Cisco Linksys SFE1000P Reference Manual Download

Page: 66 / 237

Chapter 5: Configuring Device Security
Defining Access Control

SFE1000P Gigabit Ethernet Switch Reference Guide

Chapter

Defining IP Based ACL

The

IP Based ACL Page

contains information for defining IP Based ACLs, including defining the

ACEs defined for IP Based ACLs.

IP Based ACL Page

The

IP Based ACL Page

contains the following fields:

•

ACL Name

— Displays the user-defined IP based ACLs.

•

Rule Priority

— Indicates the rule priority, which determines which rule is matched to a

packet on a first-match basis.

•

Protocol

— Creates an ACE based on a specific protocol. The available protocols are:

–

ICMP

—

Internet Control Message Protoco

l (ICMP). The ICMP allows the gateway or

destination host to communicate with the source host. For example, to report a
processing error.

–

IGMP

—

Internet Group Management Protocol

(IGMP). Allows hosts to notify their local

switch or router that they want to receive transmissions assigned to a specific multicast
group.

–

—

Internet Protocol

(IP). Specifies the format of packets and their addressing method.

IP addresses packets and forwards the packets to the correct port.

–

TCP

—

Transmission Control Protocol

(TCP). Enables two hosts to communicate and

exchange data streams. TCP guarantees packet delivery, and guarantees packets are
transmitted and received in the order the are sent.

–

EGP

—

Exterior Gateway Protocol

(EGP). Permits exchanging routing information

between two neighboring gateway hosts in an autonomous systems network.

Summary of Contents for Linksys SFE1000P

Page 1: ...SFE1000P 8 port 10 100 Ethernet Switch with PoE Reference Guide SFE1000P 8 PORT 10 100 ETHERNET SWITCH WITH POE REFERENCE GUIDE SFE1000P 8 port 10 100 Ethernet Switch with PoE Reference Guide March 2008 ...

Page 2: ...ksys the Cisco Systems logo the Linksys Logo and the Linksys One logo are registered trademarks of Cisco Systems Inc All other trademarks mentioned in this document are the property of their respective owners Document Revision History Revision Date Description 1 0 March 2008 Initial release ...

Page 3: ...evice Zoom View 9 Defining General System Information 10 Resetting the Device 11 Chapter 4 Managing Power over Ethernet Devices 12 PoE Settings 13 Edit PoE 14 Chapter 5 Configuring Device Security 16 Passwords Management 16 Add Local User 17 Modifying the Local User Settings 17 Defining Authentication 18 Defining Authentication Profiles 18 Add Authentication Profile 19 Modify the Authentication Pr...

Page 4: ...ule to MAC Based ACL 56 Defining IP Based ACL 58 Add IP Based ACL 61 Adding an IP Based Rule 63 Defining ACL Binding 65 Modifying ACL Binding 66 Defining DoS Prevention 67 Global Settings 67 Defining Martian Addresses 68 Add Martian Address Page 69 Chapter 6 Configuring Device Interfaces 70 Defining Port Settings 70 Modifying Port Settings 72 Defining LAG Management 75 Modifying LAG Membership 77 ...

Page 5: ...dress Tables 104 Defining Static Addresses 104 Add Static MAC Address 105 Defining Dynamic Addresses 106 Chapter 10 Configuring Multicast Forwarding 108 IGMP Snooping 108 Modifying IGMP Snooping 109 Defining Multicast Bridging Groups 110 Add Multicast Group 111 Modifying a Multicast Group 112 Defining Multicast Forwarding 113 Modifying Multicast Forwarding 114 Chapter 11 Configuring Spanning Tree ...

Page 6: ...tification Recipient 150 Modifying SNMP Notifications Settings 152 Defining SNMP Filter Settings 154 Add SNMP Notification Filter 155 Chapter 13 Configuring Quality of Service 156 Defining General Settings 157 Defining CoS 157 Modifying Interface Priorities 158 Defining Queue 159 Mapping CoS to Queue 160 Mapping DSCP to Queue 161 Configuring Bandwidth 162 Modifying Bandwidth Settings 163 Defining ...

Page 7: ... Configuring System Time 192 Defining System Time 192 Defining SNTP Settings 195 Add SNTP Server 196 Defining SNTP Authentication 197 Add SNTP Authentication 198 Chapter 17 Viewing Statistics 199 Viewing Ethernet Statistics 199 Defining Ethernet Interface 199 Resetting Interface Statistics Counters 200 Viewing Etherlike Statistics 201 Resetting Etherlike Statistics Counters 202 Viewing GVRP Statis...

Page 8: ...s 216 Viewing the RMON Events Logs 217 Defining RMON Alarms 218 Add RMON Alarm 220 Modify RMON Alarm Settings 222 Chapter 18 Managing Device Diagnostics 224 Viewing Integrated Cable Tests 224 Performing Optical Tests 225 Configuring Port Mirroring 226 Adding Port Mirroring Session 227 Modifying Port Mirroring 227 Defining CPU Utilization 228 ...

Page 9: ...tem information Chapter 4 Managing Power over Ethernet Devices describes configuring PoE settings Chapter 5 Configuring Device Security describes password management defining authentication access method traffic control 802 1x protocols access control and Denial of service prevention Chapter 6 Configuring Device Interfaces describes defining port settings LAG management LAG settings and configurin...

Page 10: ...nd diagnostics Chapter 15 Managing System Logs shows how to enable system logs view device memory logs flash logs and remote logs Chapter 16 Configuring System Time provides information for configuring the system time and includes defining system time SNTP settings and SNTP authentication Chapter 17 Viewing Statistics describes viewing and managing device statistics for RMON interfaces GVRP EAP an...

Page 11: ...ing Screen and Table Options Resetting the Device Logging Off The Device Starting the Application This section contains information for starting the Linksys User Interface Enter Network Password Page Enter a user name and password The default user name is admin The device is not configured with a default password and can be configured without entering a password Passwords are both case sensitive a...

Page 12: ...ear and allow you to navigate through the various areas of the web interface However the following page will appear within the frame provided by the Service Router user interface Component Description 1 Tree View The Tree View provides easy navigation through the configurable device features The main branches expand to provide the subfeatures 2 Device View The device view provides information abou...

Page 13: ... user interface buttons including both management buttons and task icons Using the Linksys Management Buttons Provides instructions for adding modifying and deleting device parameters 3 Table Area The Table area enables navigating through the different device features Click the tabs to view all the components under a specific feature 4 EWS Information The EWS information tabs provide access to the...

Page 14: ...ront panel illustration Using the Linksys Management Buttons Device Management buttons and icons provide an easy method of configuring device information and include the following Device Management Buttons Button Name Button Description Apply Applies changes to the device Clear Counters Clears statistic counters Clear Logs Clears log files Add Opens an Add page Delete Removes entries from tables R...

Page 15: ...ng Device Information Adding Device Information User defined information can be added to specific EWS pages by opening a new Add page Add SNTP Server Modifying Device Information User defined information can be modified on specific EWS pages by opening the appropriate Edit page Edit Interface Priority Deleting Device Information User defined information can be deleted on specific EWS pages by open...

Page 16: ...The Reset page enables the device to be reset from a remote location Save all changes to the Running Configuration file before resetting the device This prevents the current device configuration from being lost To reset the device Reset Page Logging Off The Device Click The system logs off The Embedded Web System Home Page closes ...

Page 17: ...for defining both basic and advanced system information This section contains the following topics Understanding the Device Zoom View Defining General System Information Resetting the Device Understanding the Device Zoom View The Zoom Page is the main window used for viewing the device Zoom Page The Zoom Page contains the following port indicators Green Indicates the port is currently operating ...

Page 18: ...g The field range is up to 0 160 Characters System Contact Defines the name of the contact person The field range is up to 0 160 Characters System Object ID Displays the vendor s authoritative identification of the network management subsystem contained in the entity System Up Time Displays the amount of time that has elapsed since the last device reset The system time is displayed in the followin...

Page 19: ...hernet Switch Reference Guide Chapter 3 Resetting the Device The Reset page enables the device to be reset from a remote location Save all changes to the Startup Configuration file before resetting the device This prevents the current device configuration from being lost Reset Page ...

Page 20: ...ess Points IP Gateways PDAs Audio and video remote monitoring Powered Devices are devices which receive power from the device power supplies for example IP phones Powered Devices are connected to the device via Ethernet ports Guard Band protects the device from exceeding the maximum power level For example if 400W is maximum power level and the Guard Band is 20W if the total system power consumpti...

Page 21: ...on the port The possible values are Enable Enables PoE on the port This is the default setting Disable Disables PoE on the port Priority Indicates the PoE ports priority The possible values are Critical High and Low The default is Low Power Allocation watts Indicates the power allocated to the port The range is 3 15 4 watts Power Consumption milliwatts Indicates the amount of power assigned to the...

Page 22: ...e specific interface for which PoE parameters are defined and assigned to the powered interface connected to the selected port Enable PoE Enables or disables PoE on the port The possible values are Enable Enables PoE on the port This is the default setting Disable Disables PoE on the port Power Priority Level Determines the port priority if the power supply is low The port power priority is used i...

Page 23: ...umption level of 0 44 to 3 8 Watts 3 84 6 49 Indicates that the port is assigned a power consumption level of 3 84 to 6 49 Watts 6 49 12 95 Indicates that the port is assigned a power consumption level of 6 49 to 12 95 Watts Overload Counter Indicates the total power overload occurrences Short Counter Indicates the total power shortage occurrences Denied Counter Indicates times the powered device ...

Page 24: ...ss Method Defining Traffic Control Defining 802 1x Defining Access Control Defining DoS Prevention Passwords Management This section contains information for defining passwords Passwords are used to authenticate users accessing the device User Authentication Page The User Authentication Page contains the following fields NOTE By default a single user name is defined admin with no password An addit...

Page 25: ... Page The Add Local User Page contains the following fields User Name Displays the user name Password Specifies the new password The is not displayed As it entered an corresponding to each character is displayed in the field Range 1 159 characters Confirm Password Confirms the new password The password entered into this field must be exactly the same as the password entered in the Password field M...

Page 26: ...Authentication Profiles Mapping Authentication Profiles Defining TACACS Defining RADIUS Defining Authentication Profiles Authentication profiles allow network administrators to assign authentication methods for user authentication User authentication can be performed locally or on an external server User authentication occurs in the order the methods are selected If the first authentication method...

Page 27: ...Name Displays the Authentication profile name Authentication Method Defines the user authentication methods The order of the authentication methods indicates the order in which authentication is attempted For example if the authentication method order is RADIUS Local the system first attempts to authenticate the user on a RADIUS server If there is no available RADIUS server then authentication is ...

Page 28: ...ontains the following fields Profile Name Displays the Authentication profile name Authentication Methods Defines the user authentication methods The possible field values are Local Authenticates the user at the device level The device checks the user name and password for authentication RADIUS Authenticates the user at the RADIUS server TACACS Authenticates the user at the TACACS server None No u...

Page 29: ...s for mapping authentication methods Mapping Profiles Page The Mapping Profiles Page contains the following fields Console Indicates that Authentication profiles are used to authenticate console users Telnet Indicates that Authentication profiles are used to authenticate Telnet users Secure Telnet SSH Indicates that Authentication profiles are used to authenticate Secure Shell SSH users SSH provid...

Page 30: ...entication methods from the methods offered in the Optional methods area Defining TACACS The devices provide Terminal Access Controller Access Control System TACACS client support TACACS provides centralized security for validation of users accessing the device TACACS provides a centralized user management system while still retaining consistency with RADIUS and other authentication processes TACA...

Page 31: ...lowing parameters are configured for each TACACS server Host IP Address Displays the TACACS Server IP address Priority Displays the order in which the TACACS servers are used The default is 0 Source IP Address Displays the device source IP address used for the TACACS session between the device and the TACACS server Authentication Port Displays the port number through which the TACACS session occur...

Page 32: ...he default is 0 Source IP Address Defines the device source IP address used for the TACACS session between the device and the TACACS server Key String Defines the authentication and encryption key for TACACS server The key must match the encryption key used on the TACACS server Authentication Port Displays the port number through which the TACACS session occurs The default is port 49 Timeout for R...

Page 33: ...he encryption key used on the TACACS server Authentication Port Displays the port number through which the TACACS session occurs The default is port 49 Timeout for Reply Defines the amount of time that passes before the connection between the device and the TACACS server times out The field range is 1 30 seconds Status Displays the connection status between the device and the TACACS server The pos...

Page 34: ...g fields Default Retries Provides the default retries Default Timeout for Reply Provides the device default Timeout for Reply Default Dead Time Provides the device default Dead Time Default Key String Provides the device default Default Key String Source IP Address Provides the device default Timeout for Reply The following parameters are configured for each RADIUS server IP Address The Authentica...

Page 35: ...ault is 0 minutes Key String Defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match the RADIUS encryption Source IP Address Defines the source IP address that is used for communication with RADIUS servers Usage Type Specifies the RADIUS server authentication type The default value is Login The pos...

Page 36: ...the next server The possible field values are 1 30 Three is the default value Dead Time Defines the amount of time minutes that a RADIUS server is bypassed for service requests The range is 0 2000 The Dead Time default is 0 minutes Key String Defines the default key string used for authenticating and encrypting all RADIUS communications between the device and the RADIUS server This key must match ...

Page 37: ...US server before a failure occurs The possible field values are 1 10 Three is the default value Timeout for Reply Defines the amount of the time in seconds the device waits for an answer from the RADIUS server before retrying the query or switching to the next server The possible field values are 1 30 Three is the default value Dead Time Defines the amount of time minutes that a RADIUS server is b...

Page 38: ...accessing the device Access to management functions can be limited to user groups User groups are defined for interfaces according to IP addresses or IP subnets Access profiles contain management methods for accessing and managing the device The device management methods include All Telnet Secure Telnet SSH HTTP Secure HTTP HTTPS SNMP Management access to different management methods may differ be...

Page 39: ...fines the access profile name The access profile name can contain up to 32 characters Current Active Access Profile Defines the access profile currently active Delete Deletes the selected access profile The possible field values are Checked Deletes the selected access profile Unchecked Maintains the access profiles Add Access Profile Page Add Access Profile Page The Add Access Profile Page contain...

Page 40: ...tted or denied access to the device HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP acc...

Page 41: ...nagement Method IP Address Prefix Length Forwarding Action Profile Rules Page The Profile Rules Page contains the following fields Access Profile Name Displays the access profile to which the rule is attached Priority Defines the rule priority When the packet is matched to a rule user groups are either granted permission or denied device management access The rule number is essential to matching p...

Page 42: ...ed access to the device HTTP Assigns HTTP access to the rule If selected users accessing the device using HTTP meeting access profile criteria are permitted or denied access to the device Secure HTTP HTTPS Assigns HTTPS access to the rule If selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH acc...

Page 43: ... using the management method selected The possible field values are All Assigns all management methods to the rule Telnet Assigns Telnet access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device SNMP Assigns SNMP access to the rule If selected users accessing the device using SNMP meeting access profile crite...

Page 44: ...n the network Prefix Length Defines the number of bits that comprise the source IP address prefix or the network mask of the source IP address Action Defines the action attached to the rule The possible field values are Permit Permits access to the device Deny Denies access to the device This is the default Modifying Profile Rules Edit Profile Rule Page The Edit Profile Rule Page contains the foll...

Page 45: ... selected users accessing the device using HTTPS meeting access profile criteria are permitted or denied access to the device Secure Telnet SSH Assigns SSH access to the rule If selected users accessing the device using Telnet meeting access profile criteria are permitted or denied access to the device Interface Defines the interface on which the access profile is defined The possible field values...

Page 46: ...ve amount of broadcast messages simultaneously transmitted across a network by a single port Forwarded message responses are heaped onto the network straining network resources or causing the network to time out Storm Control is enabled per all ports by defining the packet type and the rate the packets are transmitted The system measures the incoming Broadcast and Multicast frame rates separately ...

Page 47: ... Kbps Broadcast Mode Specifies the Broadcast mode currently enabled on the device The possible field values are Multicast Broadcast Counts Broadcast and Multicast traffic together Broadcast Only Counts only Broadcast traffic Modifying Storm Control Edit Storm Control Page The Edit Storm Control Page contains the following fields Port Indicates the port from which storm control is enabled Enable Br...

Page 48: ...Access to the locked port is limited to users with specific MAC addresses These addresses are either manually defined on the port or learned on that port up to the point when it is locked When a packet is received on a locked port and the packet source MAC address is not tied to that port either it was learned on a different port or it is unknown to the system the protection mechanism is invoked a...

Page 49: ...e field values are Classic Lock Locks the port using the classic lock mechanism The port is immediately locked regardless of the number of addresses that have already been learned Limited Dynamic Lock Locks the port by deleting the current dynamic MAC addresses associated with the port The port learns up to the maximum addresses allowed on the port Both relearning and aging MAC addresses are enabl...

Page 50: ...Trap Frequency Sec The amount of time in seconds between traps The default value is 10 seconds Modifying Port Security Edit Port Security Page The Edit Port Security Page contains the following fields Interface Displays the port or LAG name Lock Interface Indicates the port security status The possible field values are Unchecked Indicates the port is currently unlocked This is the default value Ch...

Page 51: ...Locked is selected in the Interface Status field In addition the Limited Dynamic Lock mode is selected The possible range is 1 128 The default is 1 Action on Violation Indicates the action to be applied to packets arriving on a locked port The possible field values are Discard Discards packets from any unlearned source This is the default value Forward Forwards packets from an unknown source witho...

Page 52: ...nt and the system if the supplicant is authorized Uncontrolled Access Permits uncontrolled communication regardless of the port state The 802 1x page configures port to use Extensible Authentication Protocol EAP The 802 1x section contains the following pages Defining 802 1X Properties Defining Port Authentication Defining Multiple Hosts Defining Authenticated Host Defining 802 1X Properties Port ...

Page 53: ...e following fields Port Based Authentication State Enables Port based Authentication ion the device The possible field values are Enable Enables port based authentication on the device Disable Disables port based authentication on the device Authentication Method Defines the user authentication methods The possible field values are RADIUS None Port authentication is performed first via the RADIUS ...

Page 54: ...ning Port Authentication 802 1X Port Authentication Page The 802 1X Port Authentication Page contains the following fields Copy From Entry Number Indicates the row number from which port authentication parameters are copied To Entry Number s Indicates the row number to which port authentication parameters are copied Port Displays a list of interfaces on which port based authentication is enabled U...

Page 55: ...emains in the quiet state following a failed authentication exchange Range 0 65535 Resending EAP Specifies the number of seconds that the switch waits for a response to an EAP request identity frame from the supplicant client before resending the request Max EAP Requests The total amount of EAP requests sent If a response is not received after the defined period the authentication process is resta...

Page 56: ...ield values are Auto Enables port based authentication on the device The interface moves between an authorized or unauthorized state based on the authentication exchange between the device and the client ForceAuthorized Indicates the interface is in an authorized state without being authenticated The interface re sends and receives normal traffic without client port based authentication ForceUnaut...

Page 57: ...s above Authenticator State Specifies the port authorization state The possible field values are as follows Force Authorized The controlled port state is set to Force Authorized forward traffic Force Unauthorized The controlled port state is set to Force Unauthorized discard traffic Quiet Period Specifies the number of seconds that the switch remains in the quiet state following a failed authentic...

Page 58: ...are Single Only the authorized host can access the port Multiple Multiple hosts can be attached to a single 802 1x enabled port Only one host must be authorized for all hosts to access the network If the host authentication fails or an EAPOL logoff message is received all attached clients are denied access to the network Action on Violation Defines the action to be applied to packets arriving in s...

Page 59: ...rol is Forced Authorized and clients have full port access Single host Lock Indicates that the port control is Auto and a single client has been authenticated via the port No Single Host Indicates that Multiple Host is enabled Number of Violations Indicates the number of packets that arrived on the interface in single host mode from a host whose MAC address is not the supplicant MAC address Modify...

Page 60: ...are enabled for Multiple Hosts The possible field values are Checked Indicates that traps are enabled for Multiple hosts Unchecked Indicates that traps are disabled for Multiple hosts Trap Frequency Defines the time period by which traps are sent to the host The Trap Frequency 1 1000000 field can be defined only if multiple hosts are disabled The default is 10 seconds Defining Authenticated Host T...

Page 61: ...tion actions and rules for specific ingress ports Your switch supports up to 256 ACLs Packets entering an ingress port with an active ACL are either admitted or denied entry If they are denied entry the user can disable the port ACLs are composed of access control entries ACEs that are made of the filters that determine traffic classifications The total number of ACEs that can be defined in all AC...

Page 62: ...o match the ACE Destination MAC Address Defines the destination MAC address to match the ACE Destination MAC Mask Defines the destination MAC mask to the which packets are matched VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4093 CoS Class of Service of the packet CoS Mask Wildcard bits to be applied to the CoS Ether Type The Ethernet type of the packet Action...

Page 63: ...s the ACE priority which determines which ACE is matched to a packet on a first match basis The possible field values are 1 2147483647 Source Address MAC Address Matches the source MAC address from which packets are addressed to the ACE Wild Card Mask Indicates the source MAC Address wild card mask Wildcards are used to mask all or part of a source MAC Address Wild card masks specify which octets ...

Page 64: ... 5th octets of the MAC address are checked while the 2nd 4th and 6th octets are ignored VLAN ID Matches the packet s VLAN ID to the ACE The possible field values are 1 to 4093 CoS Class of Service of the packet CoS Mask Wildcard bits to be applied to the CoS Ether Type The Ethernet type of the packet Action Indicates the ACL forwarding action For example the port can be shut down a trap can be sen...

Page 65: ...are ignored Destination Address MAC Address Matches the destination MAC address to which packets are addressed to the ACE Wild Card Mask Indicates the destination MAC Address wild card mask Wildcards are used to mask all or part of a destination MAC Address Wild card masks specify which octets are used and which octets are ignored A wild card mask of ff ff ff ff ff ff indicates that no octet is im...

Page 66: ...e Protocol ICMP The ICMP allows the gateway or destination host to communicate with the source host For example to report a processing error IGMP Internet Group Management Protocol IGMP Allows hosts to notify their local switch or router that they want to receive transmissions assigned to a specific multicast group IP Internet Protocol IP Specifies the format of packets and their addressing method...

Page 67: ...ches packets to the IPv6 Route through a Gateway IPV6 ROUTE IPV6 FRAG Matches packets to the IPv6 Fragment Header IPV6 FRAG IDRP Matches the packet to the Inter Domain Routing Protocol IDRP RSVP Matches the packet to the ReSerVation Protocol RSVP AH Authentication Header AH Provides source host authentication and data integrity IPV6 ICMP Matches packets to the Matches packets to the IPv6 and Inter...

Page 68: ...dicates that all the bits are important For example if the source IP address 149 36 184 198 and the wildcard mask is 255 36 184 00 the first eight bits of the IP address are ignored while the last eight bits are used Destination Address IP Address Matches the destination port IP address to which packets are addressed to the ACE Mask Defines the destination IP address wildcard mask DSCP Matches the...

Page 69: ...a list of available protocols see the Protocol field description in the IP Based ACL Page above Source Port Defines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TC...

Page 70: ...IP address are ignored while the last eight bits are used Best Address IP Address Matches the destination port IP address to which packets are addressed to the ACE Mask Defines the destination IP address wildcard mask Select either Match DSCP or Match IP Match DSCP Matches the packet to the DSCP tag value Match IP Precedence Matches the packet IP Precedence value to the ACE Either the DSCP value o...

Page 71: ...ription in the IP Based ACL Page above Source Port Defines the TCP UDP source port to which the ACE is matched This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop down menu The possible field range is 0 65535 Destination Port Defines the TCP UDP destination port This field is active only if 800 6 TCP or 800 17 UDP are selected in the Select from List drop...

Page 72: ...h DSCP Matches the packet to the DSCP tag value Match IP Precedence Matches the packet IP Precedence value to the ACE Either the DSCP value or the IP Precedence value is used to match packets to ACLs The possible field range is 0 7 Action Indicates the action assigned to the packet matching the ACL Packets are forwarded or dropped In addition the port can be shut down a trap can be sent to the net...

Page 73: ... not match the ACL are matched to the default rule which is Drop unmatched packets ACL Binding Page The ACL Binding Page contains the following fields Copy From Entry Number Copies the ACL information from the defined interface To Entry Number s Assigns the copied ACL information to the defined interface Ports LAGs Indicates the interface to which the ACL is bound For each entry an interface has a...

Page 74: ...0P Gigabit Ethernet Switch Reference Guide Chapter 5 Modifying ACL Binding Edit ACL Binding Page The Edit ACL Binding Page contains the following fields Interface Indicates the interface to which the ACL is bound Select ACL Indicates the ACL which is bound to the interface ...

Page 75: ... values are Enable Enables DOS security Disable Disables DOS security on the device This is the default value Denial of Service Protection Indicates if any of the services listed below are enabled If the service protection is disabled the Stacheldraht Distribution Invasor Trojan and Back Office Trojan fields are disabled Stacheldraht Distribution Discards TCP packets with source TCP port equal to ...

Page 76: ... 5 Defining Martian Addresses Martian Addresses Page The Martian Addresses Page contains the following fields IP Address Displays the IP addresses for which DoS attack is enabled Mask Displays the Mask for which DoS attack is enabled Delete To remove a Martian address click the entry s checkbox and click the Delete button ...

Page 77: ...llowing IP addresses are included 0 0 0 0 8 except 0 0 0 0 32 127 0 0 0 8 192 0 2 0 24 224 0 0 0 4 240 0 0 0 4 except 255 255 255 255 32 Unchecked Does not include specially reserved IP addresses in the Martian Address list IP Address Enter the Martian IP addresses for which DoS attack is enabled The possible values are One of the addresses in the known Martian IP address list If the Include Reser...

Page 78: ...ontains fields for defining port parameters Port Settings Page The Port Settings Page contains the following fields Copy from Entry Number Copies the port settings from the specified port to Entry Number s Assigns the copied port information to a specified port Interface Displays the port number Port Type Displays the port type The possible field values are 100M Copper 1000M Copper ComboF ComboC I...

Page 79: ...speed is set to 10M or 100M This field cannot be configured on LAGs The possible field values are Full Indicates that the interface supports transmission between the device and the client in both directions simultaneously Half Indicates that the interface supports transmission between the device and the client in only one direction at a time PVE Indicates that this port is protected by an uplink s...

Page 80: ... Displays the port type The possible field values are 100M Copper 1000M Copper ComboF ComboC Indicates the port has a copper port connection Fiber Indicates the port has a fiber optic port connection Admin Status Enables or disables traffic forwarding through the port Current Port Status Displays the port connection status Reactivate Suspended Port Reactivates a port if the port has been disabled ...

Page 81: ...s transmission rate duplex mode and flow control abilities to its partner Current Auto Negotiation Displays the Auto Negotiation status on the port Admin Advertisement Specifies the capabilities to be advertised by the Port The possible field values are Max Capability Indicates that all port speeds and Duplex mode settings can be accepted 10 Half Indicates that the port is advertising a 10 mbps sp...

Page 82: ... Dependent Interface with Crossover MDIX status on the port Hubs and switches are deliberately wired opposite the way end stations are wired so that when a hub or switch is connected to an end station a straight through Ethernet cable can be used and the pairs are matched up properly When two hubs or switches are connected to each other or two end stations are connected to each other a crossover c...

Page 83: ...blish a LAG between them Ensure the following All ports within a LAG must be the same media type A VLAN is not configured on the port The port is not assigned to a different LAG Auto negotiation mode is not configured on the port The port is in full duplex mode All ports in the LAG have the same ingress filtering and tagged modes All ports in the LAG have the same back pressure and flow control mo...

Page 84: ...igabit Ethernet Switch Administration Guide Chapter 6 LAG Management Page The LAG Management Page contains the following fields LAG Displays the LAG number Name Displays the LAG name Link State Displays the link operational status Member Displays the ports configured to the LAG ...

Page 85: ...000P Gigabit Ethernet Switch Administration Guide Chapter 6 Modifying LAG Membership Edit LAG Membership Page The Edit LAG Membership Page contains the following fields LAG Displays the LAG number LAG Name Displays the LAG name LACP Indicates that LACP is enable on the LAG ...

Page 86: ... ports per LAG and eight LAGs per system LAG Settings Page The LAG Settings Page contains the following fields Copy from Entry Number Copies the LAG settings from the specified port To Entry Number s Assigns the copied LAG settings to the specified ports LAG Displays the LAG ID number Description Displays the user defined port name Type The port types that comprise the LAG Status Indicates if the ...

Page 87: ...n Settings The LAG Configuration Settings contains the following fields LAG Displays the LAG ID number Description Displays the user defined port name LAG Type The port types that comprise the LAG Admin Status Enables or disables traffic forwarding through the selected LAG Current LAG Status Indicates if the LAG is currently operating Reactivate Suspended LAG Reactivates a port if the LAG has been...

Page 88: ...00 Mbps speed and full Duplex mode setting 1000 Full Indicates that the LAG is advertising a 1000 Mbps speed and full Duplex mode setting Current Advertisement The LAG advertises its capabilities to its neighbor LAG to start the negotiation process The possible field values are those specified in the Admin Advertisement field Neighbor Advertisement The neighbor LAG the LAG to which the selected in...

Page 89: ... Aggregate ports can be linked into link aggregation port groups Each group is comprised of ports with the same speed LACP Page The LACP Page contains fields for configuring LACP LAGs LACP System Priority Indicates the global LACP priority value The possible range is 1 65535 The default value is 1 Port Defines the port number to which timeout and priority values are assigned Port Priority Defines ...

Page 90: ...t LACP Page contains the following fields Port Defines the port number to which timeout and priority values are assigned LACP Port Priority Defines the LACP priority value for the port The field range is 1 65535 LACP Timeout Administrative LACP timeout The possible field values are Short Defines a short timeout value Long Defines a long timeout value This is the default value ...

Page 91: ...c within the VLAN a Layer 3 router working at a protocol level is required to allow traffic flow between VLANs Layer 3 routers identify segments and coordinate with VLANs VLANs are Broadcast and Multicast domains Broadcast and Multicast traffic is transmitted only in the VLAN in which the traffic is generated VLAN tagging provides a method of transferring VLAN information between VLAN groups VLAN ...

Page 92: ...elds VLAN ID Displays the VLAN ID VLAN Name Displays the user defined VLAN name Type Displays the VLAN type The possible field values are Dynamic Indicates the VLAN was dynamically created through GARP Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN Authentication Indicates whether unauthorized users can access a Guest VLAN The possible field values are Ena...

Page 93: ... VLAN Name Indicates the user defined VLAN name Modifying VLANs Edit VLAN Page The Edit VLAN Page contains information for enabling VLAN guest authentication and includes the following fields VLAN ID Displays the VLAN ID VLAN Name Displays the VLAN name Disable Authentication Indicates whether unauthorized users can access a Guest VLAN The possible field values are Enable Enables unauthorized user...

Page 94: ...values are Dynamic Indicates the VLAN was dynamically created through GARP Static Indicates the VLAN is user defined Default Indicates the VLAN is the default VLAN Port Indicates that ports are described in the page LAG Indicates that LAGs are described in the page Interface Displays the interface configuration being displayed Interface Status Indicates the interface s membership status in the VLA...

Page 95: ...N ID VLAN Name Displays the VLAN name Interface Displays the port or LAG attached to the VLAN Interface Status Displays the current interface s membership status in the VLAN The possible field values are Untagged Indicates the interface is an untagged VLAN member Packets forwarded by the interface are untagged Tagged Indicates the interface is a tagged member of a VLAN All packets forwarded by the...

Page 96: ...the VLAN Interface VLAN Mode Indicates the interface membership status in the VLAN The possible values are General The port belongs to VLANs and each VLAN is user defined as tagged or untagged full 802 1Q mode Access The port belongs to a single untagged VLAN When a port is in Access mode the packet types which are accepted on the port packet type cannot be designated It is also not possible to en...

Page 97: ... and each VLAN is user defined as tagged or untagged full 802 1Q mode Access The port belongs to a single untagged VLAN When a port is in Access mode the packet types which are accepted on the port packet type cannot be designated It is also not possible to enable disable ingress filtering on an access port Trunk The port belongs to VLANs in which all ports are tagged except for an optional single...

Page 98: ...lly configure each bridge and register VLAN membership To define GVRP NOTE The Global System LAG information displays the same field information as the ports but represent the LAG GVRP information GVRP Settings Page The GVRP Settings Page contains the following fields GVRP Global Status Indicates if GVRP is enabled on the device The possible field values are Enable Enables GVRP on the device Disab...

Page 99: ...terface GVRP Registration Indicates if VLAN registration through GVRP is enabled on the device The possible field values are Enabled Enables GVRP registration on the device Disabled Disables GVRP registration on the device Modifying GVRP Settings Edit GVRP Page The Edit GVRP Page contains the following fields Interface Displays the interface on which GVRP is enabled The possible field values are P...

Page 100: ...e field values are Enable Enables GVRP registration on the device Disable Disables GVRP registration on the device Defining VLAN Protocol Group The Protocol Group Page contains information defining protocol names and the VLAN Ethernet type Interfaces can be classified as a specific protocol based interface Protocol Group Page The Protocol Group Page contains the following fields Protocol Value Dis...

Page 101: ... IP IPX IPv6 or ARP Ethernet Based Protocol Value Specify the value in hexadecimal format Group ID Defines the Protocol group ID to which the interface is added The possible value range is 1 2147483647 in hexadecimal format Modifying Protocol Groups The Protocol Group Settings Page provides information for configuring existing VLAN protocol groups Protocol Group Settings Page The Protocol Group Se...

Page 102: ...AG number added to a protocol group Protocol Group ID Protocol group ID to which the interface is added Protocol group IDs are defined in the Protocol Group Table VLAN ID Attaches the interface to a user defined VLAN ID Protocol ports can either be attached to a VLAN ID or a VLAN name Add Protocol Port to VLAN The Add Protocol Port to VLAN Page provides parameters for adding protocol port configur...

Page 103: ... Guide Chapter 7 Interface Port or LAG number added to a protocol group Group ID Protocol group ID to which the interface is added Protocol group IDs are defined in the Protocol Group Table VLAN ID Attaches the interface to a user defined VLAN ID VLAN Name Attaches the interface to a user defined VLAN Name ...

Page 104: ...assigned the DNS service translates the name into a numeric IP address For example www ipexample com is translated into 192 87 56 2 DNS servers maintain databases of domain names and their corresponding IP addresses The Domain Name System contains the following windows Defining DNS Server Mapping DNS Hosts Defining DNS Server Domain Name System DNS converts user defined domain names into IP addres...

Page 105: ...Checked Translates the domains into IP addresses Unchecked Disables translating domains into IP addresses Default Parameters Default Domain Name Specifies the user defined DNS server name 1 158 characters Type Displays the IP address type The possible field values are Dynamic The IP address is dynamically created Static The IP address is a static IP address Remove Removes DNS servers The possible ...

Page 106: ... Server Page The Add DNS Server Page page contains the following fields DNS Server Displays the DNS server s IP address DNS Server Currently Active Displays the DNS server which is currently active Set DNS Server Active Indicates active status of the new DNS Server The possible values are Checked This new server becomes the active DNS Server Unchecked This new server is not the active DNS Server M...

Page 107: ...unqualified host names The Host Name field can contain up to 158 characters IP Address Displays the DNS host IP address Add DNS Host The Add DNS Host Page provides information for defining DNS Host Mapping Add DNS Host Page The Add DNS Host page contains the following fields Host Name Displays a user defined default domain name When defined the default domain name is applied to all unqualified hos...

Page 108: ...ace Page contains fields for assigning IP addresses Packets are forwarded to the default IP when frames are sent to a remote network The configured IP address must belong to the same IP address subnet of one of the IP interfaces IP Interface Page The IP Interface Page contains the following fields Get Dynamic IP from DHCP Server Retrieves the IP addresses using DHCP Static IP Address Permanent IP ...

Page 109: ...s a TCP IP protocol that converts IP addresses into physical addresses The ARP table is used to maintain a correlation between each MAC address and its corresponding IP address The ARP table can be filled in statically by the user When a static ARP entry is defined a permanent entry is put in the table which the system uses to translate IP addresses to MAC addresses ARP Page The ARP Page contains ...

Page 110: ...ddress Indicates the station MAC address which is associated in the ARP table with the IP address Status Indicates the ARP Table entry status Possible field values are Dynamic Indicates the ARP entry was learned dynamically Static Indicates the ARP entry is a static entry Add ARP The Add ARP Page allows you to enter ARP addresses Add ARP Page The Add ARP Page contains the following fields VLAN Ind...

Page 111: ...ns the following fields Interface Indicates the interface connected to the device IP Address Indicates the station IP address which is associated with the MAC address filled in below MAC Address Indicates the station MAC address which is associated in the ARP table with the IP address Status Indicates the ARP Table entry status Possible field values are Dynamic Indicates the ARP entry was learned ...

Page 112: ...nt VLAN Static addresses are manually configured In order to prevent the bridging table from overflowing dynamic MAC addresses from which no traffic is seen for a certain period are erased This section contains information for defining both static and dynamic Forwarding Database entries and includes the following topics Defining Static Addresses Defining Dynamic Addresses Defining Static Addresses...

Page 113: ...C Address Add Static MAC Address Page The Add Static MAC Address Page contains the following fields Interface Displays the interface to which the entry refers Port The specific port number to which the forwarding database parameters refer LAG The specific LAG number to which the forwarding database parameters refer MAC Address Displays the MAC address to which the entry refers VLAN ID Displays the...

Page 114: ...ut the aging time before a dynamic MAC address is erased and includes parameters for querying and viewing the Dynamic MAC Address table The Dynamic MAC Address table contains address parameters by which packets are directly forwarded to the ports The Dynamic Address Table can be sorted by interface VLAN and MAC Address Dynamic Page The Dynamic Page contains the following fields Aging Interval secs...

Page 115: ...00P Gigabit Ethernet Switch Administration Guide Chapter 9 VLAN ID Specifies the VLAN ID for which the table is queried Address Table Sort Key Specifies the means by which the Dynamic MAC Address Table is sorted The address table can be sorted by address VLAN or interface ...

Page 116: ...oups Which ports have Multicast routers generating IGMP queries Which routing protocols are forwarding packets and Multicast traffic Ports requesting to join a specific Multicast group issue an IGMP report specifying that Multicast group is accepting members This results in the creation of the Multicast filtering database IGMP Snooping Page The IGMP Snooping Page contains the following fields Enab...

Page 117: ...sage before it times out The default value is 300 seconds Leave Timeout Indicates the amount of time the host waits after requesting to leave the IGMP group and not receiving a Join message from another station before timing out If a Leave Timeout occurs the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user defined or an Immediate Leave value The d...

Page 118: ...t receiving a Join message from another station before timing out If a Leave Timeout occurs the switch notifies the Multicast device to stop sending traffic The Leave Timeout value is either user defined or an Immediate Leave value The default timeout is 10 seconds Defining Multicast Bridging Groups The Multicast Group page displays the ports and LAGs that are members of Multicast service groups T...

Page 119: ...Status Displays the interface status The options are as follows Static Attaches the interface to the Multicast group as static member in the Static Row The interface has joined the Multicast group statically in the Current Row Forbidden Forbidden interfaces are not included the Multicast group even if IGMP snooping designated the interface to join a Multicast group Dynamic Attaches the interface d...

Page 120: ... the MAC address attached to the Multicast Group Interface Displays the interface attached to the Multicast Group Interface Status Displays the interface status The options are as follows Static Attaches the interface to the Multicast group as static member in the Static Row The interface has joined the Multicast group statically in the Current Row Forbidden Forbidden interfaces are not included t...

Page 121: ... Displays the VLAN ID Ports Displays the Multicast Forwarding status of all of the device s ports LAGs Displays the Multicast Forwarding status of all of the device s LAGs Interface Indicates the port or LAG whose Multicast forwarding configuration is described Interface Status Displays the interface status of the port or LAG The options are as follows Static Attaches the interface to the Multicas...

Page 122: ... VLAN ID Interface Displays the port or LAG on which Multicast forwarding is configured Interface Status Displays the interface status The possible values are Static Attaches the interface to the Multicast group as a static member Forbidden Forbidden interfaces are not included the Multicast group even if IGMP snooping designated the interface to join a Multicast group Dynamic Attaches the interfa...

Page 123: ...ncy The device supports the following Spanning Tree versions Classic STP Provides a single path between end stations avoiding and eliminating loops Rapid STP Detects and uses network topologies that provide faster convergence of the spanning tree without creating forwarding loops Multiple STP Provides full connectivity for packets allocated to any VLAN Multiple STP is based on the RSTP In addition...

Page 124: ...ns device level parameters Spanning Tree State Indicates if STP is enabled on the device The possible field values are Enable Enables STP on the device This is the default value Disable Disables STP on the device STP Operation Mode Indicates the STP mode that is enabled on the device The possible field values are Classic STP Enables Classic STP on the device This is the default value Rapid STP Ena...

Page 125: ...ge waits between configuration messages The default is 2 seconds The range is 1 to 10 seconds Max Age Specifies the device Maximum Age Time The Maximum Age Time indicates the amount of time in seconds that the device can wait without receiving a configuration message before attempting to redefine its own configuration The default max age is 20 seconds The range is 6 to 40 seconds Forward Delay Spe...

Page 126: ...TP is enabled on the port The possible field values are Enable Indicates that STP is enabled on the port Disables Indicates that STP is disabled on the port Port Fast Indicates if Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP conver...

Page 127: ...LAG through which the designated switch is attached to the LAN Alternate Provides an alternate path to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link or when a LAN has two or more connections connected to a shared segment Disable...

Page 128: ...ssible field values are Enable Indicates that STP is enabled on the port Disable Indicates that STP is disabled on the port Port Fast Indicates if Fast Link is enabled on the port If Fast Link mode is enabled for a port the Port State is automatically placed in the Forwarding state when the port link is up Fast Link optimizes the STP protocol convergence STP convergence can take 30 60 seconds in l...

Page 129: ...icates the speed at which the port is operating Path Cost Defines the port contribution to the root path cost The path cost is adjusted to a higher or lower value and is used to forward traffic when a path being rerouted Default Path Cost Defines the default path cost as the Path Cost field setting Priority Priority value of the port The priority value influences the port choice when a bridge has ...

Page 130: ... Indicates the port or LAG on which RSTP is enabled Role Indicates the port role assigned by the STP algorithm in order to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to root switch Designated Indicates that the port or LAG via which the designated switch is attached to the LAN Alternate Provides an alternate path to the root switch from...

Page 131: ...that STP is currently disabled on the port The port forwards traffic while learning MAC addresses Blocking Indicates that the port is currently blocked and cannot forward traffic or learn MAC addresses Listening Indicates that the port is in Listening mode The port cannot forward traffic nor can it learn MAC addresses Learning Indicates that the port is in Learning mode The port cannot forward tra...

Page 132: ... alternate path to the root switch from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link Backup ports also occur when a LAN has two or more connections connected to a shared segment Disable Indicates the port is not participating in the Spanning Tree M...

Page 133: ...to establish a point to point link or specifies for the device to automatically establish a point to point link To establish communications over a point to point link the originating PPP first sends Link Control Protocol LCP packets to configure and test the data link After a link is established and optional facilities are negotiated as needed by the LCP the originating PPP sends Network Control P...

Page 134: ...AN Defining MSTP Instance Settings Defining MSTP Interface Settings Defining MSTP Properties The MSTP Properties Page contains information for defining global MSTP settings including region names MSTP revisions and maximum hops MSTP Properties Page The MSTP Properties Page contains the following fields Region Name Provides a user defined STP region name Revision Defines unsigned 16 bit number that...

Page 135: ...iple Spanning Tree Regions MST Regions Regions are one or more Multiple Spanning Tree bridges by which frames can be transmitted In configuring MSTP the MST region to which the device belongs is defined A configuration consists of the name revision and region to which the device belongs Instance to VLAN Page The Instance to VLAN Page contains the following fields VLAN Indicates the VLAN for which ...

Page 136: ...trators can define MSTP Instances settings using the MSTP Instance Settings Page MSTP Instance Settings Page The MSTP Instance Settings Page contains the following fields Instance ID Defines the VLAN group to which the interface is assigned Included VLAN Maps the selected VLAN to the selected instance Each VLAN belongs to one instance Bridge Priority Specifies the selected spanning tree instance d...

Page 137: ...isplayed The possible field values are Port Specifies the port for which the MSTP settings are displayed LAG Specifies the LAG for which the MSTP settings are displayed Port State Indicates the MSTP status on the specific port The possible field values are Disabled Indicates that STP is currently disabled on the port The port forwards traffic while learning MAC addresses Blocking Indicates that th...

Page 138: ...ted device is attached to the LAN Alternate Provides an alternate path to the root device from the root interface Backup Provides a backup path to the designated port path toward the Spanning Tree leaves Backup ports occur only when two ports are connected in a loop by a point to point link Backup ports also occur when a LAN has two or more connections connected to a shared segment Disabled Indica...

Page 139: ...lowing fields Instance Defines the VLAN group to which the interface is assigned Interface Indicates the port or LAG for which the MSTP settings are displayed Role Indicates the port role assigned by the STP algorithm in order to provide to STP paths The possible field values are Root Provides the lowest cost path to forward packets to root device Designated Indicates the port or LAG via which the...

Page 140: ...t Port Priority Defines the interface priority for specified instance The default value is 128 Path Cost Indicates the port contribution to the Spanning Tree instance The range should always be 1 200 000 000 Port State Indicates the MSTP status on the specific port The possible field values are Disabled Indicates that STP is currently disabled on the port The port forwards traffic while learning M...

Page 141: ... remaining to the next destination Static Attaches the port to the Multicast group as static member in the Static Row The port LAG has joined the Multicast group statically in the Current Row Forbidden Forbidden ports are not included the Multicast group even if IGMP snooping designated the port to join a Multicast group None The port is not part of a Multicast group ...

Page 142: ...n addition User Security Model USM is defined for SNMPv3 and includes Authentication Provides data integrity and data origin authentication Privacy Protects against disclosure message content Cipher Bock Chaining CBC is used for encryption Either authentication is enabled on an SNMP message or both authentication and privacy are enabled on a SNMP message However privacy cannot be enabled without a...

Page 143: ... Engine ID 10 64 Hex characters Indicates the local device engine ID The field value is a hexadecimal string Each byte in hexadecimal character strings consists of two hexadecimal digits Each byte can be separated by a period or a colon The Engine ID must be defined before SNMPv3 is enabled Select a default Engine ID that is comprised of Enterprise number and the default MAC address Use Default Us...

Page 144: ... Multicast groups while SNMP Group B has Read Write R W access to Multicast groups Feature access is granted via the MIB name or MIB Object ID SNMP Views Page The SNMP Views Page contains the following fields View Name Displays the user defined views The options are as follows Default Displays the default SNMP view for read and read write views DefaultSuper Displays the default SNMP view for admin...

Page 145: ...NMP view for administrator views Subtree ID Tree Indicates the device feature OID included or excluded in the selected SNMP view The options to select the Subtree are as follows Select from List Select the Subtree from the list provided Pressing the Up and Down buttons allows you to change the priority by moving the selected subtree up or down in the list Insert Enables a Subtree not included in t...

Page 146: ...agers to assign access rights to specific device features or feature aspects SNMP Users Page The SNMP Users Page contains the following fields User Name Displays the user defined group to which access control rules are applied The field range is up to 30 characters Group Name User defined SNMP group to which the SNMP user belongs SNMP groups are defined in the SNMP Group Profile Page Engine ID Ind...

Page 147: ...the user is connected to a local SNMP entity Remote Indicates that the user is connected to a remote SNMP entity If the Engine ID is defined remote devices receive inform messages Group Name SNMP group which can be chosen from the list to which the SNMP user belongs SNMP groups are defined in the SNMP Group Profile Page Authentication Method Indicates the Authentication method used The possible fi...

Page 148: ...tains the following fields User Name Displays the user defined group to which access control rules are applied Provides a user defined local user list Engine ID Indicates the local device engine ID Group Name SNMP group which can be chosen from the list to which the SNMP user belongs SNMP groups are defined in the SNMP Group Profile page Authentication Method Indicates the Authentication method us...

Page 149: ...k managers to assign access rights to specific device features or features aspects SNMP Groups Profile Page The SNMP Groups Profile Page contains the following fields Group Name Displays the user defined group to which access control rules are applied Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 SNMPv1 is defined for the group SNMPv2 SNMPv2 is ...

Page 150: ...Add SNMP Group Profile Page The Add SNMP Group Profile Page contains the following fields Group Name Displays the user defined group to which access control rules are applied The field range is up to 30 characters Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 SNMPv1 is defined for the group SNMPv2 SNMPv2 is defined for the group SNMPv3 SNMPv3 is...

Page 151: ...ser defined group to which access control rules are applied The field range is up to 30 characters Security Model Defines the SNMP version attached to the group The possible field values are SNMPv1 SNMPv1 is defined for the group SNMPv2 SNMPv2 is defined for the group SNMPv3 SNMPv3 is defined for the group Security Level Defines the security level attached to the group Security levels apply to SNM...

Page 152: ... following tables Basic Table Advanced Table The SNMP Communities Basic Table area contains the following fields Management Station Displays the management station IP address for which the basic SNMP community is defined Community String Displays the password used to authenticate the management station to the device Access Mode Displays the access rights of the community View Name Displays the use...

Page 153: ... addresses Community String Defines the password used to authenticate the management station to the device Configure either the Basic Mode or the Advanced Mode Basic Enables SNMP Basic mode for a selected community and contains the following fields Access Mode Defines the access rights of the community The possible field values are Read Only Management access is restricted to read only and changes...

Page 154: ...evice Configure either the Basic Mode or the Advanced Mode Basic Enables SNMP Basic mode for a selected community and contains the following fields Access Mode Defines the access rights of the community The possible field values are Read Only Management access is restricted to read only and changes cannot be made to the community Read Write Management access is read write and changes can be made t...

Page 155: ... notification parameters Trap Settings Page The Trap Settings Page contains the following fields Enable SNMP Notification Specifies whether the device can send SNMP notifications The possible field values are Checked Enables SNMP notifications Unchecked Disables SNMP notifications Enable Authentication Notification Specifies whether SNMP authentication failure notification is enabled on the device...

Page 156: ...ied trap managers Specify the trap managers so that key events are reported by this switch to the management station Specify up to five management stations that receive authentication failure messages and other trap messages from the switch The Station Management Page contains two areas the SNMPv1 2 Notification Recipient and the SNMPv3 Notification Recipient table Station Management Page The SNMP...

Page 157: ...lowing fields Recipients IP Indicates the IP address to whom the traps are sent Notification Type Defines the notification sent The possible field values are Trap Indicates traps are sent Inform Indicates informs are sent User Name Displays the SNMP Communities Security Level Defines the means by which the packet is authenticated The possible field values are No Authentication Indicates the packet...

Page 158: ... trap type sent Add SNMP Notification Recipient Page SNMP notification filters provide the following services Identifying Management Trap Targets Trap Filtering Selecting Trap Generation Parameters Providing Access Control Checks The Add SNMP Notification Recipient Page contains the following fields Recipient IP Indicates the IP address to whom the traps are sent Notification Type Defines the noti...

Page 159: ...ing fields SNMPv3 Enables SNMPv3 as the Notification version If SNMPv3is enabled the User Name and Security Level fields are enabled for configuration User Name Defines the user to whom SNMP notifications are sent Security Level Defines the means by which the packet is authenticated The possible field values are No Authentication Indicates the packet is neither authenticated nor encrypted Authenti...

Page 160: ...ts IP Indicates the IP address to whom the traps are sent Notification Type Defines the notification sent The possible field values are Trap Indicates traps are sent Inform Indicates informs are sent Either SNMPv1 2 or SNMPv3 may be used as the version of traps with only one version enabled at a single time The SNMPv1 2 Notification Recipient area contains the following fields SNMPv1 2 Enables SNM...

Page 161: ...ket is authenticated The possible field values are No Authentication Indicates the packet is neither authenticated nor encrypted Authentication Indicates the packet is authenticated Privacy Indicates the packet is both authenticated and encrypted The UDP Port Notification Recipient area contains the following fields UDP Port Displays the UDP port used to send notifications The default is 162 Filte...

Page 162: ...ers to filter notifications Filter Settings Page The Filter Settings Page contains the following fields Filter Name Contains a list of user defined notification filters Object ID Subtree Displays the OID for which notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Filter Type Indicates whether informs or traps are sent...

Page 163: ...ich notifications are sent or blocked If a filter is attached to an OID traps or informs are generated and sent to the trap recipients Object IDs are selected from either the Select from List or the Object ID List there are two configuration options Select from List Select the OID from the list provided Pressing the Up and Down buttons allows you to change the priority by moving the selected subtr...

Page 164: ...oS are used in the following context CoS provides varying Layer 2 traffic services CoS refers to classification of traffic to traffic classes which are handled as an aggregate whole with no per flow settings CoS is usually related to the 802 1p service that classifies flows according to their Layer 2 priority as set in the VLAN header QoS refers to Layer 2 traffic and above QoS handles per flow se...

Page 165: ...ction also contains the following pages Configuring Policy Table Configuring Policy Table Defining General Settings The QoS General Settings section contains the following pages Defining CoS Defining Queue Mapping CoS to Queue Mapping DSCP to Queue Configuring Bandwidth Defining CoS The CoS Page contains fields for enabling or disabling CoS Basic or Advanced mode In addition the default CoS for ea...

Page 166: ...ys the default CoS value for incoming packets for which a VLAN tag is not defined The possible field values are 0 7 The default CoS is 0 Restore Defaults Restores the factory CoS default settings to the selected port Checked Restores the factory QoS default settings to ports after clicking the Apply button Unchecked Maintains the current QoS settings Modifying Interface Priorities Edit Interface P...

Page 167: ... Strict Priority Indicates that traffic scheduling for the selected queue is based strictly on the queue priority WRR Indicates that traffic scheduling for the selected queue is based strictly on the WRR If WRR is selected the predetermined weights 8 2 4 and 1 are assigned to queues 4 3 2 and 1 Queue Displays the queue for which the queue settings are displayed The possible field range is 1 4 WRR ...

Page 168: ...ffic queues Cos to Queue Page The Cos to Queue Page contains the following fields Restore Defaults Restores all queues to the default CoS settings Class of Service Specifies the CoS VLAN CoS priority tag values where zero is the lowest and 7 is the highest Queue Defines the traffic forwarding queue to which the CoS priority is mapped Four traffic priority queues are supported where Queue 4 is the ...

Page 169: ... Page enables mapping DSCP values to specific queues DSCP to Queue Page The DSCP to Queue Page contains the following fields DSCP In Indicates the Differentiated Services Code Point DSCP value in the incoming packet The following values are reserved and cannot be changed 3 11 19 27 35 43 51 and 59 Queue Defines the traffic forwarding queue to which the DSCP priority is mapped ...

Page 170: ...Bandwidth Page The Bandwidth Page contains the following fields Ports LAG Specifies whether the bandwidth settings are displayed for ports or for LAGs Interface Indicates the interface for which this bandwidth information is displayed Ingress Rate Limit Indicates the traffic limit for ingress interfaces The possible field values are Status Enables or disables rate limiting for ingress interfaces D...

Page 171: ...ettings for specified egress and ingress interfaces Edit Bandwidth Page The Edit Bandwidth Page contains the following fields Interface Indicates whether the interface for which bandwidth settings are edited is a port or a LAG Enable Egress Shaping Rate Status Indicates if shaping is enabled on the interface The possible field values are Checked Enables egress shaping on the interface Unchecked Di...

Page 172: ...ists CCL CCLs are set according to the classification defined in the ACL and they cannot be defined until a valid ACL is defined When CCLs are defined ACLs and CCLs can be grouped together in a more complex structure called policies Policies can be applied to an interface Policy ACLs CCLs are applied in the sequence they appear within the policy Only a single policy can be attached to a port In ad...

Page 173: ...ces Code Point DSCP values from incoming packets to DSCP values in outgoing packets This information is important when traffic exceeds user defined limits DSCP Mapping Page The DSCP Mapping Page contains the following fields DSCP In Indicates the DSCP value in the incoming packet which will be mapped to an outgoing packet DSCP Out Sets a mapped DSCP value in the outgoing packet for the correspondi...

Page 174: ...igned to packets based only on an IP based ACL or a MAC based ACL Class Map B is assigned to packets based on both an IP based and a MAC based ACL Class Mapping Page The Class Mapping Page contains the following fields Class Map Name Selects an existing Class Map by name ACL1 Contains a list of the user defined ACLs Match Criteria used to match IP addresses and or MAC addresses with an ACL s addre...

Page 175: ...e IP Based ACLs Matches packets to IP based ACLs first then matches packets to MAC based ACLs MAC Based ACLs Matches packets to MAC based ACLs first then matches packets to IP based ACLs IP ACL Matches packets to IP based ACLs first then matches packets to MAC based ACLs Match Criteria used to match IP addresses and or MAC addresses with an ACL s address The possible field values are And Both the ...

Page 176: ...ied to multiple classes in the same policy map but an aggregate policer cannot be used across different policy maps Define an aggregate policer if the policer is shared with multiple classes Policers in one port cannot be shared with other policers in another device Traffic from two different ports can be aggregated for policing purposes Aggregate Policer Page The Aggregate Policer Page contains t...

Page 177: ...egate Policer Name Specifies the Aggregate Policer Name Ingress Committed Information Rate CIR Defines the CIR in bits per second Ingress Committed Burst Size CBS Defines the CBS in bytes per second Exceed Action Action assigned to incoming packets exceeding the CIR Possible values are Drop Drops packets exceeding the defined CIR value Remark DSCP Remarks packet s DSCP values exceeding the defined...

Page 178: ...ggregate Policer Name Specifies the Aggregate Policer Name Ingress Committed Information Rate CIR Defines the CIR in bits per second Ingress Committed Burst Size CbS Defines the CbS in bytes per second Exceed Action Action assigned to incoming packets exceeding the CIR Possible values are Drop Drops packets exceeding the defined CIR value Remark DSCP Remarks packet s DSCP values exceeding the defi...

Page 179: ...Configuring Policy Table In the Policy Table Page QoS policies are set up and assigned to interfaces Policy Table Page The Policy Table Page contains the following fields Policy Name Displays the user defined policy name Adding QoS Policy Profile Add QoS Policy Profile Page The Add QoS Policy Profile Page contains the following fields ...

Page 180: ...e values are Aggregate Configures the class to use a configured aggregate policer selected from the drop down menu An aggregate policer is defined if the policer is shared with multiple classes Traffic from two different ports can be configured for policing purposes An aggregate policer can be applied to multiple classes in the same policy map but cannot be used across different policy maps Single...

Page 181: ... the QoS trust behavior for given traffic When a given type is trusted the QoS mechanism maps a packet to a queue using the received or default value and the relevant map as defined on the QoS Settings By designating trust it is possible to trust only incoming traffic with certain DSCP values Set DSCP Defines the Trust configuration manually In the New Value box the possible values are 0 63 Police...

Page 182: ...s Committed Burst Size CBS Defines the CBS in bytes This field is only relevant when the Police value is Single Exceed Action Action assigned to incoming packets exceeding the CIR This field is only relevant when the Police value is Single Possible values are Drop Drops packets exceeding the defined CIR value Remark DSCP Remarks packet s DSCP values exceeding the defined CIR value None Forwards pa...

Page 183: ...ing Page contains the following fields Interface Displays the interface to which the entry refers Policy Name Select a Policy to associate with the interface Modifying QoS Policy Binding Settings Edit QoS Policy Binding Page The Edit QoS Policy Binding Page contains the following fields Interface Displays the interface to which the entry refers Policy Name Displays the Policy name associated with ...

Page 184: ...ng fields Trust Mode Displays the trust mode If a packet s CoS tag and DSCP tag and TCP UDP mapping are mapped to different queues the Trust Mode determines the queue to which the packet is assigned Possible values are CoS Sets trust mode to CoS on the device The CoS mapping determines the packet queue DSCP Sets trust mode to DSCP on the device The DSCP mapping determines the packet queue Always R...

Page 185: ...SCP Mapping Page define the Differentiated Services Code Point DSCP tag to use in place of the incoming DSCP tags DSCP Mapping Page The DSCP Mapping Page allows the network administrator to define two DSCP tags DSCP In Indicates the DSCP value in the incoming packet DSCP Out Indicates the DSCP value in the outgoing packet that will correspond with the DSCP In value ...

Page 186: ...ed to the Running Configuration File and applied to the device During the session all new commands entered are added to the commands existing in the Running Configuration file Commands are not overwritten To update the Startup file before powering down the device the Running Configuration file must be copied to the Startup Configuration file The next time the device is restarted the commands are c...

Page 187: ... period and the maximum length for file names on the TFTP server is 127 characters or 31 characters for files on the switch Valid characters A Z a z 0 9 _ The Firmware Upgrade Page contains parameters for downloading system files Firmware Upgrade Page The Firmware Upgrade Page contains the following fields Upgrade Specifies that the firmware download is a firmware upgrade Backup Specifies that the...

Page 188: ...down or reboots the next time this configuration becomes the Starting Configuration Starting configuration Contains the parameter definitions which were valid in the Running Configuration when the system last rebooted or shut down Backup configuration Contains a copy of the system configuration for protection against system shutdown or for maintenance of a specific operating state File names canno...

Page 189: ...n for restoration following a shutdown or a fault Copy Files In the Copy Files Page network administrators can copy configuration files from one device to another Copy Files Page The Copy Files Page contains the following fields Restore Configuration Factory Defaults Resets the Configuration file to the factory defaults The factory defaults are reset after the device is reset When not selected the...

Page 190: ... to select the Image files Active Image Page The Active Image Page contains the following fields Active Image Indicates the Image file which is currently active on the device After Reset The Image file which is active after the device is reset The possible field values are Image 1 Activates Image file 1 after the device is reset Image 2 Activates Image file 2 after the device is reset ...

Page 191: ...ach message severity determines the set of event logging devices that are sent per each event logging This section contains the following pages Enabling System Logs Viewing the Device Memory Logs Viewing the Flash Logs Viewing Remote Logs Enabling System Logs In the Log Settings Page define the levels of event severity that are recorded to the system event logs The event severity levels are listed...

Page 192: ...cal The system is in a critical state Error A system error has occurred Warning A system warning has occurred Notice The system is functioning properly but system notice has occurred Informational Provides device information Debug Provides detailed information about the log If a Debug error occurs contact Customer Tech Support Memory Logs The selected Severity types will appear in chronological or...

Page 193: ...rder that are saved in RAM Cache After restart these log entries are deleted Memory Page The Memory Page contains the following fields Log Index Displays the log entry number Log Time Displays the time at which the log entry was generated Severity Displays the event severity Description Displays the log message text Clearing Message Logs To clear the Memory Page click the Clear Logs button The mes...

Page 194: ...t severity and a description of the log message The Message Log is available after reboot Flash Page The Flash Page contains the following fields Log Index Displays the log entry number Log Time Displays the time at which the log entry was generated Severity Displays the event severity Description Displays the log message text Clearing Message Logs Message Logs can be cleared from the FLASH Log Pa...

Page 195: ...server Only one facility can be assigned to a single server If a second facility level is assigned the first facility is overridden All applications defined for a device utilize the same facility on a server The field default is Local 7 The possible field values are Local 0 Local 7 Description Provides a user defined server description Minimum Severity Indicates the minimum severity level for logs...

Page 196: ...g Provides debugging messages Adding a System Log Server The Add Syslog Server Page contains fields for defining new Remote Log Servers Add Syslog Server Page The Add Syslog Server Page contains the following fields Log Server IP Address Specifies the server to which logs can be sent UDP Port Defines the UDP port to which the server logs are sent The possible range is 1 to 65535 The default value ...

Page 197: ...ied logging location Alert The second highest warning level An alert log is saved if there is a serious device malfunction for example all device features are down Critical The third highest warning level A critical log is saved if a critical device malfunction occurs for example two device ports are not functioning while the rest of the device ports remain functional Error A device error has occu...

Page 198: ...e same facility on a server The field default is Local 7 The possible field values are Local 0 Local 7 Description Provides a user defined server description Severity to Include Indicates the minimum severity level for logs that are sent to the server For example if Notice is selected all logs from a Notice severity and higher are sent to the remote server The following are the available log sever...

Page 199: ...Administration Guide Chapter 15 Warning The lowest level of a device warning The device is functioning but an operational problem has occurred Notice The system is functioning properly but system notice has occurred Informational Provides device information Debug Provides debugging messages ...

Page 200: ...system time and includes the following topics including Defining System Time Defining SNTP Settings Defining SNTP Authentication Defining System Time The System Time Page contains fields for defining system time parameters for both the local hardware clock and the external SNTP clock If the system time is kept using an external SNTP clock and the external SNTP clock fails the system time reverts t...

Page 201: ...nd reverts to standard time at 1 00 am on the last Sunday in October The European option applies to EU members and other European countries using the EU standard Other The DST definitions are user defined based on the device locality If Other is selected the From and To fields must be defined Time Set Offset 1 1440 Indicates the difference in minutes between DST and the local standard time The def...

Page 202: ...year The possible field range is Sunday Saturday Week The week within the month from which DST begins every year The possible field range is 1 5 Month The month of the year in which DST begins every year The possible field range is Jan Dec Time The time at which DST begins every year The field format is Hour Minute for example 02 10 To Indicates the day and time that DST ends each year For example...

Page 203: ...efined Poll Interval Defines the interval in seconds at which the SNTP server is polled for system time information By default the poll interval is 1024 seconds Encryption Key ID Indicates the Key Identification used to communicate between the SNTP server and device The range is 1 4294967295 Preference The SNTP server providing SNTP system time information The possible field values are Primary The...

Page 204: ...mp difference between the device local clock and the acquired time from the SNTP server Delay Indicates the amount of time it takes to reach the SNTP server Add SNTP Server The Add SNTP Server Page provides parameters for adding an SNTP server Add SNTP Server Page The Add SNTP Server Page contains the following fields SNTP Server The SNTP server s IP address Enable Poll Interval Select whether or ...

Page 205: ...P session between the device and an SNTP server is enabled on the device The possible field values are Checked Authenticates SNTP sessions between the device and SNTP server Unchecked Disables authenticating SNTP sessions between the device and SNTP server Encryption Key ID Indicates the Key Identification used to authenticate the SNTP server and device The field value is up to 4294967295 characte...

Page 206: ...Authentication Page contains the following fields Encryption Key ID Defines the Key Identification used to authenticate the SNTP server and device The field value is up to 4294967295 characters Authentication Key Defines the key used for authentication Trusted Key Indicates if an encryption key is used Unicast Anycast or elected Broadcast to authenticate the SNTP server ...

Page 207: ...ection contains the following pages Defining Ethernet Interface Viewing Etherlike Statistics Viewing GVRP Statistics Viewing EAP Statistics Defining Ethernet Interface The Interface Page contains statistics for both received and transmitted packets The Interface Page is divided into three areas General Information Receive Statistics and Transmit Statistics Interface Page The Interface Page contain...

Page 208: ...t Packets Displays the number of good Unicast packets received on the interface since the page was last refreshed Multicast Packets Displays the number of good Multicast packets received on the interface since the page was last refreshed Broadcast Packets Displays the number of good broadcast packets received on the interface since the page was last refreshed Packets with Errors Displays the numbe...

Page 209: ... Rate Defines the amount of time that passes before the Etherlike statistics are refreshed The possible field values are 15 Sec Indicates that the Etherlike statistics are refreshed every 15 seconds 30 Sec Indicates that the Etherlike statistics are refreshed every 30 seconds 60 Sec Indicates that the Etherlike statistics are refreshed every 60 seconds No Refresh Indicates that the Etherlike stati...

Page 210: ...s over 1518 octets received on the interface since the page was last refreshed Internal MAC Receive Errors Displays the number of internal MAC received errors on the selected interface Received Pause Frames Displays the number of received paused frames on the selected interface Transmitted Pause Frames Displays the number of paused frames transmitted from the selected interface Resetting Etherlike...

Page 211: ...G statistics are displayed Refresh Rate Indicates the amount of time that passes before the GVRP statistics are refreshed The possible field values are 15 Sec Indicates that the GVRP statistics are refreshed every 15 seconds 30 Sec Indicates that the GVRP statistics are refreshed every 30 seconds 60 Sec Indicates that the GVRP statistics are refreshed every 60 seconds No Refresh Indicates that the...

Page 212: ...ds Invalid Protocol ID Displays the device GVRP Invalid Protocol ID statistics Invalid Attribute Type Displays the device GVRP Invalid Attribute ID statistics Invalid Attribute Value Displays the device GVRP Invalid Attribute Value statistics Invalid Attribute Length Displays the device GVRP Invalid Attribute Length statistics Invalid Events Displays the device GVRP Invalid Events statistics Reset...

Page 213: ...tes that the EAP statistics are refreshed every 30 seconds 60 Sec Indicates that the EAP statistics are refreshed every 60 seconds No Refresh Indicates that the EAP statistics are not refreshed Frames Receive Indicates the number of valid EAPOL frames received on the port Frames Transmit Indicates the number of EAPOL frames transmitted via the port Start Frames Receive Indicates the number of EAPO...

Page 214: ... frames transmitted via the port Invalid Frames Receive Indicates the number of unrecognized EAPOL frames that have been received by on this port Length Error Frames Receive Indicates the number of EAPOL frames with an invalid Packet Body Length received on this port Last Frame Version Indicates the protocol version number attached to the most recently received EAPOL frame Last Frame Source Indica...

Page 215: ...Statistics Page The RMON Statistics Page contains the following fields Interface Indicates the interface for which statistics are displayed The possible field values are Port Defines the specific port for which RMON statistics are displayed LAG Defines the specific LAG for which RMON statistics are displayed Refresh Rate Defines the amount of time that passes before the interface statistics are re...

Page 216: ...eshed Undersize Packets Displays the number of undersized packets less than 64 octets received on the interface since the page was last refreshed Oversize Packets Displays the number of oversized packets over 1518 octets received on the interface since the page was last refreshed Fragments Displays the number of fragments packets with less than 64 octets excluding framing bits but including FCS oc...

Page 217: ...ge contains the following fields History Entry No Number automatically assigned to the table entry number Source Interface Displays the interface port or LAG from which the history samples were taken The possible field values are Port Specifies the port from which the RMON information was taken LAG Specifies the LAG from which the RMON information was taken Sampling Interval Indicates the time in ...

Page 218: ...number Source Interface Select the interface port or LAG from which the history samples will be taken The possible field values are Port Specifies the port from which the RMON information is taken LAG Specifies the LAG from which the RMON information is taken Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters Max No of Samples to Keep Ind...

Page 219: ...ce port or LAG from which the history samples are taken The possible field values are Port Specifies the port from which the RMON information is taken LAG Specifies the LAG from which the RMON information is taken Owner Displays the RMON station or user that requested the RMON information The field range is 0 20 characters Max No of Samples to Keep Indicates the number of samples to save Sampling ...

Page 220: ...etwork resources during the sampling interval This may not represent the exact number dropped packets but rather the number of times dropped packets were detected Received Bytes Octets Displays the number of octets received on the interface since the page was last refreshed This number includes bad packets and FCS octets but excludes framing bits Received Packets Displays the number of packets rec...

Page 221: ...h less than 64 octets excluding framing bits but including FCS octets received on the interface since the page was last refreshed Jabbers Displays the total number of received packets that were longer than 1518 octets This number excludes frame bits but includes FCS octets that had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral oc...

Page 222: ...fining RMON events RMON Events Page The RMON Events Page contains the following fields Event Entry Displays the event index number Community Displays the SNMP community string Description Displays the event description Type Describes the event type Possible values are None No action occurs Log The device adds a log entry Trap The device sends a trap Log and Trap The device adds a log entry and sen...

Page 223: ...ng fields Event Entry Indicates the event entry index number Community Displays the SNMP community string Description Displays a user defined event description Type Describes the event type Possible values are None No action occurs Log The device adds a log entry Trap The device sends a trap Log and Trap The device adds a log entry and sends a trap Owner Displays the device or user that defined th...

Page 224: ...ollowing fields Entry Event No Displays the event entry index number Community Displays the SNMP community string Description Displays the user defined event description Type Describes the event type Possible values are None No action occurs Log The device adds a log entry Trap The device sends a trap Log and Trap The device adds a log entry and sends a trap Owner Displays the device or user that ...

Page 225: ...ents Log Page contains a list of RMON events Events Log Page The Events Log Page contains the following fields Event Displays the RMON Events Log entry number Log No Displays the log number Log Time Displays the time when the log entry was entered Description Displays the log entry description To return to the RMON Events Page click the RMON Events Control button ...

Page 226: ... MIB variable Interface Displays the interface port or LAG for which RMON statistics are displayed The possible field values are Port Displays the RMON statistics for the selected port LAG Displays the RMON statistics for the selected LAG Counter Value Displays the current counter value for the particular alarm Sample Type Defines the sampling method for the selected variable and comparing the val...

Page 227: ...hreshold is graphically presented on top of the graph bars Each monitored variable is designated a color Falling Event Selects an event which is defined in the Events table that triggers the falling threshold alarm The Events Table is displayed in the RMON Events Page Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value...

Page 228: ...variable Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Absolute Compares the values directly with the thresholds at the end of the sampling interval Rising Threshold Displays the risi...

Page 229: ... triggers the falling threshold alarm The Events Table is displayed in the RMON Events Page Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Rising Alarm The rising counter value that triggers the rising threshold alarm Falling Alarm The falling counter value that triggers the f...

Page 230: ...selected LAG Counter Name Displays the selected MIB variable Counter Value Displays the current counter value for the particular alarm Sample Type Defines the sampling method for the selected variable and comparing the value against the thresholds The possible field values are Delta Subtracts the last sampled value from the current value The difference in the values is compared to the threshold Ab...

Page 231: ... a color Falling Event Selects an event which is defined in the Events table that triggers the falling threshold alarm The Events Table is displayed in the RMON Events Page Startup Alarm Displays the trigger that activates the alarm generation Rising is defined by crossing the threshold from a low value threshold to a higher value threshold Rising Alarm The rising counter value that triggers the r...

Page 232: ...rovides information about where errors occurred in the cable the last time a cable test was performed and the type of cable error that occurred The tests use Time Domain Reflectometry TDR technology to test the quality and characteristics of a copper cable attached to a port Cables up to 100 meters long can be tested Cables are tested when the ports are in the down state with the exception of the ...

Page 233: ...k managers to perform tests on Fiber Optic cables Optical transceiver diagnostics can be performed only when the link is present During the port test the port moves to a down state Optical Test Page The Optical Test Page contains the following fields Port Displays the port number on which the cable is tested Temperature Displays the temperature C at which the cable is operating Voltage Displays th...

Page 234: ...nt ports from which the packets are copied Port Mirroring Page The Port Mirroring Page contains the following fields Destination Port Defines the port to which the source port s traffic is mirrored Source Port Defines the port from which traffic is to be analyzed Type Indicates the port mode configuration for port mirroring The possible field values are RxOnly Defines the port mirroring on receivi...

Page 235: ...e port mirroring on receiving ports This is the default value TxOnly Defines the port mirroring on transmitting ports Tx and Rx Defines the port mirroring on both receiving and transmitting ports Modifying Port Mirroring Edit Port Mirroring Page The Edit Port Mirroring Page contains the following fields Source Port Defines the port from which traffic is to be analyzed Type Indicates the port mode ...

Page 236: ... Page contains the following fields CPU Utilization Displays CPU resource utilization information The possible field values are Enabled Enables viewing CPU utilization information This is the default value Disabled Disables viewing the CPU utilization information Refresh Rate Amount of time that passes before the statistics are refreshed Usage Percentages Graph s y axis indicates the percentage of...

Search results

Summary of Contents for Linksys SFE1000P

Reviews:

Related manuals for Linksys SFE1000P

Brands by name

Popular brands

Cisco Linksys SFE1000P, Reference Manual

Search results

Summary of Contents for Linksys SFE1000P

Reviews:

Related manuals for Linksys SFE1000P

Brands by name

Popular brands