Chima STES2026+ User Manual Download Page 29

Page: 29 / 91

S Layer 2 Managed Switch User Manual

陈泽科技有限公司

www.stephen-tele.com

Authentication process description:

Below is a simple description to the whole 802.1X authentication interactive process:

After

set some port as authentication port, all hosts that connected with this port can not forward data through switch.

Authentication client must start 802.1X authentication client software and send authentication requesting packet to

Then

will ask authentication username and password from authentication client. After the client send these, switch will

forward the username and password to Radius server for access right validation. When it is successful, switch will respond success

message to client and bind client’s MAC address with authentication port in order to make client forward data packet normally

through this port. During the interactive process, client and switch are transferring EAPOL (EAP OVER LAN) message while switch

and Radius server are transferring EAP message.

The EAPOL data packets that exchange between client and switch are as follows:

1: EAPOL-Star: Packet Type value is 1, initiative authentication frame, when user need authentication, it will initiate this frame and

it is from client to switch.

2: EAPOL-Logoff: Packet Type value is 2, quit request frame. When user does not need to use network, it will send this frame to

inform switch.

3: EAP-Packet: Packet Type value is 0, authentication information frame. It is used to contain authentication information.

There are four types data frame that exchange between switch and Radius server:

EAP-Request: Code value is 1, EAP request packet, request user name and password from switch to client.

EAP-Response: Code value is 2, EAP answer packet, transfer user name and password to switch from client.

EAP-Success: Code value is 3, EAP success packet, tell client that client user that authentication is successful. It is from switch to

client.

EAP-Failure: Code value is 4, EAP failure packet, tell client user that authentication is failure. It is from switch to client.

Below is a data packets exchange figure among 802.1x protocol client, switch and Radius server:

Summary of Contents for STES2026+

Page 1: ...anaged Switch User Manual www stephen tele com 1 STES2026 24 Port 10 100Base Tx 2 Port Giga SFP 2 Port Giga Ethernet Layer 2 managed Ethernet switch User Manual V1 3 STEPHEN TECHNOLOGIES CO LIMITED AL...

Page 2: ...2 1 Front Panel 3 2 2 Rear Panel 3 3 Remarks Chapter 4 Introduction to switch configuration 4 1 System configuration 4 1 1 System information 4 1 2 Switch infromation 4 1 3 System passport setting 4 1...

Page 3: ...1x Chapter 5 WEB management 5 1 Summrize 5 2 WEB management link 5 2 1 Ready work 5 2 2 Link 5 3 WEB management interface and operation method 5 3 1 System configuration 5 3 2 Port management 5 3 3 N...

Page 4: ...figuation command 6 4 14 Introduction to STP configuration command 6 4 15 System configuration command 6 4 16 Trunk configuration command 6 4 17 Example of Trunk configuration 6 4 18 Introduction to V...

Page 5: ...se STES2026 Gigabit management Ethernet switch 1 2 Assumpsit The Switch indicated in the User s Guide is the STES2026 Gigabit management Ethernet switch 1 3 Overview of this User s Guide Chapter 1 Abo...

Page 6: ...S2026 support 24 100M Auto Negotiation RJ45 ports 2 Giga Auto Negotiation RJ45 ports Provide 2 Giga SFP optical extend slot and share with 2 Giga RJ 45 port Support RJ 45 port Auto MDI MDIX Provide on...

Page 7: ...emperature 0 40 Operating Humidity 10 90 non condensing Storage Temperature 40 70 Storage Humidity 5 90 non condensing Input Input 180 240VAC 50 60Hz Fig 2 1 STES2026 specification table Chapter 3 Ins...

Page 8: ...plug in when the power supply is well balanced 3 2 Appearance of the Switch Describe the front panel and back panel of the switch in details 3 2 1 1 STES2026 front panel is made up of 2 SFP slots 2 1...

Page 9: ...the relative LED shines green light and when there is data transferring the LED blinks 2 Speed indicator When a normal port connected to a 100Mbps equipment the relative LED shines green light When a...

Page 10: ...e the configuration of STES2026 In these following configuration some is for WEB or CLI But most are for both WEB and CLI 4 1 System configuration Switch system configuration is used to set up the sys...

Page 11: ...ver We fill TFTP file server IP address in switch If upgrade system file and cofiguration file we need provide correct name of the file When upgrade system and configuration file we must put upgraded...

Page 12: ...D 1000M Full Duplex mode Front number is transfer speed back number is Duplex mode Half Duplex mode is both transfer side sending and receiving file But at the same time only one equipment use network...

Page 13: ...mes within size 65 to 127 bytes total length Pkts128to255Octets the number of received and transmited frames within size 128 to 255 bytes total length Pkts256to511Octets the number of received and tra...

Page 14: ...ackage broadcast storm control following fig is basical format of ethernet Broadcast package broadcast package is ethernet package with destination MAC address FF FF FF FF FF FF multicast package mult...

Page 15: ...IGMP frame between IGMP router and IGMP host establish the IGMP table control the package of this IGMP group just transmit between the IGMP member ports avoid the IGMP frame to broadcast in the switc...

Page 16: ...ecide whether delete port from multicast group Or there is no port in this multicast this multicast will be deleted Take above fig as an example mainboard A connected to switch port 10 leave this mult...

Page 17: ...lticast group member table by their data package if find matched item their data transmit this item to appointed member port or this multicast group broadcast in switch STES2026 can support at most 25...

Page 18: ...port As the following fig showing FDB ARL table dynamic Learnt Suppose mainboard A and mainboard B communicate through STES2026 mainboard A connect port 2 and mainboard B connect port 3 in switch Mai...

Page 19: ...prohibit illegal MAC addresses in order to realize safe access Actually MAC address binding in configuration port is writing some specific MAC address to forwarding table statically If switch is bound...

Page 20: ...hole network and increase network transmission efficiency Meanwhile each virtual network can not communicate directly but must forward data via router This helps isolating ports increasing network saf...

Page 21: ...or UNTAG If it is configured as TAG member data frame comes from this port will be marked VLAN TAG The VLAN ID in this VLAN TAG is the VLAN ID belongs to this VLAN broadcast If it is configured as UNT...

Page 22: ...n data packet that host A visit host C when it go through switch A it will find VLAN group according to PVID 2 of port 2 Since VLAN 2 exists in switch A and port 4 that this packet will send from is i...

Page 23: ...mally As the figure below shows under protected VLAN mode when 26 port is configured as uplink port all hosts connect with 1 25 ports of STES2026 can not visit each other but all of them can communica...

Page 24: ...y mode there are Disable priority port based priority ToS priority and 802 1p priority modes 802 1p priority is only effective under 802 1 Q Tag VLAN mode Priority control rule there are WRP and Preem...

Page 25: ...ond level protocol that compatible with IEEE802 1d This protocol provides network dynamic redundant switch mechanism Thus you can deploy backup line in your network design if STP was used It will ensu...

Page 26: ...BPDU message to this LAN Inferior BPDU message is dropped and superior BPDU message is spread to the whole network through this mode BPDU message exchange will result to One switch is selected to be r...

Page 27: ...for data forwarding Interface drops data frame from some network section or other port but learns MAC address it receives and processes BPDU message and network management message Switch processes and...

Page 28: ...ication failure etc Below is the connection figure between management station and management entity STES2026 4 8 2 RMON protocol RMON Remote Network Monitoring takes effect on defining standard networ...

Page 29: ...rver are transferring EAP message The EAPOL data packets that exchange between client and switch are as follows 1 EAPOL Star Packet Type value is 1 initiative authentication frame when user need authe...

Page 30: ...level switch of STES2026 Host which connected to STES2026 needs to transfer EAPOL data frame to up level switch to realize authentication function In this situation the port of up level switch that c...

Page 31: ...n information mistakes If you use Internet Explorer 6 0 you can choose Every visit to the page or Automatically we suggest you choose Automatically PressOK Notice Choose Every visit to the page every...

Page 32: ...the web page will display slowly Internet Explorer 6 0 can solve the issue well you can choose Automatically default TheThirdstep ChooseSecurity User defined Figure 5 3 Securities TheForthStep Choose...

Page 33: ...can configure switch through WEB via previous setting Notice There are some requirements of PC hardware device to set screen definition to 1024X768 For those old PCs you may not configure it this way...

Page 34: ...e port panel state interface shows their work state Green indicates link up grey indicates link down if it shows black slash it means that this port is disabled Figure 5 7 STES2026 WEB HOMEPAGE The ma...

Page 35: ...ers configuration port parameters configuration SNMP configuration 802 1x configuration 802 1X Global configuration 802 1X port configuration 802 1X user Status Radius server configuration 802 1X tran...

Page 36: ...rs Product name switch name User can configure this value to 1 255 English characters 5 3 1 2 Switch information The configuration shows as the figure below Figure 5 10 Switch information Spanning Tre...

Page 37: ...et Configurations show as figure below Figure 5 13 Reset There will be a prompt window after you click the buttons For example if you click restore to factory setting the conformation prompt window wi...

Page 38: ...ion is not in use Auto Negotiation You can choose Auto 10M HD 10M Half Duplex 10M FD 10M Full Duplex 100M HD 100M Half Duplex 100M FD 100M Full Duplex 1000M FD 1000M Full Duplex Drop Untag Frame when...

Page 39: ...port but it can be the mirrored port The capture port and the mirrored port should be in the same VLAN A port cannot be the capture port and mirrored port at the same time Fig 5 17 Mistake information...

Page 40: ...Egress Mirror Mac Address Packet Divide is similar to the above 5 3 2 4 Port Description This web page is used to set description information for all the ports so the administrator can know purpose of...

Page 41: ...ed frames within size 65 to 127 bytes total length Pkts128to255Octets the number of received and transmited frames within size 128 to 255 bytes total length Pkts256to511Octets the number of received a...

Page 42: ...1000M port You can choose the rate only when the Ingress Control is Enable Egress Control Enable denotes to control the Egress port rate of the port Disable denotes not to control the Egress port rat...

Page 43: ...o enable this control function Broadcast Storm Control Control storms caused by broadcast packet Select Enable to enable this control function UL Storm Control the switch broadcasts the packets that i...

Page 44: ...600 secs to set the aging time for the member port in the multicast entry 5 3 3 2 Static Multicast Configuration Figure 5 25 Static Multicast Configuration Set static multicast addressed here and the...

Page 45: ...0 1 000 000 to set the aging time for dynamic address Illustration 1 Max Aging is a parameter affects switch auto learning A dynamic address in the FDB table will be deleted if it hasn t been used dur...

Page 46: ...effective until it s deleted and it s not restricted by max aging time When MAC address is bound the ingress frames will be transmitted only when its source address exists in the bound address table...

Page 47: ...ED_VLAN selected the uplink port Illustration The default model is IEEE802 1Q VLAN which includes all ports VID is 1 5 3 4 2 802 1Q VLAN Configuration Figure 5 32 Global VID Port Property Untag denote...

Page 48: ...AN Configuration Figure 5 34 PROTECTED VLAN Illustration Uplink port 1 26 If set one port as uplink port it will compose VLAN with each of the other 25 ports separately so get totally 25 VLANs Each VL...

Page 49: ...unks simultaneously 3 One Trunk s all ports will be treated as one single logic port by the switch Note STES2026 s 1st port can t be set as Trunk member 5 3 6 QoS Configuration QoS Configuration inclu...

Page 50: ...y tag Illustration The forwarding ratio of Low and Highest is 1 8 the bandwidth will be divided therefore in the port 5 3 6 3 ToS based QoS Figure 5 38 ToS based QoS ToS Initial ToS filed value for re...

Page 51: ...ave no tag headers the switch will endow default priority Tag value to the packets and process thereafter 5 3 6 5 801 1p 802 1p Remap Figture 5 40 801 1p 802 1p Remap Original priority Tag the priorit...

Page 52: ...ridge s Hello Time the interval time when this bridge to forward BPDU as root bridge Bridge s forward delay time from bridge s congestion to forward status Bridge s max age time reselect root bridge i...

Page 53: ...ead Write popedom which SNMP Community empowers to end user Status whether the SNMP Community is activated to use 5 3 8 2 SNMP TRAP Target Configuration Figure 5 44 TRAP Target Configuration Entry the...

Page 54: ...switch to require reanthentication for user Quiet Period The time waiting to reauthentication if previous anthentication fails Tx Period overtime frame for server to require anthentication on user nam...

Page 55: ...ust configure this item IP address of optional Radius server for backup Radius server Optional to configure This server will begin working when host server can t work normally UDP port Authentication...

Page 56: ...gement manages the Swith locally through the console port without occupying the bandwidth Through TELNET you can realize remote login to manage the Swith Though TELNET and Out of Band have different p...

Page 57: ...e and psaaword are admin you will logon the interface of TELNET Out of Band Management Management interface is based on command line After login input and you will see command lines as below 6 4 Cli c...

Page 58: ...mand is used for clear the screen Exit setting Exit from hyper terminal When login again need key in the user name and the pass words If use the exit command in Telnet terminal will be quit from Telne...

Page 59: ...e parameter which is the same as trunk group s number vlan Vlan s config menu user can configure the valn mode and the material seeting 6 4 3 Command of aaa setting introduction the menu of aaa settin...

Page 60: ...reauthenticate enable Note There is only enable and disable for choice enable denote the function open and disable denote the function close Setting the time of overtime of switch dot1x timeout overti...

Page 61: ...ip example Switch aaa radius server option host 192 168 1 3 Authenticate the port of Radius radius server udp port port no example Switch aaa radius server udp port 1218 Note the port num must be bet...

Page 62: ...30 Supp timeout 30 Server timeout 10 Max req 3 2 Setting the port 5 as the authenticate port Setting the port 5 s state as auto Switch aaa dot1x control auto 5 Look over the port 5 s state Switch aaa...

Page 63: ...dius sever s IP Switch aaa radius server host 172 2 2 1 Setting the Radius sever s share key Switch aaa radius server key abc Look over the Radius sever s setting Switch aaa conf radius PrimaryServerI...

Page 64: ...Switch igmp snooping immediate leave true Note if set it to true the function will be open and set it to false the function will be close Age of the group broadcast age example Switch igmpsnooping ag...

Page 65: ...ch mirror egress mode source dest all dest Mac Address 00 02 02 01 01 01 packet diviter 3 6 4 7 Example of setting the port mirroring Suppose that STES2026 s port 1 has linked host A and host B and A...

Page 66: ...can monitor the data bag which PC A into switch 6 4 8 Command of network configure introduction The menu of network configure as below Display the IP address of nowadays switch config ip example Swit...

Page 67: ...table of nowadays switch config agetime example Switch network config agetime Dynamic address Age Time is 300 Open or close the take IP s function by swtich s DHCP dhcp example Switch network dhcp en...

Page 68: ...s 01 00 01 01 01 01 VLAN id 1 1 Note the static mcast need be existent when you want delete it otherwise will be not delete successful Delete the learnt address in the FDB table fwd unicast flush exam...

Page 69: ...dd type VLAN group example Switch port 1 1 add tagged vlan 2 Delete port from some 802 1Q VLAN group delete example Switch port 1 1 delete tagged vlan 2 Setting the limit of the bandwidth of ports ban...

Page 70: ...etween 1 and 16 english character Open and close the ports enable or disable example Switch port 1 1 disable Note enable meaning the ports is open but disable meaning the ports is closed Open and clos...

Page 71: ...NUcastPkts 30133 ifOutDiscards 0 ifOutErrors 0 Clear the statistics of ports of nowadays statistics clear example Switch port 22 22 statistics clear Setting the broadcast storm control storm control e...

Page 72: ...ing the priority of 802 1P dot1p pri cos example Switch QoS dot1p pri cos priority 0 mapcos highest priority 1 mapcos low priority 2 mapcos high priority 3 mapcos normal priority 4 mapcos low priority...

Page 73: ...ype 4 mapcos highest TOS Dtype 5 mapcos low TOS Dtype 6 mapcos low TOS Dtype 7 mapcos low 6 4 11 Example of QOS configure Suppose that the user need configure 802 1P s priority and hope the transmit r...

Page 74: ...below Alarm Alarm Example Switch rmon alarm Note This command is for TIPs Input command there are a few of this type of command Introduction of the command Interval the unit is seconds Variable the t...

Page 75: ...isingAlarm 1 fallingAlarm 2 risingOrFallingAlarm 3 Designate after one line is effective risingThreshold the first sample value is greater or equal fallingThreshold is less than or equal Or if both wh...

Page 76: ...are three operation type for community they are add delete modify add is for adding a new community delete is for deleting an existing community modify is modifying an existing community A community i...

Page 77: ...l or Disable STP Example Switch stp enable Note Enable means to enable the STP function Disable means to disable the STP function Set STP bridge parameter bridge bridge parameter type bridge parameter...

Page 78: ...h stp delete port 1 2 Setting priority of the port STP priority Port number Example Switch stp priority 2 priority 129 Note Port number is 1 26 Priority is 1 255 View the present STP bridge setting co...

Page 79: ...uration information underthe system menu View the overall function configuration information of the switch config all Example Switch system config all Set the system connection connection connection c...

Page 80: ...s telnet function is open disable indicate the telnet function is close Web enable and disable web setting status Example Switch system web enable Upgrade the system software or configuration file thr...

Page 81: ...dd into the VLAN as tagged member untagged vlan indicate all the trunk group member add into the VLAN as untagged member The VLAN group should be an existing VLAN or this can t add successfully Delete...

Page 82: ...ss of the data frame for routing destionation indicate using the destination address of the data frame for routing both indicate using both the source address and destination address of the data frame...

Page 83: ...onfiguration menu Switch trunk 2 Switch trunk 2 2 Set Trunk 2 group member ports as 2 5 7 Switch trunk 2 member 2 5 7 3 Enable the present trunk setting Switch trunk 2 enable 4 Set trunk routing mode...

Page 84: ...2 1q VLAN group delete qvlan VLAN ID Example Switch vlan delete qvlan 2 VLAN 2 deleted Note When deleting a 802 1q VLAN group the VLAN group should be exist in the switch Add or revise PORT VLAN group...

Page 85: ...port 4 4 pvid 2 Switch port 4 4 port 5 Switch port 5 5 pvid 2 Switch port 5 5 port 6 Switch port 6 6 pvid 2 Switch port 6 6 port 9 Switch port 9 9 pvid 2 Chapter 7 Telnet Management 7 1 Introduction T...

Page 86: ...to connect the switch choose the option Property the following window will show up Figure 7 2 networking property Step 3 Double click on Internet Protocol TCP IP and you will see the Internet Protoco...

Page 87: ...perty dialogue Step 6 Click OK button uner the networking property And then you can start to configure the switch through Telnet 7 3 Connection Click the RUN button at the Start menu on the desktop in...

Page 88: ...ndard SNMP management tools like SNMPC HP openview you can monitor and manage the switch conveniently Below we use HP openview as a management tool to operate STES2026 1 Use HP openview networking nod...

Page 89: ...can view the ports status of the switch 4 Choose performance network activity port flow you can the flow curve of the ports in connection Since port 22 is in connection now so you can easily view the...

Page 90: ...Switch User Manual www stephen tele com 90 6 Sellect configure bridge MIB you can view the settings relate to bridge MIB Able to view the forwarding address contents as below Able to view the STP stat...

Page 91: ...erwise in regard to this document and to the products described in this document The information provided by this document is believed to be accurate and reliable to the publication date of this docum...

Search results

Summary of Contents for STES2026+

Reviews:

Related manuals for STES2026+

Brands by name

Popular brands

Chima STES2026+, User Manual

Search results

Summary of Contents for STES2026+

Reviews:

Related manuals for STES2026+

Brands by name

Popular brands