manualshive.com logo in svg

Black Box LE2700A, User Manual, Page: 110 / 154

Share
Download
Black Box LE2700A User Manual Download Page 110

724-746-5500   |   blackbox.com 

Page 110

Chapter 5: Management 

Table 5-80 (continued). Network Access Server Configuration screen options.

Label

Description

Admin State 
(continued)

Port-based 802.1X

In an 802.1X network environment, the user is called the supplicant, the switch is the authenticator, and the 
RADIUS server is the authentication server. The authenticator acts as the man-in-the-middle, forwarding 
requests and responses between the supplicant and the authentication server. Frames sent between the 
supplicant and the switch are special 802.1X frames, known as EAPOL (EAP Over LANs) frames which 
encapsulate EAP PDUs (RFC3748). Frames sent between the switch and the RADIUS server is RADIUS pack-
ets. RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch's IP address, 
name, and the supplicant's port number on the switch. EAP is very flexible as it allows for different authenti-
cation methods, like MD5-Challenge, PEAP, and TLS. The important thing is that the authenticator (the 
switch) does not need to know which authentication method the supplicant and the authentication server 
are using, or how many information exchange frames are needed for a particular method. The switch simply 
encapsulates the EAP part of the frame into the relevant type (EAPOL or RADIUS) and forwards it.

When authentication is complete, the RADIUS server sends a special packet containing a success or failure 
indication. Besides forwarding the result to the supplicant, the switch uses it to open up or block traffic on 
the switch port connected to the supplicant.

NOTE:  In an environment where two backend servers are enabled, the server timeout is configured to X sec-

onds (using the authentication configuration page), and the first server in the list is currently down 
(but not considered dead), if the supplicant retransmits EAPOL Start frames at a rate faster than X 
seconds, it will never be authenticated because the switch will cancel on-going backend  
authentication server requests whenever it receives a new EAPOL Start frame from the supplicant. 
Since the server has not failed (because the X seconds have not expired), the same server will be  
contacted when the next backend authentication server request from the switch This scenario will 
loop forever. Therefore, the server timeout should be smaller than the supplicant's EAPOL Start frame 
retransmission rate. 

a. Single 802.1X

In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole 
port is opened for network traffic. This allows other clients connected to the port (for instance through a 
hub) to piggy-back on the successfully authenticated client and get network access even though they are 
not authenticated individually. To overcome this security breach, use the Single 802.1X variant.

Single 802.1X is not yet an IEEE standard, but features many of the same characteristics as port-based 
802.1X. In Single 802.1X, at most one supplicant can get authenticated on the port at a time. Normal 
EAPOL frames are used in the communications between the supplicant and the switch. If more than one 
supplicant are connected to a port, the one that comes first when the port's link is connected will be the 
first one considered. If that supplicant does not provide valid credentials within a certain amount of time, the 
chance will be given to another supplicant. Once a supplicant is successfully authenticated, only that suppli-
cant will be allowed access. This is the most secure of all the supported modes. In this mode, the Port 
Security module is used to secure a supplicant's MAC address once successfully authenticated.

b. Multi 802.1X

In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole 
port is opened for network traffic. This allows other clients connected to the port (for instance through a 
hub) to piggy-back on the successfully authenticated client and get network access even though they are 
not authenticated individually. To overcome this security breach, use the Multi 802.1X variant. 

Summary of Contents for LE2700A

Page 1: ...ies Hardened Managed Modular Switches LE2700A LE2710C LE2721C LE2700AE LE2711C LE2722C LE2700UK LE2720C LE2731C Order toll free in the U S Call 877 877 BBOX outside U S call 724 746 5500 FREE technica...

Page 2: ...is Manual Black Box and the Double Diamond logo are registered trademarks of BB Technologies Inc Any other trademarks mentioned in this manual are acknowledged to be the property of the trademark owne...

Page 3: ...en the equipment is operated in a commercial environment Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to...

Page 4: ...n el flujo de aire por los orificios de ventilaci n 10 El equipo el ctrico deber ser situado fuera del alcance de fuentes de calor como radiadores registros de calor estufas u otros aparatos incluyend...

Page 5: ...19 3 3 1 Grounding 19 3 3 2 Fault Relay 19 3 3 3 Redundant Power Inputs 19 3 4 Connection 20 3 4 1 Cables 20 3 4 2 SFP 22 3 4 3 B Ring B Chain 22 4 Redundancy 25 4 1 B Ring 25 4 1 1 Introduction 25 4...

Page 6: ...68 5 5 5 SNMP View Configurations 68 5 5 6 SNMP Access Configurations 69 5 6 Traffic Prioritization 70 5 6 1 Storm Control 70 5 6 2 Port Classification 71 5 6 3 Port Tag Remaking 72 5 6 4 Port DSCP 73...

Page 7: ...nitor and Diag 118 5 10 1 MAC Table 118 5 10 2 Port Statistics 120 5 10 3 Port Mirroring 122 5 10 4 System Log Information 123 5 10 5 Cable Diagnostics 124 5 10 6 SFP Monitor 125 5 10 7 Ping 125 5 11...

Page 8: ...sed port security Port based network access control 802 1x Single 802 1x and Multiple 802 1x MAC based authentication QoS assignment Guest VLAN MAC address limit TACACS VLAN 802 1Q to segregate and se...

Page 9: ...ng 1 Fault 1 Def 1 Link 1 SPD 1 FDX 1 RMT 28 Port LEDs LE2720C 2 LEDs per port LE2731C 1 LED per port Environmental Temperature Tolerance Operating 40 to 185 F 40 to 85 C Storage 40 to 185 F 40 to 85...

Page 10: ...0C 4 port 100FX multimode 2 km SC module LE2711C 4 port 100FX multimode 2 km ST module LE2720C 8 port 10 100 1000BASE T RJ 45 module LE2721C 8 port 100 1000 Mbps SFP module LE2722C 4 port 100 1000 Mbp...

Page 11: ...d LE2700UK LE2700 Series Hardened Managed Modular Switch with power supply UK power cord LE2710C 4 port 100FX multimode 2 km SC module LE2711C 4 port 100FX multimode 2 km ST module LE2720C 8 port 10 1...

Page 12: ...Overview 2 4 Hardware Description Figure 2 1 Front panel Figure 2 2 Back panel Power module slot 2 Power module slot 1 10 Gigabit or Gigabit Ethernet module installs in slot 4 Power module installed...

Page 13: ...el name Name of product 2 System and Port status LEDs System LEDs include PWR PWR1 PWR2 R M Ring Fault DEF Port LEDs include LINK SPD FDX port number 3 Serial console port Links to console for managem...

Page 14: ...SFP module LE2731C 4 port 10 GE SFP module Figure 2 4 SFP Modules Part Number Description Compatible Switch Modules LFP401 SFP 155 Mbps Fiber with Extended Diagnostics 850 nm Multimode LC 2 km LE2721...

Page 15: ...W2 Green On DC power module 2 activated 4 R M Green On Ring Master 5 Ring Green On Ring enabled Green Slowly blinking Ring structure is broken i e part of the ring is disconnected Green Fast blinking...

Page 16: ...brackets orientated in front of the rack nest front and rear brackets together Fasten together using remaining M4 screws into counter sunk holes Step 3 Fasten the front mounting bracket to the front o...

Page 17: ...d 3 respectively Step 3 Switch on the power of the switch Figure 3 4 SFP module 3 2 3 100 1000 Mbps SFP Module LE2722C or 10G SFP Module LE2731C Each LE2700 Series Hardened Managed Modular Switches sw...

Page 18: ...ts 2 Removing and installing an Ethernet module can shorten its useful life Do not remove and insert the modules more often than is absolutely necessary 3 2 4 Power Module Each LE2700 Series Hardened...

Page 19: ...he rule of thumb is that wiring sharing similar electrical characteristics can be bundled together 7 Separate input wiring from output wiring 8 Label the wiring to all devices in the system 3 3 1 Grou...

Page 20: ...AT3 4 5 100 ohm UTP 328 ft 100 m RJ 45 100BASE TX CAT5 100 ohm UTP UTP 328 ft 100 m RJ 45 1000BASE TX CAT5 CAT5e 100 ohm UTP UTP 328 ft 100 m RJ 45 With 1000 100BASE TX 10BASE T cables pins 1 and 2 ar...

Page 21: ...BI_DA 7 BI_DD BI_DC 8 BI_DD BI_DC NOTE and signs represent the polarity of the wires that make up each wire pair RS 232 port wiring You can manage the LE2700 Series Switch via console ports using a RS...

Page 22: ...ts connected For information about the port setting please refer to Section 4 1 2 Configuration 3 Connect the last switch to the first switch to form a ring topology B Ring Figure 3 10 B Ring Coupling...

Page 23: ...hile the other will act as the backup path that is activated when the primary path connection fails B Ring Figure 3 12 Dual homing B Chain When connecting multiple B Rings to meet your expansion deman...

Page 24: ...746 5500 blackbox com Page 24 Chapter 3 Hardware Installation 3 Once the setting is completed one of the connections will act as the main path and the other as the backup path B Ring Figure 3 13 B Ch...

Page 25: ...fast recover technology 4 1 2 Configurations B Ring supports three ring topologies Ring Master Coupling Ring and Dual Homing You can configure the settings in the interface below Table 4 1 Configurati...

Page 26: ...ations of current redundant ring technologies 4 2 2 Configurations B Chain is very easy to configure and manage Only one edge port of the edge switch needs to be defined Other switches beside them jus...

Page 27: ...loop and hence caus ing congestion in the network STP can identify the best path to the destination and block all other paths The blocked links will stay connected but inactive When the best path fail...

Page 28: ...rent STP port role of the CIST port The values include AlternatePort BackupPort RootPort and DesignatedPort State The current STP port state of the CIST port The values include Blocking Learning and F...

Page 29: ...guration screen options Label Description Protocol Version The version of the STP protocol Valid values include STP RSTP and MSTP Forward Delay The delay used by STP bridges to transit root and design...

Page 30: ...switches with the same VLANs at least one MST instance and the same MST region name Therefore switches can use different paths in the network to effectively balance loads Port Settings This page allo...

Page 31: ...u to enter a user defined value The path cost is used when establishing an active topology for the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports The r...

Page 32: ...the MSTI The VLANs must be separated with commas and or space A VLAN can only be mapped to one MSTI An unused MSTI will be left empty ex without any mapped VLANs Save Click to save changes Reset Clic...

Page 33: ...orts in favor of higher path cost ports The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above OpenEdge setate flag A flag indicat...

Page 34: ...connects to a point to point LAN rather than a shared medium This can be configured automatically or set to true or false manually Transiting to forwarding state is faster for point to point LANs tha...

Page 35: ...ow Java applets to open sockets You need to modify the browser setting sepa rately in order to enable Java applets for network ports Preparing for Web Management You can access the management page of...

Page 36: ...em information configuration screen options Label Description System Name An administratively assigned name for the managed node By convention this is the node s fully qualified domain name A domain n...

Page 37: ...o any changes made locally and revert to previously saved values 5 1 2 Admin Password This page allows you to configure the system password required to access the web pages or log in from CLI Figure 5...

Page 38: ...mation of the switch in this page Figure 5 7 IP Configuration screen Table 5 4 IP Configuration screen options Label Description DHCP Client Enable the DHCP client by checking this box If DHCP fails o...

Page 39: ...03 4dc7 the symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid...

Page 40: ...undo any changes made locally and revert to previously saved values 5 1 7 SSH You can configure the SSH mode in the following page Figure 5 10 SSH Configuration screen Table 5 7 SSH Configuration scre...

Page 41: ...ted The columns include the following information Figure 5 12 LLDP Neighbor Information screen Table 5 9 LLDP Neighbor Information screen options Label Description Local Port The port that you use to...

Page 42: ...time to live Table 5 11 Local Counters options Label Description Local Port The port that receives or transmits LLDP frames Tx Frames The number of LLDP frames transmitted on the port Rx Frames The nu...

Page 43: ...ately Clear Click to clear the local counters All counters including global counters are cleared upon reboot Auto refresh Check to enable an automatic refresh of the page at regular intervals 5 1 9 Mo...

Page 44: ...h You can check the Enabled checkbox to activate the function Once the box is checked you will be able to input information in each column Figure 5 17 DHCP Server Configuration screen 5 2 2 Dynamic Cl...

Page 45: ...ent is used to forward and transfer DHCP mes sages between the clients and the server when they are not in the same subnet domain Relay Information Mode Indicates the existing DHCP relay information m...

Page 46: ...message containing the information is received The relay statistics show the information of relayed packets of the switch Figure 5 21 DHCP Relay Statistics Table 5 14 DHCP Relay Statistics screen opti...

Page 47: ...ed when received messages contain relay agent information 5 3 Port Setting Port Setting allows you to manage individual ports of the switch including traffic power and trunks 5 3 1 Port Control This p...

Page 48: ...wer savings enabled Enabled both link up and link down power savings enabled Total Power Usage Total power consumption of the board measured in percentage Save Click to save changes Reset Click to und...

Page 49: ...ation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group 5 3 3 LACP This page allows you to enable...

Page 50: ...LACP activity status Active will transmit LACP packets every second while Passive will wait for a LACP packet from a partner speak if spoken to Save Click to save changes Reset Click to undo any chang...

Page 51: ...dress Partner Port The partner s port number associated with the port Refresh Click to refresh the page immediately Auto refresh Check to enable an automatic refresh of the page at regular intervals L...

Page 52: ...1 to 10 seconds Shutdown Time The period in seconds for which a port will be kept disabled when a loop is detected shutting down the port The valid value is 0 to 604800 seconds 7 days A value of zero...

Page 53: ...to delete the entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Port Members Checkmarks indicate which ports are members of the...

Page 54: ...affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port will be discarded By default the field is set to All Port VLAN Mode The allowed values are N...

Page 55: ...ID and is forwarded When the port receives tagged frames 1 If the tagged frame contains a TPID of 0x8100 it will be forwarded 2 If the TPID of tagged frame is not 0x8100 ex 0x88A8 it will be discarded...

Page 56: ...724 746 5500 blackbox com Page 56 Chapter 5 Management Figure 5 34...

Page 57: ...724 746 5500 blackbox com Page 57 Chapter 5 Management Figure 5 35...

Page 58: ...ox com Page 58 Chapter 5 Management Examples of VLAN Settings VLAN Access Mode Figure 5 36 Switch A Port 7 is VLAN Access mode Untagged 20 Port 8 is VLAN Access mode Untagged 10 Below are the switch s...

Page 59: ...blackbox com Page 59 Chapter 5 Management Figure 5 38 VLAN 1Q Trunk Mode Figure 5 39 Switch B Port 1 VLAN 1Qtrunk mode tagged 10 20 Port 2 VLAN 1Qtrunk mode tagged 10 20 Below are the switch settings...

Page 60: ...724 746 5500 blackbox com Page 60 Chapter 5 Management Figure 5 41 VLAN Hybrid Mode Port 1 VLAN Hybrid mode untagged 10 Tagged 10 20 Below are the switch settings Figure 5 42 Figure 5 43...

Page 61: ...agement VLAN QinQ Mode VLAN QinQ mode is usually adopted when there are unknown VLANs as shown in the figure below VLAN X Unknown VLAN Figure 5 44 VLAN QinQ mode Port 1 VLAN Settings Figure 5 45 VLAN...

Page 62: ...ere Port members of each private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and private VLAN IDs c...

Page 63: ...LAN to add a new private VLAN ID An empty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range...

Page 64: ...length is 0 to 255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be assoc...

Page 65: ...address of this switch IPv6 address consists of 128 bits represented as eight groups of four hexadecimal digits with a colon separating each field For example in fe80 215 c5ff fe03 4dc7 the symbol is...

Page 66: ...mmunity Figure 5 52 SNMPv3 Communities Configuration screen Table 5 32 SNMPv3 Communities Configuration screen options Label Description Delete Check to delete the entry It will be deleted during the...

Page 67: ...Auth NoPriv no authentication and none privacy Auth NoPriv Authentication and no privacy Auth Priv Authentication and privacy The value of security level cannot be modified if the entry already exists...

Page 68: ...ld belong to Possible security models included v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Name A string identifying the security name that this entry sh...

Page 69: ...Model and Security Level Figure 5 56 SNMPv3 Access Configuration screen Table 5 36 SNMPv3 Access Configuration screen options Label Description Delete Check to delete the entry It will be deleted duri...

Page 70: ...unicast multicast or broadcast traffic across the switch NOTE Frames sent to the CPU of the switch are always limited to approximately 4 kpps For example broadcasts in the management VLAN are limited...

Page 71: ...5 6 7 QoS class 1 0 2 3 4 5 6 7 If the port is VLAN aware the frame is tagged and Tag Class is enabled then the frame is classified to a QoS class that is mapped from the PCP and DEI value in the tag...

Page 72: ...ssified to the DEI value in the tag Otherwise the frame is classified to the default DEI value Tag Class Shows the classification mode for tagged frames on this port Disabled Use default QoS class and...

Page 73: ...DSCP This page allows you to configure basic QoS Port DSCP settings for all switch ports Figure 5 60 QoS Egress Port DSCP Configuration screen Table 5 40 QoS Egress Port DSCP Configuration screen opt...

Page 74: ...P Translation Egress Remap DP0 table or from the DSCP Translation Egress Remap DP1 table 5 6 5 Port Policing This page allows you to configure Policer settings for all switch ports Figure 5 61 QoS Ing...

Page 75: ...w applies Enable E Check to enable queue policer for individual switch ports Rate Configures the rate of each queue policer The default value is 500 This value is restricted to 100 to 1000000 when the...

Page 76: ...icted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate for each queue shaper The default value is 500 This value i...

Page 77: ...t is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate of each queue shaper The default value is 500 This value is restricted to 100 to 1000000 when t...

Page 78: ...r rate as kbps or Mbps The default value is kbps 5 6 8 Port Scheduled This page provides an overview of QoS Egress Port Schedulers for all switch ports Figure 5 65 QoS Egress Port Schedulers screen Ta...

Page 79: ...S This page allows you to configure basic QoS DSCP based QoS Ingress Classification settings for all switches Figure 5 67 DSCP Based QoS Ingress Classification screen Table 5 47 DSCP Based QoS Ingress...

Page 80: ...are two configuration parameters for DSCP Translation 1 Translate DSCP can be translated to any of 0 63 DSCP values 2 Classify check to enable ingress classification Egress Configurable egress parame...

Page 81: ...lass Actual QoS class DPL Actual Drop Precedence Level DSCP Select the classified DSCP value 0 63 5 6 13 QoS Control List This page allows you to edit or insert a single QoS control entry at a time A...

Page 82: ...Control Valid Control valid values can range from 0x00 to 0xFF or Any The default value is Any SNAP PID valid PID a k a ethernet type values can range from 0x00 to 0xFFFF or Any The default value is A...

Page 83: ...dividual queues for all switch ports Figure 5 71 Queuing Counters screen Table 5 51 Queuing Counters screen options Label Description Port The switch port number to which the following settings will b...

Page 84: ...e matched with the frame s content There are three action fields Class DPL and DSCP Class Classified QoS if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame mat...

Page 85: ...AN Configurations of IGMP Snooping Each page shows up to 99 entries from the VLAN table with a default value of 20 selected by the Entries Per Page input field When first visited the web page will sho...

Page 86: ...GMP Snooping Status screen options Label Description VLAN ID The VLAN ID of the entry Querier Version Active Querier version Host Version Active Host version Querier Status Shows the Querier status as...

Page 87: ...5 56 IGMP Snooping Group Information screen options Label Description VLAN ID The VLAN ID of the group Groups The group address of the group displayed Port Members Ports under this group 5 8 Security...

Page 88: ...Scan scans IP MAC automatically but no binding function Binding enables binding Under this mode any IP MAC that does not match the entry will not be allowed to access the network Shutdown shuts down...

Page 89: ...evice MAC Address Specifies MAC address of the device Advanced Configurations Alias IP Address This page provides Alias IP Address configuration Some devices might have more than one IP addresses You...

Page 90: ...evention screen options Label Description Mode Enables or disables DDOS prevention of the port Sensibility Indicates the level of DDOS detection Possible levels are Low low sensibility Normal normal s...

Page 91: ...e event Reboot Device if PoE is supported the device can be rebooted The event will be logged Status Indicates the DDOS prevention status Possible statuses are disables DDOS prevention Analyzing analy...

Page 92: ...on Mode Enables or disables stream monitoring of the port Action Indicates the action to take when the stream gets low Possible actions are no action Log it simply logs the event 5 8 3 ACL Ports This...

Page 93: ...allowed values are Disabled or a specific port number The default value is Disabled Logging Specifies the logging operation of the port The allowed values are Enabled frames received on the port are...

Page 94: ...ation screen Table 5 66 ACE Configuration screen Label Description Ingress Port Indicates the ingress port to which the ACE will apply Any the ACE applies to any port Port n the ACE applies to this po...

Page 95: ...abled port shutdown is disabled for the ACE Counter Indicates the number of times the ACE matched by a frame Figure 5 87 MAC Parameters screen Table 5 67 MAC Parameters screen options Label Descriptio...

Page 96: ...ID filter for the ACE Any no VLAN ID filter is specified VLAN ID filter status is don t care Specific if you want to filter a specific VLAN ID with the ACE choose this value A field for entering a VLA...

Page 97: ...than zero must not be able to match this entry Yes IPv4 frames whose MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry Any any value is allowed don t care IP...

Page 98: ...rk sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear Sender IP Address When Host or Network is selected for the sen...

Page 99: ...length HLN and protocol address length PLN settings 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must not match this entry 1 ARP RARP frames where the H...

Page 100: ...lue The allowed range is 0 to 255 A frame matching the ACE will use this ICMP code value Figure 5 92 TCP Parameters and UDP Parameters screens Table 5 72 TCP Parameters and UDP Parameters screens opti...

Page 101: ...ata from sender value for the ACE 0 TCP frames where the FIN field is set must not be able to match this entry 1 TCP frames where the FIN field is set must be able to match this entry Any any value is...

Page 102: ...pond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the dead time to a value greater than 0 zero will enable...

Page 103: ...rver If the port is set to 0 zero the default port 1813 is used on the RADIUS accounting server Secret The secret up to 29 characters long shared between the RADIUS accounting server and the switch st...

Page 104: ...is enabled Figure 5 97 RADIUS Accounting Server Status Overview screen Table 5 77 RADIUS Accounting Server Status Overview screen options Label Description The RADIUS server number Click to navigate t...

Page 105: ...tication Client MIB Use the server drop down list to switch between the backend servers to show related details Figure 5 98 RADIUS Authentication Statistics for Server 1 screen Table 5 78 RADIUS Authe...

Page 106: ...r Info This section contains information about the state of the server and the latest round trip time Figure 5 99 RADIUS Accounting Statistics for Server 1 screen Table 5 79 RADIUS Accounting Statisti...

Page 107: ...s which encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s I...

Page 108: ...ation is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table...

Page 109: ...to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can b...

Page 110: ...switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant Since the server has not failed because the X seconds have not expir...

Page 111: ...the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string in the follo...

Page 112: ...l be attempted immediately The button only has effect on successfully authenticated clients on the port and will not cause the clients to be temporarily unauthorized Reinitialize forces a reinitializa...

Page 113: ...hich port details to be displayed Figure 5 102 NAS Statistics Port 2 screen Table 5 82 NAS Statistics Port 2 screen options Label Description Admin State The port s current administrative state Refer...

Page 114: ...Backend Server Counters These backend RADIUS frame counters are available for the following administrative states 802 1X MAC based Auth Last Supplicant Client Info Information about the last supplica...

Page 115: ...83 System Log Configuration screen options Label Description Server Mode Indicates existing server mode When the mode operation is enabled the syslog message will be sent to sys log server The syslog...

Page 116: ...SMTP Setting screen options Label Description E mail Alarm Enables or disables transmission of system warnings by e mail Sender E mail Address SMTP server IP address Mail Subject Subject of the mail...

Page 117: ...stem Warning Event Selection screen Table 5 85 System Warning Event Selection screen options Label Description System Cold Start Sends out alerts when the system is restarted Power Status Sends out al...

Page 118: ...ds This removal is called aging You can configure aging time by entering a value in the box of Age Time The allowed range is 10 to 1000000 seconds You can also disable the automat ic aging of dynamic...

Page 119: ...mbers Checkmarks indicate which ports are members of the entry Check or uncheck to modify the entry Adding New Static Entry Click to add a new entry to the static MAC table You can specify the VLAN ID...

Page 120: ...start over Figure 5 110 MAC Address Table screen Table 5 88 MAC Address Table screen options Label Description Type Indicates whether the entry is a static or dynamic entry MAC address The MAC address...

Page 121: ...tion Filtered The number of received frames filtered by the forwarding process Auto refresh Check to enable an automatic refresh of the page at regular intervals Refresh Updates the counter entries st...

Page 122: ...of long2 frames received with a valid CRC Rx Fragments The number of short1 frames received with an invalid CRC Rx Jabber The number of long2 frames received with an invalid CRC Rx Filtered The number...

Page 123: ...re not mirrored Tx only only frames transmitted from this port are mirrored to the mirror port Frames received are not mirrored Disabled neither transmitted nor recived frames are mirrored Enabled bot...

Page 124: ...ailable entry ID Updates system log entries ending at the last entry currently displayed Updates system log entries starting from the last entry currently displayed Updates system log entries ending a...

Page 125: ...he length in meters of the cable pair 5 10 6 SFP Monitor SFP modules with DDM Digital Diagnostic Monitoring function can measure the temperature of the apparatus helping you monitor the status of conn...

Page 126: ...om 10 10 132 20 icmp_seq 1 time 0ms 64 bytes from 10 10 132 20 icmp_seq 2 time 0ms 64 bytes from 10 10 132 20 icmp_seq 3 time 0ms 64 bytes from 10 10 132 20 icmp_seq 4 time 0ms Sent 5 packets received...

Page 127: ...ps clock output Input enable the 1 pps clock input Disable disable the 1 pps clock in out put External Enable The box allows you to configure external clock output The following values are possible Tr...

Page 128: ...e one way measurements are used This parameter applies only to a slave In one way mode no delay measurements are performed i e this is applicable only if frequency synchronization is needed The master...

Page 129: ...ws how much power the powered device currently is using Current Used Shows how much current the PD currently is using Priority Shows the port s priority configured by the user Port Status Shows the po...

Page 130: ...an reset the stack switch on this page After reset the system will boot normally as if you have powered on the devices Figure 5 124 Warm Reset screen Table 5 99 Factory default prompt screen options L...

Page 131: ...Page 131 Chapter 5 Management Follow the steps below to access the console via RS 232 serial cable Step 1 On Windows desktop click on Start Programs Accessories Communications HyperTerminal Figure 5...

Page 132: ...500 blackbox com Page 132 Chapter 5 Management Step 2 Input a name for the new connection Figure 5 126 Connection Description screen Step 3 Select a COM port in the drop down list Figure 5 127 COM por...

Page 133: ...t properties appears including bits per second data bits parity stop bits and flow control Figure 5 128 COM Properties screen Step 5 The console login screen will appear Use the keyboard to enter the...

Page 134: ...168 10 254 User Name admin Password admin Follow the steps below to access the console via Telnet Step 1 Telnet to the IP address of the switch from the Run window by inputting commands or from the M...

Page 135: ...Figure 5 132 Command Groups screen System System Configuration all port_list Reboot Restore Default keep_ip Contact contact Name name Location location Description description Password password Usern...

Page 136: ...enable disable actiphy dynamic Excessive port_list discard restart Statistics port_list command up down VeriPHY port_list SFP port_list MAC MAC Configuration port_list Add mac_addr port_list vid Delet...

Page 137: ...Configuration port_list Add pvlan_id port_list Delete pvlan_id Lookup pvlan_id Isolate port_list enable disable Security Security Switch Switch security setting Network Network security setting AAA A...

Page 138: ...alarm_variable absolute delta rising_threshold rising_event_ index falling_threshold falling_event_index rising falling both Alarm Delete alarm_id Alarm Lookup alarm_id Security Network Security Netwo...

Page 139: ...d vid tag_prio dmac_type etype etype smac dmac arp sip dip smac arp_opcode arp_flags ip sip dip protocol ip_flags icmp sip dip icmp_type icmp_code ip_flags udp sip dip sport dport ip_flags tcp sip dip...

Page 140: ...Filter enable disable bpduGuard enable disable recovery timeout CName config name integer Status msti port_list Msti Priority msti priority Msti Map msti clear Msti Add msti vid Port Configuration por...

Page 141: ...e Key port_list key Role port_list active passive Status port_list Statistics port_list clear LLDP LLDP Configuration port_list Mode port_list enable disable Statistics port_list clear Info port_list...

Page 142: ...nicast enable disable packet_rate Storm Multicast enable disable packet_rate Storm Broadcast enable disable packet_rate QCL Add qce_id qce_id_next port_list tag vid pcp dei smac dmac_type etype etype...

Page 143: ...hentication enable disable Period reauth_period Timeout eapol_timeout Statistics port_list clear eapol radius Clients port_list all client_cnt Agetime age_time Holdtime hold_time IGMP IGMP Configurati...

Page 144: ...etype smac dmac arp sip dip smac arp_opcode arp_flags ip sip dip protocol ip_flags icmp sip dip icmp_type icmp_code ip_flags udp sip dip sport dport ip_flags tcp sip dip sport dport ip_flags tcp_flag...

Page 145: ...x User Add engineid user_name MD5 SHA auth_password DES priv_password User Delete index User Changekey engineid user_name auth_password priv_password User Lookup index Group Add security_model securit...

Page 146: ...o Filter clockinst def_delay_filt period dist Servo clockinst displaystates ap_enable ai_enable ad_enable ap ai ad SlaveTableUnicast clockinst UniConfig clockinst index duration ip_addr ForeignMasters...

Page 147: ...enable disable Alarm PowerFailure pwr1 pwr2 pwr3 enable disable Event Event Configuration Syslog SystemStart enable disable Syslog PowerStatus enable disable Syslog SnmpAuthenticationFailure enable di...

Page 148: ...ode enable disable Dualhoming Port port Chain Chain Configuration Mode enable disable 1stUplinkPort port 2ndUplinkPort port EdgePort 1st 2nd none RCS RCS Mode enable disable Add ip_addr port_list web_...

Page 149: ...ource destination Port DDOS Action port_list do_nothing block_1_min block_10_mins block shutdown only_log reboot_device Port DDOS Status port_list Port Alive Mode port_list enable disable Port Alive A...

Page 150: ...able disable 1stRingPort mrp_port 2ndRingPort mrp_port Parameter MRP_TOPchgT value Parameter MRP_TOPNRmax value Parameter MRP_TSTshortT value Parameter MRP_TSTdefaultT value Parameter MRP_TSTNRmax val...

Page 151: ...724 746 5500 blackbox com Page 151 NOTES...

Page 152: ...724 746 5500 blackbox com Page 152 NOTES...

Page 153: ...724 746 5500 blackbox com Page 153 NOTES...

Page 154: ...Tech support available in 60 seconds or less Copyright 2014 Black Box Corporation All rights reserved Black Box and the Double Diamond logo are registered trademarks of BB Technologies Inc Any third...

Reviews:

No comments