manualshive.com logo in svg

ANTAIRA LNX-2012GN-SFP, User Manual

Share
Download
ANTAIRA LNX-2012GN-SFP User Manual Download Page 68

Antaira Technologies - Industrial Ethernet Switches 

LNX-2012G-SFP Series User Manual V1.0 

 

 

 

 

 

61 

 

Overview of 802.1X (Port-Based) Authentication 

In the 802.1X-world, the user is called the supplicant, the switch is the authenticator, and the 

RADIUS server is the authentication server. The switch acts as the man-in-the-middle, 

forwarding requests and responses between the supplicant and the authentication server.   

 

Frames sent between the supplicant and the switch is special 802.1X frames, known as 

EAPOL (EAP Over LANs) frames. EAPOL frames encapsulate EAP PDUs (RFC3748). Frames 

sent between the switch and the RADIUS server is RADIUS packets. RADIUS packets also 

encapsulate EAP PDUs together with other attributes like the switch's IP address, name, and 

the supplicant's port number on the switch. EAP is very flexible, in that it allows for different 

authentication methods, like MD5-Challenge, PEAP, and TLS. The important thing is that the 

authenticator (the switch) doesn't need to know which authentication method the supplicant 

and the authentication server are using, or how many information exchange frames are needed 

for a particular method. The switch simply encapsulates the EAP part of the frame into the 

relevant type (EAPOL or RADIUS) and forwards it. 

 

When authentication is complete, the RADIUS server sends a special packet containing a 

success or failure indication. Besides forwarding this decision to the supplicant, the switch uses 

it to open up or block traffic on the switch port connected to the supplicant. 

 

 

*Note:

 Suppose two backend servers are enabled and that the server timeout is configured to 

X seconds (using the Authentication configuration page), and suppose that the first server in 

the list is currently down (but not considered dead). Now, if the supplicant retransmits EAPOL 

Start frames at a rate faster than X seconds, then it will never get authenticated, because the 

switch will cancel on-going backend authentication server requests whenever it receives a new 

EAPOL Start frame from the supplicant. And since the server hasn't yet failed (because the X 

seconds haven't expired), the same server will be contacted upon the next backend 

authentication server request from the switch. This scenario will loop forever. Therefore, the 

server timeout should be smaller than the supplicant's EAPOL Start frame retransmission rate. 

 

 

 

 

 

 

 

 

Summary of Contents for LNX-2012GN-SFP

Page 1: ...ogies Industrial Ethernet Switches LNX 2012G SFP Series User Manual V1 0 i LNX 2012GN SFP Series 20 Port Industrial Gigabit Managed Ethernet Switches with 8 10 100 1000Tx 12 100 1000 SFP Slots User Manual Version 1 0 ...

Page 2: ...rs Notice Copyrights 2016 by Antaira Technologies LLC All rights reserved Reproduction adaptation or translation without prior permission of Antaira Technologies LLC is prohibited except as allowed under the copyright laws Disclaimer Antaira Technologies LLC provides this manual without warranty of any kind expressed or implied including but not limited to the implied warranties of merchantability...

Page 3: ... to try to correct the interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help Caution Any changes or modifications not expressly...

Page 4: ... Hardware Description 4 2 1 Physical Dimensions 4 2 2 Front Panel 5 2 3 Top View 5 2 4 LED Indicators 6 2 5 Reset Button 6 2 6 Ethernet Ports 7 2 7 Cabling 8 2 8 Wiring the Power Inputs 10 2 9 Wiring the Fault Alarm Contact 10 3 Mounting Installation 11 3 1 DIN Rail Mounting 11 3 2 Wall Mounting 12 4 Hardware Installation 13 4 1 Installation Steps 13 5 Web Management 14 5 1 Web Console Configurati...

Page 5: ...2 5 1 LLDP Neighbors 19 5 2 5 2 LLDP Port Statistics 20 5 2 6 Backup 23 5 3 DHCP Server 23 5 3 1 Settings 23 5 3 2 Dynamic Client 23 5 3 3 Static Client 24 5 4 Port Settings 24 5 4 1 Port Configuration 24 5 4 2 Port Name 26 5 5 Redundancy 26 5 5 1 STP Bridge Configuration 26 5 5 2 Super Ring 27 5 5 3 MSTI Configuration 29 5 5 4 MSTI Priority Configuration 30 5 5 5 CIST Port Configuration 31 ...

Page 6: ...2 VLAN Port Configuration 37 5 7 SNMP 43 5 7 1 SNMP System Configuration 43 5 7 2 SNMP Trap Configuration 44 5 7 3 SNMP Communities 46 5 7 4 SNMP Users 46 5 7 5 SNMPv3 Group Configuration 48 5 7 6 SNMPv3 View Configuration 48 5 7 7 SNMPv3 Access Configuration 49 5 8 Traffic Prioritization 50 5 8 1 Storm Control Configuration 50 5 8 2 Port QoS Quality of Service 52 5 8 3 QoS Statistics 54 5 9 IGMP ...

Page 7: ...og Configuration 73 5 11 3 SMTP Settings 74 5 11 4 Event Selection 75 5 12 Monitor and Diagnose 76 5 12 1 MAC Table 76 5 12 2 Port Statistics for Monitoring and Diagnostics 79 5 12 3 Port Monitoring 81 5 12 4 System Log Information 82 5 12 5 VeriPHY Cable Diagnostics 83 5 12 6 ICMP Ping 83 5 13 Factory Default 84 5 14 System Reboot 84 6 Command Line Interface Management 85 6 1 About CLI Management...

Page 8: ...extended downtime The advanced network filtering and security functions such as IGMP VLAN QoS SNMP port lock RMON Modbus TCP and 802 1X HTTPS SSH SSL increase determinism and improve network management for remote SCADA systems or control networks The LNX 2012GN SFP series is compact IP30 rated and DIN rail or wall mountable There are also two wide operating temperature models for either a standard...

Page 9: ...and fault alarm relay output Software Upgrade via TFTP and HTTP 1 3 Product Hardware Features System Interface and Performance All RJ 45 ports support auto MDI MDI X function Embedded 8 10 100 1000Tx fast Ethernet RJ45 ports and 12 100 1000 SFP slot Console port Store and forward switching architecture 8K MAC address table Power line EFT protection 2 000VDC Ethernet ESD protection 6 000VDC Power I...

Page 10: ...0 1000 SFP slots 1 Product CD 2 Wall mounting brackets and screws 1 RJ45 to DB9 Serial Console cable 1 DC cable 18 AWG DC jack 5 5x2 1mm 1 5 Safety Precaution Attention If the DC voltage is supplied by an external circuit please use a protection device on the power supply input The industrial Ethernet switch s hardware specs ports cabling information and wiring installation will be described withi...

Page 11: ...scription 2 1 Physical Dimensions Figure 2 1 below shows the physical dimensions of Antaira s LNX 2012GN SFP series 20 port industrial gigabit managed Ethernet switches with 8 10 100 1000Tx and 12 100 1000 SFP slots W x D x H is 96 4mm x 105 5mm x 154mm Figure2 1 LNX 2012GN SFP Series Physical Dimensions ...

Page 12: ...dustrial gigabit managed Ethernet switch is shown below in Figure 2 2 2 3 Top View Figure 2 3 below shows the top panel of the LNX 2012GN SFP series switch that is equipped with one 6 pin removal terminal block connector for dual DC power inputs 12 48VDC Figure2 2 The Front Panel of LNX 2012GN SFP Series Figure2 3 Top Panel View of LNX 2012GN SFP Series ...

Page 13: ...e Off Power input 1 and 2 are both functional or no power inputs ports link is active port alarm is disabled LAN Port 1 8 Left LED Green On Connected to network 1000Mbps Flashing Networking is active Off Not connected to network LAN Port 1 8 Right LED Green On Networking is active 100 10Mbps Flashing Networking is active Off Not connected to network Fiber Port 9 20 SFP LNK ACT ACT On Connected to ...

Page 14: ...is industrial Ethernet switch support automatic MDI MDI X operations Users can use straight through cables see figure below for all network connections to PCs servers and other switches or hubs With straight through cabling pins 1 2 3 and 6 are at one end of the cable and are connected straight through to pins 1 2 3 and 6 at the other end of the cable The table below Table 2 3 shows the 10BASE T 1...

Page 15: ...used in optical communications for both telecommunication and data communication applications To connect the transceiver and LC cable please follow the steps below First insert the SFP transceiver module into the SFP slot as shown below in Figure 2 6 Notice that the triangle mark is at the bottom of the SFP slot Figure 2 7 shows that the SFP transceiver module has been inserted Second insert the f...

Page 16: ...er please follow the steps shown below 1 Press the upper side of the LC connector from the transceiver and pull it out to release as shown below in Figure 2 9 2 Push down the metal clasp and pull the transceiver out by the plastic part as shown below in Figure 2 10 Figure 2 9 Remove LC Connector Figure 2 10 Pull Out from the SFP Module ...

Page 17: ...C tighten to 5lbs The wire gauge for the terminal block should range between 18 20 AWG 2 9 Wiring the Fault Alarm Contact The fault alarm contact is in the middle of the terminal block connector as the picture shows below in Figure 2 13 By inserting the wires it will detect the fault status including power failure or port link failure managed industrial switch only and form a normally open circuit...

Page 18: ...e screws to install the DIN Rail bracket on the rear side of the industrial Ethernet switch 2 To remove the DIN Rail bracket do the opposite from step 1 3 After the DIN Rail bracket is installed on the rear side of the switch insert the top of the DIN Rail on to the track as shown below in Figure 3 2 4 Lightly pull down the bracket on to the rail as shown below in Figure 3 3 5 Check if the bracket...

Page 19: ... Place the wall mounting brackets on the top and bottom of the industrial Ethernet switch 3 Use the screws to screw the wall mounting bracket on the industrial Ethernet switch 4 Use the hook holes at the corners of the wall mounting bracket to hang the industrial Ethernet switch on the wall 5 To remove the wall mount bracket do the opposite from the steps above Below in Figure 3 5 are the dimensio...

Page 20: ...ion for wall mounting installation 3 To hang the industrial Ethernet switch on a DIN Rail or wall please refer to the Mounting Installation section 4 Power on the industrial Ethernet switch and then the power LED light will turn on If you need help on how to wire power please refer to the Wiring the Power Inputs section Please refer to the LED Indicators section for LED light indication 5 Prepare ...

Page 21: ...ment features that allow users to manage the switch from anywhere on the network through any Internet browser such as Internet Explorer version 9 0 or above is recommended Firefox Chrome and many others Preparing for Web Console Configuration Antaira s industrial managed switches come with a factory default value as below Default IP Address 192 168 10 1 Subnet Mask 255 255 255 0 Default Gateway 19...

Page 22: ...Click the Login button then the main status page of the Web Console will appear as shown below in Figure 5 1 1 The online image of the switch will display the real time ports connection status 5 2 Basic Setting 5 2 1 System Information Below Figure 5 2 shows the switch system setting information Figure 5 1 1 Web Console Main Status Page Figure 5 2 Switch Settings Status Page ...

Page 23: ...phone closet 3rd floor The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Contact The textual identification of the contact person for this managed node together with information on how to contact this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 System Timezone offset minutes Pr...

Page 24: ...escription DHCP Client Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup IP Address Assign the IP address that the network is using ...

Page 25: ...managed VLAN ID The allowed range is 1 through 4095 DNS Server Provide the IP address of the DNS Server in dotted decimal notation Click to save changes Click to undo any changes made locally and revert to previously saved values 5 2 4 SSH Label Description Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Click to save c...

Page 26: ...iption Port The switch port number of the logical LLDP port Mode Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighb...

Page 27: ...WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address Management Address is the neighbor unit s address that is used for higher layer entities to assist the discovery by the network management This could for instance hold the nei...

Page 28: ...s last deleted or added Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows the number of LLDP frames dropped due to that the entry table was full Total Neighbors Entries Aged Out Shows the number of entries deleted due to Time To Liv...

Page 29: ...ined within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value...

Page 30: ...l load previously saved configuration files to the switch The Firmware Upgrade will upload new firmware to the switch 5 3 DHCP Server 5 3 1 Settings Below displays the DHCP server settings that are active when the DHCP server has been enabled 5 3 2 Dynamic Client When the DHCP server has been enabled the unit will collect the DHCP client information and display it within the Dynamic Client list ...

Page 31: ...s in the assigned dynamic IP range to the specific port can be assigned When the device is connecting to the port and asks for dynamic IP assigning the system will assign the IP address that has been assigned before in the connected device 5 4 Port Settings 5 4 1 Port Configuration The Port Configuration page shows the current port settings ...

Page 32: ...es on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Maximum Frame Enter the maximum frame size allowed for the switch port including FCS The allowe...

Page 33: ...Antaira Technologies Industrial Ethernet Switches LNX 2012G SFP Series User Manual V1 0 26 5 4 2 Port Name The user is able to name each individual port 5 5 Redundancy 5 5 1 STP Bridge Configuration ...

Page 34: ...information generated at the boundary of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information Valid values are in the range 4 to 30 seconds and MaxAge must be FwdDelay 1 2 Transmit Hold Count The number of BPDU s a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per seco...

Page 35: ...ing Ring Mark to enable Coupling Ring Coupling Ring can be used to divide a big ring into two smaller rings to avoid effecting all switches when network topology change It is a good application for connecting two Rings Coupling Port Link to a Coupling Port of the switch in another ring Coupling Rings need four switches to build an active backup link Set a port as a coupling port The coupled four p...

Page 36: ...st 32 characters Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 and 65535 MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped VLANS Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI A...

Page 37: ...nce The CIST is the default instance which is always active Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number linked with the 6 byte MAC address of the switch forms a Bridge Identifier Click to save changes Click to undo any changes made locally and revert to previously saved values ...

Page 38: ...bel Description Port The switch port number of the logical STP port STP Enabled Controls whether STP is enabled on this switch port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establ...

Page 39: ... MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network influencing the spanning tree active topology possibly because those bridges are not under the f...

Page 40: ...port number of the corresponding STP CIST and MSTI port Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen a...

Page 41: ...dge Root Port The switch port currently assigned the root port role Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge Topology Flag The current state of the Topology Change Flag for this Bridge instance Topology Change Last The time since last Topology Change occurred Click to refresh the p...

Page 42: ...Check this box to enable an automatic refresh of the page at regular intervals 5 5 9 STP Port Statistics Label Description Port The switch port number of the logical RSTP port RSTP The number of RSTP Configuration BPDU s received transmitted on the port STP The number of legacy STP Configuration BPDU s received transmitted on the port TCN The number of legacy Topology Change Notification BPDU s re...

Page 43: ... VLAN ID for the entry MAC Address The MAC address for the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Adding a New Static Entry Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected stack s...

Page 44: ...rts This field specifies the Ether type used for Custom S ports This is a global setting for all the Custom S ports Port This is the logical port number of this row Port Type Ports can be one of the following types Unaware Customer port C port Service port S port Custom Service port S custom port If Port Type is Unaware all frames are classified to the Port VLAN ID and tags are not removed ...

Page 45: ... None is selected a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port This mode is normally used for ports connected to VLAN aware switches Tx tag should be set to Untag_pvid when this mode is used If a specific default value is selected a Port VLAN ID can be configured see below Untagged frames received on the port are classified to the Port VLAN ID If VLAN awaren...

Page 46: ...agged frames 1 If there is a tagged frame with TPID 0x8100 it is forwarded 2 If the TPID of a tagged frame is not 0x8100 ex 0x88A8 it will be discarded The TPID of the frame is transmitted by C port and will be set to 0x8100 S Port When the port receives untagged frames an untagged frame obtaining a tag based on PVID is forwarded When the port received tagged frames 1 If there is a tagged frame wi...

Page 47: ...Antaira Technologies Industrial Ethernet Switches LNX 2012G SFP Series User Manual V1 0 40 ...

Page 48: ...Antaira Technologies Industrial Ethernet Switches LNX 2012G SFP Series User Manual V1 0 41 ...

Page 49: ...delete the entry It will be deleted during the next save Private VLAN ID Indicates the ID of this particular private VLAN MAC Address The MAC address for the entry Port Members A row of check boxes for each port is displayed for each private VLAN ID To include a port in a Private VLAN check the box To remove or exclude the port from the Private VLAN make sure the box is unchecked By default no por...

Page 50: ...orking equipment 5 7 1 SNMP System Configuration Label Description Mode Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Version Indicates the SNMP supported version Possible versions are SNMP v1 Set SNMP supported version 1 SNMP v2c Set SNMP supported version 2c SNMP v3 Set SNMP supported version 3 Read Community Indicate...

Page 51: ...s and all F s are not allowed Change of the Engine ID will clear all original local users 5 7 2 SNMP Trap Configuration Label Description Trap Mode Indicates the SNMP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation Trap Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported ver...

Page 52: ...le modes are Enabled Enable SNMP trap link up and link down mode operation Disabled Disable SNMP trap link up and link down mode operation Trap Inform Mode Indicates the SNMP trap inform mode operation Possible modes are Enabled Enable SNMP trap inform mode operation Disabled Disable SNMP trap inform mode operation Trap Inform Timeout seconds Indicates the SNMP trap inform timeout The allowed rang...

Page 53: ...ates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Source IP Indicates the SNMP access source address Source Mask Indicates the SNMP access source address mask 5 7 4 SNMP Users SNMPv3 Table Label Description Delete Check to delete the entry It will be deleted during the next save Engi...

Page 54: ... entry already exists That means must first ensure that the value is set correctly Authentication Protocol Indicates the authentication protocol that this entry should belong to Possible authentication protocols are None None authentication protocol MD5 An optional flag to indicate that this user using MD5 authentication protocol SHA An optional flag to indicate that this user using SHA authentica...

Page 55: ... security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 ...

Page 56: ...d it should be another view entry in which the view type is included and it s OID subtree oversteps the excluded view entry OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk 5 7 7 SNMPv3 Access Configuration Label Description Delete Check to delete the entry It will be deleted du...

Page 57: ...racters from 33 to 126 5 8 Traffic Prioritization The practice of implementing a process that when under heavy traffic pressure the network will begin giving higher preference to traffic that has been assigned higher priority levels then other traffic or non assigned traffic 5 8 1 Storm Control Configuration There is a unicast storm rate control multicast storm rate control and a broadcast storm r...

Page 58: ...The settings in a particular row apply to the frame type listed here unicast multicast or broadcast Status Enable or disable the storm control status for the given frame type Rate The rate unit is packet per second pps configure the rate as 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps ...

Page 59: ...s QoS Class Controls the default QoS class All frames are classified to a QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a QoS class that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default QoS...

Page 60: ...to a DP level If the port is VLAN aware and the frame is tagged then the frame is classified to a DP level that is equal to the DEI value in the tag Otherwise the frame is classified to the default DP level If the port is VLAN aware the frame is tagged and has aTag Class If enabled then the frame is classified to a DP level that is mapped from the PCP and DEI value in the tag Otherwise the frame i...

Page 61: ... PCP and DEI for tagged frames Click on the mode in order to configure the mode and or mapping Note This setting has no effect if the port is VLAN unaware Tagged frames received on VLAN unaware ports are always classified to the default QoS class and DP level DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification 5 8 3 QoS Statistics Label Description Port The logical port for the s...

Page 62: ...e host s port number to the multicast list for that group When the switch hears an IGMP leave it removes the host s port from the table entry IGMP snooping can reduce multicast traffic from streaming and other bandwidth intensive IP applications more effectively A switch using IGMP snooping will only forward multicast traffic to the hosts in that traffic This reduction of multicast traffic reduces...

Page 63: ...rnet switch that leads towards the Layer 3 multicast device or IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Fast Leave Enable the fast leave on the port 5 9 2 IGMP Snooping Status IGMP Snooping Table Label Description VLAN ID The VLAN ID of the entry Querier Version Working Querier Version currently Host Version Working Hos...

Page 64: ...to refresh the page immediately Clears all Statistics counters Check this box to enable an automatic refresh of the page at regular intervals Port Switch Port number Status Indicate whether specific port is a router port or not 5 10 Security 5 10 1 ACL Label Description Port The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed va...

Page 65: ...gging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the ...

Page 66: ...played depending on the frame type that you selected Label Description Ingress Port Select the ingress port for which this ACE applies Any The ACE applies to any port Port n The ACE applies to this port number where n is the number of the switch port Policy n The ACE applies to this policy number where n can range from 1 through 8 Frame Type Select the frame type for this ACE These frame types are...

Page 67: ...t down operation of the ACE The allowed values are Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE Counter The counter indicates the number of times the ACE was hit by a frame 5 10 2 802 1x This page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a po...

Page 68: ...many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the...

Page 69: ...ust be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authenti...

Page 70: ...ption Mode Indicates if 802 1X and MAC based authentication is globally enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames Reauthentication Enabled If checked clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new ...

Page 71: ...es to the following modes i e modes using the Port Security functionality to secure MAC addresses MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this...

Page 72: ...re frame when the port link comes up and any client on the port will be disallowed network access Port based 802 1X In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent ...

Page 73: ...the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since the server hasn t yet failed because the X seconds haven t expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than t...

Page 74: ... back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Multi 802 1X variant Multi 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1X Multi 802 1X is like Single 802 1X not an IEEE standard but a variant that features many of the same charac...

Page 75: ... form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using...

Page 76: ...supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Restart Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause sett...

Page 77: ...recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication Last ID The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication 5 ...

Page 78: ...of possible values Port State The current state of the port Refer to NAS Port State for a description of the individual states EAPOL Counters These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthorized 802 1X Backend Server Counters These backend RADIUS frame counters are available for the following administrative states 802 1X MAC base...

Page 79: ...witches LNX 2012G SFP Series User Manual V1 0 72 Last Supplicant Client Info Information about the last supplicant client that attempted to authenticate This information is available for the following administrative states 802 1X MAC based Auth ...

Page 80: ...r Mode Indicates the server mode operation When the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the...

Page 81: ... Protocol Label Description E mail Alarm Enable Disable transmission system warning events by e mail Sender E mail Address The SMTP server IP address Mail Subject The Subject of the mail Authentication Username the authentication username Password the authentication password Confirm Password re enter password Recipient E mail Address The recipient s E mail address It supports 6 recipients for a ma...

Page 82: ... choose Please note that the checkbox cannot be checked when SYSLOG or SMTP is disabled Label Description System Cold Start Alert when system restarts Power Status Alert when a power up or down occurs SNMP Authentication Failure Alert when SNMP authentication fails Super Ring Topology Change Alert when Super Ring topology changes Port Event SYSLOG SMTP event Disable Link Up Link Down Link Up Link ...

Page 83: ...g a value here in seconds for example Age time seconds The allowed range is 10 to 1000000 seconds Disable the automatic aging of dynamic entries by checking Disable automatic aging MAC Table Learning If the learning mode for a given port is grayed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under ...

Page 84: ...le are shown in this table The static MAC table can contain 64 entries The maximum of 64 entries is for the whole stack and not per switch The MAC table is sorted first by VLAN ID and then by MAC address Label Description Delete Check to delete the entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Port Members Checkmarks indic...

Page 85: ... in the MAC Table Clicking the button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup Wh...

Page 86: ...tted packets per port Bytes The number of received and transmitted bytes per port Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Check this box to enable an automatic refresh of the page at regular inte...

Page 87: ...s framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a...

Page 88: ...o be copied to the mirror port is selected as follows All frames received on a given port also known as ingress or source mirroring All frames transmitted on a given port also known as egress or destination mirroring Port to mirror is also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port The Disabled setting disable...

Page 89: ...rmation level of the system log Warning Warning level of the system log Error Error level of the system log All All levels Time The time of the system log entry Message The MAC Address of this switch Check this box to enable an automatic refresh of the page at regular intervals Updates the system log entries starting from the current entry ID Flushes all system log entries Updates the system log e...

Page 90: ...down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Label Description Port The port where you are requesting VeriPHY Cable Diagnostics Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair 5 12 6 ICMP Ping This page allows you to issue ICMP...

Page 91: ...iption IP Address The destination IP Address Ping Size The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes 5 13 Factory Default The switch can be returned to the original factory settings Options are available to keep the current in use IP address or to keep the current in use User Password information Label Description Click to reset the configuration to Factory Defaults C...

Page 92: ...ent Users can use console or telnet to management switch by CLI CLI Management by RS 232 Serial Console 115200 8 none 1 none Before configuring by an RS 232 serial console use an RJ45 to DB9 F cable to connect the switches RS 232 Console port to the PC s COM port Follow the steps below to access the console via RS 232 serial cable Step 1 From the Windows desktop click on Start Programs Accessories...

Page 93: ...Antaira Technologies Industrial Ethernet Switches LNX 2012G SFP Series User Manual V1 0 86 Step 2 Input a name for the new connection Step 3 Select to use a specific COM port number ...

Page 94: ...al V1 0 87 Step 4 The COM port property settings are as follows 115200 for Bits per second 8 for Data bits None for Parity 1 for Stop bits and none for Flow control Step 5 The Console login screen will appear Use the keyboard to enter the Username and Password and then press Enter ...

Page 95: ...ult value is as below IP Address 192 168 1 254 Subnet Mask 255 255 255 0 Default Gateway none User Name admin Password admin Follow the steps below to access the console via Telnet Step 1 Telnet to the IP address of the switch from the Windows Run command as below Step 2 The Login screen will appear Use the keyboard to enter the Username and Password and then press Enter ...

Page 96: ... enable disable Setup ip_addr ip_mask ip_router vid Ping ip_addr_string ping_length SNTP ip_addr_string MAC Configuration port_list configure Add mac_addr port_list vid Delete mac_addr vid Lookup mac_addr vid Agetime age_time Learning port_list auto disable secure Dump mac_max mac_addr vid Statistics port_list Flush Security Switch Switch security setting configure Network Network security setting...

Page 97: ...ory_id History Lookup history_id Alarm Add alarm_id interval alarm_variable absolute delta rising_threshold rising_event_index falling_threshold falling_event_index rising falling both Alarm Delete alarm_id Alarm Lookup alarm_id Security Network Psec Port Security Status configure NAS Network Access Server IEEE 802 1X ACL Access Control List DHCP Dynamic Host Configuration Protocol Security Networ...

Page 98: ...atus combined static loop_protect dhcp ptp ipmc conflicts Port State port_list enable disable Security Network DHCP Configuration configure Mode enable disable Server ip_addr Information Mode enable disable Information Policy replace keep drop Statistics clear STP Configuration Version stp_version Non certified release v configure Txhold holdcount lt 15 15 15 Dec 6 2007 MaxAge max_age FwdDelay del...

Page 99: ..._cost Msti Port Priority msti port_list priority LACP Configuration port_list configure Mode port_list enable disable Key port_list key Role port_list active passive Status port_list Statistics port_list clear LLDP Configuration port_list configure Mode port_list enable disable Statistics port_list clear Info port_list QoS DSCP Map dscp_list class dpl configure DSCP Translation dscp_list trans_dsc...

Page 100: ...list configure Port port disable Mode port_list enable disable rx tx IGMP Configuration port_list Configure Mode enable disable State vid enable disable Querier vid enable disable Fastleave port_list enable disable Router port_list enable disable Flooding enable disable Groups vid Status vid ACL Configuration port_list configure Action port_list permit deny rate_limiter port_copy logging shutdown ...

Page 101: ...ig Save ip_server file_name configure Load ip_server file_name check Firmware Load ip_addr_string file_name configure SNMP Trap Inform Retry Times retries configure Trap Probe Security Engine ID enable disable Trap Security Engine ID engineid Trap Security Name security_name Engine ID engineid Community Add community ip_addr ip_mask Community Delete index Community Lookup index User Add engineid u...

Page 102: ...on port_list Port Mode port_list enable disable Port Action port_list shutdown shut_log log Port Transmit port_list enable disable Status port_list IPMC Configuration igmp configure Mode igmp enable disable Flooding igmp enable disable VLAN Add igmp vid VLAN Delete igmp vid State igmp vid enable disable Querier igmp vid enable disable Fastleave igmp port_list enable disable Router igmp port_list e...

Page 103: ...disable SMTP PowerStatus enable disable SMTP SnmpAuthenticationFailure enable disable SMTP RingTopologyChange enable disable SMTP Port port_list disable linkup linkdown both DHCPServer Mode enable disable configure Setup ip_start ip_end ip_mask ip_router ip_dns ip_tftp lease bootfile Fast Recovery Mode enable disable configure Port port_list fr_priority SFP syslog enable disable configure temp tem...

Page 104: ...B LLDP IEEE 802 1p QoS CoS Protocol for Traffic Prioritization Switch Protocol IGMPv1 v2 SNMPv1 v2c v3 TFTP SNTP SMTP RMON HTTP HTTPS Telnet Syslog DHCP Option 82 SSH SSL Modbus TCP LLDP IPv4 IPv6 Data Process Store and Forward Transfer Rate 14 880 pps for 10Base Tx Ethernet port 148 800 pps for 100Base TX Fast Ethernet port 1 488 000pps for 1000Base TxGigabit Ethernet port Switch Bandwidth 40Gbps...

Page 105: ...ion 1 removable 6 contact terminal block Power Consumption 10 Watts Environmental Limits Operating Temperature STD 10 to 70 C 14 to 158 F EOT 40 to 75 C 40 to 167 F Storage Temperature 40 C 85 C 40 F 185 F Ambient Relative Humidity 5 to 95 non condensing Regulatory Approvals EMI FCC Class A EMS IEC61000 4 2 3 4 5 6 8 IEC61000 6 2 IEC6100 6 4 Stability Testing IEC60068 2 32 Free fall IEC60068 2 27 ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands