manualshive.com logo in svg

Atop EH9711 Series, User Manual

Share
Download
Atop EH9711 Series User Manual Download Page 59

Industrial Managed 
Ethernet Switch – EH9711 

User Manual 

 

 

Page 

59

 of 

223

 

 

Static entries are part of the running-config and will survive interface link state changes and reboots if saved to startup-
config. Static entries can be added to the running-config at any time whether or not Port Security is enabled. 

 

Sticky

: When the interface is in sticky mode, all entries that would otherwise have been learned as dynamic are learned 

as sticky. Like static entries, sticky entries are part of the running-config and will survive interface link state changes 
and  reboots  if  saved  to  the  startup-config.  Though  not  the  intention  with  Sticky  entries,  they  can  be  added  by 
management to the running-config at any time whether or not Port Security is enabled on the interface, as long as the 
interface is in Sticky mode. Sticky entries will disappear if the interface is taken out of Sticky mode. 

To add a new entry to the table of 

Port Security Static and Sticky MAC Addresses

, click on 

Add New MAC Entry

 button. 

The new entry as shown in Figure 2.53 allows for adding static or sticky MAC address to a particular interface. When adding 
is  finished,  click  the 

Save

  button  to  save  the  changes  to  running-config.  Notice  that  sticky  entries  are  normally  added 

automatically  through  learning  on  the  interface.  Table  2.34 provides  descriptions  of  the  fields  for  Port  Security  Static  and 
Sticky MAC Addresses.   
 

 

Figure 2.53 Webpage

 

to Configure Network Port Security MAC Addresses 

 

Table 2.34 Descriptions of RMON Event 

Label 

Description 

Factory Default 

Delete  

Press this button to remove the entry from the MAC address table (if present) 
and the running-config. 
Notice that dynamic entries may be removed all-together on an interface 
through "Monitor→Security→Port Security→Switch" and one-by-one through 
"Monitor→Security→Port Security→Port" 

 

Port 

The port number to which this MAC address is bound. 

Select … 

VLAN ID   

The VLAN ID in question. 

MAC Address 

The MAC address in question. 

00:00:00:00:00:00 

Type 

Indicates the type of entry and may be either Static or Sticky (see description 
above). 

Static 

 

2.5.2.3

 

NAS 

NAS

 is an acronym for Network Access Server. The NAS is meant to act as a gateway to guard access to a protected source. 

A client connects to the NAS, and the NAS connects to another resource asking whether the client's supplied credentials are 
valid.  Based  on  the  answer,  the  NAS  then  allows  or  disallows  access  to  the  protected  resource.  An  example  of  a  NAS 
implementation is IEEE 802.1X. 

The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network  by 
requiring  users  to  first  submit  credentials  for  authentication.  One  or  more  central  servers,  the  backend  servers,  determine 
whether  the  user  is  allowed  access  to  the  network.  These  backend  (RADIUS)  servers  are  configured  on  the 
"

Configuration→Security→AAA

"  webpage. The  IEEE802.1X  standard  defines  port-based  operation,  but  non-standard 

variants overcome security limitations. 

MAC-based authentication allows for authentication of more than one user on the same port, and doesn't require the user to 
have special 802.1X supplicant software installed on his/her system. The switch uses the user's MAC address to authenticate 
against  the  backend  server.  Intruders  can  create  counterfeit  MAC  addresses,  which  makes  MAC-based  authentication  less 
secure than 802.1X authentication. 

Summary of Contents for EH9711 Series

Page 1: ...rial Managed Ethernet Switch User Manual V0 4 October 21th 2022 This PDF Document contains internal hyperlinks for ease of navigation For example click on any item listed in the Table of Contents to g...

Page 2: ...Ethernet Switch EH9711 User Manual Page 2 of 223 Published by Atop Technologies Inc 2F No 146 Sec 1 Tung Hsing Rd 30261 Chupei City Hsinchu County Taiwan R O C Tel 886 3 550 8137 Fax 886 3 550 8131 w...

Page 3: ...n subsequent editions Suggestions for improvement are welcome All other product s names referenced herein are registered trademarks of their respective companies Preface This manual contains some adva...

Page 4: ...5 Security 37 2 5 1 Switch 37 2 5 2 Network 56 2 5 3 AAA 82 2 6 Aggregation 85 2 6 1 Common 86 2 6 2 Groups 86 2 6 3 LACP 87 2 7 Spanning Tree 88 2 7 1 Bridge Settings 89 2 7 2 MSTI Mapping 90 2 7 3 M...

Page 5: ...4 Routing Info Base 161 3 1 5 IPv6 Routing Info Base 162 3 1 6 Log 163 3 1 7 Detailed Log 164 3 1 8 Power Status 165 3 1 9 Digital Input 165 3 2 Ports 165 3 2 1 State 165 3 2 2 Traffic Overview 166 3...

Page 6: ...e 2 5 System Information Configuration Webpage 17 Figure 2 6 Webpage to Configure System s IP Information 18 Figure 2 7 Webpage to Configure System s IP Configuration 19 Figure 2 8 Webpage to Configur...

Page 7: ...gure Network Port Security MAC Addresses 59 Figure 2 54 Webpage to Configure Network NAS 60 Figure 2 55 Access Control List s Submenus 66 Figure 2 56 Webpage to Configure Network ACL Ports 66 Figure 2...

Page 8: ...re 2 110 Traffic Mirroring Operation 135 Figure 2 111 Webpage to Configure Mirroring 136 Figure 2 112 Webpage to Detailed Configure Mirroring for Session ID 137 Figure 2 113 Webpage to Configure PTP 1...

Page 9: ...bpage to Monitor LLDP Neighbour Information 199 Figure 3 53 Webpage to Monitor LLDP Global and Statistics Local Counters 200 Figure 3 54 Webpage to Monitor PTP External Clock Mode and Clock Configurat...

Page 10: ...SNMP Trap Source Configurations 47 Table 2 24 Descriptions of SNMP Community Configurations 48 Table 2 25 Descriptions of SNMP Users 49 Table 2 26 Descriptions of SNMP Groups 50 Table 2 27 Descriptio...

Page 11: ...onfiguration 115 Table 2 81 Descriptions of Group name to VLAN Mapping Table Configuration 116 Table 2 82 Descriptions of IP Subnet based VLAN Configuration 117 Table 2 83 Descriptions of Port Classif...

Page 12: ...0 Monitoring Descriptions of Aggregation Status 189 Table 3 31 Monitoring Descriptions of LACP System Status 190 Table 3 32 Monitoring Descriptions of LACP Internal Port Status 190 Table 3 33 Monitori...

Page 13: ...al switch is designed to perform in harsh industrial environments i e extreme temperature high humidity dusty air potential high impact or the presence of potentially high static charges Atop s manage...

Page 14: ...rm Spanning Tree Protocol STP Rapid Spanning Tree Protocol RSTP Multiple Spanning Tree Protocol MSTP Virtual Local Area Network VLAN IEEE 802 1x Extensible Authentication Protocol EAP Remote Authentic...

Page 15: ...h s functions It is recommended to use Microsoft Edge 103 Firefox 44 Chrome 48 or later versions Below is a list of default factory settings This information will be used during the login process Make...

Page 16: ...e enter the new username and password again until it is correct Or users can simply click the Cancel button to forfeit the process 5 If the login process was success the user will be presented with th...

Page 17: ...naged switch model Please click the Save button to update the information on the switch Clicking on the Reset button will undo any changes made locally and revert to previously save values Table 2 1 s...

Page 18: ...guration part is related to how the managed switch will be operated as Host The IP Interfaces part is related to IP Address configuration and DHCP configuration for both IPv4 and IPv6 Finally the IP R...

Page 19: ...interface a provided DNS server should be preferred From any DHCPv6 interfaces The first DNS server offered from a DHCPv6 lease to a DHCPv6 enabled interface will be used From this DHCPv6 interface S...

Page 20: ...Address The IPv4 address of the interface in dotted decimal notation If DHCP is enabled this field configures the fall back address The field may be left blank if IPv4 operation on the interface is n...

Page 21: ...ng IPv6 interface is valid If the IPv6 gateway address is link local it must specify the next hop VLAN for the gateway If the IPv6 gateway address is not link local system ignores the next hop VLAN fo...

Page 22: ...n address of NTP Server Switch will locate the 4th NTP Server if the 3rd NTP Server fails to connect NULL Server 5 Sets the fifth IP or Domain address of NTP Server Switch will locate the 5th NTP Serv...

Page 23: ...that the daylight saving will be repeated only on the specified years Table 2 8 summarizes the descriptions of options in daylight saving time configuration Note Daylight Saving Time In certain region...

Page 24: ...g hour Minutes Select the starting minute End time settings Week Select the ending week number Day Select the ending day Month Select the ending month Hours Select the ending hour Minutes Select the e...

Page 25: ...tch provides DNS feature it also can be a domain name NULL Syslog Level Indicates what kind of message will send to syslog server Possible modes are Error Send the specific messages which severity cod...

Page 26: ...nge back to the previously saved values Figure 2 14 Webpage to Configure System Alert Table 2 10 summarizes the Power Status Alarm event selection Table 2 10 Descriptions of Power Status Alarm Event S...

Page 27: ...the subject of email so that it can be easily distinguishable from the other e mails At last users can edit e mail addresses of all four recipients in the order shown in the e mail After entering all...

Page 28: ...mail address NULL E mail Address of 3rd Recipient Set the third receiver s E mail address NULL E mail Address of 4th Recipient Set the fourth receiver s E mail address NULL Save Save these modificatio...

Page 29: ...ield will show down Configured Selects any available link speed for the given switch port Only speeds supported by the specific port is shown Possible speeds are Disabled Disables the switch port oper...

Page 30: ...tings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed NOTICE The 100FX standa...

Page 31: ...lem users may use the Holdoff timer If the fault occurs the fault is not immediately sent to ERPS until the Holdoff timer expires If an RPL owner port is unblocked due to a link or node recovery after...

Page 32: ...lush PDUs whenever this sub ring s topology changes Port0 Port1 Interface Interface index of ring protection Port0 Port1 Port0 Port1 SF Selects whether Signal Fail SF comes from the link state of a gi...

Page 33: ...whether the ring referenced by Interconnect Instance shall propagate R APS flush PDUs whenever this sub ring s topology changes Unclicked Port If Port0 Select which port on the managed switch will be...

Page 34: ...n to return to the previous page any changes made locally will be undone 2 4 DHCPv4 Atop s EH9711 managed switch can act as a DHCPv4 Dynamic Host Configuration Protocol over IP version 4 server in the...

Page 35: ...allow reply packets from trusted ports Disabled Disable DHCP snooping mode operation Disabled Port Mode Configuration Indicates the DHCP snooping port mode Possible port modes are Trusted Configures...

Page 36: ...e not in the same subnet domain And the DHCP broadcast message won t be flooded for security considerations Disabled Disable DHCP relay mode operation Disabled Relay Server Enter an IPv4 address of th...

Page 37: ...enus for each of these main security configuration parts as shown in Figure 2 24 Figure 2 24 Configuration Security Menu 2 5 1 Switch The first submenu under Configuration Security is the Switch menu...

Page 38: ...he read write access When users first enter this Users Configuration webpage users will see an overview of the current users The user overview webpage consists of User Name and Privilege Level columns...

Page 39: ...31 The valid user name allows letters numbers and underscores NULL Password The password of the user The allowed string length is 0 to 31 Any printable characters including space is accepted NULL Pass...

Page 40: ...me Log Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection IP source guard IP Everything except ping Port Everyth...

Page 41: ...ation Method configuration and Accounting Method Configuration webpage as shown in Figure 2 30 In the Authentication Method Configuration users can configure how a user is authenticated when he she lo...

Page 42: ...entication it is recommended to configure secondary authentication as local This will enable the management client to login via the local user database if none of the configured authentication servers...

Page 43: ...Mode Automatic Redirect Certificate Maintain and Certificate Status In the Mode field users can select Enabled Disabled the HTTPs mode In the Automatic Redirect field users can select to Enabled Disab...

Page 44: ...d to the browser You need to initialize the HTTPS connection manually for this case Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Disab...

Page 45: ...Atop s managed switch support SNMP and can be configured in this section In this submenu SNMP system can be configured as shown in Figure 2 34 There are two fields here Mode and Engine ID In Mode use...

Page 46: ...n 3 Destination Address Indicates the SNMP trap destination address It allows a valid IPv4 address in dotted decimal notation x y z w It also allows a valid hostname A valid hostname is a string drawn...

Page 47: ...values Table 2 23 provides descriptions of the SNMP Trap Source Configurations Figure 2 37 Webpage to Configure SNMP Trap Sources Figure 2 38 Adding New Entry to SNMP Trap Sources Table 2 23 Descript...

Page 48: ...ues Typically an SNMP agent which is a network management software module residing on the managed switch can access all objects with read all only permissions using the string public Another setting e...

Page 49: ...entry It will be deleted during the next save Engine ID An octet string identifying the engine ID that this entry should belong to The string must contain an even number in hexadecimal format with nu...

Page 50: ...and the allowed content is ASCII characters from 33 to 126 Null 2 5 1 11 SNMP Groups Figure 2 42 shows SNMPv3 Group Configuration webpage It contains SNMPv3 group table The entry index keys are Securi...

Page 51: ...Type Indicates the view type that this entry should belong to Possible view types are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indi...

Page 52: ...d no privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy NoAuth NoPriv Read View Name The name of the MIB view defining the MIB objects for which this request may re...

Page 53: ...witch the value must add 1000000 switch ID 1 for example if the port is switch 3 port 5 the value is 2000005 1 3 6 1 2 1 2 2 1 1 0 2 5 1 15 RMON History Figure 2 47 shows RMON Remote Network Monitorin...

Page 54: ...try index key is ID for RMON alarm table Click Add New Entry button to add a new RMON alarm entry to the table as shown in Figure 2 49 Table 2 31 describes the column labels of the RMON alarm table Pl...

Page 55: ...Start up Alarm The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are RisingTrigger alarm when the first value is larger...

Page 56: ...of menus under the Security Network Under this section the users can setup security for port network access server NAS access control list ACL IP source guard and ARP Address Resolution Protocol inspe...

Page 57: ...n turn is connected to a port on this switch on which Port Security is enabled The end host will be allowed to forward if the limit is not exceeded Now suppose that the end host logs off or powers dow...

Page 58: ...change on the port 3 Boot the switch Protect Violation Limit The maximum number of MAC addresses that can be marked as violating on this port This number cannot exceed 1023 Default is 4 It is only use...

Page 59: ...the MAC address table if present and the running config Notice that dynamic entries may be removed all together on an interface through Monitor Security Port Security Switch and one by one through Mon...

Page 60: ...e port on the authenticator is allowed to transmit and receive packets This is done through the MAC address of the supplicant A supplicant can be seen as a combination of a client and a supplicant com...

Page 61: ...between the switch and the client so this will not detect whether the client is still attached or not and the only way to free any resources is to age the entry 300 Hold Time This setting applies to...

Page 62: ...onsiders whether to enter the Guest VLAN it will first check if this option is enabled or disabled If disabled unchecked default the switch will only enter the Guest VLAN if an EAPOL frame has not bee...

Page 63: ...by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the fo...

Page 64: ...inistrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X For trouble shooting VLAN assignments use th...

Page 65: ...state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized The port is in F...

Page 66: ...cted in Figure 2 56 The ACL Ports configuration is used to assign a Policy ID to an ingress port This is useful to group ports to obey the same traffic rules Traffic Policy is created under the Access...

Page 67: ...and the System Log memory size and logging rate is limited Disabled Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the por...

Page 68: ...the end of the table a set of parameters are listed as three tables under the ACE Configuration webpage as shown in Figure 2 59 In Figure 2 58 users can select auto refresh option by checking the Auto...

Page 69: ...t ICMP UDP TCP IPv6 The ACE will match all IPv6 standard frames Any Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching t...

Page 70: ...rt Select the ingress port for which this ACE applies All The ACE applies to all port Port n The ACE applies to this port number where n is the number of the switch port Policy Filter Specify the poli...

Page 71: ...the logging message doesn t include the 4 bytes CRC information The allowed values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Not...

Page 72: ...Any Table 2 42 Description of ACL Configuration with ARP Parameters Label Description Factory Default ARP RARP Specify the available ARP RARP opcode OP flag for this ACE Any No ARP RARP OP flag is spe...

Page 73: ...hardware address length HLN and protocol address length PLN settings 0 ARP RARP frames where the HLN is not equal to Ethernet 0x06 or the PLN is not equal to IPv4 0x04 1 ARP RARP frames where the HLN...

Page 74: ...appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear Any SIP Address When Host or Network is selected...

Page 75: ...ast 32 bits For example if the SIPv6 address is 2001 3 and the SIPv6 bitmask is 0xFFFFFFFE bit 0 is don t care bit then SIPv6 address 2001 2 and 2001 3 are applied to this rule Hop Limit Specify the h...

Page 76: ...e The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value TCP UDP Destination Range When Range is selected for the TCP UDP destination filter you can enter a...

Page 77: ...Type value The allowed range is 0x600 to 0xFFFF but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 A frame that hits this ACE matches this EtherType value 2 5 2 7 IP Source Guard IP Source Guard is a...

Page 78: ...ew entry to the IP Soruce Guard table as shown in Figure 2 61 The maximum number of rules is 112 on the switch Table 2 49 summarizes the column labels for Static IP Source Guard Table Figure 2 61 Webp...

Page 79: ...nfigure Network ARP Inspection Port Table 2 50 Descriptions of ARP Inspection Port Configuration Label Description Factory Default ARP Inspection Configuration Mode Enable the Global ARP Inspection or...

Page 80: ...hange the number of visible entries through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed wil...

Page 81: ...labels of Static ARP Inspection Table Figure 2 65 Webpage to Configure Network ARP Inspection Static Table Table 2 52 Descriptions of Static ARP Inspection Table Label Description Factory Default Del...

Page 82: ...ss User IP address of the entry 0 0 0 0 Translate to static Select the checkbox to translate the entry to static entry Click Save button to save changes Click Reset button to undo any changes made loc...

Page 83: ...protocol for authentication and authorization It is a distributed security system that secures remote access to networks and network services against unauthorized access The RADIUS specification is de...

Page 84: ...you can change the setting overrides the global key Leaving it blank will use the global key Null After clicking on the Add New Server button to add a new RADIUS server an empty row is added to the ta...

Page 85: ...delete a TACACS server entry check this box The entry will be deleted during the next Save Hostname The IPv4 IPv6 address or hostname of the TACACS server Null Port The TCP port to use on the TACACS...

Page 86: ...AC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled Unche...

Page 87: ...Save button to save changes Click Reset button to undo any changes made locally and revert to previously saved values 2 6 3 LACP The users have an option to enable Link Aggregation Control Protocol LA...

Page 88: ...etwork when there are multiple connections or redundant paths between two network switches or at least two ports are connected on both sides of the two network switches The switching loop can create a...

Page 89: ...dant links The following subsections describe how to setup the spanning tree protocol STP rapid spanning tree protocol RSTP and Multiple Spanning Tree Protocol MSTP The Spanning Tree menu consists of...

Page 90: ...to 40 hops 20 Transmit Hold Count The number of BPDU s a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per se...

Page 91: ...T s MAC address Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 and 65535 0 MSTI Mapping MSTI The bridge instances The CIST is not available...

Page 92: ...ce which is always active Priority Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of...

Page 93: ...perEdge true than for other ports The value of this flag is based on AdminEdge and AutoEdge fields This flag is displayed as Edge in Monitor Spanning Tree STP Detailed Bridge Status Non Edge Auto Edge...

Page 94: ...r Spanning Tree STP Detailed Bridge Status Non Edge Auto Edge Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU...

Page 95: ...78 The updated page contains MSTI port settings for physical and aggregated ports Table 2 64 summarizes the descriptions of MSTI Port Configuration Figure 2 77 Webpage to Configure MSTI of Spanning Tr...

Page 96: ...Figure 2 79 Configuration IPMC Menu 2 8 1 IGMP Snooping IGMP is an acronym for Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol mu...

Page 97: ...ve Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Unclicked Proxy Enabled Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary j...

Page 98: ...Non Querier Checked Querier Address Define the IPv4 address as source address used in IP header for IGMP Querier election When the Querier address is not set system uses IPv4 management address of th...

Page 99: ...n a directly attached link much as IGMP is used in IPv4 The protocol is embedded in ICMPv6 instead of using a separate protocol 2 8 2 1 Basic Configuration MLD Snooping Basic Configuration webpage pro...

Page 100: ...s connected to the specific port Unclicked Throttling Enable to limit the number of multicast groups to which a switch port can belong unlimited Click Save button to save changes Click Reset button to...

Page 101: ...ed into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages It is also the Maximum Response Delay used to calculate the Maximum Response Code inserted int...

Page 102: ...out how long time the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10...

Page 103: ...rt of the LLDP These capabilities are shown as others in the LLDP neighbours table If all interfaces have CDP awareness disabled the switch forwards CDP frames received from neighbour devices If at le...

Page 104: ...in the system These packets are then processed by the clock selection algorithm and used to select the best clock The transmitted frame is generated based on the QL value of the selected clock source...

Page 105: ...ly In order to recover clock from port it must be negotiated to Slave mode In order to distribute clock the port must be negotiated to Master mode This different ANEG modes can be activated on a Clock...

Page 106: ...ree Run Clock Source The clock source locked to when clock selector is in locked state LOL Clock selector has raised the Los Of Lock alarm DHOLD Clock selector has not yet calculated the holdover freq...

Page 107: ...shown in Figure 2 86 The user can set timeouts for entries called ageing time in the dynamic MAC Table and configure the static MAC table The MAC Address Table Configuration webpage consists of four p...

Page 108: ...save VLAN ID The VLAN ID of the entry MAC Address The MAC address of the entry Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Add...

Page 109: ...bpage allows the user to control VLAN configuration on the switch The page is divided into a global section and a per port configuration section as shown in Figure 2 88 Table 2 76 and Table 2 77 provi...

Page 110: ...LAN may add the port to more VLANs behind the scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN a k a Access VLAN which by default is 1 Accepts untagged a...

Page 111: ...treated like frames with an S tag If the S port is configured to accept Untagged Only frames S tagged frames will be discarded except for priority S tagged frames C tagged frames are initially consid...

Page 112: ...s of Access ports can only be member of one VLAN the Access VLAN The field s syntax is identical to the syntax used in the Enabled VLANs field By default a Trunk or Hybrid port will become member of a...

Page 113: ...specified with a dash separating the lower and upper bound The following example will map VLANs 1 10 11 12 13 200 and 300 1 10 13 200 300 Spaces are allowed in between the delimiters The range of val...

Page 114: ...rt from the mapping make sure the box is unchecked By default no ports are members and all boxes are unchecked Click Add New Entry button to add a new MAC to VLAN ID mapping entry An empty row is adde...

Page 115: ...two different sub values a OUI OUI Organizationally Unique Identifier is a parameter in the format of xx xxxx where each pair xx in the string is a hexadecimal value ranging between 0x00 and 0xff b P...

Page 116: ...as the port lists of these mappings are mutually exclusive e g Group1 can be mapped to VID 1 on port 1 and to VID 2 on port 2 Null VLAN ID Indicates the VLAN ID to which the Group Name will be mapped...

Page 117: ...gs The maximum possible IP subnet to VLAN ID mappings is limited to 128 Click Save button to save the setting configuration Click Reset button to keep to the original setting Check the Auto refresh bo...

Page 118: ...he frame is classified to a DPL that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default DPL The classified DPL can be overruled by a QCL entry 0 PCP Contr...

Page 119: ...her the QoS Control List QCL classification must be based on source SMAC SIP or destination DMAC DIP addresses on this port This parameter is only used when the key type is Normal The allowed values a...

Page 120: ...check the corresponding boxes in the table in Figure 2 96 Table 2 85 describes the labels in QoS Ingress Queue Policer Table Figure 2 96 Webpage to Configure Queue Policing of QoS Table 2 85 Descript...

Page 121: ...S Table 2 86 Descriptions of Port Scheduler Configuration of QoS Label Description Factory Default Port The logical port for the settings contained in the same row Click on the port number in order to...

Page 122: ...is internally rounded up to the nearest value supported by the queue shaper 500 Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps Kbps Rate type The rate type of the queue sh...

Page 123: ...ade locally and return to the previous page 2 14 5 Port Shaping This webpage provides an overview of QoS Egress Port Shapers for all switch ports as shown in Figure 2 99 Table 2 88 describes the label...

Page 124: ...nit is kbps and 1 3281 when Unit is Mbps The rate is internally rounded up to the nearest value supported by the queue shaper 500 Unit Controls the unit of measure for the queue shaper rate as kbps or...

Page 125: ...previously saved values Click Back button to undo any changes made locally and return to the previous page 2 14 6 Port Tag Remarking This webpage provides an overview of QoS Egress Port Tag Remarking...

Page 126: ...fferentiated Service Code Point DSCP Configuration settings for all switch ports The QoS Port DSCP Configuration table is shown in Figure 2 103 The user can change the setting of either or both ingres...

Page 127: ...taken from the DSCP Translation Egress Remap DP0 table Remap DP Aware DSCP from analyser is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped...

Page 128: ...f supported DSCP values is 64 Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level DPL Frames with...

Page 129: ...ted DSCP values are 64 and valid DSCP value ranges from 0 to 63 Ingress Translate Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map Translate DSCP a...

Page 130: ...ified DSCP value 0 63 for Drop Precedence Level 1 0 Click Save button to save the setting configuration Click Reset button to keep to the original setting 2 14 11 QoS Control List The QoS Control List...

Page 131: ...DMAC Tag Indicates tag type Possible values are Any Match tagged and untagged frames Untagged Match untagged frames Tagged Match tagged frames C Tagged Match C tagged frames S Tagged Match S tagged f...

Page 132: ...its the QCE Moves the QCE up the list Moves the QCE down the list Deletes the QCE The lowest plus sign adds a new entry at the bottom of the QCE listings Figure 2 108 Adding New QCE Configuration Tabl...

Page 133: ...w all types of frames EtherType Ether Type Valid Ether Type can be 0x600 0xFFFF excluding 0x800 IPv4 and 0x86DD IPv6 or Any LLC DSAP Address Valid DSAP Destination Service Access Point can vary from 0...

Page 134: ...Storm Policing Configuration of QoS Label Description Factory Default Frame Type The frame type for which the configuration below applies Enable Enable or disable the global storm policer for the giv...

Page 135: ...ng is enabled the traffic analyser is attached directly to the port of the same router that is configured to receive a copy of every packet that host A sends This port is called a traffic mirroring po...

Page 136: ...rt The logical port for the settings contained in the same row Source select mirror mode Disabled Neither frames transmitted nor frames received are mirrored Both Frames received and frames transmitte...

Page 137: ...net network include Low cost and easy setup in existing Ethernet networks Limited bandwidth is required for PTP data packets In an Ethernet network switches provide a full duplex communication path be...

Page 138: ...k and client clock device to determine the delay measurement Then PTP measures the exact message transmit and receive times and uses these times to calculate the communication path delay PTP then adju...

Page 139: ...s Master Only 5 Slave Only clock s Device Type is Slave Only Ord bound Profile Indicates the profile used by the clock No Profile Click Add New PTP Clock button to create a new clock instance Click Sa...

Page 140: ...information can then pass along its own statically configured VLANs in addition to ones learned from its neighbor For loop avoidance switch cannot send dynamically learned VLAN information out the sam...

Page 141: ...tions of GVRP PortConfiguration Label Description Factory Default Port The logical port that is to be configured Mode Mode can be either Disabled or GVRP enabled These values turn the GVRP feature off...

Page 142: ...D to work both devices on the link must support UDLD and have it enabled on respective ports Each switch port configured for UDLD sends UDLD protocol packets that contain the port s own device port ID...

Page 143: ...ge interval of 7 seconds It takes Treconvergence max_age 2x forward_delay for the STP to reconverge in case of unidirectional link failure With the default timers it takes 20 2x7 34 seconds It is reco...

Page 144: ...ctional detected ports will get shutdown To bring back the ports up need to disable UDLD on that port Disable Click Save button to save the setting configuration Click Reset button to undo any changes...

Page 145: ...riod time Hr The backup Periodic time setting 720 Click Save button to save the setting configuration Click Reset button to undo any changes made locally and revert to previously saved values 2 21 Mod...

Page 146: ...ownload html The Modbus Poll 64 bit version 9 2 2 Build 1343 was used in this document Atop does not provide this software to the users Tutorial of Modbus read and write examples are illustrated below...

Page 147: ...4 Select Modbus TCP IP as the Connection mode and enter the switch s IP address inside the Remote Modbus Server s IP Address or Node Name field at the bottom as shown in Figure 2 121 The Port number s...

Page 148: ...us Poll 6 Set Display mode of the selected cells in previous step to HEX hexadecimal by selecting Display pull down menu and choosing the Hex as shown in Figure 2 123 Figure 2 123 Set Display Mode to...

Page 149: ...ition 8 Enter the Slave ID in the Modbus Poll function as shown in Figure 2 125 which should match the Modbus Address 1 entered in Figure 2 118 Figure 2 125 Slave ID in the Modbus Poll Function is set...

Page 150: ...150 of 223 Figure 2 126 Set Code 03 in the Modbus Poll Function 10 Set starting Address to 81 and Quantity to 2 as shown in Figure 2 127 Figure 2 127 Setup Starting Address and Quantity in Modbus Pol...

Page 151: ...s 0x0A 0x00 0x32 0x01 which means that the switch s IP is 10 0 50 1 as shown in Figure 2 128 Write Registers This example shows how to clear the switch s Port Count Statistics Figure 2 129 Mapping Tab...

Page 152: ...131 Click on Function 06 in the Modbus Poll 3 Set Address to 256 and Value HEX to 1 as shown in Figure 2 132 then click Send button Figure 2 132 Use Modbus Poll to Clear Switch s Port Count 4 Check Po...

Page 153: ...byte d Word 3 Lo byte Word 4 Hi byte S Word 4 Lo byte w Word 5 Hi byte i Word 5 Lo byte t Word 6 Hi byte c Word 6 Lo byte h Word 7 Hi byte Word 7 Lo byte E Word 8 Hi byte H Word 8 Lo byte 9 Word 9 Hi...

Page 154: ...0x0001 1 0x0002 2 0x0034 52 1 word R Flow Control 0x0000 None Power Information 0x0040 64 1 word R Power Status Power 1 OK Hi byte 0x01 Power 1 Fail Hi byte 0x00 Power 2 OK Low byte 0x01 Power 2 Fail...

Page 155: ...1 Word 0 Hi byte 0xA8 Word 0 Lo byte 0x5F Word 1 Hi byte 0x01 Word 1 Lo byte 0x01 System Status Clear 0x0100 256 1 word W Clear Port Statistics 0x0001 Do clear action 0x0101 257 1 word W Clear Relay...

Page 156: ...e Port 6 Status Word 3 Hi byte Port 7 Status Word 3 Lo byte Port 8 Status Word 4 Hi byte Port 9 Status Word 4 Lo byte Port 10 Status 0x1060 4192 5 words R Port Duplex Status half duplex 0x00 Status fu...

Page 157: ...rt 5 good packets Word 20 21 22 23 Port 6 good packets Word 24 25 26 27 Port 7 good packets Word 28 29 30 31 Port 8 good packets Word 32 33 34 35 Port 9 good packets Word 36 37 38 39 Port 10 good pack...

Page 158: ...9 Port 10 good packets 0x1600 5632 40 words R Count of Bad Packets of RX Ex Port 1 gets 0x2EEEE1FFFF bad packets of RX Word 0 of Port 1 0x0000 Word 1 of Port 1 0x002E Word 2 of Port 1 0xEEE1 Word 3 of...

Page 159: ...tact configured in Configuration System Information System Contact Null Name The system name configured in Configuration System Information System Name Null Location The system location configured in...

Page 160: ...0ms 1sec and 10 seconds intervals The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format Consult...

Page 161: ...The IPv4 IPv6 address of the entry Link Address The Link MAC address for which a binding to the IP address given exist Check the Auto refresh box to refresh the page automatically The automatic refres...

Page 162: ...ntry of the table is displayed the button is disabled Updates the table entries ending at the entry prior to the first entry currently displayed If the first entry of the table is displayed the button...

Page 163: ...ently displayed If the first entry of the table is displayed the button is disabled Updates the table entries starting from the entry next to the last entry currently displayed If the last entry of th...

Page 164: ...m log entry is belonged information level Warning The system log entry is belonged warning level Error The system log entry is belonged error level Time The occurred time of the system log entry Messa...

Page 165: ...e device There are two or three powers Power1 Power 2 and Power3 and the power state can be either On and Off Some models support two powers and some models support three powers Figure 3 9 Webpage to...

Page 166: ...c Overview of Ports Table 3 7 Monitoring Descriptions of Traffic Overview of Ports Label Description Factory Default Port The logical port for the settings contained in the same row Port Number Packet...

Page 167: ...lick Clear button to clears the counters for all ports Click Refresh button to refresh the page immediately 3 2 4 QCL Status This webpage in Figure 3 14 shows the QoS Control List QCL status by differ...

Page 168: ...receive and transmit and the error counters for receive and transmit Descriptions of statistics labels are summarized in Table 3 10 Figure 3 15 Webpage to Monitor Detailed Port Statistics SNAP Match...

Page 169: ...received and transmitted good and bad broadcast packets Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive...

Page 170: ...reset counters and issue commands Oper The operational state of ERPS instance Active Disabled or Internal error Warning Operational warnings of ERPS instance No warnings There are warnings use tooltip...

Page 171: ...rs This shows a number of counters useful for debug purpose The Counter type column indicate the counted frame attribute ERPS Command No request There is no active local command on this instance Issui...

Page 172: ...for continuous refresh with the same start address The will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown...

Page 173: ...while being sent to clients Receive from Server The number of packets received from server Receive Missing Agent Option The number of packets received without agent information options Receive Missing...

Page 174: ...the MAC Label Description Rx and Tx Discover The number of discover option 53 with value 1 packets received and transmitted Rx and Tx Offer The number of offer option 53 with value 2 packets received...

Page 175: ...r for which the status applies Click the port number to see the status for this particular port Users Each of the user modules has a column that shows whether that module has enabled Port Security or...

Page 176: ...s indicate the number of currently learned MAC addresses forwarding as well as blocked the number of violating MAC address only counting in Restrict mode and the maximum number of MAC addresses that c...

Page 177: ...still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is d...

Page 178: ...bout Guest VLANs Configuration Security Network NAS Port Counters EAPOL Counters These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthoriz...

Page 179: ...authenticated In the authenticated state it is allowed to forward frames on the port and in the unauthenticated state it is blocked As long as the backend server hasn t successfully authenticated the...

Page 180: ...end is reached the text No more entries is shown in the displayed table Use the button to start over Figure 3 27 Webpage to Monitor Dynamic ARP Inspection Table Table 3 21 Monitoring Descriptions of D...

Page 181: ...resh the page automatically Automatic refresh occurs every 3 seconds Click Refresh button to refresh the page immediately Click Clear button to flush all dynamic entries Click to update the table star...

Page 182: ...he server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when m...

Page 183: ...RADIUS authentication server Pending Requests The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when...

Page 184: ...eceived from the server Access Challenges The number of RADIUS Access Challenge packets valid or invalid received from the server Malformed Access Responses The number of malformed RADIUS Access Respo...

Page 185: ...equest packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept...

Page 186: ...the network Pkts The total number of packets including bad packets broadcast packets and multicast packets received Broad cast The total number of good packets received that were directed to the broa...

Page 187: ...f events in which packets were dropped by the probe due to lack of resources Octets The total number of octets of data including those in bad packets received on the network Pkts The total number of p...

Page 188: ...e number of the inbound packets that were discarded because of the unknown or un support protocol OutOctets The number of octets transmitted out of the interface including framing characters OutUcastP...

Page 189: ...tatus Check the Auto refresh box to refresh the page automatically Automatic refresh occurs every 3 seconds Click Refresh button to refresh the page immediately Label Description Event Index Indicates...

Page 190: ...internal i e local system status for all ports Only ports that are part of an LACP group are shown For details on the shown parameters please refer to IEEE 801 AX 2014 Figure 3 38 Webpage to Monitor L...

Page 191: ...e identity of the LAG is consistent with the System ID and operational Key information transmitted Collecting Show if collection of incoming frames on this link is enabled Distributing Show if distrib...

Page 192: ...rver The Pending Requests counter will not be cleared by this operation 3 7 Spanning Tree 3 7 1 Bridge Status This page provides a status overview of all STP bridge instances Figure 3 41 Webpage to Mo...

Page 193: ...itch Label Description Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root C...

Page 194: ...oping status Label Description Port The switch port number of the logical STP port Transmitted Received MSTP The number of MSTP BPDU s received transmitted on the port Transmitted Received RSTP The nu...

Page 195: ...Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The will use the last entry of the currently displayed table as a basis L...

Page 196: ...o update the table starting from the first entry in the MVR Channels Groups Information Table Click to updates the table starting with the entry after the last entry currently displayed 3 8 1 3 IPv4 S...

Page 197: ...umber Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude Source Address IP Address of the source Currently the maximum number...

Page 198: ...ry currently displayed 3 8 2 3 IPv6 SFM Information Entries in the MLD SFM Information Table are shown on this page The MLD SFM Source Filtered Multicast Information Table also contains the SSM Source...

Page 199: ...ptions of LLDP Neighbour Information Label Description VLAN ID VLAN ID of the group Group Group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per...

Page 200: ...bility is followed by Management Address The neighbour unit s address that is used for higher layer entities to assist discovery by the network management This could for instance hold the neighbour s...

Page 201: ...ew entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given interface s link is down an LLDP shutdown frame is...

Page 202: ...ck s Device Type is Master Only 5 Slave Only Clock s Device Type is Slave Only Port List Shows the ports configured for that Clock Instance Label Description SyncCount A counter that increments every...

Page 203: ...the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the button to start over Figure 3 55...

Page 204: ...s Click Buttons to select VLAN Users from this drop down list Check the Auto refresh box to refresh the page automatically Automatic refresh occurs every 3 seconds Click Refresh button to refresh the...

Page 205: ...n by the selected user Frame Type Shows the acceptable frame types All Tagged Untagged that a given user wants to configure on the port The field is empty if not overridden by the selected user Port V...

Page 206: ...led Display DDMI detailed information on this page DDMI is an acronym for Digital Diagnostics Monitoring Interface It provides an enhanced digital diagnostic monitoring interface for optical transceiv...

Page 207: ...dicates SFP vendor name Part Number Indicates part number provided by SFP vendor Serial Number Indicates serial number provided by SFP vendor Revision Indicates revision level for part number provided...

Page 208: ...matically Automatic refresh occurs every 3 seconds Click Refresh button to refresh the page immediately Label Description Detailed UDLD Status UDLD Admin State The current port state of the logical po...

Page 209: ...ernet Control Message Protocol packet to troubleshoot IP connectivity issues Note that this utility is only for IPv4 address The Ping utility for IPv6 will be provided in the next subsection Figure 4...

Page 210: ...Note You may only specify either the Source Port Number or the IP Address for the source interface IP Address for Source Interface This field can be used to force the test to use a specific local inte...

Page 211: ...version 6 network as shown in Figure 4 5 After entering the IP address or hostname click Start button to run the Ping IPv6 function An example of successful ping result is shown in Figure 4 6 while a...

Page 212: ...ld empty for automatic selection based on routing configuration Note You may only specify either the Source Port Number or the IP Address for the source interface IP Address for Source Interface This...

Page 213: ...l try to probe If this value is reached before the specified remote host is reached the test stops The default value is 30 The valid range is 1 255 VID for source Interface This field can be used to f...

Page 214: ...umber of Probes Per Hop Specifies the number of probe packets sent for each hop which is the number of queries per intermediate host or gateway The default value is 3 packets The valid range is 1 60 R...

Page 215: ...specify either the VID or the IP Address for the source interface Print Numeric Addresses By default the traceroute command will print out hop information using a reverse DNS lookup for the acquired h...

Page 216: ...tion of the device The following sections will describe each submenu under the Maintenance menu Figure 5 1 Maintenance Menu 5 1 Restart Device To restart the managed switch or device through the WebUI...

Page 217: ...ne the user will be presented with a message as showed in Figure 5 5 The new configuration will be available immediately and no restart is necessary Note that if the user selects the No button the web...

Page 218: ...l display a message stating that the firmware update is initiated After a duration of approximately one minute the firmware will finish update and the switch will be restarted Warning While the firmwa...

Page 219: ...st at boot time the switch will start up in its default configuration default config A read only file with vendor specific configuration This file is read when the system is restored to default settin...

Page 220: ...this web page the user can upload a local configuration file on the user s computer to the managed switch using web browser This will be useful when the user would like to use a backup configuration...

Page 221: ...uploaded file is merged into running config If the flash file system is full i e contains default config and 32 other files usually including startup config it is not possible to create new files Then...

Page 222: ...ame by checking on the radio button in front of that file under the File Name table Then click on the Delete Configuration File button Note that a pop up window will be prompted for a confirmation by...

Page 223: ...ies Inc www atoponline com TAIWAN HEADQUARTER and INTERNATIONAL SALES 2F No 146 Sec 1 Tung Hsing Rd 30261 Chupei City Hsinchu County Taiwan R O C Tel 886 3 550 8137 Fax 886 3 550 8131 sales atop com t...

Reviews:

No comments

Brands by name

Popular brands

Load more brands