manualshive.com logo in svg

Atop EH75 series, User Manual, Page: 120 / 191

Share
Download
Atop EH75 series User Manual Download Page 120

Industrial Managed 
Ethernet Switch 

User Manual 

錯誤

使用

 [

常用

引標籤將

 Heading 

1,Product Manual 

套用到您想要在此處

顯示的文字。

 

 
 

Page 

120

 of 

191

 

 

 

Figure 2.133 IP Source Binding Setting Webpage 

 

2.14.3.4  IP Source Binding Status

 

The user can check the status of IP Source Binding guard setting based on MAC Address and IP address pairs in 
this webpage as shown in Figure 2.134. For each entry in the status table, there will be MAC Address, IP 
Address, Lease (seconds), Type of Filtering, and list of Ports.  
 

 

Figure 2.134 IP Source Binding Status Webpage 

 

2.14.4  ARP Spoof Prevention Setting 

ARP (Address Resolution Protocol) Spoof Prevention

 

is a security mechanism supported by Atop’s EH75XX 

series to prevent ARP spoof attacks. The ARP spoof attack is a kind of network security attacks that a malicious 
host  or  node  sends  a  falsify  ARP  messages  over  a  local  area  network.  This  type  of  attack  is  also  called  ARP 
spoofing, ARP cache poisoning, or ARP poison routing. Typically, the attacker would like other hosts/nodes in the 
network to link or map the malicious Ethernet MAC address to a legitimate IP address of a victim host/node.  
 
When 

ARP Spoof Prevention

 is enabled on EH75XX series, the ARP spoof prevention table must also be set with 

prevention entries.  Each entry consists of 

IPv4  Address

MAC  Address

, and 

Port number(s)

. The IP Address 

and  the MAC  address  in  each entry  belong to a legitimate or valid host/node  that the  administrator  assigned or 
approved and the administrator of EH75XX want to protect that host/node from being spooffed. The port number 
can be one or group or all of the ports on EH75XX that will be accepting incoming ARP packets from the network. 
If there are incoming ARP packets to EH75XX and both IP address and MAC address of the ARP packets match 
one of the entries in the table, the ARP packets will be accepted by the EH75XX system. If the sender’s IP address 
of an ARP packet matches the IP addess in one of the entries in the table but the sender’s MAC address of the 
ARP packet does not match, the EH75XX will drop the ARP packet on its port. Note that EH75XX will bypass or 
accept other ARP packets whose sender IP is not in the ARP Spoof Prevention Table. 
 

Summary of Contents for EH75 series

Page 1: ...thernet Switch User Manual V1 8 November 1st 2020 This PDF Document contains internal hyperlinks for ease of navigation Series covered by this manual EH75XX The user interface on these products may be...

Page 2: ...f 191 For example click on any item listed in the Table of Contents to go to that page Published by Atop Technologies Inc 2F No 146 Sec 1 Tung Hsing Rd 30261 Chupei City Hsinchu County Taiwan R O C Te...

Page 3: ...bsequent editions Suggestions for improvement are welcome All other product s names referenced herein are registered trademarks of their respective companies Preface This manual contains some advanced...

Page 4: ...Setting 31 2 3 5 Ping 32 2 3 6 Ping6 33 2 3 7 Mirror Port 35 2 3 8 System Time 36 2 3 9 Modbus Setting 37 2 3 10Precision Time Protocol PTP 45 2 3 11Secure Shell SSH 47 2 3 12Telnet 48 2 3 13HTTPS 48...

Page 5: ...d 117 2 14 4ARP Spoof Prevention Setting 120 2 14 5DHCP Snooping 121 2 14 6ACL 122 2 14 7Dynamic ARP Inspection 125 2 15 ERPS Ring 127 2 15 1ERPS Setting 128 2 15 2iA Ring Settings 133 2 15 3C Ring Co...

Page 6: ...17 Figure 2 6 Example of error notification on blocked account 18 Figure 2 7 Notification on recording of unauthorized login 18 Figure 2 8 Default Web Interface 19 Figure 2 9 Basic Information Dropdo...

Page 7: ...page 48 Figure 2 52 HTTPS Setting Webpage 49 Figure 2 53 DIP Switch Status Webpage 49 Figure 2 54 QoS Dropdown Menu 50 Figure 2 55 QoS Setting Webpage 51 Figure 2 56 Mapping Table of CoS Webpage 52 Fi...

Page 8: ...02 1Q VLAN Dropdown Menu 104 Figure 2 115 802 1Q VLAN s Setting Webpage 105 Figure 2 116 802 1Q VLAN PVID Setting Webpage 106 Figure 2 117 802 1Q VLAN Table Webpage 107 Figure 2 118 Example of 802 1Q...

Page 9: ...Dropdown Menu 146 Figure 2 166 UDLD Setting Webpage 147 Figure 2 167 Error Message when no UDLD VLANs was configured 148 Figure 2 168 UDLD Port Info Webpage 148 Figure 2 169 Example of UDLD Port Info...

Page 10: ...etting 46 Table 2 10 Description of PTP Port Setting 47 Table 2 11 Priority queue descriptions 52 Table 2 12 Descriptions of Storm Control 54 Table 2 13 Descriptions of Limiting Parameters 54 Table 2...

Page 11: ...31 Table 2 53 Descriptions of iA Ring Setting 135 Table 2 54 Descriptions of Compatible Ring Setting 136 Table 2 55 Descriptions of U Ring Setting 139 Table 2 56 Descriptions of Compatible Chain Setti...

Page 12: ...fortable office environment However an industrial switch is designed to perform in harsh industrial environments i e extreme temperature high humidity dusty air potential high impact or the presence o...

Page 13: ...PTP v2 sw Transparent and Boundary Clock Port Mirroring Quality of Service QoS Traffic Regulation Link Aggregation Control Protocol LACP Medium Access Control MAC Filter Generic Attribute Registratio...

Page 14: ...s are recommended to use the web browser method to configure the system because of its user friendly interface 2 1 Web based Management Basics Users can access the managed switch easily usingtheir web...

Page 15: ...w Figure 2 1 IP Address for Web based Setting 3 If it is the first time that the users access the managed switch the web the browser such as Google Chrome may detect that the switch does not have a va...

Page 16: ...to the managed switch at IP address 10 0 50 1 5 After preceeding through the invalid certificate warning and clicking on the Proceed to 10 0 50 1 unsafe hyperlink a login page will be presented shown...

Page 17: ...dure will not succeed if the login was done more than 30 seconds after the login page was first accessed The notification page is shown in Figure 2 5 The user can click on the Try again button to acce...

Page 18: ...ve for more than 5 minutes the user will be logged out automatically Figure 2 7 Notification on recording of unauthorized login After the login process the main interface will show up as shown in Figu...

Page 19: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 19 of 191 Figure 2 8 Default Web Interface...

Page 20: ...ix subsections as shown in the left panel of Figure 2 9 Figure 2 9 Basic Information Dropdown Menu 2 2 1 System Info This subsection provides basic system information of Atop s industrial managed swit...

Page 21: ...ation can help identify one specific switch among all other devices in the network that supports SNMP Please click on the Update button to update the information on the switch Figure 2 11 shows System...

Page 22: ...rameters of a serial console s connection which can be used by a console software such as Tera Term Figure 2 12 below shows an example of the serial console s connection parameters Figure 2 12 Setting...

Page 23: ...els 45 57VDC should be supplied under 802 3af mode and 51 57VDC should be supplied under 802 3at mode For instance the EHG7508 4PoE 4SFP has the following three power ratings 9 57VDC with a maximum cu...

Page 24: ...temperature log cannot be reset by the users Note that the information is not automatically update Information provided in this webpage will help the users to monitor the status of the industrial man...

Page 25: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 25 of 191 Figure 2 15 User Temperature Log Figure 2 16 System Temperature Log...

Page 26: ...access right has only read permission If the user with administration access right would like to delete any account the user can select the account that would like to be deleted and click Delete butt...

Page 27: ...passwords have not been changed over the last 30 days Figure 2 19 shows the pop up notification for changing the password Figure 2 18 Account Setting Webpage Figure 2 19 Notification of old password 2...

Page 28: ...n the local authentication fails Figure 2 21 shows the setting parameters for authentication server while Table 2 3 summarizes the authentication server settings For the RADIUS and TACACS comparison p...

Page 29: ...is refered to Network Access Server or the EH75XX Managed Switch in this case NAS is a client of RADIUS server Depicts an example of a user called admin1 with Cleartext Password attribute of default1...

Page 30: ...each update so the new network settings can take effect The user will need to manually update the new IP address in the URL field of the web browser if the IP address of the managed switch is changed...

Page 31: ...l have to enter the Global Unicast Address Prefix Length and Gateway The Manual DNS option also requires the users to fill in the Primary DNS and Secondary DNS addresses The lower portion of the page...

Page 32: ...hecking this box user must manually provide Primary and Secondary DNS addresses for IPv6 Note that when this option is checked the next two fields will become active for setting Unchecked Primary DNS...

Page 33: ...stration IP Setting as shown in Section 2 3 3 2 3 6 Ping6 Ping6 is a corresponding network diagnostic utility for testing reachability between a destination device and the managed switch in IPv6 netwo...

Page 34: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 34 of 191 Figure 2 30 Example of Successful Ping6 Result...

Page 35: ...ons are summarized in Table 2 7 Figure 2 31 Mirror Port Webpage Note Overflow will occur if the total throughput of the monitoring ports exceeds what the mirror port can support Table 2 7 Description...

Page 36: ...Time Protocol SNTP by checking the Enable SNTP option see note below for explanation Then the users must enter the NTP Server 1 and NTP Server 2 which will be used as the reference servers to synchro...

Page 37: ...and one hour is usually shifted forward or backward SNTP Simple Network Time Protocol is used to synchronize the computer systems clockswith a standard NTP server Examples of two NTP servers are time...

Page 38: ...cted to your target switch Modbus Slave over Ethernet network 2 Launch Modbus Poll in the supervising computer Note a registration key may be required for a long term use of Modbus Poll after 30 day e...

Page 39: ...s Poll Connection Setup 5 On the window Mbpoll1 select multiple cells from row 0 to row 2 by clicking on cells in second column of row 0 and row 2 while holding the shift key as shown in Figure 2 37 F...

Page 40: ...al Page 40 of 191 down menu and choosing the Hex as shown in Figure 2 38 Figure 2 38 Set Display Mode to Hex in Modbus Poll 7 Click on the Setup pull down menu and choose Read Write Definition as show...

Page 41: ...e Modbus Poll function as shown in Figure 2 40 which should match the Modbus Address 1 entered in Figure 2 33 in Section 2 3 9 Modbus Setting Figure 2 40 Slave ID in the Modbus Poll Function is set to...

Page 42: ...03 in the Modbus Poll Function 10 Set starting Address to 81 and Quantity to 2 as shown in Figure 2 42 Figure 2 42 Setup Starting Address and Quantity in Modbus Poll 11 Click OK button to read the IP...

Page 43: ...witch s Port Count Statistics Figure 2 44 Mapping Table of Modbus Address for Clearing Port Statistics 1 Check the switch s Port TX RX counts in Port Statistics page described in Section 2 5 4 as show...

Page 44: ...oduct Manual Page 44 of 191 Figure 2 47 Use Modbus Poll to Clear Switch s Port Count 4 Check Port Statistics described in Section 2 5 4 in the managed switch s Web UI as shown in Figure 2 48 The packe...

Page 45: ...an configure PTP and check its status The lower part of Figure 2 49 allows the users to enable or disable the PTP function per port and check their current status To enable PTP on the managed switch p...

Page 46: ...ebpage example taken from EH75XX series Table 2 9 Description of PTP Setting Label Description Factory Default State Enabled Disable the PTP function This is the main option that needs to be enabled s...

Page 47: ...hm BMCA 0 highest priority 255 lowest priority 128 UTC Offset Coordinated Universal Time UTC offset value 0 Offset to Master The offset time to the master clock None Grandmaster UUID The Grandmaster U...

Page 48: ...lgorithms for integrity checking Examples of secure hash functions algorithms which are MAC algorithms in SSH version 2 are the Message Digest algorithm5 MD5 and Secure Hash Algorithm 1 SHA 1 6 Suppor...

Page 49: ...the option to update it on the managed switch Figure 2 52 HTTPS Setting Webpage 2 3 14 DIP Switch This subsection reports the status of the DIP switch on the top of managed switch s housing Figure 2 5...

Page 50: ...before packets in Q6 and packets in Q6 will all be sent first before packets in Q5 and so on in this order Weighted Round Robin WRR is the simplest approximation of generalized processor sharing GPS I...

Page 51: ...oS only or Both 802 1p CoS and DiffServ For 802 1p CoS only switch only checks Layer 2 L2 802 1p CoS priority bits whilefor DiffServ switch checks DiffServ Code Point DSCP for header mapping The defau...

Page 52: ...ty queue from Q0 to Q7 that a specific Ethernet frame needs to be assigned into 2 4 1 3 DSCP Mapping DiffServ ToS stands for Differentiated Services Type of Services It is a networking architecture th...

Page 53: ...priority and 0 is the lowest priority After assigning any new priority to a DSCP please click the Update button at the bottom of the page to allow the new mapping to take effect Figure 2 57 Mapping Ta...

Page 54: ...g data rate of storm packets that can be controlled for each Port which are DLF Multicast and Broadcast Note that the value must be in multiples of 64kbps See notes below for the detailed description...

Page 55: ...5 Port related settings Atop s industrial managed switch provides full control on all of its network interfaces In this section the users can enable or disable each port and set preferred physical la...

Page 56: ...tion Each port can set the Flow Control mechanism to either On or Off on the sixth column This flow control will be useful to avoid packet loss when there is a network congestion However the Flow Cont...

Page 57: ...transmission rates for the incoming Ingress traffic Note that the unit is in kilo bits per second Kbps 0 Disabled Egress Sets limits on its transmission rates for the incoming Ingress traffic Note th...

Page 58: ...istics The Port Statistics are summarized in this webpage as shown in Figure 2 63 The users can use this subsection to help them diagnose the problem such as link quality of each port The key statisti...

Page 59: ...at the electrical power is delivered along with data over the Ethernet cables This will be useful for the end devices that are located in the area that has no power supply and the users can save addit...

Page 60: ...ged Ethernet Switch User Manual Heading 1 Product Manual Page 60 of 191 Figure 2 65 PoE Setting Webpage example on EH7506 4PoE 2SFP Note that the number of ports depends of the EH model of the user s...

Page 61: ...Figure 2 66 PoE Status Webpage example on EHG7508 8PoE Table 2 16 Descriptions of PoE Status Label Description Factory Default Port Port number Enable Status Enable or Disable PoE function Enable Pow...

Page 62: ...efault Detect Total Power Value Set the total power value in Wattswhich will trigger alarm event Note that the value 0 means that the alarm event will not trigger 0 Enable Check the box s to enable al...

Page 63: ...unication Figure 2 68 shows the Trunking dropdown menu Figure 2 68Trunking Dropdown Menu 2 7 1 Trunking Setting In this subsection the user can create new trunking assignment s and remove existing tru...

Page 64: ...LACP packets will be sent within a multicast group MAC address If LACP finds a device on the other end of the link that also has LACP enabled it will also independently send packets along the same li...

Page 65: ...are summarized in Table 2 18 Table 2 18 Descriptions of Trunking Settings Label Description Group ID Up to 8 trunk groupscan be created Trk1 TrkXX Note that it is not possible to mix Fast Ethernet po...

Page 66: ...us provides information per port which are port number status of LACP group ID and LACP partner Table 2 19 explains the descriptions of LACP status To change system priority enter the desired number i...

Page 67: ...dress age out manually Note that the age out period is a duration of time that a learned MAC address will be maintained in the MAC address table before it was removed to save the memory The MAC addres...

Page 68: ...ss which can be either Unicast or Multicast MAC Address Step 2 Specify VLAN ID VLAN Step 3 Select the ports to apply this static MAC address Use Ctrl key to add more than one port Step 4 Click on Add...

Page 69: ...dressby clicking on this button Remove Click on this button to remove existing static MAC address in the table 2 8 2 MAC Filter As discussed earlier the managed switch also allows users to set MAC fil...

Page 70: ...onds in the following field Note that the default value of age out timeis 300seconds In the managed switch a MAC address table is stored in the memory to map a MAC address and a port number to forward...

Page 71: ...descriptions of the MAC Address table are summarized in Table 2 22 Figure 2 76 MAC Table Webpage Note The static multicast address can be set from Add Static MAC Section 2 8 1 in Unicast Multicast MA...

Page 72: ...er end stations and switches that can be reached at a given time Specific rules are used to modify set of participants in the network topology or so called reachability tree GVRP GARP VLAN Registratio...

Page 73: ...oup Table 2 9 2 GARP Setting Figure 2 79 shows GARP Setting webpage where different Timers Join Leave and LeaveAll can be set All devices that are exchanging attributes must set these timers to the sa...

Page 74: ...VRP is enabled the switch which is an end node of a network needs to add static VLANs locally Others switches can dynamically learn the rest of the VLANs configured elsewhere in the network via GVRP F...

Page 75: ...tatistics Clears all GVRP statistics counts Clears the record 2 9 4 GMRP Setting The users can use this subsection to enable GMRP and enable GMRP for all ports or specified port s and trunking group s...

Page 76: ...ble or disable GMRP by enabling the checkbox To enables GMRP the switch must be in 802 1q VLAN mode Disabled Port You can enable or disable GMRP on specified ports by clicking the corresponding checkb...

Page 77: ...he links of the managed switch which do not need them Therefore IGMP snooping enables the managed switch to only forward multicast traffic to the links that have requested it For IPv6 network Multicas...

Page 78: ...lay the port that is connected to multicast router NOTE IGMP Proxy works as an intermediate server as shown in Figure 2 86 When it receives a membership query message from the router it sends a member...

Page 79: ...iew the number of IGMP packets in different categories Rx Total Rx Valid Rx Invalid Rx General Queries Tx General Queries Rx Group Specific Queries Tx Group Specific Queries Rx Leaves Tx Leaves Rx Rep...

Page 80: ...r of IGMP s Membership General Query packets received by the managed switch Tx General Queries Number of IGMP s Membership General Query packets transmitted by the managed switch Rx Group Specific Que...

Page 81: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 81 of 191...

Page 82: ...rmation on each table please click on the Refresh button Figure 2 89 IGMP s IP Multicast Table Webpage Figure 2 90 shows examples of IGMP membership table and IP multicast table Note that the display...

Page 83: ...number 2 3 and 6 in the group The following procedures outline how to add a new IP multicast group For example an IP multicast group address is224 1 1 1 and the joining ports are Port1 Port2 and Port5...

Page 84: ...ast listeners Note that MLD is an asymmetric protocol in which it specifies different behaviours for multicast liteners and for routers or managed switches in our case The MLD section which is under t...

Page 85: ...260 seconds Fifth the user can specify the amount of time that a multicast group will remain in the switch after the switch receives a done message of the multicast group without receiving a node lis...

Page 86: ...rticular entry The Reports column displays the number of group reports for that multcast group The Port Listener column lists the Port number for each entry To get the latest update information on eac...

Page 87: ...ber of MLD s Membership General Query packets transmitted by the managed switch Rx Group Specific Queries Number of MLD s Membership Group Specific Query packets received by the managed switch Tx Grou...

Page 88: ...k parameters The Atop s managed switch support SNMP and can be configured in this section SNMP setting has four categories under the same webpage and its dropdown menu is shown in Figure 2 98 which ar...

Page 89: ...only or read write all For example in our default setting as shown in Figure 2 100 an SNMP agent which is a network management software module residing on the managed switch can access all objects wit...

Page 90: ...ode after sending SNMP inform requests switch will resends inform request if it does not receive response within 10 seconds The switch will try to re send three times This option allows users to confi...

Page 91: ...n or User Then the authentication password with a maximum length of 31 characters has to be entered in the Auth Password field and re entered again in the Confirmed Password field Note that if no pass...

Page 92: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 92 of 191 Confirmed Key Re type the Encryption Key NULL...

Page 93: ...d by IEEE 802 1D 2004 is also supported in ATOP s managed switches It is an evolution of the STP but it is still backwards compatible with standard STP RSTP has the advantage over the STP When there i...

Page 94: ...behind the Enabled option The users can fine tune the Priority Maximum Age Hello Time and Forward Delay Additonally the BPDU Guard option can also be enabled by checking the box behind the BPDU Guard...

Page 95: ...2 Forward Delay Specify the time spent in the listening and learning states in seconds The value is in between 4 to 30 15 Max Hops Only for MSTP The value is between 1 to 255 120 Revision Level Only f...

Page 96: ...r port Setting for STP and RSTP 2 12 2 Bridge Info Bridge Info information provides the statistical value of spanning tree protocol as shown in Figure 2 108 The information is further divided into two...

Page 97: ...User Manual Heading 1 Product Manual Page 97 of 191 Table 2 34 and Table 2 35 summarize the descriptions of each entry in the root information table and topology information table respectively Figure...

Page 98: ...e duration that the switch will be in learning and listening states before a link begins forwarding 0 Table 2 35 Bridge Topology Information Label Description Factory Default Root Port A forwarding po...

Page 99: ...port Path Cost Config Setting path cost default 0 meaning that using the system default value depending on link speed 0 Actual The actual value path cost For STP and RSTP please see Note 1 below and T...

Page 100: ...rity 4 bits ID Interface number 12 bits The default port priority is 128 2 12 4 MSTP Instance MSTP enables the grouping and mapping of VLANs to different spanning tree instances Therefore an MST Insta...

Page 101: ...lue from 1 to 63 CIST VID Enter a value for VLAN ID between 1 to 4094 Priority Enter a value for priority value for the managed switch between 0 61440 The lower value means the higher priority If the...

Page 102: ...ely through software Also VLAN provides extra security because devices within a VLAN group can only communicate with other devices in the same group For the same reason VLAN can help to control networ...

Page 103: ...efault value is VID 1 Note that the ID can be the number from 1 to 4096 If the users change the management VLAN ID to other number please click the Update button to set it on the managed switch Figure...

Page 104: ...sh the frame from untagged frames The next 3 bits is the Tag control information TCI field which refers to the IEEE 802 1p class of service and maps to the frame priority level The next one bit is the...

Page 105: ...AN ID that will be added in static VLAN table in the switch The VLAN ID is in the range 2 4094 Dependent Member Ports Configure the port to this specific VID All Ports Tagged Ports Configure the port...

Page 106: ...er the desired PVID value between 2 to 4094 Please click Update button to allow the configuration to take effect on the switch Table 2 41 summarizes the PVID Setting s descriptions Figure 2 116 802 1Q...

Page 107: ...c Member Ports Indicate the member ports to this VID This entry is created by GVRP discussed in Section 2 9 3 Dependent Dynamic Tagged Ports Indicate the member ports whose outgoing packet is tagged D...

Page 108: ...LAN For the protocol based VLAN the switch supports 3 Ethernet packet frame types Ethernet II 802 3 LLC and 802 3 SNAP It uses the EtherType field Protocol ID in these frames to assign a VLAN ID for e...

Page 109: ...g Webpage 2 13 4 2 Group to VLAN Settings The users can add or modify Group ID and for each port or multiple ports in this menu option as shown in Figure 2 121 Group to VLAN Setting is used to map the...

Page 110: ...ol List ACL Dynamic ARP Inspection DAI Figure 2 122 shows the dropdown menu for security section on the managed switch Figure 2 122 Security Dropdown Menu 2 14 1 Port Security Port Security or static...

Page 111: ...y Setting Webpage 2 14 1 2 Port Security Add Static MAC The Add Static white list MAC webpage is depicted in Figure 2 124 The users can create a list of MAC address that will be allowed to access the...

Page 112: ...ial In User Service as the authentication server Authenticator The Authenticator is a network device i e the EH75XX Industrial Managed Switch that acts as a proxy between the supplicant and the authen...

Page 113: ...The users then have to enter all the required fields to configure the 802 1X Setting which are the IP address of RADIUS server the RADIUS server s port number RADIUS server s accounting port number N...

Page 114: ...er The range is 0 65535 1813 NAS Identifier Specify the identifier string for 802 1X Network Access Server NAS Max of 30 characters Managed Switch Shared Key A shared key between the managed switch an...

Page 115: ...scription Factory Default Quiet Period Waiting time between requests when the authorization has failed Range from 10 to 65535 seconds 60 Tx Period Waiting time for the supplicant s EAP response packet...

Page 116: ...a table display the current status of authorization mode and state of each port on the managed switch To enable the 802 1X security on any of the port s click one of the port or press Ctrl key and cl...

Page 117: ...rd Dropdown Menu 2 14 3 1 IP Verify Source Setting The IP Verify Source is a dynamic IP Source Guard that creates a Layer 2 packet filtering on each port of the EH75XX The filter types can be IP or IP...

Page 118: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 118 of 191 Figure 2 130 IP Verify Source Setting Webpage...

Page 119: ...ive filtering is shown in Figure 2 132 Figure 2 131 IP Verify Source Status Webpage Figure 2 132 Example of IP Verify Source Status 2 14 3 3 IP Source Binding The IP Source Binding is a static IP Sour...

Page 120: ...rk to link or map the malicious Ethernet MAC address to a legitimate IP address of a victim host node When ARP Spoof Prevention is enabled on EH75XX series the ARP spoof prevention table must also be...

Page 121: ...on the Remove button for the corresponding entry in the table To remove all of the entries from the table please click on the Remove all button under the ARP Spoof Prevention Table 2 14 5 DHCP Snoopi...

Page 122: ...ayer The numbers of matching rules can be at most 128 However the main important rules that are mostly exercise are follows Rules for filtering by MAC layer includes MAC address VLAN ID or Ether type...

Page 123: ...n the Mask its relative bit in the IP address will be compared If the Mask is 0 0 0 0 then this condition is always accepted If the Mask is empty it is considered equal to the Mask of 255 255 255 255...

Page 124: ...he item value is between 0 65535 Source or Destination IP Addresses IP address are the fields of the IPv4 header The Mask item is a bit mask for comparing range For every non zero bits in the Mask its...

Page 125: ...ty is as 255 255 255 255 NONE TCP UDP Source Port 0 65535 NONE TCP UDP Destination Port 0 65535 NONE TOS 0 63 NONE Port 1 2 3 4 5 6 7 8 NONE Action Deny Permit NONE The user can Add Modify or Remove e...

Page 126: ...enable DAI check the Enabled box for DAI option inside the DAI with DHCP box as shown in Figure 2 139 Then check the box under the Trust column for corresponding Port number to configure that port num...

Page 127: ...ernet Ring using two independent links i e two ways In the Ethernet ring loops can be avoided by guaranteeing that traffic may flow on all but one of the ring links at any time This particular link is...

Page 128: ...s Enabled checkbox 3 Optionally if the users want the switch to periodically check the status of the neighboring switches on the ring topology using heartbeat packets then the user can check the UERP...

Page 129: ...e Note This function affects the recovery time to more than 20 ms Disabled Heartbeat Interval Set the Heartbeat Interval Range from 50 to 10000 milliseconds 50 ms RAPS VLAN Create the ring by specifyi...

Page 130: ...he RPL Port2 RPL Owner Choose to enable Owner Function Disabled RPL Port Select the Owner Port which is either West Port or East Port or None None WTR Timer Set the wait to restore WTR time of the rin...

Page 131: ...can configure ARPS VLAN Setting according to Table 2 52 Table 2 52 Setting Configuration for Switch A B C and D EHX7XXX A B C D RAPS VLAN 8 8 8 8 ERPS RAPS Enabled Enabled Enabled Enabled West Port 1...

Page 132: ...en press Update button for the changes to take effect Figure 2 146 Example of Switch A s ERPS settings 5 On Switch A Click Configure button on RAPS VLAN and input settings as shown in Figure 2 147 Fig...

Page 133: ...ll automatically block Port 8 to prevent a network loop Figure 2 149 Switch A s ERPS state 9 From here on the users can add another bridge between the two managed switches 2 15 2 iA Ring Settings The...

Page 134: ...2 151 to setup the iA Ring 1 Enable the iA Ring by selecting Enabled from the dropdown list 2 Choose whether the current managed switch is going to be the Ring Master by enabling the Ring Master opti...

Page 135: ...Webpage Table 2 53 Descriptions of iA Ring Setting Label Description Factory Default iA Ring Enable iA Ring or disable iA Ring Disabled Ring Master Enabled Master Mode Disabled Slave Mode Disabled 1s...

Page 136: ...ing Port from the dropdown list 3 Select the 2nd Ring Port from the dropdown list 4 Click on the Update button to save the change and allow the configuration to take effect Note that the lower part of...

Page 137: ...ample 1 of Two Wireless Bridge U ring Example made on EH7520 Second example is illustrated in Figure 2 154 where there are also two EH75XX managed switches On each switch it is connected to two wired...

Page 138: ...r by enabling the Ring Master option 3 Select the 1st Ring Port from the dropdown list 4 Select the 2nd Ring Port from the dropdown list 5 Optionally set the Heartbeat Expire period which could be bet...

Page 139: ...e that uses the chain network topology and links the two ends two network devices such as industrial managed switches of the chain to a common LAN This can also be viewed as a form of Ring Topology Th...

Page 140: ...ing to be the Head Member or Tail of the chain from the dropdown list of Role State 3 If the current switch is the Head switch then select the Head Port from the dropdown list and select the Member Po...

Page 141: ...d suitable for Industrial Ethernet applications It allows rings of Ethernet switches to overcome any single failure with recovery time much faster than those achievable by Spanning Tree Protocol It su...

Page 142: ...setting up the MRP Ring on the managed switch Figure 2 158 Example of MRP VLAN Entry Table 2 57 Description of MRP Setting Webpage Label Description Factory Default VLAN MRP Ring VLAN ID Depend Role...

Page 143: ...he managed switch there may be an error message popping up as shown in Figure 2 160 Therefore the users should disable the ERPS Ring Section 2 15 1 and DIP Switch Control Section 2 3 13 first before s...

Page 144: ...logy discovery inventory management emergency services VLAN assignment and inline power supply Link Layer Discovery Protocol LLDP section consists of LLDP Setting and LLDP Neighbors as shown in Figure...

Page 145: ...Figure 2 163 The Neighbor Information table contains Chassis ID Port ID Port Description System Name System Description and Management Address on each Port of the managed switch The users can click on...

Page 146: ...l that can be used to prevent Layer 2 switching loops in the network The network loop problem usually occurs in Spanning Tree network topology miswiring or malfunction of the network interface UDLD is...

Page 147: ...r between 30 and 86400 seconds This interval is a time for the switch to try to bring an UDLD port that was disabled back from a reset state The default value is 120 seconds Note that typically UDLD c...

Page 148: ...ormation about VLAN ID Port Link State and Neighbor Information in each entry The Neighbor Information also consists of Device ID Device Name Port ID and Hello interval An example of UDLD entry is dep...

Page 149: ...The webpage also displays the Device Name as shown in Figure 2 172 The PROFINET s Packet Priority can also be enabled on this webpage and priority Queue number can also be chosen from the dropdown li...

Page 150: ...tting section Figure 2 174 Client IP Setting Dropdown Menu 2 19 1 DHCP Relay Agent A DHCP relay agent is a small program that relays DHCP BOOTP messages between clients and servers on different subnet...

Page 151: ...will remove the option 82 information from the response packet and forward it to the client The Option 82 Type field in Figure 2 175 can be chosen from IP MAC Client ID or Other in the dropdown list...

Page 152: ...tting or reboot the system device Figure 2 177 shows all the dropdown menus under the System section Figure 2 177 System Dropdown Menu It is important for network administrators to know what s happeni...

Page 153: ...ble 2 61 Descriptions of System Log Settings Label Description Factory Default EnableLog Event to Flash Checked Saving log event into flash memory The flash memory can keep the log event files even if...

Page 154: ...te of theoccurred event Time Indicate the time stamp that this event occurred Startup Time Indicate how long the system managed switch has been up since this event occurred Level Indicate the level of...

Page 155: ...erall functionalities of the switch This webpage allows the users to configure how each type of the event warnings will be sent or notify the users For link status and power status event warnings ther...

Page 156: ...Disable Disables alarm function Power On Sends an alarm when power is turned on Power Off Sends an alarm when power is turned off Disabled In System Log event warning the user can only send notificati...

Page 157: ...o remove only the Relay Alarm or click on the Clear All Warning Events to remove all entries in the Warning Events table Figure 2 182 Warning Event Webpage An example of Warning Events table is shown...

Page 158: ...m can send an alarm message to users by E mail Here the users will be allowed to modify E mail related settings for sending the system event warnings or alarms Port State Power Status and System Log a...

Page 159: ...encryption mechanism for communication with the SMTP Server Disable Unchecked Username Set the user name or account name to login Max 31 characters NULL Password Set the account password for login Ma...

Page 160: ...processing in an infinite loop A vulnerable machine will crash and freeze due to the packet being repeatedly processed by the TCP stack To enable disable the protection against the Local Area Network...

Page 161: ...ulting in server unavailability To enable disable the protection against the ICMP DoS attack click Enabled box on ICMP function Table 2 68 provides descriptions of the Denial of Service Setting Table...

Page 162: ...me during the firmware upgrade Figure 2 188 Firmware Update Webpage 2 20 6 1 TFTP Trivial File Transfer Protocol TFTP is designed to be small and easy to implement The users are allowed to upload conf...

Page 163: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 163 of 191 click on the Update button to set this feature Figure 2 189 Backup Restore Configuration via TFTP...

Page 164: ...upload Switch configuration to the remote TFTP server Option 66 67 Enable this option to allow the managed switch to learn of TFTP Server Name and the filename to be used from a DHCP packet Disable U...

Page 165: ...hassis Please contact Atop Technologies to obtain the cable is needed This method is similar to the web browser one The options are the same so users can take the same procedures as those examples in...

Page 166: ...ileges Users with operator privileges may only view the information while those with manager privileges are allowed to view information and configure settings Operator and manager privileges are initi...

Page 167: ...scription of the keywords Switch config ip Address Set IP address and subnet mask default gateway Set default gateway IP address dns Set DNS IP address Users may use the Tab key to do keyword auto com...

Page 168: ...also used by the web user interface web browser method of configuration 3 4 Command Example The serial console is another method to add delete change configuration same as the web browser method These...

Page 169: ...nd in Chapter 2 of this manual Table 3 2 Descriptions of Administrative Commands for Setting Up Command Description sntp IP add before utc after utc 0 24 hours Starts SNTP service no dhcp Enable or di...

Page 170: ...Set forward delay time to20 seconds Spanning tree hello time 1 10 Set hello time in seconds Spanning tree maximum age 6 40 Set the maximum age of the spanning tree in seconds Spanning tree priority 0...

Page 171: ...ting System Note that only users with administrator admin access right as configured in Section 2 3 1 can use telnet to login to the device 4 2 Telnet Log in After the command line terminal is opened...

Page 172: ...ar to the serial console methods Please refer to Chapter 3 for more information on configuration 4 4 Commands in the Privileged Mode When users do not know the commands to use for the command line con...

Page 173: ...ocol copy Copy configuration cring Compatible Ring configuration disable Turn off the privileged mode command dscp mapping DSCP mapping information dhcp DHCP information dot1x 802 1x information dipsw...

Page 174: ...n port Port information ping Send ICMP ECHO_REQUEST to network hosts ptp PTP information qos QoS information radius server Radius server information show Show information of the current running system...

Page 175: ...he first icon called Rescan on the icon bar to search for the device connected to the same subnet as the Device Management Utility Figure 5 2 Depicts the Search icon Figure 5 2 Rescan Search Icon To p...

Page 176: ...shown in Figure 5 5 The users can enable the DHCP options by checking the box in front of DHCP Obtain an IP automatically option This will allow the device to get its new IP address and other network...

Page 177: ...P address was change the users may need to search for the device again using the Rescan icon or the first icon on the icon bar 5 2 Topology Diagram Device management Utility comes with a visualization...

Page 178: ...mber and the MAC address of the device that is currently connecting to the EH75XX switch Please select Show Information menu under the File pulldown menu Figure 5 9 shows the result of additional info...

Page 179: ...der the Firmware pulldown menu can also perform this task Figure 5 10 Upgrade from Disk Firmware Update Icon Figure 5 11 shows the dialog for Download Firmware from Disk The window displays the curren...

Page 180: ...which are not going to a local partner are sent to the gateway The gateway takes care of communication with the remote network IEEE Institute of Electrical and Electronics Engineers IGMP Internet Grou...

Page 181: ...y of Service RADIUS Remote Authentication Dial In User Service is an authentication and monitoring protocol on the application level for authentication integrity protection and accounting for network...

Page 182: ...e d Word 3 Lo byte Word 4 Hi byte S Word 4 Lo byte w Word 5 Hi byte i Word 5 Lo byte t Word 6 Hi byte c Word 6 Lo byte h Word 7 Hi byte Word 7 Lo byte E Word 8 Hi byte H Word 8 Lo byte 7 Word 9 Hi byt...

Page 183: ...OK Hi byte 0x01 Power 1 Fail Hi byte 0x00 Power 2 OK Low byte 0x01 Power 2 Fail Low byte 0x00 IP Information 0x0050 80 1 word R DHCP Status 0x0000 Disabled 0x0001 Enabled 0x0051 81 2 words R IP Addres...

Page 184: ...ation 0x0600 1536 64 words R 5st Warning Event Information Port Status 0x1000 4096 5 words R Port Status 0x0000 Disabled 0x0001 Enabled Word 0 Hi byte Port 1 Status Word 0 Lo byte Port 2 Status Word 1...

Page 185: ...80 4224 5 words R Port Flow Control Status disabled 0x00 Status enabled 0x01 Word 0 Hi byte Port 1 Status Word 0 Lo byte Port 2 Status Word 1 Hi byte Port 3 Status Word 1 Lo byte Port 4 Status Word 2...

Page 186: ...ort 1 0xFFFF Word 0 1 2 3 Port 1 good packets Word 4 5 6 7 Port 2 good packets Word 8 9 10 11 Port 3 good packets Word 12 13 14 15 Port 4 good packets Word 16 17 18 19 Port 5 good packets Word 20 21 2...

Page 187: ...RX Word 0 of Port 1 0x0000 Word 1 of Port 1 0x002E Word 2 of Port 1 0xEEE1 Word 3 of Port 1 0xFFFF Word 0 1 2 3 Port 1 good packets Word 4 5 6 7 Port 2 good packets Word 8 9 10 11 Port 3 good packets...

Page 188: ...t Ex 3st West Port Port 2 Word 2 0x0002 0x0001 Port 1 0x0002 Port 2 0x000A Port 10 0x000C Trk1 0x000D Trk2 0x000E Trk3 0x000F Virtual Channel 0x00FF VLAN ID exist but no West Port be Selected 0xFFFF E...

Page 189: ...rd 0 1st VLAN ID East Port Status Word 1 2st VLAN ID East Port Status Word 2 3st VLAN ID East Port Status Word 3 4st VLAN ID East Port Status Word 4 5st VLAN ID East Port Status 0x2270 8816 5 words R...

Page 190: ...Industrial Managed Ethernet Switch User Manual Heading 1 Product Manual Page 190 of 191 0x000A Port 10 0xFFFF iA Ring not enable...

Page 191: ...ogies Inc www atoponline com TAIWAN HEADQUARTER and INTERNATIONAL SALES 2F No 146 Sec 1 Tung Hsing Rd 30261 Chupei City Hsinchu County Taiwan R O C Tel 886 3 550 8137 Fax 886 3 550 8131 sales atop com...

Reviews:

No comments