manualshive.com logo in svg

Comnet CNXE2GE2TX8MSPOE, Installation And Operation Manual

The Comnet CNXE2GE2TX8MSPOE is a high-quality Ethernet switch with Power over Ethernet capabilities, designed for reliable network connectivity. For detailed instructions on installation and operation, download the free Installation And Operation Manual from our website. Make sure to get your manual from manualshive.com.

Share
Download
background image

 INS_CNXE2GE2TX8MSPOE     11 Jan 2021     PAGE 159

INSTALLATION AND OPERATION MANUAL 

CNXE2GE2TX8MSPOE

TECH SUPPORT: 1.888.678.9427

Overview of MAC-Based Authentication 

Unlike 802.1X, MAC-based authentication is not a standard, but merely a best-practices method 
adopted by the industry. In MAC-based authentication, users are called clients, and the switch 
acts as the supplicant on behalf of clients. The initial frame (any kind of frame) sent by a client 
is snooped by the switch, which in turn uses the client’s MAC address as both username and 
password in the subsequent EAP exchange with the RADIUS server. The 6-byte MAC address is 
converted to a string in the following form “xx-xx-xx-xx-xx-xx”, that is, a dash (-) is used as separator 
between the lower-cased hexadecimal digits. The switch only supports the MD5-Challenge 
authentication method, so the RADIUS server must be configured accordingly. 

When authentication is complete, the RADIUS server sends a success or failure indication, which 
in turn causes the switch to open up or block traffic for that particular client, using static entries 
into the MAC Table. Only then will frames from the client be forwarded on the switch. There are 
no EAPOL frames involved in this authentication, and therefore, MAC-based authentication has 
nothing to do with the 802.1X standard. 

The advantage of MAC-based authentication over 802.1X is that several clients can be 
connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual 
authentication, and that the clients do npt need special supplicant software to authenticate. The 
disadvantage is that MAC addresses can be spoofed by malicious users, equipment whose MAC 
address is a valid RADIUS user can be used by anyone, and only the MD5-Challenge method is 
supported. 

802.1X and MAC-Based authentication configurations consist of two sections: system- and port-
wide. 

Summary of Contents for CNXE2GE2TX8MSPOE

Page 1: ...features eight 10 100 1000BASE TX ports supporting IEEE 802 2af at PSE with a total power budget of 240 watts with a maximum of thirty watts per port to provide power in a PoE application It also prov...

Page 2: ...ardware Overview 11 3 1 Front Panel 11 3 2 Front Panel LEDs 12 3 3 Top View Panel 13 Hardware Installation 14 4 1 Wiring 14 4 1 1 Fault Relay 14 4 1 2 Redundant Power Inputs 14 4 2 Connection 15 4 2 1...

Page 3: ...6 1 12 ModbusTCP 61 6 1 13 Ethernet IP 61 6 1 14 Backup Restore Configurations 62 6 1 15 Firmware Update 63 6 2 DHCP 64 6 2 1 DHCP Server 64 6 2 2 DHCP Relay 69 6 2 3 DHCP Snooping 71 6 3 Port Setting...

Page 4: ...nd Shapers 114 6 6 8 Port Scheduler 116 6 6 9 Port Shaping 116 6 6 10 DSCP Based QoS 118 6 6 11 DSCP Translation 119 6 6 12 DSCP Classification 120 6 6 13 QoS Control List 121 6 6 14 QoS Counters 123...

Page 5: ...187 6 10 7 SFP Type 187 6 10 8 Ping 188 6 11 Power over Ethernet PoE 190 6 11 1 Configuration 190 6 11 2 Status 192 6 12 Configuration 194 6 12 1 Activate 194 6 12 2 Delete 194 6 13 Save 194 6 14 Tro...

Page 6: ...ompatible ComNet SFP modules These network managed layer 2 switches are compatible with any IEEE802 3 compliant Ethernet device 1 2 Software Features Supports C Ring recovery time 30ms and MSTP RSTP S...

Page 7: ...48VDC power inputs 8 x 10 100 1000Base T X ports POE 30W 2 x 1G 10GBase X SFP sockets 2 x 100 1G 2 5GBase X SFP sockets 1 x console port Operating temperature 20 to 60 C 2 5G 10G SFP or 40 to 75 C 1G...

Page 8: ...STALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 Hardware Overview 2 1 Installing Switch on DIN Rail Each switch has a DIN Rail kit pre installed on rear panel Mount CNXE2G...

Page 9: ...2021 PAGE 9 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 2 2 Wall Mounting Installation Each switch includes an optional wall mount panel Install wall mount panel CNX...

Page 10: ...2 x 100 1G 2 5G TG SFP Port 2 x 1G 10G Copper Port 8 x 10 100 1000Base T X Console RJ 45 connecter to manage switch via RS 232 2 3 4 5 6 7 10 11 13 12 8 9 1 1 LED for PWR When lit indicates PWR UP 2 L...

Page 11: ...anel LEDs LED Color Status Description PWR Green On DC power module up PW1 Green On DC power module 1 activated PW2 Green On DC Power module 2 activated R M Green On Ring Master Ring Green On Ring ena...

Page 12: ...PAGE 12 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 3 3 Top View Panel The bottom panel components of CNXE2GE2TX8MSPOE are as shown below 1 Terminal block includes P...

Page 13: ...haracteristics should be routed separately 6 You can use the type of signal transmitted through a wire to determine which wires should be kept separate The rule of thumb is that wiring sharing similar...

Page 14: ...the following table for cable specifications Cable Types and Specifications Cable Type Max Length Connector 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft RJ 45 100BASE TX Cat 5 100 ohm UTP 100 m 328 ft...

Page 15: ...X MDI MDI X Pin Assignments Pin Number MDI port MDI X port 1 TD transmit RD receive 2 TD transmit RD receive 3 RD receive TD transmit 4 Not used Not used 5 Not used Not used 6 RD receive TD transmit 7...

Page 16: ...e should be connected the PC while the other end of the cable RJ 45 connector should be connected to the console port of the switch PC pin out male assignment RS 232 with DB9 female connector DB9 to R...

Page 17: ...cy capabilities through the following steps Connect each switch to form a daisy chain using an Ethernet cable Set one of the connected switches to be the master and make sure the port setting of each...

Page 18: ...ring For example Select switches A and B from Ring 1 and switches C and D from Ring 2 Link port 1 of switch A to port 2 of switch C Link port 1 of switch B to port 2 of switch D Enable Coupling Ring...

Page 19: ...ring topology to a RSTP network environment using dual homing Choose switches A B from the ring for connecting to the switches in the RSTP network core switches The connection of one of the switches...

Page 20: ...eliability of the network 5 1 C Ring 5 1 1 Introduction C Ring recovery time of less than 10 milliseconds and up to 250 nodes The ring protocols identify one switch as the master of the network and th...

Page 21: ...ort when the switch is ring master Coupling Ring Check to enable Coupling Ring Coupling Ring can divide a big ring into two smaller rings to avoid network topology changes affecting all switches It is...

Page 22: ...e SF MEP is associated with interconnected sub ring without virtual channel it is configured as 0 for such ring instances 0 in this field indicates that no Port 1 SF MEP is associated with this instan...

Page 23: ...port Port 1 is configured as 0 for interconnected sub ring 0 in this field indicates that no Port 1 is associated with this instance Port 0 SF MEP The Port 0 Signal Fail reporting MEP Port 1 SF MEP Th...

Page 24: ...tive mode the traffic channel continues to use the RPL if it is not failed after a protection switch condition has cleared VLAN config VLAN configuration of the Protection Group Click on the VLAN Conf...

Page 25: ...in milliseconds RPL Un blocked APS is received on the working flow No APS Received RAPS PDU is not received from the other end Port 0 Block Status Block status for Port 0 Both traffic and R APS block...

Page 26: ...a New VLAN Click Add New Entry to add a new VLAN ID Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected switch unit when you click on Save A VLAN without any port members...

Page 27: ...seconds RSTP can shorten the time to 5 to 6 seconds Label Description Protocol Version The version of the STP protocol Valid values include STP RSTP and MSTP Forward Delay The delay used by STP bridge...

Page 28: ...lf upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology Port Error Recovery Control whether a port in the error disabled state automatical...

Page 29: ...virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before MSTI port confi...

Page 30: ...dge instance priority Label Description MSTI The bridge instance CIST is the default instance which is always active Priority Indicates bridge priority The lower the value the higher the priority The...

Page 31: ...rts The range of valid values is 1 to 200000000 Priority Configures the priority for ports having identical port costs See above OpenEdge setate flag A flag indicating whether the port is connected di...

Page 32: ...et by a network administrator to prevent bridges outside a core region of the network from causing address flushing in that region because those bridges are not under the full control of the administr...

Page 33: ...with slower media Path cost takes precedence over port priority The value will control the path cost incurred by the port Auto will set the path cost as appropriate by the physical link speed using t...

Page 34: ...means this switch has been accepted as the root device of the Spanning Tree network Root Cost the path cost from the root port on this switch to the root device The cost for the root bridge is zero Fo...

Page 35: ...Displays the current state of this port in the Spanning Tree Path Cost The path cost of the port contributed to the paths towards the spanning tree root which include this port It can be a value assig...

Page 36: ...port or is an alternate or backup port that may provide connectivity if other bridges bridge ports or LANs fail or are removed CIST State Displays the current state of this port in the Spanning Tree...

Page 37: ...ceived transmitted on a port RSTP the number of RSTP Configuration BPDUs received transmitted on a port RTP the number of legacy STP Configuration BPDU s received transmitted on a port TCN the number...

Page 38: ...viewing screen ATTENTION By default IE5 0 or later version does not allow Java applets to open sockets You need to modify the browser settings in order to enable Java applets for network ports Prepar...

Page 39: ...XE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 After logging in you can see the information of the switch as below On the left hand side of the management interface shows links to various settings You can...

Page 40: ...of the name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 System Description Description of the device S...

Page 41: ...the switch via one of the management client interfaces Label Description Client The management client for which the configuration below applies Methods Method can be set to one of the following value...

Page 42: ...cription Client The management client for which the configuration below applies Methods Method can be set to one of the following values no Command authorization is disabled User is granted access to...

Page 43: ...he management client for which the configuration below applies Methods Method can be set to one of the following values no Accounting is disabled tacacs Use remote TACACS server s for accounting Cmd L...

Page 44: ...ding space are accepted Privilege Level The privilege level of the user The allowed range is 0 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control o...

Page 45: ...anagement Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance C...

Page 46: ...seconds IPv4 DHCP Current Lease For DHCP interfaces with an active lease this column show the current interface address as provided by the DHCP server IPv4 Address The IPv4 address of the interface i...

Page 47: ...IPv6 network mask in number of bits prefix length Valid values are between 1 and 128 bits for an IPv6 address This field may be left blank if IPv6 operation on the interface is not desired Resolving...

Page 48: ...erface The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type Status The status flags of the interface and...

Page 49: ...e Configuration Daylight Saving Time Mode Enable or disable daylight saving time function This is used to set the clock forward or backward according to the configurations set below for a defined dayl...

Page 50: ...rd ADT Alaskan Daylight 8 hours 4 am ALA Alaskan Standard 9 hours 3 am HAW Hawaiian Standard 10 hours 2 am Nome Alaska 11 hours 1 am CET Central European FWT French Winter MET Middle European MEWT Mid...

Page 51: ...owser may not allow redirection due to security considerations unless the switch certificate is trusted to the browser You need to initialize the HTTPS connection manually for this case Certificate Ma...

Page 52: ...ERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 1 8 SSH Configure the SSH mode on this page Label Description Mode Enable or disable SSH Save Click to save changes Reset Click to undo an...

Page 53: ...sidered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values must be between 2 10 times Tx Delay When a setting is changed e g the IP address a new...

Page 54: ...send out LLDP information and will drop LLDP information received from neighbors Enabled The switch will send out LLDP information and will analyze LLDP information received from neighbors Port Descr...

Page 55: ...f the neighbor port System Name The name advertised by the neighbor Port Description The description of the port advertised by the neighbor System Capabilities Description of the neighbor s capabiliti...

Page 56: ...d the global counters are cleared when Clear is pressed Neighbor entries were last changed Shows the time when the last entry was last deleted or added It also shows the time elapsed since the last ch...

Page 57: ...le if Chassis ID or Remote Port ID is not included in the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out TLVs Disca...

Page 58: ...erver Otherwise the switch will only record the time from the factory default set at the last bootup When the NTP client is enabled the switch regularly sends a request for a time update to a configur...

Page 59: ...Es are automatically removed when the mode is disabled TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 Advertising Duration The duration ca...

Page 60: ...Disalble Modbus TCP function 6 1 13 Ethernet IP EtherNet IP adapts the Common Industrial Protocol to standard Ethernet EtherNet IP is one of the leading industrial protocols in the United States and...

Page 61: ...INS_CNXE2GE2TX8MSPOE 11 Jan 2021 PAGE 61 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 1 14 Backup Restore Configurations Save view or load switch configurations...

Page 62: ...INS_CNXE2GE2TX8MSPOE 11 Jan 2021 PAGE 62 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 1 15 Firmware Update Update the firmware of the switch...

Page 63: ...78 9427 6 2 DHCP 6 2 1 DHCP Server Configure global mode and VLAN mode to enable disable DHCP server per system and per VLAN Mode Label Description Global Mode Mode Configure the operation mode per sy...

Page 64: ...range input the VLAN range that you want to disable choose Mode to be Disabled press Save to apply the change Then you will see the disabled VLAN range is removed from the DHCP Server mode configurati...

Page 65: ...configure the detail settings you can click the pool name to go into the configuration page Type Display which type of the pool is Network the pool defines a pool of IP addresses to service more than...

Page 66: ...ools Manual Binding Number of bindings that administrator assigns an IP address to a client That is the pool is of host type Expired Binding Number of bindings that their lease time expired or they ar...

Page 67: ...IP IP address allocated to DHCP client Type Type of binding Possible types are Automatic Manual Expired State State of binding Possible states are Committed Allocated Expired Pool Name The pool that g...

Page 68: ...characters are the module ID In stand alone devices the module ID always equals to 0 in stacked devices it means switch ID The last two characters are the port number For example 00030108 means the D...

Page 69: ...kets received with the Remote ID option missing Receive Bad Circuit ID The number of packets whose Circuit ID do not match the known circuit ID Receive Bad Remote ID The number of packets whose Remote...

Page 70: ...s are Enabled Enable DHCP snooping mode operation When DHCP snooping mode operation is enabled the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted po...

Page 71: ...the DHCP server will be listed in this table except for local VLAN interface IP addresses Entries in the Dynamic DHCP snooping Table are shown on this page Label Description MAC Address User MAC addr...

Page 72: ...packets received and transmitted Rx and Tx ACK The number of ACK option 53 with value 5 packets received and transmitted Rx and Tx NAK The number of NAK option 53 with value 6 packets received and tra...

Page 73: ...Mbps HDX Forces the cu port in 10Mbps half duplex mode 10Mbps FDX Forces the cu port in 10Mbps full duplex mode 100Mbps HDX Forces the cu port in 100Mbps half duplex mode 100Mbps FDX Forces the cu por...

Page 74: ...abled on a port then flow control on a priority level is enabled Through the Priority field range one or more of priorities can be configured e g 0 3 7 which equals 0 1 2 3 7 PFC is not supported thro...

Page 75: ...onfigurations Label Description Source MAC Address Calculates the destination port of the frame You can check this box to enable the source MAC address or uncheck to disable By default Source MAC Addr...

Page 76: ...rmal means no aggregation Only one group ID is valid per port Port Members Lists each switch port for each group ID Select a radio button to include a port in an aggregation or clear the radio button...

Page 77: ...aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and the ports must be in the same speed in each group Key The Key value varies with the...

Page 78: ...tem ID System ID MAC address of the aggregation partner Partner Key When connecting the device to other manufactures devices you may need to configure LACP partner key Partner key is the operational k...

Page 79: ...wn Backup means the port cannot join in the aggregation group unless other ports are removed The LACP status is disabled Key The key assigned to the port Only ports with the same key can be aggregated...

Page 80: ...Description Port Switch port number LACP Transmitted The number of LACP frames sent from each port LACP Received The number of LACP frames received at each port Discarded The number of unknown or ille...

Page 81: ...otection PDU sent on each port The valid value is 1 to 10 seconds Shutdown Time The period in seconds for which a port will be kept disabled when a loop is detected shutting down the port The valid va...

Page 82: ...sent between switches Global VLAN Configuration Label Description Allowed Access VLANs This field shows the allowed Access VLANs i e it only affects ports configured as Access ports Ports in other mod...

Page 83: ...ified to the Access VLAN On egress all frames are transmitted untagged Trunk Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switches Trunk por...

Page 84: ...If a frame is untagged or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with a C tag S Port On ingress frames with a VLAN tag with...

Page 85: ...t are transmitted with a tag Untag All All frames whether classified to the Port VLAN or not are transmitted without a tag This option is only available for ports in Hybrid mode Allowed VLANs Ports in...

Page 86: ...y one of these internal software modules The Combined entry will show a combination of the administrator and internal software modules configuration and basically reflects what is actually configured...

Page 87: ...the same row Port Type Shows the port type Unaware C Port S Port S Custom Port that a given user wants to configure on the port The field is empty if not overridden by the selected user Ingress Filter...

Page 88: ...software module The Combined user reflects what is actually configured in hardware 6 4 4 Private VLAN Monitor and modify the private VLAN membership configuration for the switch Private VLANs can be a...

Page 89: ...mpty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Any values outside this range are no...

Page 90: ...le VRRP Globally The GVRP feature is globally enabled by setting the check mark in the checkbox named Enable GVRP and pressing the Save button GVRP Protocol Timers Join time is a value in the range of...

Page 91: ...a port for GVRP operation This configuration can be performed either before or after GVRP is configured globally the protocol operation will be the same Label Description Port The logical port that is...

Page 92: ...255 and only ASCII characters from 33 to 126 are allowed The field only suits to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy and the community string will be associated with SNMP...

Page 93: ...I characters from 33 to 126 Trap Mode Indicates existing SNMP trap mode Possible modes include Enabled enable SNMP trap mode Disabled disable SNMP trap mode Trap Version Indicates the supported SNMP t...

Page 94: ...nge is 1 65535 Trap Inform Mode Indicates the SNMP trap inform mode Possible modes include Enabled enable SNMP trap inform mode Disabled disable SNMP trap inform mode Trap Inform Timeout seconds Confi...

Page 95: ...the Interface group s traps Possible traps are Indicates that the SNMP entity is permitted to generate authentication failure traps Possible modes are Link Up Enable disable Link up trap Link Down En...

Page 96: ...e The entry index key is Community Label Description Delete Check to delete the entry It will be deleted during the next save Community Indicates the community access string to permit access to SNMPv3...

Page 97: ...the user name that this entry should belong to The allowed string length is 1 to 32 and only ASCII characters from 33 to 126 are allowed Security Level Indicates the security model that this entry sho...

Page 98: ...Configurations Configure SNMPv3 group table The entry index keys are Security Model and Security Name Label Description Delete Check to delete the entry It will be deleted during the next save Securi...

Page 99: ...32 and only ASCII characters from 33 to 126 are allowed View Type Indicates the view type that this entry should belong to Possible view types include Included an optional flag to indicate that this v...

Page 100: ...ecurity models include any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Level Indicates the security model that thi...

Page 101: ...y Configuration Label Description Delete Check to delete the entry It will be deleted during the next save ID Indicates the index of the entry The range is from 1 to 65535 Data Source Indicates the po...

Page 102: ...ed because of the unknown or un support protocol OutOctets The number of octets transmitted out of the interface including framing characters OutUcastPkts The number of uni cast packets that request t...

Page 103: ...ID Indicates the index of the entry The range is from 1 to 65535 Desc Indicates this event the string length is from 0 to 127 default is a null string Type Indicates the notification of the event the...

Page 104: ...on integral number of octets Alignment Error Under size The total number of packets received that were less than 64 octets Over size The total number of packets received that were longer than 1518 oct...

Page 105: ...e broadcast address Multicast The total number of good packets received that were directed to a multicast address CRC Error The total number of packets received that had a length excluding framing bit...

Page 106: ...ng the selected variable and calculating the value to be compared against the thresholds Value The value of the statistic during the last sampling period Startup Alarm The alarm that may be sent when...

Page 107: ...cond or kpps kilopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Note frames sent to the CPU of the switch are alw...

Page 108: ...class that is mapped from the PCP and DEI value in the tag Otherwise the frame is classified to the default QoS class The classified QoS class can be overruled by a QCL entry Note if the default QoS c...

Page 109: ...and DEI for tagged frames Click on the mode to configure the mode and or mapping Note this setting has no effect if the port is VLAN unaware Tagged frames received on VLAN unaware ports are always cl...

Page 110: ...ion DSCP 0 classify if incoming or translated if enabled DSCP is 0 Selected classify only selected DSCP whose classification is enabled as specified in DSCP Translation window for the specific DSCP Al...

Page 111: ...able the policer for individual switch ports Rate Configures the rate of each policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps or fps and is restricted...

Page 112: ...nable queue policer for individual switch ports Rate Configures the rate of each queue policer The default value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and is restrict...

Page 113: ...000000 whn the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queues Shaper Unit Configures the rate for each queue shaper The default value is 500 This value is restricted to 10...

Page 114: ...fault value is 500 This value is restricted to 100 to 1000000 when the Unit is kbps and it is restricted to 1 to 3300 when the Unit is Mbps Queue Shaper Excess Allows the queue to use excess bandwidth...

Page 115: ...Port The switch port number to which the following settings will be applied Click on the port number to configure the schedulers Mode Shows the scheduling mode for this port Qn Shows the weight for t...

Page 116: ...INS_CNXE2GE2TX8MSPOE 11 Jan 2021 PAGE 116 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427...

Page 117: ...fication settings for all switches Label Description DSCP Maximum number of supported DSCP values is 64 Trust Check to trust a specific DSCP value Only frames with trusted DSCP values are mapped to a...

Page 118: ...new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation 1 Translate DSCP can be translated to any of 0 63 DSCP values 2 Classify check to...

Page 119: ...UAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 6 12 DSCP Classification Configure the mapping of QoS class and Drop Precedence Level to DSCP value Label Description QoS Class Actual QoS class DPL...

Page 120: ...ons include Tag value of tag can be Any Untag or Tag VID valid value of VLAN ID can be any value from 1 to 4095 Any user can enter either a specific value or a range of VIDs PCP Priority Code Point ca...

Page 121: ...om left to right all bits following the first zero must also be zero DSCP Differentiated Code Point can be a specific value a range or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or...

Page 122: ...427 6 6 14 QoS Counters This page provides the statistics of individual queues for all switch ports Label Description Port The switch port number to which the following settings will be applied Qn The...

Page 123: ...frames IPv6 the QCE will match only IPV6 frames Port Indicates the list of ports configured with the QCE Action Indicates the classification action taken on ingress frame if parameters configured are...

Page 124: ...ass for which the configuration below applies DPL The Drop Precedence Level for which the configuration below applies Enable Controls whether RED is enabled for this entry Min Controls the lower RED f...

Page 125: ...bility when the fill level is just below 100 If Max Unit is Fill Level the red line Max controls the fill level where drop probability reaches 100 This configuration makes it possible to reserve a por...

Page 126: ...n the SSM service model for the groups in the address range Assign valid IPv4 multicast address as prefix with a prefix length from 4 to 32 for the range Leaver Proxy Enabled Enable IGMP Leave Proxy T...

Page 127: ...able Check to enable IGMP snooping for individual VLAN Up to 32 VLANs can be selected Querier Election Enable to join IGMP Querier election in the VLAN Disable to act as an IGMP Non Querier Querier Ad...

Page 128: ...allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds LLQI LMQI for IGMP Last Member Query Interval The Last Member Query Time is the...

Page 129: ...tus as ACTIVE or IDLE Querier Receive The number of transmitted Querier V1 Reports Receive The number of received V1 reports V2 Reports Receive The number of received V2 reports V3 Reports Receive The...

Page 130: ...1 888 678 9427 Groups Information of IGMP Snooping Entries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group Label Description VLAN ID Th...

Page 131: ...Label Description VLAN ID The VLAN ID of the group Groups The group address of the group displayed Port Switch port number Mode Indicates the filtering mode maintained per VLAN ID port number Group Ad...

Page 132: ...The logical port for the settings Filtering Profile Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view but...

Page 133: ...e check status Possible statuses are disable Got Reply receive ping reply from device meaning the device is still alive Lost Reply not receiving ping reply from device meaning the device might have be...

Page 134: ...ld specify the other IP address here Label Description Alias IP Address Specifies alias IP address Keep 0 0 0 0 if the device does not have an alias IP address Alive Check You can use ping commands to...

Page 135: ...cast ingress packets RX Multicast multicast ingress packets RX Broadcast broadcast ingress packets TCP TCP ingress packets UDP UDP ingress packets Socket Number If packet type is UDP or TCP please spe...

Page 136: ...s and ready for next move Attacked DDOS attacks occur Device Description This page allows you to configure device description settings Label Description Type Indicates device types Possible types are...

Page 137: ...LATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 Mode Enables or disables stream monitoring of the port Action Indicates the action to take when the stream gets low Possible ac...

Page 138: ...s management entry Start IP Address The start IP address for the access management entry End IP Address The end IP address for the access management entry HTTP HTTPS The host can access the switch fro...

Page 139: ...tries to use the IP address of its neighbor You can enable IP source guard when DHCP snooping is enabled on an untrusted interface With this function enabled the switch blocks all IP traffic received...

Page 140: ...or the settings IP Address Allowed Source IP address MAC Address Allowed Source MAC address Dynamic Table This page shows entries in the Dynamic IP Source Guard table The default value is 20 The Start...

Page 141: ...1 to 15 The default value is Disabled Port Redirect Indicates the port redirect operation implemented by the ACE Frames matching the ACE are redirected to the listed port Mirror Select which port fram...

Page 142: ...te limiter for the ACL of the switch Label Description Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The rate unit is packet per second pps which can be configure...

Page 143: ...l to 0600 hexadecimal ARP only ARP frames can match the ACE Notice the ARP frames will not match the ACE with Ethernet type IPv4 only IPv4 frames can match the ACE Notice the IPv4 frames will not matc...

Page 144: ...for the SMAC filter you can enter a specific source MAC address The valid format is xx xx xx xx xx xx Frames matching the ACE will use this SMAC value DMAC Filter Specifies the destination MAC filter...

Page 145: ...ilter a specific VLAN ID with the ACE choose this value A field for entering a VLAN ID number appears VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number T...

Page 146: ...tocol Value Specific allows you to enter a specific value The allowed range is 0 to 255 Frames matching the ACE will use this IP protocol value IP TTL Specifies the time to live settings for the ACE Z...

Page 147: ...dotted decimal notation SIP Mask When Network is selected for the source IP filter you can enter a specific SIP mask in dotted decimal notation DIP Filter Specifies the destination IP filter for the...

Page 148: ...Sender IP Address When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation Sender IP Mask When Network is selected for the sender...

Page 149: ...6 and the PLN is equal to IPv4 0x04 must not match this entry 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry Any any value is allowed...

Page 150: ...s selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame matching the ACE will use this ICMP value ICMP Code Filter Specifies the ICMP code filter for t...

Page 151: ...fic TCP UDP source range value The allowed range is 0 to 65535 A frame matching the ACE will use this TCP UDP source value TCP UDP Destination Filter Specifies the TCP UDP destination filter for the A...

Page 152: ...try Any any value is allowed don t care TCP PSH Specifies the TCP PSH push function value for the ACE 0 TCP frames where the PSH field is set must not be able to match this entry 1 TCP frames where th...

Page 153: ...ead Retransmit The number of times the switch tries to connect to a RADIUS server Dead Time The dead time which can be set to a number between 0 and 3600 seconds is the period during which the switch...

Page 154: ...The authentication port which specifies the UDP port used to connect the RADIUS server for authentication The default is 1812 Acct Port The UDP port to use on the RADIUS accounting server If the port...

Page 155: ...gain This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead Dead Time The dead time which can be set to a number between 0 and 3600 seconds is the perio...

Page 156: ...notation of the server Status The current status of the server This field has one of the following values Disabled the server is disabled Not Ready the server is enabled but IP communication is not y...

Page 157: ...AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 RADIUS Details This page shows the access statistics of the authentication and accounting servers Use the server drop down list to swi...

Page 158: ...IUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexi...

Page 159: ...e RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for t...

Page 160: ...device is plugged into a switch port For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the cli...

Page 161: ...r request times out according to the timeout specified on the Configuration Security AAA page the client is put on hold in Unauthorized state The hold timer does not count during an on going authentic...

Page 162: ...going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant Since the server has not failed because the X seconds have not expired the same server wi...

Page 163: ...n users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC...

Page 164: ...y X clients are authorized and Y are unauthorized Restart Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in a...

Page 165: ...each value Port State The current state of the port Refer to NAS Port State for more details regarding each value Last Source The source MAC address carried in the most recently received EAPOL frame...

Page 166: ...US Authentication Server statistics is showed Use the port drop down list to select which port details to be displayed Label Description Admin State The port s current administrative state Refer to NA...

Page 167: ...ion Backend Server Counters These backend RADIUS frame counters are available for the following administrative states 802 1X MAC based Auth Last Supplicant Client Info Information about the last suppl...

Page 168: ...oS class for which the configuration below applies DPL The Drop Precedence Level for which the configuration below applies Enable Controls whether RED is enabled for this entry Min Controls the lower...

Page 169: ...responding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period Aging Period You can specify the aging period in seconds The Aging P...

Page 170: ...the Trap and the Shutdown actions described above will be taken State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values...

Page 171: ...known MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addre...

Page 172: ...to transmit or receive traffic Time of Addition Shows the date and time when this MAC address was first seen on the port Age Hold If at least one user module has decided to block this MAC address it w...

Page 173: ...STALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 9 Warning 6 9 1 Fault Alarm When any selected fault event happens the Fault LED on the switch panel will light up and the...

Page 174: ...rver will not send acknowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always be sent even if the syslog server doe...

Page 175: ...that the checkbox cannot be checked when SYSLOG or SMTP is disabled Label Description System Cold Start Sends out alerts when the system is restarted Power Status Sends out alerts when power is up or...

Page 176: ...or entries in the dynamic MAC table and configure the static MAC table here Aging Configuration By default dynamic entries are removed from the MAC after 300 seconds This removal is called aging You c...

Page 177: ...re the port to dynamically learn the MAC address based upon the following settings Label Description Auto Learning is done automatically as soon as a frame with unknown SMAC is received Disable No lea...

Page 178: ...ches The MAC table is sorted first by VLAN ID and then by MAC address Label Description Delete Check to delete an entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Ad...

Page 179: ...played will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN fields allow the user to select the starting point in the MAC table...

Page 180: ...the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Auto...

Page 181: ...received or transmitted on this port that have an opcode indicating a PAUSE operation Rx Drops The number of frames dropped due to insufficient receive buffer or egress congestion Rx CRC Alignment The...

Page 182: ...re mirrored to this port Disabled option disables mirroring Label Description Mode Enable or disable this function Type Mirror the switch is running on mirror mode The source port s and destination po...

Page 183: ...red on the Intermediate Destination port Rx only Frames received on this port are mirrored on the Intermediate Destination port Frames transmitted are not mirrored Tx only Frames transmitted on this p...

Page 184: ...ssages Warning Log warning messages Error Log error messages All Log all messages Time The time of the system log entry Message The MAC address of the switch Auto refresh Check this box to enable an a...

Page 185: ...efreshes automatically and you can view the cable diagnostics results in the cable status table Note that VeriPHY diagnostics is only accurate for cables 7 140 meters long 10 and 100 Mbps ports will b...

Page 186: ...gital Diagnostic Monitoring function can measure the temperature of the apparatus helping you monitor the status of connection and detect errors immediately You can manage and set up event alarms thro...

Page 187: ...y until responses to all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time 0ms 64 bytes from 10 10 132 20 icmp_seq 1 time 0ms 64 bytes...

Page 188: ...X8MSPOE 11 Jan 2021 PAGE 188 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 IPv6 Ping PING6 server 192 168 10 1 sendto sendto sendto sendto sendto Sent 5 packets receiv...

Page 189: ...over Ethernet PoE 6 11 1 Configuration Power over Ethernet is used to transmit electrical power to remote devices over standard Ethernet cable It could for example be used for powering IP telephones w...

Page 190: ...the reserved power for that port The ports are shut down according to the ports priority If two ports have the same priority the port with the highest port number is shut down Reserved Power In this...

Page 191: ...Each PD is classified according to a class that defines the maximum power the PD will use The PD Class shows the PDs class Five Classes are defined Class 0 Max power 15 4 W Class 1 Max power 4 0 W Cl...

Page 192: ...for the port PoE turned OFF PoE disabled PoE is disabled by user PoE turned OFF Power budget exceeded The total requested or used power by the PDs exceeds the maximum power the Power Supply can delive...

Page 193: ...CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 6 12 Configuration Activate or delete configuration files Simply select the files to be activated or deleted and press the button 6 12 1 Activate 6 12 2 D...

Page 194: ...age Only the IP configuration is retained Label Description Yes Click to reset the configuration to factory defaults No Click to return to the Port State page without resetting 6 14 2 Restart Device R...

Page 195: ...l Protocol IEEE 802 1p for COS Class of Service IEEE 802 1Q for VLAN Tagging IEEE 802 1d for STP Spanning Tree Protocol IEEE 802 1w for RSTP Rapid Spanning Tree Protocol IEEE 802 1s for MSTP Multiple...

Page 196: ...ient Relay SMTP Client Modbus TCP NTP server client UPnP QoS TOS Diffserv supported CoS Application based QoS IP based bandwidth management Network Redundancy C Ring O Chain MRP NOTE STP RSTP MSTP IEE...

Page 197: ...resent Physical Characteristic Enclosure IP 30 Dimension W x D x H 74 3 W x 125 D x 153 6 H mm 2 93 x 4 92 x 6 05 inches Weight g 1078 g Environmental Storage Temperature 40 to 85 C 40 to 185 F Operat...

Page 198: ...ng Protection Switching Example Configuration Introduction This section shows how to configure the Ethernet Ring Protection Switching ERPS for ComNet switches using the Web GUI and the CLI commands Th...

Page 199: ...to avoid creating a loop The web client is connected to switch 1 3 To avoid conflict with ERPS disable spanning tree on all switches if it is enabled 4 Enable VLAN tag aware on all three switches In V...

Page 200: ...MAC can remain empty because it will be learned by receiving the CCM from the peer side On ComNet switches before they are learned the CCM frame rate cannot be changed to above 100 sec If known enter...

Page 201: ...switch 2 Figure 5 Switch 2 Port 1 and 2 MEP Configuration 2 Edit MEP1 of switch 2 by clicking 1 under Instance of the MEP table Configure the MEP as shown and click Save or Apply Figure 6 Switch 2 ME...

Page 202: ...t 1 and 2 of switch 3 Figure 8 Switch 3 Port 1 and 2 MEP Configuration 2 Edit MEP1 of switch 3 by clicking 1 under Instance of the MEP table Configure the MEP as shown and click Save or Apply Figure 9...

Page 203: ...ew Protection Group Switch 1 Configuration 2 Edit ERPS1 by clicking 1 Set the configuration as shown and click Save or Apply Figure 12 ERPS 1 Switch 1 Configuration 3 Click VLAN Config to edit the pro...

Page 204: ...tch 2 the RPL Neighbor 1 On switch 2 click ERPS followed by Add New Protection Group Figure 15 Add New Protection Group Switch 2 Configuration 2 Edit ERPS1 by clicking 1 Configure the device as shown...

Page 205: ...g ERPS on Switch 3 1 On switch 3 click ERPS followed by Add New Protection Group Figure 18 Add New Protection Group Switch3 2 Edit ERPS1 by clicking 1 No action is required on switch 3 Keep the RPL ow...

Page 206: ...1 888 678 9427 Ethernet Ring Protection Switching Configuration Verifying ERPS 1 Change the CCM rate starting from switch 3 Click on MEP 2 and then use the frame rate pull down to select 300 f sec Fig...

Page 207: ...MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 3 Change the CCM rate on switch 1 Click on MEP 1 and then use the frame rate pull down to select 300 f sec Figure 23 Edit MEP 1 CCM Rate Switch 1 4...

Page 208: ...MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 5 Change the CCM rate on switch 2 Click on MEP 1 and then use the frame rate pull down to select 300 f sec Figure 25 Edit MEP 1 CCM Rate Switch 2 6...

Page 209: ...7 On Switch 1 check ERPS status by clicking ERPS to ensure normal link status Figure 27 Switch 1 ERPS Status 8 Disconnect the normal link for switch 1 and switch 3 Figure 28 Disconnect Normal Link 9 R...

Page 210: ...2GE2TX8MSPOE 11 Jan 2021 PAGE 210 INSTALLATION AND OPERATION MANUAL CNXE2GE2TX8MSPOE TECH SUPPORT 1 888 678 9427 10 After WTR timeout and clicking Refresh it should show as Idle Figure 30 Refresh ERPS...

Page 211: ...ICLI Initial Switch Configuration The following commands disable STP and LLDP and they enable C Port on Port 1 and 2 on all switches Configure port 1 2 interface GigabitEthernet 1 1 2 set C Port switc...

Page 212: ...r mep mep 1 peer mep id 5 enable ccm default is 1FPS mep 1 cc 0 enable RAPS mep 1 aps 0 raps mep 2 down domain port flow 2 level 0 interface GigabitEthernet 1 2 mep 2 mep id 2 mep 2 vid 3001 mep 2 pee...

Page 213: ...thernet 1 1 mep 1 mep id 3 mep 1 vid 3001 mep 1 peer mep id 2 mep 1 cc 0 mep 1 aps 0 raps mep 2 down domain port flow 2 level 0 interface GigabitEthernet 1 2 mep 2 mep id 4 mep 2 vid 3001 mep 2 peer m...

Page 214: ...rnet 1 2 mep 2 mep id 6 mep 2 vid 3001 mep 2 peer mep id 4 mep 2 cc 0 mep 2 aps 0 raps erps 1 major port0 interface GigabitEthernet 1 1 port1 interface GigabitEthernet 1 2 erps 1 mep port0 sf 1 aps 1...

Page 215: ...RATE DRIVE DANBURY CT 06810 USA T 203 796 5300 F 203 796 5303 TECH SUPPORT 1 888 678 9427 INFO COMNET NET 8 TURNBERRY PARK ROAD GILDERSOME MORLEY LEEDS UK LS27 7LE T 44 0 113 307 6400 F 44 0 113 253 7...

Reviews:

No comments

Related manuals for CNXE2GE2TX8MSPOE

vantiva COM3000 Installation Manual preview
COM3000
Brand: vantiva Pages: 58
netvox ZigBee Z815B User Manual preview
ZigBee Z815B
Brand: netvox Pages: 14
StarTech.com VS123HD User Manual preview
VS123HD
Brand: StarTech.com Pages: 10
Electroswitch 31201B User Manual preview
31201B
Brand: Electroswitch Pages: 6
FS S3200 Series Quick Start Manual preview
S3200 Series
Brand: FS Pages: 41
HIKVISION DS-PDEB-EG2-WE Manual preview
DS-PDEB-EG2-WE
Brand: HIKVISION Pages: 5
Magnum M9-EKCS Quick Start Manual preview
M9-EKCS
Brand: Magnum Pages: 3
Cabletron Systems Cyber SWITCH 1000 User Manual preview
Cyber SWITCH 1000
Brand: Cabletron Systems Pages: 106
Gira 2324 Series Operating Instructions preview
2324 Series
Brand: Gira Pages: 2
pro bel VISTEK V1693 User Manual preview
VISTEK V1693
Brand: pro bel Pages: 12
Belkin F1DF102P Quick Installation Manual preview
F1DF102P
Brand: Belkin Pages: 40
NTI UNIMUX-DVI-2 Installation And Operation Manual preview
UNIMUX-DVI-2
Brand: NTI Pages: 15
Lindy 32320 User Manual preview
32320
Brand: Lindy Pages: 12
Kensence S-Mix-Pro 18*18 Operation Manual preview
S-Mix-Pro 18*18
Brand: Kensence Pages: 24
DANLERS CESFPIRSV Installation Notes preview
CESFPIRSV
Brand: DANLERS Pages: 2
3onedata TNS5000D Series Quick Installation Manual preview
TNS5000D Series
Brand: 3onedata Pages: 3
LINK-MI LM-AD01 User Manual preview
LM-AD01
Brand: LINK-MI Pages: 9
Witura WT-1673 User Manual preview
WT-1673
Brand: Witura Pages: 12

Brands by name

Popular brands

Load more brands