

Page 105: ...8R 130 101 AirLive POE GSH1008R 130 User Manual Parameter description 1 Mode Indicates the Voice VLAN mode operation We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible modes are ...

Page 106: ... t equal disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filtering Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects whether there is VoIP phone attached to the specific port and configures the Voice VLAN members automatically Forced Force join to Voice VLAN 6 Port Security Indicates the Voice VLA...

Page 107: ...ew entry Delete in the Voice VLAN OUI table 2 Specify Telephony OUI Description 3 Click Apply Parameter description 1 Delete Check to delete the entry It will be deleted during the next save 2 Telephony OUI A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit 3 Description The des...

Page 108: ...rame according to what was configured for that specific QoS class The switch support advanced memory control mechanisms providing excellent performance of all QoS classes under any traffic scenario including jumbo frame A super priority queue with dedicated memory and strict highest priority in the arbitration The ingress super priority queue allows traffic recognized as CPU traffic to be received...

Page 109: ...ferent traffic flows The IP specification defines specific values to be used in this field for various types of traffic 4 CoS 802 1p DSCP 4 5 2 QoS Port Settings The section allows you to configure the basic QoS Ingress Classification settings for all switch ports and the settings relate to the currently selected stack unit as reflected by the page header Web Interface To configure the QoS Port Cl...

Page 110: ...default CoS 3 DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification 4 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 5 3 Port Policing This section provides an overview of f QoS Ingress Port Policers for all switch ports The Port Policing is useful in constraining traffic flows and marking frames above specif...

Page 111: ...description 1 Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers 2 Enabled To evoke which Port you need to enable the QoS Ingress Port Policers function 3 Rate To set the Rate limit value for this port the default is 500 ...

Page 112: ...saved values 4 5 4 Port Shapers This section provides an overview of QoS Egress Port Shapers for all switch ports Others the user could get all detail information ot the ports belong to the currently selected stack unit as reflected by the page header Web Interface To display the QoS Port Shapers in the web interface 1 Click Configuration QoS Port Shapers 2 Display the QoS Egress Port Shapers ...

Page 113: ...ed for this queue on this switch port 5 Queue Shaper Rate Controls the rate for the queue shaper The default value is This value is restricted to 1000000 when the Unit is kbps and it is restricted to 1 when the Unit is Mbps 6 Port Shaper Enable Controls whether the port shaper is enabled for this switch port 7 Port Shaper Rate Controls the rate for the port shaper The default value is This value i...

Page 114: ...r not present on the MAC Address table The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Web Interface To configure the Storm Control Configuration parameters in the web interface 1 Click Configuration QoS Storm Control Configuration 2 Evoke to select the frame type to enable storm control 3 Scroll to set the Rate Parameters 4 Click ...

Page 115: ...K 4096K 8192K 16384K or 32768K 1024K 2048K 4096K 8192K 16384K or 32768K The 1 kpps is actually 1002 1 pps 3 Unit Controls the unit of measure for the storm control rate as kbps Mbps fps or kfps The default value is kbps 4 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 5 6 Port Scheduler This section provides an overview of Q...

Page 116: ...ystem of POE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 112 Web Interface To display the QoS Port Schedulers in the web interface 1 Click Configuration QoS Port Schedulers 2 Display the QoS Egress Port Schedulers ...

Page 117: ...to undo any changes made locally and revert to previously saved values 4 5 7 QoS Ingress CoS 802 1p to Queue Mapping Queue mapping is defined using a comma separated list of mapping assignments The order of the mapping assignments list is important in cases where mulitple mapping assignments are used the Capacity Scheduler processes the mapping assignments in left to right order to determine which...

Page 118: ...P DEI values when the mode is set to Mapped 3 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 5 8 QoS Egress Queue to CoS 802 1p Remarking Web Interface To display the QoS Egress Queue to CoS 802 1p Remarking in the web interface 1 Click Configuration QoS QoS Egress Queue to CoS 802 1p Remarking Parameter description 1 Queue ...

Page 119: ...pping In Ingress settings you can change ingress translation and classification settings for individual ports Web Interface To display the QoS Ingress IP Precedence to Queue Mapping in the web interface 1 Click Configuration QoS QoS Ingress IP Precedence to Queue Mapping Parameter description 1 IP Precedence 2 Queue ID 3 Buttons Apply Click to save changes Reset Click to undo any changes made loca...

Page 120: ... Queue to IP Precedence Remarking Parameter description 1 Queue ID 2 IP Precedence 3 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 5 11 DSCP Mapping The section will teach user to set the QoS ingress DSCP to queue mapping Web Interface To configure the QoS Port DSCP parameters in the web interface 1 Click Configuration QoS ...

Page 121: ... cancel the setting then you need to click the Reset button 5 It will revert to previously saved values Parameter description 1 DSCP Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 1 Queue ID QoS Class value can be any of 0 7 2 Buttons Apply Click to save changes ...

Page 122: ...marking Web Interface To configure the QoS Port DSCP parameters in the web interface 6 Click Configuration QoS DSCP Remarking 7 Choose DSCP 8 Click the save to save the setting 9 If you want to cancel the setting then you need to click the Reset button 10 It will revert to previously saved values Parameter description 1 Queue ID QoS Class value can be any of 0 7 2 DSCP Maximum number of supported ...

Page 123: ...ted bridging device from each LAN which incurs the lowest path cost when forwarding a packet from that LAN to the root device All ports connected to designated bridging devices are assigned as designated ports After determining the lowest cost spanning tree it enables all root ports and designated ports and disables all other ports Network packets are therefore only forwarded between root ports an...

Page 124: ... made locally and revert to previously saved values 4 6 2 MSTP Region Configuration Along with supporting multiple spanning trees MSTP also introduces the concept of regions A region is a group of devices under the same administrative control and have similar configuration In particular the configuration for the region name revision and the mapping of VLANs to spanning tree instances must be ident...

Page 125: ...see below as well as the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters 2 Revision Level The revision of the MSTI configuration named above This must be an integer between 0 and 65535 3 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 6 3 MSTP Insta...

Page 126: ...dresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of...

Page 127: ...onfiguration 1 Click configuration and Add new Static entry 2 Specify the VLAN IP and Mac address Port Members 3 Click Apply Parameter description 1 Aging Configuration By default dynamic entries are removed from the MAC table after 300 seconds This removal is also called aging Configure aging time by entering a value here in seconds for example Age time seconds The allowed range is 10 to 1000000 ...

Page 128: ...Secure Only static MAC entries are learned all other frames are dropped NOTE Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static ent...

Page 129: ...D MAC address and port members for the new entry Click Apply 6 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 7 2 Information Entries in the MAC Table are shown on this page The MAC Table contains up to 8192 entries and is sorted first by VLAN ID then by MAC address Web Interface To Display MAC Address Table in the web inter...

Page 130: ...found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the...

Page 131: ... ID 4 8 Multicast ICMP is an acronym for Internet Control Message Protocol It is a protocol that generated the error response diagnostic or routing purposes ICMP messages generally contain information about routing difficulties or simple exchanges such as time stamp or echo transactions 4 8 1 IGMP Snooping The function is used to establish the multicast groups to forward the multicast packet to th...

Page 132: ...ble IGMP proxy or snooping on the switch which connects to a router closer to the root of the tree This interface is the upstream interface The router on the upstream interface should be running IGMP 4 8 1 1 Basic Configuration The section describes how to set the basic IGMP snooping on the switch which connects to a router closer to the root of the tree This interface is the upstream interface Th...

Page 133: ...nooping Enabled Enable the Global IGMP Snooping 2 Unregistered IPMCv4 Flooding enabled Enable unregistered IPMCv4 traffic flooding 3 IGMP SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Format IP address sub mask ...

Page 134: ...ction For Each setting page shows up to 99 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN ...

Page 135: ...ed Enable the per VLAN IGMP Snooping Only up to 32 VLANs can be selected 4 Querier Election Enable to join IGMP Querier election in the VLAN Disable to act as an IGMP Non Querier 5 Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of IGMP operating on hosts and routers within a network The allowed selection is IGMP Auto Forced IGMPv...

Page 136: ... The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second 10 URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in...

Page 137: ...1008R 130 133 AirLive POE GSH1008R 130 User Manual 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh the IGMP Snooping Status 4 Click Clear to clear the IGMP Snooping Status ...

Page 138: ... number of Received Queries 7 V1 Reports Received The number of Received V1 Reports 8 V2 Reports Received The number of Received V2 Reports 9 V3 Reports Received The number of Received V3 Reports 10 V2 Leaves Received The number of Received V2 Leaves 11 Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device...

Page 139: ...ntries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group The will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Web Interface To display the IGMP Snooping Group Information in the web interf...

Page 140: ...nt in the IGMP Group Table Clicking the button will update the displayed table starting from that or the closest next IGMP Group Table match In addition the two input fields will upon a button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed table as a basis for the next lookup Whe...

Page 141: ...Information Web Interface To display the IGMP SFM Information in the web interface 1 Click Monitor IGMP Snooping IGMP SFM Information 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh a entry of the IGMP Snooping Groups Information 1 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 ...

Page 142: ...1 Click Configuration IPMC MLD Snooping Basic Configuration 2 Evoke to select enable or disable which Global configuration 3 Evoke which port wants to become a Router Port or enable disable the Fast Leave function 4 Scroll to set the Throtting parameter 5 Click the apply to save the setting 6 If you want to cancel the setting then you need to click the Reset button It will revert to previously sav...

Page 143: ...nooping Enabled Enable the Global IGMP Snooping 2 Unregistered IPMCv4 Flooding enabled Enable unregistered IPMCv4 traffic flooding 3 IGMP SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range Format IP address sub mask ...

Page 144: ...nction For Each setting page shows up to 99 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN...

Page 145: ...ng Enabled Enable the per VLAN IGMP Snooping Only up to 32 VLANs can be selected 4 Querier Election Enable to join MLD Querier election in the VLAN Disable to act as an MLD Non Querier 5 Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network The allowed selection is MLD Auto Forced M...

Page 146: ...ember Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second 10 URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial rep...

Page 147: ...rLive POE GSH1008R 130 User Manual 1 Click Monitor MLD Snooping Status 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh the MLD Snooping Status Click Clear to clear the MLDSnooping Status ...

Page 148: ...ber of Received Queries 7 V1 Reports Received The number of Received V1 Reports 8 V2 Reports Received The number of Received V2 Reports 9 V1 Leaves Received The number of Received V1 Leaves 10 Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier Static denotes the specific port is configur...

Page 149: ...LD SFM Information Web Interface To display the MLD SFM Information in the web interface 4 Click Monitor MLD Snooping MLD SFM Information 5 If you want to auto refresh the information then you need to evoke the Auto refresh 6 Click Refresh to refresh a entry of the MLD Snooping Groups Information 1 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every...

Page 150: ...ork wide multicast VLAN It allows the single multicast VLAN to be shared in the network while subscribers remain in separate VLANs MVR provides the ability to continuously send multicast streams in the multicast VLAN but to isolate the streams from the subscriber VLANs for bandwidth and security reasons 4 9 1 Basic Configuration Web Interface To display the MVR Configuration in the web interface 1...

Page 151: ...ual Parameter description 1 MVR Mode Configure the operation mode per system Possible modes are on Enable MVR per system off Disable MVR pre system 2 Delete Check to delete the entry The designated entry will be deleted during the next save 3 MVR VID It displays the VID of the entry ...

Page 152: ...t The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second 9 Interface Channel Profile 10 Port Switch port number 11 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 9 2 MVR Status Web Interface To display the MVR Status in the web interface 1 Click Monitor MVR...

Page 153: ...ge 4 9 3 MVR Groups Information Web Interface To display the MVR Group Information in the web interface 1 Click Monitor MVR MVR Group Information 2 If you want to auto refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh the MVR Group Information 1 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Re...

Page 154: ...to refresh the information then you need to evoke the Auto refresh 3 Click Refresh to refresh the MVR SFM Information 1 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 4 10 DHCP The section describes to configure the DHCP Snooping parameters of the switch The DHCP Snooping can prevent attackers from ad...

Page 155: ...Web Interface To configure DHCP server mode in the web interface 1 Click Configuration DHCP Server 2 Add Interface 3 Add VLAN range 4 Add Star IP 5 Add End IP 6 Add Lease time 7 Add Subnet mask 8 Add Default router 9 Add DNS server 10 Click Apply Parameter description 1 Delete Delete DHCP server 2 VLAN VLAN ID 3 Mode Enable Enable DHCP server Disable Disable DHCP server 4 IP Display network number...

Page 156: ...ooping is used to block intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server The section describes to configure the DHCP Snooping parameters of the switch The DHCP Snooping can prevent attackers from adding their own DHCP servers to the network Web Interface To configur...

Page 157: ...peration Possible modes are Enabled Enable DHCP snooping mode operation When DHCP snooping mode operation is enabled the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports Disabled Disable DHCP snooping mode operation 2 Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are ...

Page 158: ...is page display the dynamic IP assigned information after DHCP Snooping mode is disabled All DHCP clients obtained the dynamic IP address from the DHCP server will be listed in this table except for local VLAN interface IP addresses Entries in the Dynamic DHCP snooping Table are shown on this page Web Interface To monitor an DHCP in the web interface Click Monitor DHCP Snooping table Parameter des...

Page 159: ...c refresh occurs every 3 seconds Refresh Click to refresh the page 4 10 2 3 Detail Statistics This page provides statistics for DHCP snooping Notice that the normal forward per port TX statistics isn t increased if the incoming DHCP packet is done by L3 forwarding mechanism And clear the statistics on specific port may not take effect on global statistics since it gathers the different layer overv...

Page 160: ... number of offer option 53 with value 2 packets received and transmitted 3 Rx and Tx Request The number of request option 53 with value 3 packets received and transmitted 4 Rx and Tx Decline The number of decline option 53 with value 4 packets received and transmitted 5 Rx and Tx ACK The number of ACK option 53 with value 5 packets received and transmitted 6 Rx and Tx NAK The number of NAK option ...

Page 161: ...unassigned option 53 with value 11 packets received and transmitted 11 Rx and Tx Lease Unknown The number of lease unknown option 53 with value 12 packets received and transmitted Rx and Tx Lease Active 12 Rx and Tx Lease Active The number of lease active option 53 with value 13 packets received and transmitted 13 Rx Discarded checksum error The number of discard packet that IP UDP checksum is err...

Page 162: ...y Mode 2 Relay Server 3 Relay Information 4 Relay Information Poily 5 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 10 3 2 Relay Statistics Web Interface To monitor an DHCP Relay statistics in the web interface Click Monitor DHCP DHCP Relay ...

Page 163: ...t Security settings of the Switch You can use the Port Security feature to restrict input to an interface by limiting and identifying MAC addresses 4 11 1 Management Access Method 4 11 1 1 Account This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser Web Interface To configure User in the web interfa...

Page 164: ...ange is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the...

Page 165: ...ew configurations Add new user 4 11 1 2 Privilege Levels This page provides an overview of the privilege levels The switch provides user set Account Aggregation Diagnostics EEE GARP GVRP IP IPMC Snooping LACP LLDP LLDP MED MAC Table MRP MVR MVRP Maintenance Mirroring POE Ports Private VLANs QoS SMTP SNMP Security Spanning Tree System Trap Event VCL VLANs Voice VLAN Privilege Levels from 1 to 15 We...

Page 166: ...4 Web Management System of POE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 162 Parameter description 1 Group Name The name identifying the privilege group In most cases a privilege level group ...

Page 167: ...ls and everything in Maintenance Debug Only present in CLI 2 Privilege Levels Every group has an authorization Privilege level for the following sub groups configuration read only configuration execute read write status statistics read only status statistics read write e g for clearing of statistics User Privilege should be same or greater than the authorization Privilege level to have the access ...

Page 168: ... Management System of POE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 164 3 Checked Fallback 4 Click Apply Parameter description 1 Client The management client for which the configuration below applies ...

Page 169: ... if the remote servers are offline In this case the next method is tried Each method is tried from left to right and continues until a method either approves or rejects a user If a remote server is used for primary authentication it is recommended to configure secondary authentication as local This will enable the management client to login via the local user database if none of the configured aut...

Page 170: ... SMI syntax SNMP agent is running on the switch to response the request issued by SNMP manager Basically it is passive except issuing the trap information The switch supports a switch to turn on or off the SNMP agent If you set the field SNMP Enable SNMP agent will be started up All supported MIB OIDs including RMON MIB can be accessed via SNMP manager If the field SNMP is set Disable SNMP agent w...

Page 171: ...es The function is used to configure SNMPv3 communities The Community and UserName is unique To create a new community account please check Add new community button and enter the account information then check Save Max Group Number 4 Web Interface To display the configure SNMP Communities in the web interface 1 Click SNMP Communities 2 Click Add new community 3 Specify the SNMP communities paramet...

Page 172: ...source address A particular range of source addresses can be used to restrict source subnet when combined with source mask 4 Source Mask Indicates the SNMP access source address mask 5 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 11 2 2 2 User The function is used to configure SNMPv3 user The Entry index key is UserName To...

Page 173: ...e ensured that the value is set correctly 4 Authentication Protocol Indicates the authentication protocol that this entry should belong to Possible authentication protocols are None No authentication protocol MD5 An optional flag to indicate that this user uses MD5 authentication protocol SHA An optional flag to indicate that this user uses SHA authentication protocol The value of security level c...

Page 174: ...evert to previously saved values 4 11 2 2 3 Groups The function is used to configure SNMPv3 group The Entry index key are Security Model and Security Name To create a new group account please check Add new group button and enter the group information then check Save Max Group Number v1 2 v2 2 v3 10 Web Interface To display the configure SNMP Groups in the web interface 1 Click SNMP Groups 2 Specif...

Page 175: ...ength is 1 to 32 and the allowed content is ASCII characters from 33 to 126 4 11 2 2 4 Views The function is used to configure SNMPv3 view The Entry index keys are OID Subtree and View Name To create a new view account please check Add new view button and enter the view information then check Save Max Group Number 28 Configure SNMPv3 view table on this page The entry index keys are View Name and O...

Page 176: ... type is excluded there should be another view entry existing with view type as included and it s OID subtree should overstep the excluded view entry 4 OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk 4 11 2 2 5 Access The function is used to configure SNMPv3 accesses The Entry ...

Page 177: ...should belong to Possible security models are any Any security model accepted v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM 4 Security Level 5 Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv No authentication and no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and p...

Page 178: ... and analyze packets These probes act as servers and the Network Management applications that communicate with them act as clients 4 11 3 1 RMON Statistics 4 11 3 1 1 Configuration Configure RMON Statistics table on this page The entry index key is ID Web Interface To display the configure RMON configuration in the web interface 1 Click RMON Statistics 2 Click Add New Entry 3 Specify the ID parame...

Page 179: ...ning of the Statistics table The first displayed will be the one with the lowest ID found in the Statistics table The Start from Control Index allows the user to select the starting point in the Statistics table Clicking the button will update the displayed table starting from that or the next closest Statistics table match The will use the last entry of the currently displayed entry as a basis fo...

Page 180: ...ulticast packets received 6 Broad cast The total number of good packets received that were directed to the broadcast address 7 Multi cast The total number of good packets received that were directed to a multicast address 8 CRC Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had either a bad F...

Page 181: ...r of packets including bad packets received that were between 65 to 127 octets in length 16 128 255 The total number of packets including bad packets received that were between 128 to 255 octets in length 17 256 511 The total number of packets including bad packets received that were between 256 to 511 octets in length 18 512 1023 The total number of packets including bad packets received that wer...

Page 182: ...ble The Start from History Index and Sample Index allows the user to select the starting point in the History table Clicking the button will update the displayed table starting from that or the next closest History table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table ...

Page 183: ...and Sample Index found in the History table The Start from History Index and Sample Index allows the user to select the starting point in the History table The Start from History Index and Sample Index allows the user to select the starting point in the History table Clicking the button will update the displayed table starting from that or the next closest History table match The will use the last...

Page 184: ...hich this sample was measured 4 Drop The total number of events in which packets were dropped by the probe due to lack of resources 5 Octets The total number of octets of data including those in bad packets received on the network 6 Pkts The total number of packets including bad packets broadcast packets and multicast packets received 7 Broadcast The total number of good packets received that were...

Page 185: ...he total number of collisions on this Ethernet segment 15 Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent 16 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 4 11 3 3 RMON Alarm 4 11 3 3 1...

Page 186: ...ty Switch RMON then Alarm 3 Checked Auto refresh 4 Click Refresh to refresh the port detailed statistics Parameter description 1 ID Indicates the index of Alarm control entry 2 Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold 3 Variable Indicates the particular variable to be sampled 4 Sample Type The method of sampling the selected variable an...

Page 187: ...e Alarm table The first displayed will be the one with the lowest ID found in the Alarm table The Start from Control Index allows the user to select the starting point in the Alarm table Clicking the button will update the displayed table starting from that or the next closest Alarm table match The will use the last entry of the currently displayed entry as a basis for the next lookup When the end...

Page 188: ...ndicates the particular variable to be sampled 4 Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds 5 Value The value of the statistic during the last sampling period 6 Startup Alarm The alarm that may be sent when this entry is first set to valid 7 Rising Threshold Rising threshold value 8 Rising Index Rising event index 9 Fall...

Page 189: ...he Event table The first displayed will be the one with the lowest Event Index and Log Index found in the Event table The Start from Event Index and Log Index allows the user to select the starting point in the Event table Clicking the button will update the displayed table starting from that or the next closest Event table match The will use the last entry of the currently displayed entry as a ba...

Page 190: ...ted the web page will show the first 20 entries from the beginning of the Event table The first displayed will be the one with the lowest Event Index and Log Index found in the Event table The Start from Event Index and Log Index allows the user to select the starting point in the Event table Clicking the button will update the displayed table starting from that or the next closest Event table mat...

Page 191: ...Event description 5 Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 4 11 4 802 1X 4 11 4 1 Configuration The section describes to configure the NAS parameters of the switch The NAS server can be employed to connect users to a variety of resources including Internet access conference calls p...

Page 192: ...2 Checked Reauthentication Enabled 3 Set Reauthentication Period Default is 3600 seconds 4 Set EAPOL Timeout Default is 30 seconds 5 Set Aging Peroid Default is 300 seconds 6 Set Hold Time Default is 10 seconds 7 Checked RADIUS Assigned QoS Enabled 8 Checked RADIUS Assigned VLAN Enabled 9 Checked Guest VLAN Enabled 10 Specify Guest VLAN ID 11 Specify Max Reauth Count 12 Checked Allow Guest VLAN if...

Page 193: ... reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore doesn t imply that a client is still present on a port see Aging Period below 3 Reauthentication Period Determines the period in seconds after which a connected client must be reauthenticated This is only active if the Reauthentication En...

Page 194: ...s using the Port Security functionality to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS server request times out according to the timeout specified on the Configuration Security AAA page the client is put on hold in the Unauthorized state The hold timer does not count duri...

Page 195: ...nable disable Guest VLAN functionality When checked the individual ports ditto setting determines whether the port can be moved into Guest VLAN When unchecked the ability to move to the Guest VLAN is disabled on all ports 10 Guest VLAN ID This is the value that a port s Port VLAN ID is set to if a port is moved into the Guest VLAN It is only changeable if the Guest VLAN option is globally enabled ...

Page 196: ... and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different au...

Page 197: ...ch use the Single 802 1X variant Single 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communication between the supplicant and the switch If more than one supplicant is connected to a port the one that comes first wh...

Page 198: ...ch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased...

Page 199: ...he attribute in the packet will be considered and to be valid it must follow this rule All 8 octets in the attribute s value must be identical and consist of ASCII characters in the range 0 3 which translates into the desired QoS Class in the range 0 3 23 RADIUS Assigned VLAN Enabled When RADIUS Assigned VLAN is both globally enabled and enabled checked for a given port the switch reacts to VLAN I...

Page 200: ... the Monitor VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration Guest VLAN Operation When a Guest VLAN enabled port s link comes up the switch starts transmitting EAPOL Request Identity frames If the number of transmissions of such frames exceeds Max Reauth Count and no EAPOL frames have been received in the mean...

Page 201: ... enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate Schedules a reauthentication whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect for successfully authe...

Page 202: ...b interface 1 Click Security Network NAS then Port 2 Checked Auto refresh 3 Click Refresh to refresh the port detailed statistics Parameter description 1 Port The switch port number Click to navigate to detailed NAS statistics for this port 2 Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values ...

Page 203: ...e RADIUS server if enabled 7 Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here 8 Buttons Auto...

Page 204: ...30 AirLive POE GSH1008R 130 User Manual 200 2 Select Enabled of the specific port in the Mode of Port Mode Configuration 3 Select Maximum Dynamic Clients 0 1 2 Unlimited of the specific port in the Mode of Port Mode Configuration 4 Click Apply ...

Page 205: ...the maximum number of dynamic clients that can be learned on given port This value can be 0 1 2 or unlimited If the port mode is enabled and the value of max dynamic client is equal to 0 it means only allow the IP packets forwarding that are matched in static entries on the specific port 4 11 5 2 Static Table The section describes to configure the Static IP Source Guard Table parameters of the swi...

Page 206: ...ry Click Save 6 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 11 5 3 Dynamic Table Entries in the Dynamic IP Source Guard Table are shown on this page The Dynamic IP Source Guard Table is sorted first by port then by VLAN ID then by IP address and then by MAC address Web Interface To configure a Dynamic IP Source Guard Tabl...

Page 207: ... the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 4 11 6 ARP Inspection The section describes to configure the ARP Inspection parameters of the switch You could use the ARP Inspection configure to manage the ARP table 4 11 6 1 Configuration This section describes how to configure ARP Inspection setting including Mode Enabled and Disabled Port Enable...

Page 208: ...System of POE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 204 1 Select Enabled in the Mode of ARP Inspection Configuration 2 Select Enabled of the specific port in the Mode of Port Mode Configuration 3 Click Apply ...

Page 209: ... a given port are enabled and the setting of Check VLAN is disabled the log type of ARP Inspection will refer to the port setting There are four log types and possible types are None Log nothing Deny Log denied entries Permit Log permitted entries ALL Log all entries 3 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 11 6 2 VL...

Page 210: ...pected on VLAN mode configuration web page The log type also can be configured on per VLAN setting Possible types are None Log nothing Deny Log denied entries Permit Log permitted entries ALL Log all entries 2 Buttons Add New Entry Click to add a new VLAN to the ARP Inspection VLAN table Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values ...

Page 211: ...2 Port The logical port for the settings 3 VLAN ID The vlan id for the settings 4 MAC Address Allowed Source MAC address in ARP request packets 5 IP Address Allowed Source IP address in ARP request packets 6 Adding new entry Click to add a new entry to the Static ARP Inspection table Specify the Port VLAN ID MAC address and IP address for the new entry Click Save 7 Buttons Apply Click to save chan...

Page 212: ... Each page shows up to 99 entries from the Dynamic ARP Inspection table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Dynamic ARP Inspection Table The Start from port address VLAN MAC address and IP address input fields allow the user to select the starting point in the Dynamic ARP Inspect...

Page 213: ... Configuration This section shows you to to configure the Port Security settings of the Switch You can use the Port Security feature to restrict input to an interface by limiting and identifying MAC addresses Web Interface To configure a Configuration of Limit Control in the web interface 1 Select Enabled in the Mode of System Configuration 2 Checked Aging Enabled 3 Set Aging Period Default is 360...

Page 214: ...4 Web Management System of POE GSH1008R 130 AirLive POE GSH1008R 130 User Manual 210 Parameter description System Configuration ...

Page 215: ...aw whenever a new MAC address is seen on a Port Security enabled port Since all ports draw from the same pool it may happen that a configured maximum cannot be granted if the remaining ports have already used all available MAC addresses 4 Action If Limit is reached the switch can take one of the following actions None Do not allow more than Limit MAC addresses on the port but take no further actio...

Page 216: ...ed changes will be lost 7 Buttons Apply Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 11 7 2 Status This section shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up...

Page 217: ... Refresh to refresh the port detailed statistics Parameter description 1 Port Status The table has one row for each port on the selected switch and a number of columns which are 2 Port The port number for which the status applies Click the port number to see the status for this particular port ...

Page 218: ...has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page 4 MAC Count Current Limit The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively If no user modules a...

Page 219: ...ounting server to provide access control to your network The AAA server can be a TACACS or RADIUS server to create and manage objects that contain settings for using AAA servers 4 11 8 1 Configuration Web Interface To configure a Common Configuration of AAA RADIUS in the web interface Figure 4 10 6 1 The RADIUS Authentication Server Configuration Parameter description ...

Page 220: ...etermined as dead Setting the Deadtime to a value greater than 0 zero will enable this feature but only if more than one server has been configured 4 Key The secret key up to 63 characters long shared between the RADIUS server and the switch 5 NAS IP Address Attribute 4 The IPv4 address to be used as attribute 4 in RADIUS Access Request packets If this field is left blank the IP address of the out...

Page 221: ...ng overrides the global key Leaving it blank will use the global key Adding a New Server Click to add a new RADIUS server An empty row is added to the table and the RADIUS server can be configured as needed Up to 5 servers are supported The button can be used to undo the addition of the new server 15 Apply Click to save changes 16 Reset Click to undo any changes made locally and revert to previous...

Page 222: ...values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will ...

Page 223: ...dule is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled 4 11 8 3...

Page 224: ...GSH1008R 130 User Manual 220 Parameter description RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for ...

Page 225: ...umber of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses Rx Bad Authentic ators radiusAuthClientExtBa dAuthenticators The number of RADIUS Access Response packets containing invalid authenticators or Messag...

Page 226: ...ccess Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission Tx Timeouts radiusAuthClientExtTi meouts The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send t...

Page 227: ...tate is only reachable when more than one server is enabled Round T rip Time radiusAuthClientExtRo undTripTime The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communica...

Page 228: ...nknown types that were received from the server on the accounting port Rx Packets Dropped radiusAccClientExtPack etsDropped The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason Tx Requests radiusAccClientExtRequ ests The number of RADIUS packets sent to the server This does not include retransmissions Tx Retransmissi ons radiusAcc...

Page 229: ...on State Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not ...

Page 230: ...ort This makes it very easy to determine what type of ACL policy you will be working with 4 12 1 Access Control List The section describes how to configure Access Control List rule An Access Control List ACL is a sequential list of permit or deny conditions that apply to IP addresses MAC addresses or other more specific criteria This switch tests ingress packets against the conditions in an ACL on...

Page 231: ...tion page note that the Items displayed depend on various selections such as Frame Type and IP Protocol Type Specify the relevant criteria to be matched for this rule and set the actions to take when a rule is matched such as Rate Limiter Port Copy Logging and Shutdown Parameter description 1 Ingress Port Indicates the ingress port of the ACE Possible values are Any The ACE will match any ingress ...

Page 232: ...atching the ACE are dropped Filter Frames matching the ACE are filtered 4 Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled 5 Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can modify each A...

Page 233: ... Add New Entry then you can create new SNMP Trap on the switch 3 Click Apply Figure 4 13 1 The SNMP Trap Host Configuration 1 Name Indicates the trap Configuration s name Indicates the trap destination s name 2 Version Indicates the SNMP trap supported version Possible versions are SNMPv2c Set SNMP trap supported version 2c 3 Server IP 4 Community Name The name identifying the severity group 5 Sev...

Page 234: ...eeds to be fixed The basic system check includes ICMP Ping Link OAM ICMPv6 and VeriPHY Cable Diagnostics 4 14 1 Ping This section allows you to issue ICMP PING packets to troubleshoot IPv6 connectivity issues Web Interface To configure an ICMP PING Configuration in the web interface 1 Specify ICMP PING IP Address 2 Specify ICMP PING Size 3 Click Start Parameter description 1 IP Address To set the ...

Page 235: ...tely 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running Cable Diagnostics Therefore running on a 10 or 100 Mbps manageme...

Page 236: ...atus of the cable pair Length The length in meters of the cable pair 4 14 3 Mirroring You can mirror traffic from any source port to a target port for real time analysis You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner Mirror Configuration is to monitor the traffic of the network For example we a...

Page 237: ...copied to Port A for monitoring Web Interface To configure the Mirror in the web interface 1 Click Configuration Mirroring 2 Scroll to select Port to mirror on which port 3 Scroll to disabled enable TX Only and RX Only to set the Port mirror mode 4 Click the save to save the setting 5 If you want to cancel the setting then you need to click the Reset button It will revert to previously saved value...

Page 238: ...rt Configuration The following table is used for Rx and Tx enabling 1 Port The logical port for the settings contained in the same row 2 Mode Select mirror mode Rx only Frames received on this port are mirrored on the mirror port Frames transmitted are not mirrored Tx only Frames transmitted on this port are mirrored on the mirror port Frames received are not mirrored Disabled Neither frames trans...

Page 239: ...n in a number of text files in CLI format The files are either virtual RAM based or stored in flash on the switch There are three system files running config A virtual file that represents the currently active configuration on the switch This file is volatile startup config The startup configuration for the switch read at boot time default config A read only file with vendor specific configuration...

Page 240: ...on file 4 15 1 2 Backup The configuration backup function will be backuped and saved configuration from the switch s configuration into the running web browser PC It is possible to backup any of the files on the switch to the web browser Select the file and click Upload of running config may take a little while to complete as the file must be prepared for upload Web Interface To upload configurati...

Page 241: ...om the managed switch configuration into the location PC user can configure web browser s backup file path to keep configuration file 4 15 1 3 Backup Configuration This section describes to export the Switch Configuration for maintenance needs Any current configuration files will be exported as text format It is possible to download a file from the web browser to all the files on the switch except...

Page 242: ...he files on the switch to the web browser Select the file and click Upload of running config may take a little while to complete as the file must be prepared for upload Web Interface To upload configuration in the web interface 1 Chick Browser to select Maintenance Configuration in you device 2 Click upload Select There are three system files 1 running config A virtual file that represents the cur...

Page 243: ... the file to activate and click This will initiate the process of completely replacing the existing configuration with that of the selected file Web Interface To activate configuration in the web interface 1 Chick Browser to select Maintenance Configuration in you device 2 Click Activate Select There are two system files 1 default config A read only file with vendor specific configuration This fil...

Page 244: ... you device 2 Click Delete Select There is one system files 1 startup config The startup configuration for the switch read at boot time Parameter description 1 Buttons Delete Configuration Click the Delete button then the startup config file will be deleted this effectively resets the switch to default configuration 4 15 2 Restart Device This section describes how to restart switch for any mainten...

Page 245: ...art action 4 15 3 Factory Defaults This section describes how to reset the Switch configuration to Factory Defaults Any configuration files or scripts will recover to factory default values Web Interface To configure a Factory Defaults Configuration in the web interface 1 Chick Factory Defaults 2 Click Yes Parameter description 1 Buttons Yes Click to Yes button to reset the configuration to Factor...

Page 246: ... facilitates an update of the firmware controlling the switch Uploading software will update all managed switches to the location of a software image and click After the software image is uploaded a page announces that the firmware update is initiated After about a minute the firmware is updated and all managed switches restart the switch restarts WARNING While the firmware is being updated Web ac...

Page 247: ... image or by manual intervention uploading a new firmware image to the device will automatically use the primary image slot and activate this 3 The firmware version and date information may be empty for older firmware releases This does not constitute an error Web Interface To configure a Firmware Upgrade Configuration in the web interface 1 Chick Browser to select Maintenance Software in you devi...

Page 248: ...0 User Manual 244 3 Date The date where the firmware was produced 4 Buttons Activate Alternate Image Click to use the Activate Alternate Image This button may be disabled depending on system state Cancel Cancel activating the backup image Navigates away from this page ...

Page 249: ...es on a floor or on the Google MAP In addition User can see the video streaming for the cameras and control AirLive s access point such as the AC TOP To fully support the Graphic Monitoring please use the Firefox or IE Chrome is not recommended Moreover please make sure that the cameras and Access Point is in the same subnet 5 1 1 Topology View In Topology View located in Graphical Monitoring user...

Page 250: ...cluding the device is disconnecting or IP complicit 5 Monitor This page will show the traffic of the cameras 6 Streaming If the switch detect that the device is a cameras Streaming icon will display and user can click the streaming icon to get the live view of the cameras To support this cameras browser need to support plug in so only IE and Firefox can support the plug in In addition the apple qu...

Page 251: ...age Because AC TOP only allow one user to log in for security reason 2 Diagnostics In this icon it will check the connection between the switch and AC TOP 3 Reboot Click this icon can repower the AC TOP 4 WiFi Click this icon can setup the AC TOP s SSID Tx Power Security RF Power to setup the RF Power of the AC TOP Channel To setup the wifi channel for the AC TOP In normal application Auto is sugg...

Page 252: ...can select the MAC address and click the Block icon If there are more than 1 POE GSH1008R 130 in the network the Block MAC address will be set in to the all of the POE GSH1008R 130 series in your network 6 BlockList To show which MAC adress is blocked 5 1 2 Floor View In This page the administrator can place a device per time onto the custom image which you updated Up to 10 map file can be upload ...

Page 253: ...the map to your location and zoom in to a preferred view To Move on the screen click and hold down your left mouse button to move to a preferred direction User also can key in the address in search box Click the device you want to show in the map and drag to the preferred location Please remember to click the Save to save running configuration to startup config If you forget your device s location...

Page 254: ...t sector of the DMS it will list all of the devices the switch detected However all of the device need to be in the same subnet of the switch For example if the switch IP address is 192 168 2 1 the cameras or access point should be the IP address between 192 168 2 2 192 168 2 254 Web interface 1 Click 2 Modify the Device name and HTTP Port Number 3 Click Apply ...

Page 255: ...5 Web Management Device of POE GSH1008R 130 251 AirLive POE GSH1008R 130 User Manual When you want to remove the Offline device in the List 1 Click 2 Click Apply ...

Page 256: ...del name 8 Device Name Cameras or AirLive AP s device name 9 MAC Cameras or AirLive AP s device mac 10 IP Address device IP address hyper link re direct to device website 5 3 Maintenance 5 3 1 Floor Image In this page an administrator can add or delete a custom map or floor image Web interface To configure Floor Image in the web interface 1 Click DMS Maintenance Floor Image 2 Click Browse to selec...

Page 257: ...5 Web Management Device of POE GSH1008R 130 253 AirLive POE GSH1008R 130 User Manual Floor Image ...

Page 258: ...can detect where the problem lies Note that the topology of network needs to be saved for this function to work properly Web interface To configure Diagnostics in the web interface 1 Select device to start the Diagnostics Mechanism 2 After device is select below image will show in the browser 3 5 3 3 Traffic Monitor This page displays visual chart of network traffic of all the devices managed by P...

Page 259: ...5 Web Management Device of POE GSH1008R 130 255 AirLive POE GSH1008R 130 User Manual Traffic Chart ...

Page 260: ... connections If they appear to be OK make sure the connections are snug IF that does not correct the problem try a different cable Non standard cables Non standard and miss wired cables may cause numerous network collisions and other network problem and can seriously impair network performance A category 5e cable tester is a recommended tool for every 1000Base T network installation Improper Netwo...

Page 261: ...r STP cable for RJ 45 connections 100Ω Category 3 4 or 5 cable for 10Mbps connections or 100Ω Category 5 cable for 100Mbps connections Also be sure that the length of any twisted pair connection does not exceed 100 meters 328 feet Gigabit port should use Cat 5 or cat 5e cable for 1000Mbps connections The length does not exceed 100 meters ...

Page 262: ... 1000T IEEE802 3x Flow Control and Back pressure IEEE802 3ad Port trunk with LACP IEEE802 1d Spanning tree protocol IEEE802 1p Class of service IEEE802 1Q VLAN Tagging IEEE802 1w Rapid Spanning tree protocol IEEE802 1s Multicast Spanning tree protocol IEEE802 3 at af PoE Interface 8x 10 100 1000Mbps RJ45 ports 2x SFP 100 1000Mbps ports Switch architecture Store and forward switch architecture Back...

Page 263: ... to 12 trunk groups and group member up to 16 Supports IEEE802 1d STP IEEE802 1w RSTP MSTP VLAN Port base VLAN IEEE 802 1Q Tag base VLAN 4094 max up to 4094 active VLANs including static and dynamic entry MAC based VLAN Management VLAN Private VLAN Edge PVE Q in Q double tag VLAN QoS policy Support 8 hardware queues Support WRR 802 1p CoS Support Port based 802 1p VLAN Priority based IPv4 IPv6 pre...

Page 264: ...Port Mirroring Supports 802 1x Radius TACACS Support Access Control List Support IP Source Guard Locks MAC address to ports and Limit the number of learned MAC address Support UPnP Temperature Operating 0 to 50 C Storage 20 to 70 C Humidity Operating 10 90 Storage 5 90 Power 100 240VAC 50 60Hz maximum PoE Power Budget 130W Dimensions 220 x 44 x 242 mm ...

Page 265: ...using Cat 5 UTP STP cable The 100Base TX standard is backward compatible with the 10Mbps 10 BaseT standard 1000Base SX Also known as 802 3z The IEEE standard defines how to transmit gigabit Ethernet data using multi mode fiber optic cables This standard allows transmission distance of 550 meter which is more than 5 times longer than the 100 meter limitation of 1000Base T The 1000Base SX cannot run...

Page 266: ...self Each packet carries a VLAN ID called Tag as it traveled across the network Therefore the VLAN configuration can be configured across multiple switches In 802 1Q spec possible 4096 VLAN ID can be created Although for some devices they can only view in frames of 256 ID at a time 802 1x 802 1x is a security standard for wired and wireless LANs In the 802 1x parlance there are usually supplicants...

Page 267: ...port IP multicast memberships to neighboring multicast switches and routers IGMP Snooping is a feature that allows an Ethernet Switch to listen in on the IGMP conversation between hosts and routers When IGMP snooping is enabled in a switch it prevent hosts on a local network from receiving traffic for a multicast group they have not explicitly joined It provides switches with a mechanism to prune ...

Page 268: ...ure only the devices with the approved MAC address can connect with the network Mbps Megabits Per Second One million bits per second a unit of measurement for data transmission MiniGBIC A type of Gigabit Ethernet module interface that uses SFP Small Form factor Pluggable transceiver The MiniGBIC equipped with Switches typically comes with the MiniGBIC slot for optional SFP optical transceiver Pack...

Page 269: ...ocol with the functionality of a very basic form of FTP It is used to transfer small amounts of data between hosts on a network such as Switch firmware The switch port can auto detect straight or crossover cable when you link switch with other Ethernet device For the RJ 45 connector should use correct UTP or STP cable 10 100Mbps port use 2 pairs twisted cable and Gigabit 1000T port use 4 pairs twi...

Page 270: ...s there should be only one active cabling path at any time Data path loops will cause broadcast storms that will severely impact your network performance 8 1 Cabling RJ 45 ports use unshielded twisted pair UTP or shield twisted pair STP cable for RJ 45 connections 100Ω Category 3 4 or 5 cable for 10Mbps connections or 100Ω Category 5 cable for 100Mbps connections Also be sure that the length of an...

Reviews:

No comments